Hijack This log - what to delete?

Discussion in 'Computer Support' started by Jeanette, Jul 29, 2004.

  1. Jeanette

    Jeanette Guest

    Hi,
    I am trying to figure out what is going on on my brothers computer.
    It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into
    each profile, IE is virtually unusuable, can't visit any search site
    and just about any other site I try is blocked as well. Netscape
    still remains useable. Downloaded Google Toolbar and that got rid of
    lots of porn pop ups, but we've still got lots of spyware, etc messing
    things up. Have Spy-Bot and Ad-aware and am running them a few times
    a day (keeps finding new things). Just downloaded Hijack This - but
    have to admit I have no idea what needs to say and what should go.
    Already fixed a few obvious URL redirections, but they keep coming
    back. I've copied over the log file and would really appreciate the
    help.

    Also, are there any other programs I should download for this problem
    - and how often should I run them? Is there any way to keep this from
    happeneing, we've never had this problem on our home computer.

    Thanks so much
    Jeanette

    Logfile of HijackThis v1.98.0
    Scan saved at 10:58:02 AM, on 29/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\appln.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\mfcvi.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\addwg.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\My Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://213.159.117.134/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\eluix.dll/sp.html#22776
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = res://C:\WINDOWS\eluix.dll/sp.html#22776
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\eluix.dll/sp.html#22776
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://213.159.117.134/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    http://213.159.117.134/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    http://213.159.117.134/index.php
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage",
    "http://my.netscape.com/index2.psp"); (C:\Documents and
    Settings\Doreen\Application
    Data\Mozilla\Profiles\default\byezdowj.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",
    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
    (C:\Documents and Settings\Doreen\Application
    Data\Mozilla\Profiles\default\byezdowj.slt\prefs.js)
    O2 - BHO: (no name) - {118BA3A3-204B-60CC-DF7A-B655B766277D} -
    C:\WINDOWS\system32\addgr.dll
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe
    O4 - HKLM\..\Run: [addwg.exe] C:\WINDOWS\system32\addwg.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [mfcvi.exe] C:\WINDOWS\mfcvi.exe
    O4 - HKLM\..\RunOnce: [sdkff32.exe] C:\WINDOWS\system32\sdkff32.exe
    O4 - HKLM\..\RunOnce: [msxq32.exe] C:\WINDOWS\msxq32.exe
    O4 - HKLM\..\RunOnce: [d3mi.exe] C:\WINDOWS\d3mi.exe
    O4 - HKLM\..\RunOnce: [appfe32.exe] C:\WINDOWS\system32\appfe32.exe
    O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\system32\javaeg.exe
    O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\system32\crjx.exe
    O4 - HKLM\..\RunOnce: [javahn.exe] C:\WINDOWS\javahn.exe
    O4 - HKLM\..\RunOnce: [addhy32.exe] C:\WINDOWS\addhy32.exe
    O4 - HKLM\..\RunOnce: [addfo.exe] C:\WINDOWS\system32\addfo.exe
    O4 - HKLM\..\RunOnce: [atlnm32.exe] C:\WINDOWS\system32\atlnm32.exe
