Home Assistent, Shopping Wizard, Search Extender - Help!

Question

mortalsin 0 Newbie Poster

19 Years Ago

Hi all,

Like many posters in this forum, I have been inflicted with the horrible Home Assistent spyware.

Whilst troubleshooting on my own, I have: scanned for viruses both online and via Norton; downloaded and ran Ad-Aware, Spybot, CWShredder, Cleanup!, about:Buster in Safe Mode; removed the RI, R3 entries in HijackThis. I've deleted all cookies and offline content in IE.

However the problem still persists! I still get random pop-ups, text on websites with HTML tags and my start page is stubbornly altered.

I've downloaded HSRemove, but haven't run it yet.

Here's my HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:40:25 PM, on 5/29/2005
Platform: Windows XP SP2, v.2135 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2135)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\msvg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kseof.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kseof.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kseof.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kseof.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kseof.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kseof.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\gds.dll
O2 - BHO: Class - {A18BCBCE-8140-1854-2B7C-AE957E632346} - C:\WINDOWS\ipoo32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C8BD5992-93A2-C72D-346C-BE031396197E} - C:\WINDOWS\system32\msen32.dll
O2 - BHO: Class - {D9B86B36-3C0A-C8A5-F992-E2FC429A72C0} - C:\WINDOWS\winhj32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [msvg.exe] C:\WINDOWS\system32\msvg.exe
O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\atlpk.exe
O4 - HKLM\..\RunOnce: [apipq.exe] C:\WINDOWS\apipq.exe
O4 - HKLM\..\RunOnce: [mfcpc.exe] C:\WINDOWS\system32\mfcpc.exe
O4 - HKLM\..\RunOnce: [iptg.exe] C:\WINDOWS\system32\iptg.exe
O4 - HKLM\..\RunOnce: [addhi32.exe] C:\WINDOWS\system32\addhi32.exe
O4 - HKLM\..\RunOnce: [apicg.exe] C:\WINDOWS\apicg.exe
O4 - HKLM\..\RunOnce: [winhj32.exe] C:\WINDOWS\winhj32.exe
O4 - HKLM\..\RunOnce: [mfcgw.exe] C:\WINDOWS\mfcgw.exe
O4 - HKLM\..\RunOnce: [netug32.exe] C:\WINDOWS\netug32.exe
O4 - HKLM\..\RunOnce: [winzb32.exe] C:\WINDOWS\winzb32.exe
O4 - HKLM\..\RunOnce: [d3yq32.exe] C:\WINDOWS\system32\d3yq32.exe
O4 - HKLM\..\RunOnce: [ipdk.exe] C:\WINDOWS\ipdk.exe
O4 - HKLM\..\RunOnce: [applc32.exe] C:\WINDOWS\applc32.exe
O4 - HKLM\..\RunOnce: [d3rw32.exe] C:\WINDOWS\d3rw32.exe
O4 - HKLM\..\RunOnce: [mstn32.exe] C:\WINDOWS\mstn32.exe
O4 - HKLM\..\RunOnce: [ipzh.exe] C:\WINDOWS\ipzh.exe
O4 - HKLM\..\RunOnce: [sdkyv.exe] C:\WINDOWS\system32\sdkyv.exe
O4 - HKLM\..\RunOnce: [mfcmp32.exe] C:\WINDOWS\mfcmp32.exe
O4 - HKLM\..\RunOnce: [sysit32.exe] C:\WINDOWS\sysit32.exe
O4 - HKLM\..\RunOnce: [iplj.exe] C:\WINDOWS\iplj.exe
O4 - HKLM\..\RunOnce: [sdkfa.exe] C:\WINDOWS\system32\sdkfa.exe
O4 - HKLM\..\RunOnce: [sysdn.exe] C:\WINDOWS\sysdn.exe
O4 - HKLM\..\RunOnce: [ntrp.exe] C:\WINDOWS\system32\ntrp.exe
O4 - HKLM\..\RunOnce: [sysav32.exe] C:\WINDOWS\system32\sysav32.exe
O4 - HKLM\..\RunOnce: [mfcfd.exe] C:\WINDOWS\system32\mfcfd.exe
O4 - HKLM\..\RunOnce: [nettn32.exe] C:\WINDOWS\system32\nettn32.exe
O4 - HKLM\..\RunOnce: [ipcr.exe] C:\WINDOWS\system32\ipcr.exe
O4 - HKLM\..\RunOnce: [winne32.exe] C:\WINDOWS\system32\winne32.exe
O4 - HKLM\..\RunOnce: [craz.exe] C:\WINDOWS\system32\craz.exe
O4 - HKLM\..\RunOnce: [syswd.exe] C:\WINDOWS\syswd.exe
O4 - HKLM\..\RunOnce: [sdkcf.exe] C:\WINDOWS\sdkcf.exe
O4 - HKLM\..\RunOnce: [ipfg.exe] C:\WINDOWS\system32\ipfg.exe
O4 - HKLM\..\RunOnce: [d3jk32.exe] C:\WINDOWS\system32\d3jk32.exe
O4 - HKLM\..\RunOnce: [sdktl.exe] C:\WINDOWS\system32\sdktl.exe
O4 - HKLM\..\RunOnce: [javayi32.exe] C:\WINDOWS\system32\javayi32.exe
O4 - HKLM\..\RunOnce: [sdkne32.exe] C:\WINDOWS\sdkne32.exe
O4 - HKLM\..\RunOnce: [atlsb32.exe] C:\WINDOWS\system32\atlsb32.exe
O4 - HKLM\..\RunOnce: [javanm32.exe] C:\WINDOWS\javanm32.exe
O4 - HKLM\..\RunOnce: [ieli.exe] C:\WINDOWS\ieli.exe
O4 - HKLM\..\RunOnce: [apiuq.exe] C:\WINDOWS\apiuq.exe
O4 - HKLM\..\RunOnce: [msoc.exe] C:\WINDOWS\msoc.exe
O4 - HKLM\..\RunOnce: [javaej.exe] C:\WINDOWS\system32\javaej.exe
O4 - HKLM\..\RunOnce: [netoc32.exe] C:\WINDOWS\system32\netoc32.exe
O4 - HKLM\..\RunOnce: [ipiv.exe] C:\WINDOWS\ipiv.exe
O4 - HKLM\..\RunOnce: [crez.exe] C:\WINDOWS\crez.exe
O4 - HKLM\..\RunOnce: [sysws32.exe] C:\WINDOWS\sysws32.exe
O4 - HKLM\..\RunOnce: [appmh.exe] C:\WINDOWS\appmh.exe
O4 - HKLM\..\RunOnce: [netid32.exe] C:\WINDOWS\system32\netid32.exe
O4 - HKLM\..\RunOnce: [mfcam.exe] C:\WINDOWS\mfcam.exe
O4 - HKLM\..\RunOnce: [apifa32.exe] C:\WINDOWS\system32\apifa32.exe
O4 - HKLM\..\RunOnce: [mfcux32.exe] C:\WINDOWS\mfcux32.exe
O4 - HKLM\..\RunOnce: [iezb32.exe] C:\WINDOWS\iezb32.exe
O4 - HKLM\..\RunOnce: [apiun32.exe] C:\WINDOWS\apiun32.exe
O4 - HKLM\..\RunOnce: [systb32.exe] C:\WINDOWS\system32\systb32.exe
O4 - HKLM\..\RunOnce: [sdknu32.exe] C:\WINDOWS\system32\sdknu32.exe
O4 - HKLM\..\RunOnce: [javauc32.exe] C:\WINDOWS\system32\javauc32.exe
O4 - HKLM\..\RunOnce: [syswc32.exe] C:\WINDOWS\system32\syswc32.exe
O4 - HKLM\..\RunOnce: [ipec32.exe] C:\WINDOWS\ipec32.exe
O4 - HKLM\..\RunOnce: [iezo32.exe] C:\WINDOWS\iezo32.exe
O4 - HKLM\..\RunOnce: [addes.exe] C:\WINDOWS\system32\addes.exe
O4 - HKLM\..\RunOnce: [sysnb32.exe] C:\WINDOWS\sysnb32.exe
O4 - HKLM\..\RunOnce: [sysbq.exe] C:\WINDOWS\system32\sysbq.exe
O4 - HKLM\..\RunOnce: [winhm.exe] C:\WINDOWS\system32\winhm.exe
O4 - HKLM\..\RunOnce: [sdkmr.exe] C:\WINDOWS\system32\sdkmr.exe
O4 - HKLM\..\RunOnce: [winhc.exe] C:\WINDOWS\system32\winhc.exe
O4 - HKLM\..\RunOnce: [iewj.exe] C:\WINDOWS\system32\iewj.exe
O4 - HKLM\..\RunOnce: [sdkgc32.exe] C:\WINDOWS\sdkgc32.exe
O4 - HKLM\..\RunOnce: [apifp32.exe] C:\WINDOWS\system32\apifp32.exe
O4 - HKLM\..\RunOnce: [netyj.exe] C:\WINDOWS\netyj.exe
O4 - HKLM\..\RunOnce: [javauf.exe] C:\WINDOWS\javauf.exe
O4 - HKLM\..\RunOnce: [ienf32.exe] C:\WINDOWS\ienf32.exe
O4 - HKLM\..\RunOnce: [appdn.exe] C:\WINDOWS\appdn.exe
O4 - HKLM\..\RunOnce: [nethr.exe] C:\WINDOWS\nethr.exe
O4 - HKLM\..\RunOnce: [sdkss32.exe] C:\WINDOWS\sdkss32.exe
O4 - HKLM\..\RunOnce: [msiz.exe] C:\WINDOWS\msiz.exe
O4 - HKLM\..\RunOnce: [addmd32.exe] C:\WINDOWS\system32\addmd32.exe
O4 - HKLM\..\RunOnce: [ieve.exe] C:\WINDOWS\ieve.exe
O4 - HKLM\..\RunOnce: [sysba32.exe] C:\WINDOWS\sysba32.exe
O4 - HKLM\..\RunOnce: [sysqx32.exe] C:\WINDOWS\sysqx32.exe
O4 - HKLM\..\RunOnce: [sdkut32.exe] C:\WINDOWS\sdkut32.exe
O4 - HKLM\..\RunOnce: [sysxf32.exe] C:\WINDOWS\system32\sysxf32.exe
O4 - HKLM\..\RunOnce: [appcj.exe] C:\WINDOWS\system32\appcj.exe
O4 - HKLM\..\RunOnce: [appxb32.exe] C:\WINDOWS\appxb32.exe
O4 - HKLM\..\RunOnce: [netni.exe] C:\WINDOWS\netni.exe
O4 - HKLM\..\RunOnce: [javarm32.exe] C:\WINDOWS\system32\javarm32.exe
O4 - HKLM\..\RunOnce: [ntbn.exe] C:\WINDOWS\ntbn.exe
O4 - HKLM\..\RunOnce: [ntgj32.exe] C:\WINDOWS\system32\ntgj32.exe
O4 - HKLM\..\RunOnce: [ntvy32.exe] C:\WINDOWS\ntvy32.exe
O4 - HKLM\..\RunOnce: [appad32.exe] C:\WINDOWS\appad32.exe
O4 - HKLM\..\RunOnce: [ntdo32.exe] C:\WINDOWS\ntdo32.exe
O4 - HKLM\..\RunOnce: [crht.exe] C:\WINDOWS\system32\crht.exe
O4 - HKLM\..\RunOnce: [javait32.exe] C:\WINDOWS\javait32.exe
O4 - HKLM\..\RunOnce: [sdkxq32.exe] C:\WINDOWS\system32\sdkxq32.exe
O4 - HKLM\..\RunOnce: [mfcbm32.exe] C:\WINDOWS\system32\mfcbm32.exe
O4 - HKLM\..\RunOnce: [javawy32.exe] C:\WINDOWS\system32\javawy32.exe
O4 - HKLM\..\RunOnce: [sysgy32.exe] C:\WINDOWS\sysgy32.exe
O4 - HKLM\..\RunOnce: [appta32.exe] C:\WINDOWS\system32\appta32.exe
O4 - HKLM\..\RunOnce: [d3nu32.exe] C:\WINDOWS\d3nu32.exe
O4 - HKLM\..\RunOnce: [msmc32.exe] C:\WINDOWS\msmc32.exe
O4 - HKLM\..\RunOnce: [appwc32.exe] C:\WINDOWS\system32\appwc32.exe
O4 - HKLM\..\RunOnce: [javawk.exe] C:\WINDOWS\javawk.exe
O4 - HKLM\..\RunOnce: [ipao.exe] C:\WINDOWS\system32\ipao.exe
O4 - HKLM\..\RunOnce: [mspd32.exe] C:\WINDOWS\mspd32.exe
O4 - HKLM\..\RunOnce: [wingt32.exe] C:\WINDOWS\wingt32.exe
O4 - HKLM\..\RunOnce: [iebx.exe] C:\WINDOWS\system32\iebx.exe
O4 - HKLM\..\RunOnce: [sdkim32.exe] C:\WINDOWS\system32\sdkim32.exe
O4 - HKLM\..\RunOnce: [mfcyc32.exe] C:\WINDOWS\mfcyc32.exe
O4 - HKLM\..\RunOnce: [adden32.exe] C:\WINDOWS\adden32.exe
O4 - HKLM\..\RunOnce: [netjp32.exe] C:\WINDOWS\netjp32.exe
O4 - HKLM\..\RunOnce: [apiyk.exe] C:\WINDOWS\apiyk.exe
O4 - HKLM\..\RunOnce: [mfcgk.exe] C:\WINDOWS\mfcgk.exe
O4 - HKLM\..\RunOnce: [crea32.exe] C:\WINDOWS\system32\crea32.exe
O4 - HKLM\..\RunOnce: [mfcbb32.exe] C:\WINDOWS\mfcbb32.exe
O4 - HKLM\..\RunOnce: [apijj32.exe] C:\WINDOWS\apijj32.exe
O4 - HKLM\..\RunOnce: [ntoo.exe] C:\WINDOWS\system32\ntoo.exe
O4 - HKLM\..\RunOnce: [ipoo32.exe] C:\WINDOWS\ipoo32.exe
O4 - HKLM\..\RunOnce: [netdl32.exe] C:\WINDOWS\system32\netdl32.exe
O4 - HKLM\..\RunOnce: [winih32.exe] C:\WINDOWS\system32\winih32.exe
O4 - HKLM\..\RunOnce: [iplb32.exe] C:\WINDOWS\system32\iplb32.exe
O4 - HKLM\..\RunOnce: [mfcvz32.exe] C:\WINDOWS\mfcvz32.exe
O4 - HKLM\..\RunOnce: [wintp.exe] C:\WINDOWS\system32\wintp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\system32\idwlog.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntzy32.exe" /s (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Any help will be greatly appreciated! Thanks in advance.