    O4 - HKLM\..\RunOnce: [ntzj32.exe] C:\WINDOWS\system32\ntzj32.exe
    O4 - HKLM\..\RunOnce: [ntrr32.exe] C:\WINDOWS\system32\ntrr32.exe
    O4 - HKLM\..\RunOnce: [mskn32.exe] C:\WINDOWS\mskn32.exe
    O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe
    O4 - HKLM\..\RunOnce: [crpd.exe] C:\WINDOWS\system32\crpd.exe
    O4 - HKLM\..\RunOnce: [crmu.exe] C:\WINDOWS\system32\crmu.exe
    O4 - HKLM\..\RunOnce: [apphd32.exe] C:\WINDOWS\apphd32.exe
    O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\sdkgr32.exe
    O4 - HKLM\..\RunOnce: [ntpz32.exe] C:\WINDOWS\ntpz32.exe
    O4 - HKLM\..\RunOnce: [sdksb.exe] C:\WINDOWS\system32\sdksb.exe
    O4 - HKLM\..\RunOnce: [sysgv.exe] C:\WINDOWS\system32\sysgv.exe
    O4 - HKLM\..\RunOnce: [atlul32.exe] C:\WINDOWS\atlul32.exe
    O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\system32\iexi32.exe
    O4 - HKLM\..\RunOnce: [crid.exe] C:\WINDOWS\crid.exe
    O4 - HKLM\..\RunOnce: [sdkal.exe] C:\WINDOWS\sdkal.exe
    O4 - HKLM\..\RunOnce: [mscn.exe] C:\WINDOWS\mscn.exe
    O4 - HKLM\..\RunOnce: [msae.exe] C:\WINDOWS\system32\msae.exe
    O4 - HKLM\..\RunOnce: [mfcbw.exe] C:\WINDOWS\mfcbw.exe
    O4 - HKLM\..\RunOnce: [appgs.exe] C:\WINDOWS\appgs.exe
    O4 - HKLM\..\RunOnce: [netpc32.exe] C:\WINDOWS\system32\netpc32.exe
    O4 - HKLM\..\RunOnce: [javaue32.exe] C:\WINDOWS\system32\javaue32.exe
    O4 - HKLM\..\RunOnce: [javaok32.exe] C:\WINDOWS\javaok32.exe
    O4 - HKLM\..\RunOnce: [mfcai.exe] C:\WINDOWS\system32\mfcai.exe
    O4 - HKLM\..\RunOnce: [atlpn32.exe] C:\WINDOWS\system32\atlpn32.exe
    O4 - HKLM\..\RunOnce: [mshk.exe] C:\WINDOWS\mshk.exe
    O4 - HKLM\..\RunOnce: [winrx32.exe] C:\WINDOWS\winrx32.exe
    O4 - HKLM\..\RunOnce: [javath32.exe] C:\WINDOWS\system32\javath32.exe
    O4 - HKLM\..\RunOnce: [syskh32.exe] C:\WINDOWS\system32\syskh32.exe
    O4 - HKLM\..\RunOnce: [atlde.exe] C:\WINDOWS\system32\atlde.exe
    O4 - HKLM\..\RunOnce: [nethf32.exe] C:\WINDOWS\nethf32.exe
    O4 - HKLM\..\RunOnce: [appoy.exe] C:\WINDOWS\system32\appoy.exe
    O4 - HKLM\..\RunOnce: [winhq.exe] C:\WINDOWS\system32\winhq.exe
    O4 - HKLM\..\RunOnce: [mfcsz32.exe] C:\WINDOWS\system32\mfcsz32.exe
    O4 - HKLM\..\RunOnce: [appra.exe] C:\WINDOWS\system32\appra.exe
    O4 - HKLM\..\RunOnce: [crep.exe] C:\WINDOWS\crep.exe
    O4 - HKLM\..\RunOnce: [mfcow32.exe] C:\WINDOWS\mfcow32.exe
    O4 - HKLM\..\RunOnce: [addsa.exe] C:\WINDOWS\addsa.exe
    O4 - HKLM\..\RunOnce: [apiyg32.exe] C:\WINDOWS\system32\apiyg32.exe
    O4 - HKLM\..\RunOnce: [ipgz32.exe] C:\WINDOWS\system32\ipgz32.exe
    O4 - HKLM\..\RunOnce: [mswh32.exe] C:\WINDOWS\system32\mswh32.exe
    O4 - HKLM\..\RunOnce: [crpz32.exe] C:\WINDOWS\system32\crpz32.exe
    O4 - HKLM\..\RunOnce: [d3kg.exe] C:\WINDOWS\d3kg.exe
    O4 - HKLM\..\RunOnce: [msta.exe] C:\WINDOWS\system32\msta.exe
    O4 - HKLM\..\RunOnce: [d3ff.exe] C:\WINDOWS\system32\d3ff.exe
    O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\addyc.exe
    O4 - HKLM\..\RunOnce: [sdkbz32.exe] C:\WINDOWS\sdkbz32.exe
    O4 - HKLM\..\RunOnce: [msgr32.exe] C:\WINDOWS\system32\msgr32.exe
    O4 - HKLM\..\RunOnce: [addeq32.exe] C:\WINDOWS\addeq32.exe
    O4 - HKLM\..\RunOnce: [atljf32.exe] C:\WINDOWS\system32\atljf32.exe
    O4 - HKLM\..\RunOnce: [appdk32.exe] C:\WINDOWS\system32\appdk32.exe
    O4 - HKLM\..\RunOnce: [winwk32.exe] C:\WINDOWS\system32\winwk32.exe
    O4 - HKLM\..\RunOnce: [ieft.exe] C:\WINDOWS\system32\ieft.exe
    O4 - HKLM\..\RunOnce: [ntef.exe] C:\WINDOWS\ntef.exe