P.S. Would it be "easier" if I reformat my computer completely? Or would the problem still persist?

windows-virus

2 Contributors
3 Replies
323 Views
1 Day Discussion Span
Latest Post 19 Years Ago Latest Post by dlh6213

dlh6213 27 Posting Maven

19 Years Ago

Hi mortalsin, welcome to DaniWeb :)

Whether formatting would be easier or not depends on how many programs and such you have installed. It shouldn't be necessary though, we should be able to help you clean it up. But yes, formatting would get rid of the problem.

Note: Even if you've already done some of these things, please update them and run them again.

First of all, run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Then post a new hijackthis log please.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

mortalsin 0 Newbie Poster · Answer 1 · 2005-05-30T14:41:21+00:00

Hi,

Thanks for prompt reply - I am sure you can imagine how frustrating it is for me, as it is for everyone else.

Did the online virus scans. Bitdefender found nothing, and Trend Micro crashes my IE each time.Mcafee found 25 files with Downloader YK virus they cannot cleanRAV Anti-V

found:
Found
============================
Viruses found: 1
Suspicious files: 22
Disinfected files: 0
Mail files: 87
Scanned
============================
Objects: 24294
Directories: 2132
Archives: 589
Size(Kb): 1339915
Infected files: 647


HS-REMOVE found:
No ADS found on system
Removed 4 Random Key Entries
Removed! : C:\WINDOWS\bppzm.dat
Removed! : C:\WINDOWS\rdame.dat
Removed! : C:\WINDOWS\xxtzw.dat
Removed! : C:\WINDOWS\system32\ndxlm.dat
Removed! : C:\WINDOWS\system32\umgsn.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!