    O4 - HKLM\..\RunOnce: [appds.exe] C:\WINDOWS\appds.exe
    O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
    O4 - HKLM\..\RunOnce: [syszx.exe] C:\WINDOWS\syszx.exe
    O4 - HKLM\..\RunOnce: [atlby.exe] C:\WINDOWS\atlby.exe
    O4 - HKLM\..\RunOnce: [apphy32.exe] C:\WINDOWS\apphy32.exe
    O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\system32\apiep32.exe
    O4 - HKLM\..\RunOnce: [javaal32.exe] C:\WINDOWS\system32\javaal32.exe
    O4 - HKLM\..\RunOnce: [nethb32.exe] C:\WINDOWS\nethb32.exe
    O4 - HKLM\..\RunOnce: [cray32.exe] C:\WINDOWS\system32\cray32.exe
    O4 - HKLM\..\RunOnce: [apifs.exe] C:\WINDOWS\apifs.exe
    O4 - HKLM\..\RunOnce: [atlhs32.exe] C:\WINDOWS\system32\atlhs32.exe
    O4 - HKLM\..\RunOnce: [crbe32.exe] C:\WINDOWS\crbe32.exe
    O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\system32\mshg32.exe
    O4 - HKLM\..\RunOnce: [msks.exe] C:\WINDOWS\msks.exe
    O4 - HKLM\..\RunOnce: [ipgl32.exe] C:\WINDOWS\ipgl32.exe
    O4 - HKLM\..\RunOnce: [addex32.exe] C:\WINDOWS\addex32.exe
    O4 - HKLM\..\RunOnce: [atlvu32.exe] C:\WINDOWS\system32\atlvu32.exe
    O4 - HKLM\..\RunOnce: [winqn32.exe] C:\WINDOWS\system32\winqn32.exe
    O4 - HKLM\..\RunOnce: [msgn32.exe] C:\WINDOWS\msgn32.exe
    O4 - HKLM\..\RunOnce: [appln.exe] C:\WINDOWS\appln.exe
    O4 - HKLM\..\RunOnce: [atlyq.exe] C:\WINDOWS\atlyq.exe
    O4 - HKLM\..\RunOnce: [apicx32.exe] C:\WINDOWS\apicx32.exe
    O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\system32\crms32.exe
    O4 - HKLM\..\RunOnce: [wincq32.exe] C:\WINDOWS\system32\wincq32.exe
    O4 - HKLM\..\RunOnce: [d3qf32.exe] C:\WINDOWS\d3qf32.exe
    O4 - HKLM\..\RunOnce: [mslk.exe] C:\WINDOWS\mslk.exe
    O4 - HKLM\..\RunOnce: [netfy.exe] C:\WINDOWS\netfy.exe
    O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\system32\apipu32.exe
    O4 - HKLM\..\RunOnce: [mfcvt32.exe] C:\WINDOWS\mfcvt32.exe
    O4 - HKLM\..\RunOnce: [atlcg.exe] C:\WINDOWS\atlcg.exe
    O4 - HKLM\..\RunOnce: [ipte32.exe] C:\WINDOWS\ipte32.exe
    O4 - HKLM\..\RunOnce: [iekd.exe] C:\WINDOWS\system32\iekd.exe
    O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\system32\appoe.exe
    O4 - HKLM\..\RunOnce: [winmm32.exe] C:\WINDOWS\winmm32.exe
    O4 - HKLM\..\RunOnce: [apiwi.exe] C:\WINDOWS\system32\apiwi.exe
    O4 - HKLM\..\RunOnce: [mfcuh.exe] C:\WINDOWS\mfcuh.exe
    O4 - HKLM\..\RunOnce: [netjr32.exe] C:\WINDOWS\netjr32.exe
    O4 - HKLM\..\RunOnce: [appoa32.exe] C:\WINDOWS\system32\appoa32.exe
    O4 - HKLM\..\RunOnce: [javajr32.exe] C:\WINDOWS\javajr32.exe
    O4 - HKLM\..\RunOnce: [appjt32.exe] C:\WINDOWS\appjt32.exe
    O4 - HKLM\..\RunOnce: [netlr.exe] C:\WINDOWS\system32\netlr.exe
    O4 - HKLM\..\RunOnce: [msij.exe] C:\WINDOWS\system32\msij.exe
    O4 - HKLM\..\RunOnce: [javapz.exe] C:\WINDOWS\system32\javapz.exe
    O4 - HKLM\..\RunOnce: [mfcom.exe] C:\WINDOWS\system32\mfcom.exe
    O4 - HKLM\..\RunOnce: [addgf32.exe] C:\WINDOWS\addgf32.exe
    O4 - HKLM\..\RunOnce: [netwx32.exe] C:\WINDOWS\system32\netwx32.exe
    O4 - HKLM\..\RunOnce: [ieky.exe] C:\WINDOWS\ieky.exe
    O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\system32\winmp.exe
    O4 - HKLM\..\RunOnce: [msdq32.exe] C:\WINDOWS\system32\msdq32.exe
    O4 - HKLM\..\RunOnce: [atltf32.exe] C:\WINDOWS\atltf32.exe
    O4 - HKLM\..\RunOnce: [sdker.exe] C:\WINDOWS\system32\sdker.exe
    O4 - HKLM\..\RunOnce: [msyh32.exe] C:\WINDOWS\system32\msyh32.exe
    O4 - HKLM\..\RunOnce: [ntbe32.exe] C:\WINDOWS\ntbe32.exe
    O4 - HKLM\..\RunOnce: [atlpz32.exe] C:\WINDOWS\system32\atlpz32.exe
    O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\system32\appsl32.exe
    O4 - HKLM\..\RunOnce: [apide.exe] C:\WINDOWS\apide.exe
    O4 - HKLM\..\RunOnce: [mssj32.exe] C:\WINDOWS\system32\mssj32.exe
    O4 - HKLM\..\RunOnce: [appny32.exe] C:\WINDOWS\system32\appny32.exe
    O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINDOWS\addpj.exe
    O4 - HKLM\..\RunOnce: [ipzg.exe] C:\WINDOWS\ipzg.exe
    O4 - HKLM\..\RunOnce: [apppo.exe] C:\WINDOWS\system32\apppo.exe
    O4 - HKLM\..\RunOnce: [javaqp32.exe] C:\WINDOWS\system32\javaqp32.exe
    O4 - HKLM\..\RunOnce: [sdksi32.exe] C:\WINDOWS\sdksi32.exe
    O4 - HKLM\..\RunOnce: [applf32.exe] C:\WINDOWS\system32\applf32.exe
    O4 - HKLM\..\RunOnce: [netlw32.exe] C:\WINDOWS\netlw32.exe
    O4 - HKLM\..\RunOnce: [msyt.exe] C:\WINDOWS\system32\msyt.exe
    O4 - HKLM\..\RunOnce: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe
    O4 - HKLM\..\RunOnce: [appyt32.exe] C:\WINDOWS\system32\appyt32.exe
    O4 - HKLM\..\RunOnce: [iprq32.exe] C:\WINDOWS\system32\iprq32.exe
    O4 - HKLM\..\RunOnce: [addui.exe] C:\WINDOWS\system32\addui.exe
    O4 - HKLM\..\RunOnce: [atloa.exe] C:\WINDOWS\system32\atloa.exe
    O4 - HKLM\..\RunOnce: [sdkkj.exe] C:\WINDOWS\sdkkj.exe
    O4 - HKLM\..\RunOnce: [mspj.exe] C:\WINDOWS\system32\mspj.exe
    O4 - HKLM\..\RunOnce: [netst32.exe] C:\WINDOWS\system32\netst32.exe
    O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\sysap32.exe
    O4 - HKLM\..\RunOnce: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
    O4 - HKLM\..\RunOnce: [iemk32.exe] C:\WINDOWS\system32\iemk32.exe
    O4 - HKLM\..\RunOnce: [ntlx32.exe] C:\WINDOWS\ntlx32.exe
    O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\system32\ipfh.exe
    O4 - HKLM\..\RunOnce: [mfcwr32.exe] C:\WINDOWS\system32\mfcwr32.exe
    O4 - HKLM\..\RunOnce: [ipls.exe] C:\WINDOWS\system32\ipls.exe
    O4 - HKLM\..\RunOnce: [netwv.exe] C:\WINDOWS\netwv.exe
    O4 - HKLM\..\RunOnce: [syswv32.exe] C:\WINDOWS\system32\syswv32.exe
    O4 - HKLM\..\RunOnce: [javadd32.exe] C:\WINDOWS\system32\javadd32.exe
    O4 - HKLM\..\RunOnce: [appsa.exe] C:\WINDOWS\system32\appsa.exe
    O4 - HKLM\..\RunOnce: [addhv32.exe] C:\WINDOWS\addhv32.exe
    O4 - HKLM\..\RunOnce: [apilh.exe] C:\WINDOWS\system32\apilh.exe
    O4 - HKLM\..\RunOnce: [iezd.exe] C:\WINDOWS\iezd.exe
    O4 - HKLM\..\RunOnce: [sdkqy.exe] C:\WINDOWS\sdkqy.exe
    O4 - HKLM\..\RunOnce: [mfcbx.exe] C:\WINDOWS\mfcbx.exe
    O4 - HKLM\..\RunOnce: [apity32.exe] C:\WINDOWS\apity32.exe
    O4 - HKLM\..\RunOnce: [ntfv.exe] C:\WINDOWS\system32\ntfv.exe
    O4 - HKLM\..\RunOnce: [msnk32.exe] C:\WINDOWS\system32\msnk32.exe
    O4 - HKLM\..\RunOnce: [msem32.exe] C:\WINDOWS\system32\msem32.exe
    O4 - HKLM\..\RunOnce: [sysko.exe] C:\WINDOWS\system32\sysko.exe
    O4 - HKLM\..\RunOnce: [atlbv32.exe] C:\WINDOWS\system32\atlbv32.exe
    O4 - HKLM\..\RunOnce: [msgs32.exe] C:\WINDOWS\system32\msgs32.exe
    O4 - HKLM\..\RunOnce: [appfj.exe] C:\WINDOWS\system32\appfj.exe
    O4 - HKLM\..\RunOnce: [ipdg.exe] C:\WINDOWS\ipdg.exe
    O4 - HKLM\..\RunOnce: [sysqx32.exe] C:\WINDOWS\sysqx32.exe
    O4 - HKLM\..\RunOnce: [wintk.exe] C:\WINDOWS\system32\wintk.exe
    O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\system32\atlpk.exe
    O4 - HKLM\..\RunOnce: [nttr32.exe] C:\WINDOWS\system32\nttr32.exe
    O4 - HKLM\..\RunOnce: [cruv.exe] C:\WINDOWS\cruv.exe
    O4 - HKLM\..\RunOnce: [iplq.exe] C:\WINDOWS\iplq.exe