Ran all the rest of the programs, all updated too. Here's new Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 4:31:56 PM, on 5/30/2005
Platform: Windows XP SP2, v.2135 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2135)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\msvg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Hijack\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nnjed.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnjed.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nnjed.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nnjed.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnjed.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nnjed.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {6F5238D0-58CA-ADF4-63DE-FD4A5FF51173} - C:\WINDOWS\mfchy32.dll
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\gds.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F4937205-7DD5-3F45-5AC5-CC5F02C22B1F} - C:\WINDOWS\system32\appfh32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [msvg.exe] C:\WINDOWS\system32\msvg.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\atlpk.exe
O4 - HKLM\..\RunOnce: [addhi32.exe] C:\WINDOWS\system32\addhi32.exe
O4 - HKLM\..\RunOnce: [mfcdr.exe] C:\WINDOWS\mfcdr.exe
O4 - HKLM\..\RunOnce: [crpm32.exe] C:\WINDOWS\crpm32.exe
O4 - HKLM\..\RunOnce: [netvg.exe] C:\WINDOWS\netvg.exe
O4 - HKLM\..\RunOnce: [atlkw.exe] C:\WINDOWS\atlkw.exe
O4 - HKLM\..\RunOnce: [javayn32.exe] C:\WINDOWS\system32\javayn32.exe
O4 - HKLM\..\RunOnce: [apimh.exe] C:\WINDOWS\system32\apimh.exe
O4 - HKLM\..\RunOnce: [mskb.exe] C:\WINDOWS\system32\mskb.exe
O4 - HKLM\..\RunOnce: [sysqd.exe] C:\WINDOWS\sysqd.exe
O4 - HKLM\..\RunOnce: [crdg.exe] C:\WINDOWS\system32\crdg.exe
O4 - HKLM\..\RunOnce: [crdo.exe] C:\WINDOWS\system32\crdo.exe
O4 - HKLM\..\RunOnce: [netqq32.exe] C:\WINDOWS\system32\netqq32.exe
O4 - HKLM\..\RunOnce: [javamw32.exe] C:\WINDOWS\javamw32.exe
O4 - HKLM\..\RunOnce: [apirq.exe] C:\WINDOWS\apirq.exe
O4 - HKLM\..\RunOnce: [appjp.exe] C:\WINDOWS\appjp.exe
O4 - HKLM\..\RunOnce: [msor32.exe] C:\WINDOWS\msor32.exe
O4 - HKLM\..\RunOnce: [atlsa32.exe] C:\WINDOWS\atlsa32.exe
O4 - HKLM\..\RunOnce: [ipii32.exe] C:\WINDOWS\ipii32.exe
O4 - HKLM\..\RunOnce: [addnk.exe] C:\WINDOWS\addnk.exe
O4 - HKLM\..\RunOnce: [d3yd32.exe] C:\WINDOWS\system32\d3yd32.exe
O4 - HKLM\..\RunOnce: [iero.exe] C:\WINDOWS\iero.exe
O4 - HKLM\..\RunOnce: [appvs.exe] C:\WINDOWS\appvs.exe
O4 - HKLM\..\RunOnce: [netgt32.exe] C:\WINDOWS\netgt32.exe
O4 - HKLM\..\RunOnce: [sdkwa.exe] C:\WINDOWS\sdkwa.exe
O4 - HKLM\..\RunOnce: [msae.exe] C:\WINDOWS\msae.exe
O4 - HKLM\..\RunOnce: [addkx32.exe] C:\WINDOWS\addkx32.exe
O4 - HKLM\..\RunOnce: [mfcjf.exe] C:\WINDOWS\mfcjf.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [netor.exe] C:\WINDOWS\netor.exe
O4 - HKLM\..\RunOnce: [ipug32.exe] C:\WINDOWS\ipug32.exe
O4 - HKLM\..\RunOnce: [netid32.exe] C:\WINDOWS\system32\netid32.exe
O4 - HKLM\..\RunOnce: [addnz32.exe] C:\WINDOWS\addnz32.exe
O4 - HKLM\..\RunOnce: [ipqt32.exe] C:\WINDOWS\system32\ipqt32.exe
O4 - HKLM\..\RunOnce: [mfcar.exe] C:\WINDOWS\system32\mfcar.exe
O4 - HKLM\..\RunOnce: [javaqg32.exe] C:\WINDOWS\javaqg32.exe
O4 - HKLM\..\RunOnce: [ieoo.exe] C:\WINDOWS\ieoo.exe
O4 - HKLM\..\RunOnce: [appks32.exe] C:\WINDOWS\system32\appks32.exe
O4 - HKLM\..\RunOnce: [systs.exe] C:\WINDOWS\systs.exe
O4 - HKLM\..\RunOnce: [winhp32.exe] C:\WINDOWS\system32\winhp32.exe
O4 - HKLM\..\RunOnce: [sysom32.exe] C:\WINDOWS\sysom32.exe
O4 - HKLM\..\RunOnce: [javasi32.exe] C:\WINDOWS\javasi32.exe
O4 - HKLM\..\RunOnce: [winvu32.exe] C:\WINDOWS\system32\winvu32.exe
O4 - HKLM\..\RunOnce: [atlay.exe] C:\WINDOWS\system32\atlay.exe
O4 - HKLM\..\RunOnce: [appby32.exe] C:\WINDOWS\appby32.exe
O4 - HKLM\..\RunOnce: [addpv32.exe] C:\WINDOWS\system32\addpv32.exe
O4 - HKLM\..\RunOnce: [d3ua32.exe] C:\WINDOWS\system32\d3ua32.exe
O4 - HKLM\..\RunOnce: [appxl32.exe] C:\WINDOWS\system32\appxl32.exe
O4 - HKLM\..\RunOnce: [apicq.exe] C:\WINDOWS\apicq.exe
O4 - HKLM\..\RunOnce: [atldq32.exe] C:\WINDOWS\system32\atldq32.exe
O4 - HKLM\..\RunOnce: [atlrn.exe] C:\WINDOWS\atlrn.exe
O4 - HKLM\..\RunOnce: [mfcxb.exe] C:\WINDOWS\mfcxb.exe
O4 - HKLM\..\RunOnce: [mslg.exe] C:\WINDOWS\system32\mslg.exe
O4 - HKLM\..\RunOnce: [mfcfr.exe] C:\WINDOWS\mfcfr.exe
O4 - HKLM\..\RunOnce: [appuy.exe] C:\WINDOWS\appuy.exe
O4 - HKLM\..\RunOnce: [msfr32.exe] C:\WINDOWS\system32\msfr32.exe
O4 - HKLM\..\RunOnce: [ieqk.exe] C:\WINDOWS\system32\ieqk.exe
O4 - HKLM\..\RunOnce: [appuo.exe] C:\WINDOWS\appuo.exe
O4 - HKLM\..\RunOnce: [neteh32.exe] C:\WINDOWS\system32\neteh32.exe
O4 - HKLM\..\RunOnce: [javadx.exe] C:\WINDOWS\javadx.exe
O4 - HKLM\..\RunOnce: [iezt32.exe] C:\WINDOWS\iezt32.exe
O4 - HKLM\..\RunOnce: [crib.exe] C:\WINDOWS\crib.exe
O4 - HKLM\..\RunOnce: [d3wq32.exe] C:\WINDOWS\d3wq32.exe
O4 - HKLM\..\RunOnce: [crkn32.exe] C:\WINDOWS\system32\crkn32.exe
O4 - HKLM\..\RunOnce: [nethr32.exe] C:\WINDOWS\nethr32.exe
O4 - HKLM\..\RunOnce: [mfcfm.exe] C:\WINDOWS\mfcfm.exe