    O4 - HKLM\..\RunOnce: [ieyw.exe] C:\WINDOWS\system32\ieyw.exe
    O4 - HKLM\..\RunOnce: [ntbp32.exe] C:\WINDOWS\system32\ntbp32.exe
    O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
    O4 - HKLM\..\RunOnce: [atlzo.exe] C:\WINDOWS\system32\atlzo.exe
    O4 - HKLM\..\RunOnce: [javakd.exe] C:\WINDOWS\javakd.exe
    O4 - HKLM\..\RunOnce: [sdkcm.exe] C:\WINDOWS\sdkcm.exe
    O4 - HKLM\..\RunOnce: [winal.exe] C:\WINDOWS\system32\winal.exe
    O4 - HKLM\..\RunOnce: [ipsz.exe] C:\WINDOWS\system32\ipsz.exe
    O4 - HKLM\..\RunOnce: [ieiu.exe] C:\WINDOWS\system32\ieiu.exe
    O4 - HKLM\..\RunOnce: [appnt.exe] C:\WINDOWS\appnt.exe
    O4 - HKLM\..\RunOnce: [addwu.exe] C:\WINDOWS\system32\addwu.exe
    O4 - HKLM\..\RunOnce: [wincn32.exe] C:\WINDOWS\wincn32.exe
    O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\system32\ieob.exe
    O4 - HKLM\..\RunOnce: [appsi32.exe] C:\WINDOWS\system32\appsi32.exe
    O4 - HKLM\..\RunOnce: [crqc.exe] C:\WINDOWS\system32\crqc.exe
    O4 - HKLM\..\RunOnce: [appls.exe] C:\WINDOWS\appls.exe
    O4 - HKLM\..\RunOnce: [netjq.exe] C:\WINDOWS\netjq.exe
    O4 - HKLM\..\RunOnce: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe
    O4 - HKLM\..\RunOnce: [apiat32.exe] C:\WINDOWS\system32\apiat32.exe
    O4 - HKLM\..\RunOnce: [javakt.exe] C:\WINDOWS\javakt.exe
    O4 - HKLM\..\RunOnce: [winla.exe] C:\WINDOWS\system32\winla.exe
    O4 - HKLM\..\RunOnce: [cryo32.exe] C:\WINDOWS\system32\cryo32.exe
    O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\ntlh.exe
    O4 - HKLM\..\RunOnce: [iptv32.exe] C:\WINDOWS\iptv32.exe
    O4 - HKLM\..\RunOnce: [ieyt.exe] C:\WINDOWS\ieyt.exe
    O4 - HKLM\..\RunOnce: [netsn.exe] C:\WINDOWS\system32\netsn.exe
    O4 - HKLM\..\RunOnce: [winjs.exe] C:\WINDOWS\system32\winjs.exe
    O4 - HKLM\..\RunOnce: [mfcjx.exe] C:\WINDOWS\mfcjx.exe
    O4 - HKLM\..\RunOnce: [addts32.exe] C:\WINDOWS\system32\addts32.exe
    O4 - HKLM\..\RunOnce: [sysch32.exe] C:\WINDOWS\system32\sysch32.exe
    O4 - HKLM\..\RunOnce: [ntzf32.exe] C:\WINDOWS\ntzf32.exe
    O4 - HKLM\..\RunOnce: [ntyz.exe] C:\WINDOWS\ntyz.exe
    O4 - HKLM\..\RunOnce: [ipid32.exe] C:\WINDOWS\system32\ipid32.exe
    O4 - HKLM\..\RunOnce: [crmw32.exe] C:\WINDOWS\crmw32.exe
    O4 - HKLM\..\RunOnce: [apifq32.exe] C:\WINDOWS\system32\apifq32.exe
    O4 - HKLM\..\RunOnce: [ntls.exe] C:\WINDOWS\ntls.exe
    O4 - HKLM\..\RunOnce: [sysgb32.exe] C:\WINDOWS\system32\sysgb32.exe
    O4 - HKLM\..\RunOnce: [winft.exe] C:\WINDOWS\system32\winft.exe
    O4 - HKLM\..\RunOnce: [ieoo.exe] C:\WINDOWS\ieoo.exe
    O4 - HKLM\..\RunOnce: [d3fg32.exe] C:\WINDOWS\system32\d3fg32.exe
    O4 - HKLM\..\RunOnce: [javadk.exe] C:\WINDOWS\system32\javadk.exe
    O4 - HKLM\..\RunOnce: [mfcai32.exe] C:\WINDOWS\mfcai32.exe
    O4 - HKLM\..\RunOnce: [netuk.exe] C:\WINDOWS\system32\netuk.exe
    O4 - HKLM\..\RunOnce: [ntfd.exe] C:\WINDOWS\system32\ntfd.exe
    O4 - HKLM\..\RunOnce: [appwo.exe] C:\WINDOWS\system32\appwo.exe
    O4 - HKLM\..\RunOnce: [crhc.exe] C:\WINDOWS\crhc.exe
    O4 - HKLM\..\RunOnce: [javafs32.exe] C:\WINDOWS\javafs32.exe
    O4 - HKLM\..\RunOnce: [apiku32.exe] C:\WINDOWS\system32\apiku32.exe
    O4 - HKLM\..\RunOnce: [ntbh32.exe] C:\WINDOWS\system32\ntbh32.exe
    O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\system32\nthv32.exe
    O4 - HKLM\..\RunOnce: [mfcfj32.exe] C:\WINDOWS\mfcfj32.exe
    O4 - HKLM\..\RunOnce: [appgj.exe] C:\WINDOWS\system32\appgj.exe
    O4 - HKLM\..\RunOnce: [ntbx32.exe] C:\WINDOWS\system32\ntbx32.exe