O4 - HKLM\..\RunOnce: [ieem32.exe] C:\WINDOWS\ieem32.exe
O4 - HKLM\..\RunOnce: [apilb.exe] C:\WINDOWS\apilb.exe
O4 - HKLM\..\RunOnce: [ipkq.exe] C:\WINDOWS\system32\ipkq.exe
O4 - HKLM\..\RunOnce: [javacj.exe] C:\WINDOWS\javacj.exe
O4 - HKLM\..\RunOnce: [javawd32.exe] C:\WINDOWS\javawd32.exe
O4 - HKLM\..\RunOnce: [mfcqw32.exe] C:\WINDOWS\system32\mfcqw32.exe
O4 - HKLM\..\RunOnce: [apipm32.exe] C:\WINDOWS\system32\apipm32.exe
O4 - HKLM\..\RunOnce: [javaze32.exe] C:\WINDOWS\javaze32.exe
O4 - HKLM\..\RunOnce: [atlzm.exe] C:\WINDOWS\system32\atlzm.exe
O4 - HKLM\..\RunOnce: [sysdq.exe] C:\WINDOWS\sysdq.exe
O4 - HKLM\..\RunOnce: [apiso32.exe] C:\WINDOWS\system32\apiso32.exe
O4 - HKLM\..\RunOnce: [ntjv.exe] C:\WINDOWS\system32\ntjv.exe
O4 - HKLM\..\RunOnce: [msnz32.exe] C:\WINDOWS\msnz32.exe
O4 - HKLM\..\RunOnce: [javawa.exe] C:\WINDOWS\javawa.exe
O4 - HKLM\..\RunOnce: [crcw32.exe] C:\WINDOWS\crcw32.exe
O4 - HKLM\..\RunOnce: [javaql32.exe] C:\WINDOWS\system32\javaql32.exe
O4 - HKLM\..\RunOnce: [mfcvp32.exe] C:\WINDOWS\system32\mfcvp32.exe
O4 - HKLM\..\RunOnce: [crqb32.exe] C:\WINDOWS\system32\crqb32.exe
O4 - HKLM\..\RunOnce: [iedf32.exe] C:\WINDOWS\iedf32.exe
O4 - HKLM\..\RunOnce: [netdf.exe] C:\WINDOWS\system32\netdf.exe
O4 - HKLM\..\RunOnce: [atlhr.exe] C:\WINDOWS\atlhr.exe
O4 - HKLM\..\RunOnce: [ntwg32.exe] C:\WINDOWS\system32\ntwg32.exe
O4 - HKLM\..\RunOnce: [d3mo.exe] C:\WINDOWS\d3mo.exe
O4 - HKLM\..\RunOnce: [winqs32.exe] C:\WINDOWS\winqs32.exe
O4 - HKLM\..\RunOnce: [msas.exe] C:\WINDOWS\msas.exe
O4 - HKLM\..\RunOnce: [iefp32.exe] C:\WINDOWS\iefp32.exe
O4 - HKLM\..\RunOnce: [ieum32.exe] C:\WINDOWS\system32\ieum32.exe
O4 - HKLM\..\RunOnce: [ntzi32.exe] C:\WINDOWS\system32\ntzi32.exe
O4 - HKLM\..\RunOnce: [sdkzw.exe] C:\WINDOWS\system32\sdkzw.exe
O4 - HKLM\..\RunOnce: [sdkti32.exe] C:\WINDOWS\system32\sdkti32.exe
O4 - HKLM\..\RunOnce: [atlnj32.exe] C:\WINDOWS\atlnj32.exe
O4 - HKLM\..\RunOnce: [mfcur.exe] C:\WINDOWS\mfcur.exe
O4 - HKLM\..\RunOnce: [appvr.exe] C:\WINDOWS\system32\appvr.exe
O4 - HKLM\..\RunOnce: [ntlg32.exe] C:\WINDOWS\ntlg32.exe
O4 - HKLM\..\RunOnce: [d3jw32.exe] C:\WINDOWS\d3jw32.exe
O4 - HKLM\..\RunOnce: [javaez.exe] C:\WINDOWS\system32\javaez.exe
O4 - HKLM\..\RunOnce: [mfcdp32.exe] C:\WINDOWS\mfcdp32.exe
O4 - HKLM\..\RunOnce: [atlqy32.exe] C:\WINDOWS\system32\atlqy32.exe
O4 - HKLM\..\RunOnce: [winte32.exe] C:\WINDOWS\winte32.exe
O4 - HKLM\..\RunOnce: [addbm.exe] C:\WINDOWS\system32\addbm.exe
O4 - HKLM\..\RunOnce: [wincn.exe] C:\WINDOWS\wincn.exe
O4 - HKLM\..\RunOnce: [apirc32.exe] C:\WINDOWS\system32\apirc32.exe
O4 - HKLM\..\RunOnce: [sdkpj32.exe] C:\WINDOWS\system32\sdkpj32.exe
O4 - HKLM\..\RunOnce: [ipkv.exe] C:\WINDOWS\ipkv.exe
O4 - HKLM\..\RunOnce: [addjl32.exe] C:\WINDOWS\addjl32.exe
O4 - HKLM\..\RunOnce: [mfcvb.exe] C:\WINDOWS\mfcvb.exe
O4 - HKLM\..\RunOnce: [msia32.exe] C:\WINDOWS\system32\msia32.exe
O4 - HKLM\..\RunOnce: [iehi.exe] C:\WINDOWS\system32\iehi.exe
O4 - HKLM\..\RunOnce: [msqi.exe] C:\WINDOWS\system32\msqi.exe
O4 - HKLM\..\RunOnce: [appgy32.exe] C:\WINDOWS\appgy32.exe
O4 - HKLM\..\RunOnce: [ipqw32.exe] C:\WINDOWS\system32\ipqw32.exe
O4 - HKLM\..\RunOnce: [ieli32.exe] C:\WINDOWS\system32\ieli32.exe
O4 - HKLM\..\RunOnce: [addpm.exe] C:\WINDOWS\addpm.exe
O4 - HKLM\..\RunOnce: [sysym32.exe] C:\WINDOWS\system32\sysym32.exe
O4 - HKLM\..\RunOnce: [sysnj32.exe] C:\WINDOWS\sysnj32.exe
O4 - HKLM\..\RunOnce: [sdksg.exe] C:\WINDOWS\sdksg.exe
O4 - HKLM\..\RunOnce: [netvs.exe] C:\WINDOWS\netvs.exe
O4 - HKLM\..\RunOnce: [crlh32.exe] C:\WINDOWS\system32\crlh32.exe
O4 - HKLM\..\RunOnce: [sysbo32.exe] C:\WINDOWS\system32\sysbo32.exe
O4 - HKLM\..\RunOnce: [mswa.exe] C:\WINDOWS\system32\mswa.exe
O4 - HKLM\..\RunOnce: [ipvq32.exe] C:\WINDOWS\system32\ipvq32.exe
O4 - HKLM\..\RunOnce: [atltx32.exe] C:\WINDOWS\atltx32.exe
O4 - HKLM\..\RunOnce: [mfctn.exe] C:\WINDOWS\mfctn.exe
O4 - HKLM\..\RunOnce: [atlcn.exe] C:\WINDOWS\system32\atlcn.exe
O4 - HKLM\..\RunOnce: [ntrc32.exe] C:\WINDOWS\ntrc32.exe
O4 - HKLM\..\RunOnce: [d3ik32.exe] C:\WINDOWS\d3ik32.exe
O4 - HKLM\..\RunOnce: [javadw.exe] C:\WINDOWS\system32\javadw.exe
O4 - HKLM\..\RunOnce: [apicl32.exe] C:\WINDOWS\apicl32.exe
O4 - HKLM\..\RunOnce: [appfp.exe] C:\WINDOWS\system32\appfp.exe
O4 - HKLM\..\RunOnce: [msef32.exe] C:\WINDOWS\system32\msef32.exe
O4 - HKLM\..\RunOnce: [sdkuu.exe] C:\WINDOWS\sdkuu.exe
O4 - HKLM\..\RunOnce: [ipyw.exe] C:\WINDOWS\ipyw.exe
O4 - HKLM\..\RunOnce: [crta32.exe] C:\WINDOWS\system32\crta32.exe
O4 - HKLM\..\RunOnce: [sdkla.exe] C:\WINDOWS\sdkla.exe
O4 - HKLM\..\RunOnce: [sdkrx32.exe] C:\WINDOWS\system32\sdkrx32.exe
O4 - HKLM\..\RunOnce: [sdkfu32.exe] C:\WINDOWS\sdkfu32.exe
O4 - HKLM\..\RunOnce: [atlkq32.exe] C:\WINDOWS\atlkq32.exe
O4 - HKLM\..\RunOnce: [javafc32.exe] C:\WINDOWS\javafc32.exe
O4 - HKLM\..\RunOnce: [d3kg32.exe] C:\WINDOWS\system32\d3kg32.exe
O4 - HKLM\..\RunOnce: [msmx32.exe] C:\WINDOWS\msmx32.exe
O4 - HKLM\..\RunOnce: [windf.exe] C:\WINDOWS\system32\windf.exe
O4 - HKLM\..\RunOnce: [mfczj32.exe] C:\WINDOWS\system32\mfczj32.exe
O4 - HKLM\..\RunOnce: [appqj.exe] C:\WINDOWS\system32\appqj.exe
O4 - HKLM\..\RunOnce: [appwg32.exe] C:\WINDOWS\system32\appwg32.exe
O4 - HKLM\..\RunOnce: [appkd32.exe] C:\WINDOWS\appkd32.exe
O4 - HKLM\..\RunOnce: [d3pz32.exe] C:\WINDOWS\system32\d3pz32.exe
O4 - HKLM\..\RunOnce: [atlkl32.exe] C:\WINDOWS\atlkl32.exe
O4 - HKLM\..\RunOnce: [netpp32.exe] C:\WINDOWS\system32\netpp32.exe
O4 - HKLM\..\RunOnce: [iepx.exe] C:\WINDOWS\iepx.exe
O4 - HKLM\..\RunOnce: [crtb32.exe] C:\WINDOWS\system32\crtb32.exe
O4 - HKLM\..\RunOnce: [netrr.exe] C:\WINDOWS\netrr.exe
O4 - HKLM\..\RunOnce: [addqg32.exe] C:\WINDOWS\addqg32.exe
O4 - HKLM\..\RunOnce: [msgw32.exe] C:\WINDOWS\system32\msgw32.exe
O4 - HKLM\..\RunOnce: [ieoe.exe] C:\WINDOWS\system32\ieoe.exe
O4 - HKLM\..\RunOnce: [d3pe.exe] C:\WINDOWS\d3pe.exe
O4 - HKLM\..\RunOnce: [appeb.exe] C:\WINDOWS\system32\appeb.exe
O4 - HKLM\..\RunOnce: [sysui32.exe] C:\WINDOWS\system32\sysui32.exe
O4 - HKLM\..\RunOnce: [addnc.exe] C:\WINDOWS\addnc.exe
O4 - HKLM\..\RunOnce: [apijg32.exe] C:\WINDOWS\apijg32.exe
O4 - HKLM\..\RunOnce: [appsg.exe] C:\WINDOWS\appsg.exe
O4 - HKLM\..\RunOnce: [ielx.exe] C:\WINDOWS\system32\ielx.exe
O4 - HKLM\..\RunOnce: [javapb.exe] C:\WINDOWS\javapb.exe
O4 - HKLM\..\RunOnce: [winfy32.exe] C:\WINDOWS\system32\winfy32.exe
O4 - HKLM\..\RunOnce: [atlvf.exe] C:\WINDOWS\system32\atlvf.exe
O4 - HKLM\..\RunOnce: [ntzj32.exe] C:\WINDOWS\ntzj32.exe
O4 - HKLM\..\RunOnce: [apijk.exe] C:\WINDOWS\system32\apijk.exe
O4 - HKLM\..\RunOnce: [netoh32.exe] C:\WINDOWS\netoh32.exe
O4 - HKLM\..\RunOnce: [apidd32.exe] C:\WINDOWS\system32\apidd32.exe
O4 - HKLM\..\RunOnce: [winha32.exe] C:\WINDOWS\system32\winha32.exe
O4 - HKLM\..\RunOnce: [netdl.exe] C:\WINDOWS\system32\netdl.exe
O4 - HKLM\..\RunOnce: [atlgp32.exe] C:\WINDOWS\atlgp32.exe
O4 - HKLM\..\RunOnce: [ieff.exe] C:\WINDOWS\system32\ieff.exe
O4 - HKLM\..\RunOnce: [sdkev32.exe] C:\WINDOWS\system32\sdkev32.exe
O4 - HKLM\..\RunOnce: [apiuk32.exe] C:\WINDOWS\apiuk32.exe
O4 - HKLM\..\RunOnce: [netcs.exe] C:\WINDOWS\netcs.exe
O4 - HKLM\..\RunOnce: [mfccs.exe] C:\WINDOWS\system32\mfccs.exe
O4 - HKLM\..\RunOnce: [javasq32.exe] C:\WINDOWS\javasq32.exe
O4 - HKLM\..\RunOnce: [ieqx32.exe] C:\WINDOWS\ieqx32.exe
O4 - HKLM\..\RunOnce: [d3lb.exe] C:\WINDOWS\d3lb.exe
O4 - HKLM\..\RunOnce: [netkq32.exe] C:\WINDOWS\netkq32.exe
O4 - HKLM\..\RunOnce: [appag32.exe] C:\WINDOWS\system32\appag32.exe
O4 - HKLM\..\RunOnce: [atlio.exe] C:\WINDOWS\system32\atlio.exe
O4 - HKLM\..\RunOnce: [d3wq.exe] C:\WINDOWS\d3wq.exe
O4 - HKLM\..\RunOnce: [sdksu32.exe] C:\WINDOWS\system32\sdksu32.exe
O4 - HKLM\..\RunOnce: [apiqk.exe] C:\WINDOWS\system32\apiqk.exe
O4 - HKLM\..\RunOnce: [syspz32.exe] C:\WINDOWS\syspz32.exe
O4 - HKLM\..\RunOnce: [crgp32.exe] C:\WINDOWS\system32\crgp32.exe
O4 - HKLM\..\RunOnce: [d3nx.exe] C:\WINDOWS\system32\d3nx.exe
O4 - HKLM\..\RunOnce: [crox.exe] C:\WINDOWS\crox.exe
O4 - HKLM\..\RunOnce: [windu32.exe] C:\WINDOWS\system32\windu32.exe
O4 - HKLM\..\RunOnce: [mfccc32.exe] C:\WINDOWS\system32\mfccc32.exe
O4 - HKLM\..\RunOnce: [appxf.exe] C:\WINDOWS\appxf.exe
O4 - HKLM\..\RunOnce: [iebr.exe] C:\WINDOWS\system32\iebr.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\mfcqh32.exe
O4 - HKLM\..\RunOnce: [ntgo.exe] C:\WINDOWS\ntgo.exe
O4 - HKLM\..\RunOnce: [d3ks32.exe] C:\WINDOWS\system32\d3ks32.exe
O4 - HKLM\..\RunOnce: [sdkut.exe] C:\WINDOWS\sdkut.exe
O4 - HKLM\..\RunOnce: [javaap32.exe] C:\WINDOWS\system32\javaap32.exe
O4 - HKLM\..\RunOnce: [sdkom32.exe] C:\WINDOWS\sdkom32.exe
O4 - HKLM\..\RunOnce: [mfcti32.exe] C:\WINDOWS\mfcti32.exe
O4 - HKLM\..\RunOnce: [javaou32.exe] C:\WINDOWS\javaou32.exe
O4 - HKLM\..\RunOnce: [msby.exe] C:\WINDOWS\system32\msby.exe
O4 - HKLM\..\RunOnce: [d3bz32.exe] C:\WINDOWS\d3bz32.exe
O4 - HKLM\..\RunOnce: [crqw32.exe] C:\WINDOWS\system32\crqw32.exe
O4 - HKLM\..\RunOnce: [mspb.exe] C:\WINDOWS\mspb.exe
O4 - HKLM\..\RunOnce: [javafq.exe] C:\WINDOWS\javafq.exe
O4 - HKLM\..\RunOnce: [netpj32.exe] C:\WINDOWS\system32\netpj32.exe
O4 - HKLM\..\RunOnce: [ipjc.exe] C:\WINDOWS\system32\ipjc.exe
O4 - HKLM\..\RunOnce: [crfy.exe] C:\WINDOWS\crfy.exe
O4 - HKLM\..\RunOnce: [sysxz32.exe] C:\WINDOWS\system32\sysxz32.exe
O4 - HKLM\..\RunOnce: [appnh.exe] C:\WINDOWS\appnh.exe
O4 - HKLM\..\RunOnce: [iprl.exe] C:\WINDOWS\iprl.exe
O4 - HKLM\..\RunOnce: [javacl32.exe] C:\WINDOWS\javacl32.exe
O4 - HKLM\..\RunOnce: [iest.exe] C:\WINDOWS\iest.exe
O4 - HKLM\..\RunOnce: [appwx32.exe] C:\WINDOWS\appwx32.exe
O4 - HKLM\..\RunOnce: [sysgx.exe] C:\WINDOWS\sysgx.exe
O4 - HKLM\..\RunOnce: [winlu32.exe] C:\WINDOWS\winlu32.exe
O4 - HKLM\..\RunOnce: [sysar32.exe] C:\WINDOWS\system32\sysar32.exe
O4 - HKLM\..\RunOnce: [javafn32.exe] C:\WINDOWS\javafn32.exe
O4 - HKLM\..\RunOnce: [winiz32.exe] C:\WINDOWS\system32\winiz32.exe
O4 - HKLM\..\RunOnce: [atlmd.exe] C:\WINDOWS\atlmd.exe
O4 - HKLM\..\RunOnce: [appne32.exe] C:\WINDOWS\system32\appne32.exe
O4 - HKLM\..\RunOnce: [addca32.exe] C:\WINDOWS\addca32.exe
O4 - HKLM\..\RunOnce: [d3gx32.exe] C:\WINDOWS\system32\d3gx32.exe