    O4 - HKLM\..\RunOnce: [netaw.exe] C:\WINDOWS\netaw.exe
    O4 - HKLM\..\RunOnce: [ipjk.exe] C:\WINDOWS\ipjk.exe
    O4 - HKLM\..\RunOnce: [netqe32.exe] C:\WINDOWS\netqe32.exe
    O4 - HKLM\..\RunOnce: [iezv32.exe] C:\WINDOWS\iezv32.exe
    O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe
    O4 - HKLM\..\RunOnce: [iecw.exe] C:\WINDOWS\iecw.exe
    O4 - HKLM\..\RunOnce: [sdkot.exe] C:\WINDOWS\sdkot.exe
    O4 - HKLM\..\RunOnce: [msql.exe] C:\WINDOWS\system32\msql.exe
    O4 - HKLM\..\RunOnce: [crth.exe] C:\WINDOWS\crth.exe
    O4 - HKLM\..\RunOnce: [sdknh.exe] C:\WINDOWS\sdknh.exe
    O4 - HKLM\..\RunOnce: [apiyd.exe] C:\WINDOWS\system32\apiyd.exe
    O4 - HKLM\..\RunOnce: [netcy32.exe] C:\WINDOWS\netcy32.exe
    O4 - HKLM\..\RunOnce: [addnp.exe] C:\WINDOWS\system32\addnp.exe
    O4 - HKLM\..\RunOnce: [netxo32.exe] C:\WINDOWS\netxo32.exe
    O4 - HKLM\..\RunOnce: [mfcdb32.exe] C:\WINDOWS\system32\mfcdb32.exe
    O4 - HKLM\..\RunOnce: [iebi.exe] C:\WINDOWS\iebi.exe
    O4 - HKLM\..\RunOnce: [mfczd.exe] C:\WINDOWS\system32\mfczd.exe
    O4 - HKLM\..\RunOnce: [atlns.exe] C:\WINDOWS\atlns.exe
    O4 - HKLM\..\RunOnce: [ipby32.exe] C:\WINDOWS\system32\ipby32.exe
    O4 - HKLM\..\RunOnce: [javazh.exe] C:\WINDOWS\system32\javazh.exe
    O4 - HKLM\..\RunOnce: [ipnm.exe] C:\WINDOWS\ipnm.exe
    O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe
    O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe
    O4 - HKLM\..\RunOnce: [sysai.exe] C:\WINDOWS\sysai.exe
    O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe
    O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe
    O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe
    O4 - HKLM\..\RunOnce: [mfcgc32.exe] C:\WINDOWS\mfcgc32.exe
    O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe
    O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe
    O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe
    O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe
    O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe
    O4 - HKLM\..\RunOnce: [d3ss.exe] C:\WINDOWS\system32\d3ss.exe
    O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe
    O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe
    O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe
    O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe
    O4 - HKLM\..\RunOnce: [javakj32.exe] C:\WINDOWS\system32\javakj32.exe
    O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe
    O4 - HKLM\..\RunOnce: [atlba.exe] C:\WINDOWS\system32\atlba.exe
    O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\addpr.exe
    O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe
    O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe
    O4 - HKLM\..\RunOnce: [atldn.exe] C:\WINDOWS\system32\atldn.exe
    O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe
    O4 - HKLM\..\RunOnce: [syscl32.exe] C:\WINDOWS\syscl32.exe
    O4 - HKLM\..\RunOnce: [apisi.exe] C:\WINDOWS\apisi.exe
    O4 - HKLM\..\RunOnce: [javaeo.exe] C:\WINDOWS\javaeo.exe
    O4 - HKLM\..\RunOnce: [javacp32.exe] C:\WINDOWS\system32\javacp32.exe
    O4 - HKLM\..\RunOnce: [javaiv32.exe] C:\WINDOWS\system32\javaiv32.exe
    O4 - HKLM\..\RunOnce: [atlgm.exe] C:\WINDOWS\system32\atlgm.exe
    O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe
    O4 - HKLM\..\RunOnce: [appiw32.exe] C:\WINDOWS\system32\appiw32.exe
    O4 - HKLM\..\RunOnce: [appbc.exe] C:\WINDOWS\system32\appbc.exe