O4 - HKLM\..\RunOnce: [appbi32.exe] C:\WINDOWS\appbi32.exe
O4 - HKLM\..\RunOnce: [sysup32.exe] C:\WINDOWS\sysup32.exe
O4 - HKLM\..\RunOnce: [crkw.exe] C:\WINDOWS\system32\crkw.exe
O4 - HKLM\..\RunOnce: [netjm32.exe] C:\WINDOWS\system32\netjm32.exe
O4 - HKLM\..\RunOnce: [apphb32.exe] C:\WINDOWS\apphb32.exe
O4 - HKLM\..\RunOnce: [atlhj.exe] C:\WINDOWS\atlhj.exe
O4 - HKLM\..\RunOnce: [addqs.exe] C:\WINDOWS\addqs.exe
O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\system32\ipfh.exe
O4 - HKLM\..\RunOnce: [mfcuo32.exe] C:\WINDOWS\mfcuo32.exe
O4 - HKLM\..\RunOnce: [netoh.exe] C:\WINDOWS\netoh.exe
O4 - HKLM\..\RunOnce: [javakl32.exe] C:\WINDOWS\system32\javakl32.exe
O4 - HKLM\..\RunOnce: [iptm.exe] C:\WINDOWS\iptm.exe
O4 - HKLM\..\RunOnce: [ipnf32.exe] C:\WINDOWS\ipnf32.exe
O4 - HKLM\..\RunOnce: [appsb32.exe] C:\WINDOWS\appsb32.exe
O4 - HKLM\..\RunOnce: [ntvn32.exe] C:\WINDOWS\ntvn32.exe
O4 - HKLM\..\RunOnce: [cras.exe] C:\WINDOWS\system32\cras.exe
O4 - HKLM\..\RunOnce: [javabs32.exe] C:\WINDOWS\javabs32.exe
O4 - HKLM\..\RunOnce: [sdkpp32.exe] C:\WINDOWS\system32\sdkpp32.exe
O4 - HKLM\..\RunOnce: [mfcul32.exe] C:\WINDOWS\system32\mfcul32.exe
O4 - HKLM\..\RunOnce: [javaxx32.exe] C:\WINDOWS\system32\javaxx32.exe
O4 - HKLM\..\RunOnce: [mscb.exe] C:\WINDOWS\mscb.exe
O4 - HKLM\..\RunOnce: [d3db32.exe] C:\WINDOWS\system32\d3db32.exe
O4 - HKLM\..\RunOnce: [netwa.exe] C:\WINDOWS\netwa.exe
O4 - HKLM\..\RunOnce: [msrm.exe] C:\WINDOWS\system32\msrm.exe
O4 - HKLM\..\RunOnce: [javagt.exe] C:\WINDOWS\system32\javagt.exe
O4 - HKLM\..\RunOnce: [netrm32.exe] C:\WINDOWS\netrm32.exe
O4 - HKLM\..\RunOnce: [ipkf32.exe] C:\WINDOWS\ipkf32.exe
O4 - HKLM\..\RunOnce: [apppb32.exe] C:\WINDOWS\system32\apppb32.exe
O4 - HKLM\..\RunOnce: [ntkn.exe] C:\WINDOWS\ntkn.exe
O4 - HKLM\..\RunOnce: [apioz32.exe] C:\WINDOWS\apioz32.exe
O4 - HKLM\..\RunOnce: [winmo.exe] C:\WINDOWS\system32\winmo.exe
O4 - HKLM\..\RunOnce: [crlw32.exe] C:\WINDOWS\crlw32.exe
O4 - HKLM\..\RunOnce: [ipbl32.exe] C:\WINDOWS\system32\ipbl32.exe
O4 - HKLM\..\RunOnce: [ntjb.exe] C:\WINDOWS\system32\ntjb.exe
O4 - HKLM\..\RunOnce: [netkc.exe] C:\WINDOWS\netkc.exe
O4 - HKLM\..\RunOnce: [d3zr32.exe] C:\WINDOWS\system32\d3zr32.exe
O4 - HKLM\..\RunOnce: [netsk32.exe] C:\WINDOWS\system32\netsk32.exe
O4 - HKLM\..\RunOnce: [ipss.exe] C:\WINDOWS\system32\ipss.exe
O4 - HKLM\..\RunOnce: [apiba.exe] C:\WINDOWS\system32\apiba.exe
O4 - HKLM\..\RunOnce: [crqq32.exe] C:\WINDOWS\crqq32.exe
O4 - HKLM\..\RunOnce: [syshx32.exe] C:\WINDOWS\system32\syshx32.exe
O4 - HKLM\..\RunOnce: [ipjq32.exe] C:\WINDOWS\system32\ipjq32.exe
O4 - HKLM\..\RunOnce: [atlzg32.exe] C:\WINDOWS\atlzg32.exe
O4 - HKLM\..\RunOnce: [iemq32.exe] C:\WINDOWS\iemq32.exe
O4 - HKLM\..\RunOnce: [javacf32.exe] C:\WINDOWS\system32\javacf32.exe
O4 - HKLM\..\RunOnce: [crkn.exe] C:\WINDOWS\system32\crkn.exe
O4 - HKLM\..\RunOnce: [javalo.exe] C:\WINDOWS\javalo.exe
O4 - HKLM\..\RunOnce: [winad32.exe] C:\WINDOWS\system32\winad32.exe
O4 - HKLM\..\RunOnce: [atlys32.exe] C:\WINDOWS\system32\atlys32.exe
O4 - HKLM\..\RunOnce: [addtw.exe] C:\WINDOWS\addtw.exe
O4 - HKLM\..\RunOnce: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\RunOnce: [ipjb.exe] C:\WINDOWS\ipjb.exe
O4 - HKLM\..\RunOnce: [appqr32.exe] C:\WINDOWS\appqr32.exe
O4 - HKLM\..\RunOnce: [iegy32.exe] C:\WINDOWS\system32\iegy32.exe
O4 - HKLM\..\RunOnce: [sysgo32.exe] C:\WINDOWS\system32\sysgo32.exe
O4 - HKLM\..\RunOnce: [mfcph32.exe] C:\WINDOWS\mfcph32.exe
O4 - HKLM\..\RunOnce: [d3yn.exe] C:\WINDOWS\system32\d3yn.exe
O4 - HKLM\..\RunOnce: [msdj32.exe] C:\WINDOWS\system32\msdj32.exe
O4 - HKLM\..\RunOnce: [ipdj.exe] C:\WINDOWS\system32\ipdj.exe
O4 - HKLM\..\RunOnce: [atltz.exe] C:\WINDOWS\atltz.exe
O4 - HKLM\..\RunOnce: [msgb32.exe] C:\WINDOWS\system32\msgb32.exe
O4 - HKLM\..\RunOnce: [winge.exe] C:\WINDOWS\winge.exe
O4 - HKLM\..\RunOnce: [javank.exe] C:\WINDOWS\system32\javank.exe
O4 - HKLM\..\RunOnce: [mfcms32.exe] C:\WINDOWS\system32\mfcms32.exe
O4 - HKLM\..\RunOnce: [crth32.exe] C:\WINDOWS\system32\crth32.exe
O4 - HKLM\..\RunOnce: [apiuy.exe] C:\WINDOWS\system32\apiuy.exe
O4 - HKLM\..\RunOnce: [netau.exe] C:\WINDOWS\system32\netau.exe
O4 - HKLM\..\RunOnce: [sysgr.exe] C:\WINDOWS\sysgr.exe
O4 - HKLM\..\RunOnce: [ipac.exe] C:\WINDOWS\system32\ipac.exe
O4 - HKLM\..\RunOnce: [mfcpr.exe] C:\WINDOWS\system32\mfcpr.exe
O4 - HKLM\..\RunOnce: [sysak32.exe] C:\WINDOWS\sysak32.exe
O4 - HKLM\..\RunOnce: [wintv.exe] C:\WINDOWS\wintv.exe
O4 - HKLM\..\RunOnce: [apixz.exe] C:\WINDOWS\system32\apixz.exe
O4 - HKLM\..\RunOnce: [ntia32.exe] C:\WINDOWS\ntia32.exe
O4 - HKLM\..\RunOnce: [d3yi.exe] C:\WINDOWS\d3yi.exe
O4 - HKLM\..\RunOnce: [wincm32.exe] C:\WINDOWS\system32\wincm32.exe
O4 - HKLM\..\RunOnce: [msmm.exe] C:\WINDOWS\system32\msmm.exe
O4 - HKLM\..\RunOnce: [ierj32.exe] C:\WINDOWS\system32\ierj32.exe
O4 - HKLM\..\RunOnce: [msgg32.exe] C:\WINDOWS\msgg32.exe
O4 - HKLM\..\RunOnce: [ntlc32.exe] C:\WINDOWS\ntlc32.exe
O4 - HKLM\..\RunOnce: [iego32.exe] C:\WINDOWS\iego32.exe
O4 - HKLM\..\RunOnce: [addss.exe] C:\WINDOWS\system32\addss.exe
O4 - HKLM\..\RunOnce: [wints32.exe] C:\WINDOWS\wints32.exe
O4 - HKLM\..\RunOnce: [sysip32.exe] C:\WINDOWS\system32\sysip32.exe
O4 - HKLM\..\RunOnce: [javaml32.exe] C:\WINDOWS\system32\javaml32.exe
O4 - HKLM\..\RunOnce: [winhx32.exe] C:\WINDOWS\system32\winhx32.exe
O4 - HKLM\..\RunOnce: [atlmb.exe] C:\WINDOWS\atlmb.exe
O4 - HKLM\..\RunOnce: [sdkqt.exe] C:\WINDOWS\sdkqt.exe
O4 - HKLM\..\RunOnce: [mfcpb32.exe] C:\WINDOWS\system32\mfcpb32.exe
O4 - HKLM\..\RunOnce: [winnq32.exe] C:\WINDOWS\winnq32.exe
O4 - HKLM\..\RunOnce: [addng.exe] C:\WINDOWS\addng.exe
O4 - HKLM\..\RunOnce: [sysvg.exe] C:\WINDOWS\system32\sysvg.exe
O4 - HKLM\..\RunOnce: [apilw32.exe] C:\WINDOWS\apilw32.exe
O4 - HKLM\..\RunOnce: [sdkbd32.exe] C:\WINDOWS\sdkbd32.exe
O4 - HKLM\..\RunOnce: [netwp.exe] C:\WINDOWS\system32\netwp.exe
O4 - HKLM\..\RunOnce: [addvw32.exe] C:\WINDOWS\system32\addvw32.exe
O4 - HKLM\..\RunOnce: [mstm.exe] C:\WINDOWS\mstm.exe
O4 - HKLM\..\RunOnce: [ntsc32.exe] C:\WINDOWS\system32\ntsc32.exe
O4 - HKLM\..\RunOnce: [atljr32.exe] C:\WINDOWS\atljr32.exe
O4 - HKLM\..\RunOnce: [mfcqz32.exe] C:\WINDOWS\mfcqz32.exe
O4 - HKLM\..\RunOnce: [sdkaa32.exe] C:\WINDOWS\system32\sdkaa32.exe
O4 - HKLM\..\RunOnce: [appai.exe] C:\WINDOWS\appai.exe
O4 - HKLM\..\RunOnce: [ieem.exe] C:\WINDOWS\system32\ieem.exe
O4 - HKLM\..\RunOnce: [netyx.exe] C:\WINDOWS\netyx.exe
O4 - HKLM\..\RunOnce: [atlnm.exe] C:\WINDOWS\atlnm.exe
O4 - HKLM\..\RunOnce: [ieyf32.exe] C:\WINDOWS\system32\ieyf32.exe
O4 - HKLM\..\RunOnce: [winjq.exe] C:\WINDOWS\system32\winjq.exe
O4 - HKLM\..\RunOnce: [mfcnu.exe] C:\WINDOWS\mfcnu.exe
O4 - HKLM\..\RunOnce: [ntyv32.exe] C:\WINDOWS\system32\ntyv32.exe
O4 - HKLM\..\RunOnce: [netbx32.exe] C:\WINDOWS\netbx32.exe
O4 - HKLM\..\RunOnce: [ipnq.exe] C:\WINDOWS\system32\ipnq.exe
O4 - HKLM\..\RunOnce: [crru32.exe] C:\WINDOWS\system32\crru32.exe
O4 - HKLM\..\RunOnce: [sdkau.exe] C:\WINDOWS\system32\sdkau.exe
O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\system32\sdkgr32.exe
O4 - HKLM\..\RunOnce: [sdkug32.exe] C:\WINDOWS\sdkug32.exe
O4 - HKLM\..\RunOnce: [atlzk32.exe] C:\WINDOWS\system32\atlzk32.exe
O4 - HKLM\..\RunOnce: [javacw32.exe] C:\WINDOWS\javacw32.exe
O4 - HKLM\..\RunOnce: [msha.exe] C:\WINDOWS\system32\msha.exe
O4 - HKLM\..\RunOnce: [cria32.exe] C:\WINDOWS\cria32.exe
O4 - HKLM\..\RunOnce: [crwx32.exe] C:\WINDOWS\system32\crwx32.exe
O4 - HKLM\..\RunOnce: [apibu.exe] C:\WINDOWS\apibu.exe
O4 - HKLM\..\RunOnce: [appfg.exe] C:\WINDOWS\system32\appfg.exe
O4 - HKLM\..\RunOnce: [ipuv32.exe] C:\WINDOWS\ipuv32.exe
O4 - HKLM\..\RunOnce: [crlc32.exe] C:\WINDOWS\crlc32.exe
O4 - HKLM\..\RunOnce: [sdkog.exe] C:\WINDOWS\system32\sdkog.exe
O4 - HKLM\..\RunOnce: [atlnw32.exe] C:\WINDOWS\system32\atlnw32.exe
O4 - HKLM\..\RunOnce: [sysdl32.exe] C:\WINDOWS\sysdl32.exe
O4 - HKLM\..\RunOnce: [windt.exe] C:\WINDOWS\system32\windt.exe
O4 - HKLM\..\RunOnce: [syslt.exe] C:\WINDOWS\syslt.exe
O4 - HKLM\..\RunOnce: [mfcbr32.exe] C:\WINDOWS\system32\mfcbr32.exe
O4 - HKLM\..\RunOnce: [ntry32.exe] C:\WINDOWS\system32\ntry32.exe
O4 - HKLM\..\RunOnce: [netuc.exe] C:\WINDOWS\netuc.exe
O4 - HKLM\..\RunOnce: [mfcql32.exe] C:\WINDOWS\mfcql32.exe
O4 - HKLM\..\RunOnce: [apptp.exe] C:\WINDOWS\system32\apptp.exe
O4 - HKLM\..\RunOnce: [d3sf32.exe] C:\WINDOWS\system32\d3sf32.exe
O4 - HKLM\..\RunOnce: [ntiu32.exe] C:\WINDOWS\ntiu32.exe
O4 - HKLM\..\RunOnce: [sdkic.exe] C:\WINDOWS\sdkic.exe
O4 - HKLM\..\RunOnce: [ntrc.exe] C:\WINDOWS\ntrc.exe
O4 - HKLM\..\RunOnce: [iega32.exe] C:\WINDOWS\iega32.exe
O4 - HKLM\..\RunOnce: [addwh32.exe] C:\WINDOWS\addwh32.exe
O4 - HKLM\..\RunOnce: [syszl.exe] C:\WINDOWS\syszl.exe
O4 - HKLM\..\RunOnce: [javaya32.exe] C:\WINDOWS\javaya32.exe
O4 - HKLM\..\RunOnce: [apipq32.exe] C:\WINDOWS\system32\apipq32.exe
O4 - HKLM\..\RunOnce: [netwy.exe] C:\WINDOWS\system32\netwy.exe
O4 - HKLM\..\RunOnce: [apixy.exe] C:\WINDOWS\apixy.exe
O4 - HKLM\..\RunOnce: [crnv.exe] C:\WINDOWS\system32\crnv.exe
O4 - HKLM\..\RunOnce: [ntcd32.exe] C:\WINDOWS\system32\ntcd32.exe
O4 - HKLM\..\RunOnce: [sdkvw.exe] C:\WINDOWS\sdkvw.exe
O4 - HKLM\..\RunOnce: [iera32.exe] C:\WINDOWS\iera32.exe
O4 - HKLM\..\RunOnce: [crja.exe] C:\WINDOWS\crja.exe
O4 - HKLM\..\RunOnce: [d3px32.exe] C:\WINDOWS\d3px32.exe
O4 - HKLM\..\RunOnce: [crdm32.exe] C:\WINDOWS\system32\crdm32.exe
O4 - HKLM\..\RunOnce: [apiiq32.exe] C:\WINDOWS\apiiq32.exe
O4 - HKLM\..\RunOnce: [d3dc32.exe] C:\WINDOWS\system32\d3dc32.exe
O4 - HKLM\..\RunOnce: [ipcp32.exe] C:\WINDOWS\system32\ipcp32.exe
O4 - HKLM\..\RunOnce: [winwi32.exe] C:\WINDOWS\winwi32.exe
O4 - HKLM\..\RunOnce: [adddq.exe] C:\WINDOWS\adddq.exe
O4 - HKLM\..\RunOnce: [winez.exe] C:\WINDOWS\system32\winez.exe
O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\netuo32.exe
O4 - HKLM\..\RunOnce: [sdksv32.exe] C:\WINDOWS\sdksv32.exe
O4 - HKLM\..\RunOnce: [ipnz.exe] C:\WINDOWS\system32\ipnz.exe
O4 - HKLM\..\RunOnce: [appmp32.exe] C:\WINDOWS\system32\appmp32.exe
O4 - HKLM\..\RunOnce: [msce32.exe] C:\WINDOWS\msce32.exe