    O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe
    O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe
    O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe
    O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe
    O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe
    O4 - HKLM\..\RunOnce: [javatw32.exe] C:\WINDOWS\system32\javatw32.exe
    O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\system32\mssv32.exe
    O4 - HKLM\..\RunOnce: [appyr.exe] C:\WINDOWS\system32\appyr.exe
    O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\system32\iehm32.exe
    O4 - HKLM\..\RunOnce: [neter32.exe] C:\WINDOWS\neter32.exe
    O4 - HKLM\..\RunOnce: [mfcwn.exe] C:\WINDOWS\system32\mfcwn.exe
    O4 - HKLM\..\RunOnce: [sdkmn32.exe] C:\WINDOWS\sdkmn32.exe
    O4 - HKLM\..\RunOnce: [appjl32.exe] C:\WINDOWS\appjl32.exe
    O4 - HKLM\..\RunOnce: [javaer32.exe] C:\WINDOWS\system32\javaer32.exe
    O4 - HKLM\..\RunOnce: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe
    O4 - HKLM\..\RunOnce: [mfcua.exe] C:\WINDOWS\system32\mfcua.exe
    O4 - HKLM\..\RunOnce: [netjv.exe] C:\WINDOWS\netjv.exe
    O4 - HKLM\..\RunOnce: [syssz.exe] C:\WINDOWS\syssz.exe
    O4 - HKLM\..\RunOnce: [atlao32.exe] C:\WINDOWS\atlao32.exe
    O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\system32\msee32.exe
    O4 - HKLM\..\RunOnce: [javato.exe] C:\WINDOWS\javato.exe
    O4 - HKLM\..\RunOnce: [crbm32.exe] C:\WINDOWS\system32\crbm32.exe
    O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
    O4 - HKLM\..\RunOnce: [msqp32.exe] C:\WINDOWS\msqp32.exe
    O4 - HKLM\..\RunOnce: [javael.exe] C:\WINDOWS\javael.exe
    O4 - HKLM\..\RunOnce: [mfcmw32.exe] C:\WINDOWS\mfcmw32.exe
    O4 - HKLM\..\RunOnce: [mstq32.exe] C:\WINDOWS\mstq32.exe
    O4 - HKLM\..\RunOnce: [winjy.exe] C:\WINDOWS\winjy.exe
    O4 - HKLM\..\RunOnce: [iely32.exe] C:\WINDOWS\iely32.exe
    O4 - HKLM\..\RunOnce: [apimq.exe] C:\WINDOWS\system32\apimq.exe
    O4 - HKLM\..\RunOnce: [atlqa32.exe] C:\WINDOWS\atlqa32.exe
    O4 - HKLM\..\RunOnce: [appdr32.exe] C:\WINDOWS\appdr32.exe
    O4 - HKLM\..\RunOnce: [netyr.exe] C:\WINDOWS\netyr.exe
    O4 - HKLM\..\RunOnce: [mszv.exe] C:\WINDOWS\system32\mszv.exe
    O4 - HKLM\..\RunOnce: [mshs.exe] C:\WINDOWS\mshs.exe
    O4 - HKLM\..\RunOnce: [atluz.exe] C:\WINDOWS\atluz.exe
    O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\system32\sdkzn.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program
    Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page -
    res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program
    Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English -
    res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Home Prefix: http://nkvd.us/1525/
    O13 - Mosaic Prefix: http://nkvd.us/1525/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/102c8f8ff1f0d4a75f01/netzip/RdxIE601.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
    http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF}
    (MediaTicketsInstaller Control) -
    http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    http://install.wildtangent.com/bgn/partners/shockwave/stx/install.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
    4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B83157E1-841B-4659-9447-7B2D8038B586}:
    NameServer = 198.164.30.2 198.164.4.2
    O21 - SSODL: System - {A1A3CE61-D455-48DF-9214-C2B72484DE3A} -
    C:\WINDOWS\system32\system32.dll
     