O4 - HKLM\..\RunOnce: [iekm.exe] C:\WINDOWS\system32\iekm.exe
O4 - HKLM\..\RunOnce: [mslm.exe] C:\WINDOWS\mslm.exe
O4 - HKLM\..\RunOnce: [atlak32.exe] C:\WINDOWS\system32\atlak32.exe
O4 - HKLM\..\RunOnce: [netyr32.exe] C:\WINDOWS\system32\netyr32.exe
O4 - HKLM\..\RunOnce: [mfcuv.exe] C:\WINDOWS\mfcuv.exe
O4 - HKLM\..\RunOnce: [syssl32.exe] C:\WINDOWS\syssl32.exe
O4 - HKLM\..\RunOnce: [crja32.exe] C:\WINDOWS\system32\crja32.exe
O4 - HKLM\..\RunOnce: [crri.exe] C:\WINDOWS\system32\crri.exe
O4 - HKLM\..\RunOnce: [d3wf32.exe] C:\WINDOWS\system32\d3wf32.exe
O4 - HKLM\..\RunOnce: [d3lb32.exe] C:\WINDOWS\d3lb32.exe
O4 - HKLM\..\RunOnce: [netqy32.exe] C:\WINDOWS\netqy32.exe
O4 - HKLM\..\RunOnce: [d3lj32.exe] C:\WINDOWS\d3lj32.exe
O4 - HKLM\..\RunOnce: [syspo.exe] C:\WINDOWS\system32\syspo.exe
O4 - HKLM\..\RunOnce: [ntdq.exe] C:\WINDOWS\ntdq.exe
O4 - HKLM\..\RunOnce: [apihu.exe] C:\WINDOWS\apihu.exe
O4 - HKLM\..\RunOnce: [crxr32.exe] C:\WINDOWS\system32\crxr32.exe
O4 - HKLM\..\RunOnce: [ievz.exe] C:\WINDOWS\system32\ievz.exe
O4 - HKLM\..\RunOnce: [apprd32.exe] C:\WINDOWS\system32\apprd32.exe
O4 - HKLM\..\RunOnce: [winad.exe] C:\WINDOWS\system32\winad.exe
O4 - HKLM\..\RunOnce: [addga32.exe] C:\WINDOWS\system32\addga32.exe
O4 - HKLM\..\RunOnce: [winvp32.exe] C:\WINDOWS\winvp32.exe
O4 - HKLM\..\RunOnce: [javazt32.exe] C:\WINDOWS\system32\javazt32.exe
O4 - HKLM\..\RunOnce: [addcf32.exe] C:\WINDOWS\addcf32.exe
O4 - HKLM\..\RunOnce: [mfchj32.exe] C:\WINDOWS\mfchj32.exe
O4 - HKLM\..\RunOnce: [d3hj.exe] C:\WINDOWS\d3hj.exe
O4 - HKLM\..\RunOnce: [sdklv.exe] C:\WINDOWS\sdklv.exe
O4 - HKLM\..\RunOnce: [ieak32.exe] C:\WINDOWS\system32\ieak32.exe
O4 - HKLM\..\RunOnce: [apprs.exe] C:\WINDOWS\system32\apprs.exe
O4 - HKLM\..\RunOnce: [netvw32.exe] C:\WINDOWS\system32\netvw32.exe
O4 - HKLM\..\RunOnce: [atlew.exe] C:\WINDOWS\system32\atlew.exe
O4 - HKLM\..\RunOnce: [mfckt32.exe] C:\WINDOWS\system32\mfckt32.exe
O4 - HKLM\..\RunOnce: [sdkeb.exe] C:\WINDOWS\system32\sdkeb.exe
O4 - HKLM\..\RunOnce: [mfcyq32.exe] C:\WINDOWS\system32\mfcyq32.exe
O4 - HKLM\..\RunOnce: [netyv.exe] C:\WINDOWS\netyv.exe
O4 - HKLM\..\RunOnce: [atlnk.exe] C:\WINDOWS\atlnk.exe
O4 - HKLM\..\RunOnce: [ieyd32.exe] C:\WINDOWS\ieyd32.exe
O4 - HKLM\..\RunOnce: [winrw.exe] C:\WINDOWS\system32\winrw.exe
O4 - HKLM\..\RunOnce: [mfcvs.exe] C:\WINDOWS\mfcvs.exe
O4 - HKLM\..\RunOnce: [ipgt32.exe] C:\WINDOWS\system32\ipgt32.exe
O4 - HKLM\..\RunOnce: [crwb.exe] C:\WINDOWS\system32\crwb.exe
O4 - HKLM\..\RunOnce: [winmw.exe] C:\WINDOWS\system32\winmw.exe
O4 - HKLM\..\RunOnce: [sysaf.exe] C:\WINDOWS\sysaf.exe
O4 - HKLM\..\RunOnce: [winjr.exe] C:\WINDOWS\winjr.exe
O4 - HKLM\..\RunOnce: [atlkg32.exe] C:\WINDOWS\system32\atlkg32.exe
O4 - HKLM\..\RunOnce: [addoh32.exe] C:\WINDOWS\addoh32.exe
O4 - HKLM\..\RunOnce: [appza.exe] C:\WINDOWS\appza.exe
O4 - HKLM\..\RunOnce: [netde32.exe] C:\WINDOWS\system32\netde32.exe
O4 - HKLM\..\RunOnce: [javawd.exe] C:\WINDOWS\system32\javawd.exe
O4 - HKLM\..\RunOnce: [winid.exe] C:\WINDOWS\winid.exe
O4 - HKLM\..\RunOnce: [mfcnf.exe] C:\WINDOWS\system32\mfcnf.exe
O4 - HKLM\..\RunOnce: [apisb32.exe] C:\WINDOWS\system32\apisb32.exe
O4 - HKLM\..\RunOnce: [mfchy32.exe] C:\WINDOWS\mfchy32.exe
O4 - HKLM\..\RunOnce: [atlpl.exe] C:\WINDOWS\atlpl.exe
O4 - HKLM\..\RunOnce: [iemv32.exe] C:\WINDOWS\iemv32.exe
O4 - HKLM\..\RunOnce: [apipg32.exe] C:\WINDOWS\apipg32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\system32\idwlog.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4499/mcfscan.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntzy32.exe"  /s (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Thanks, again. :)

dlh6213 27 Posting Maven Team Colleague · Answer 2 · 2005-05-30T16:28:04+00:00

Well, that didn't help as much as I'd hoped. Try these steps; you'll need to be offline, so you may wish to print this (please read through it first so you will know what you will be doing in advance).

Download HSfix -- http://users.pandora.be/marcvn/tools/HSfix.zip
Unzip it and place it on your desktop, but don't use it yet.

Download and install CCleaner -- http://www.ccleaner.com/
Again, do not use it yet.

Also download Ewido -- http://www.ewido.net/en/download/
Let it update, but don't let it scan yet.

Go offline and reboot into Safe Mode.

Scan with about:Buster again.

Scan with CWShredder again.

Double-click on HSfix that you downloaded earlier (should be on your desktop); when it asks you if you want to add the contents to the registry, click Yes/OK.

Start CCleaner and click Run it.

Run a full system scan with Ewido and let it fix everything it finds. When done, you'll get the option to create a log and save it; do so because you will be posting this later.

Go to Start, Control Panel, Internet Options; click on the Programs tab, and then click the Restore Web Settings... button.

Empty your Recycle Bin, and reboot into normal mode.

Close any open browser windows, scan with hijackthis, and post a new log along with the about:Buster and Ewido logs.