    Jeanette, Jul 29, 2004
    #1
    1. Advertising

  2. In article <>, Jeanette
    says...

    > I am trying to figure out what is going on on my brothers computer.
    > It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into
    > each profile, IE is virtually unusuable, can't visit any search site
    > and just about any other site I try is blocked as well. Netscape
    > still remains useable. Downloaded Google Toolbar and that got rid of
    > lots of porn pop ups, but we've still got lots of spyware, etc messing
    > things up. Have Spy-Bot and Ad-aware and am running them a few times
    > a day (keeps finding new things). Just downloaded Hijack This - but
    > have to admit I have no idea what needs to say and what should go.
    > Already fixed a few obvious URL redirections, but they keep coming
    > back. I've copied over the log file and would really appreciate the
    > help.


    > Also, are there any other programs I should download for this problem
    > - and how often should I run them? Is there any way to keep this from
    > happeneing, we've never had this problem on our home computer.


    For your last question; yes, it is possible to prevent this, but a lot of
    the methodology requires discipline on the part of the operator. Don't
    install every slick gadget that the marketers insist will "improve" your
    Internet experience; more often then not it only improves their marketing
    experience; at no small cost to your convenience.

    For your next to the last question; if proper discipline is applied, "Hijack
    This" once, for a baseline report on a new install, and that should be it.
    Run it after any significant change in software to grab a new baseline
    snapshot. If you practice good discipline, you shouldn't need to run it as a
    troubleshooter; but if you do encounter a problem, you can run it and check
    the log against your baseline log.

    As for the log, itself, it is really busy, and I don't have a lot of
    experience at HJT. One item did stand out, though, and should be too
    difficult to deal with. Unless your brother really needs to play with the
    games, and other goodies offered by WildTangent, dump it. It should be
    available for removal using "Add/Remove Programs". After running that, you
    just delete the folders, then run Ad Aware to handle any residual
    components. Ad Aware does identify WildTangent files. They are a data miner,
    as well as a game provider. Unless you don't mind marketers mining your
    data, it is useless fluff; but it is not malware, or harmful, if your
    brother really likes playing those online games.

    Frankly, I don't care for anything to do with RealPlayer, either, but it is
    like WildTangent. Straightforward removal, but if your brother likes what it
    does, it isn't nasty, or malware.

    Others are less well known to me, and I can't say one way or the other. I'd
    start with a small subset of that rather lengthy list of applications; say,
    this part:

    > O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe
    > O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe
    > O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe
    > O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe
    > O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe
    > O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe
    > O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe
    > O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe
    > O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe
    > O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe
    > O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe
    > O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe
    > O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe
    > O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe
    > O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe
    > O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe
    > O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe
    > O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe
    > O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe
    > O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe
    > O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe
    > O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe
    > O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe
    > O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe


    I'd start with a Google search on each of the application names. Hopefully,
    you can see a pattern in my choices. One of those file names should give you
    a Google hit, and you can take it from there. Hopefully (again!), some of
    those hits will lead you to information about the other items in that list.
    It is now wonder that computer is so cranky; it is trying to load too much
    stuff.

    With the exception of the Google, Yahoo!, or MSN toolbar, you really don't
    need anything else; and I used the Yahoo! BHO so infrequently that I finally
    removed it. No BHOs here; just a well secured browser and a hosts file which
    redirects advertising trackers to localhost. And, as nearly as I can tell,
    MSIE6, with the latest patches, can be made reasonably secure, though I
    prefer Mozilla 1.7.1 for real security. Use the zones. Put that small
    handful of sites you would really trust to run scripts into the "Trusted
    sites" zone, and set the "Internet" zone to the highest level of security;
    that will tame DestructiveX (okay, MSFT calls it, "ActiveX"; but if you know
    how remote sites can use it to abuse your system, you know why I call it,
    "DestructiveX"!)

    I thought there were HJT forums at the site where you downloaded it; have
    you posted your log there?

    --
    Norman
    ~Win dain a lotica, En vai tu ri, Si lo ta
    ~Fin dein a loluca, En dragu a sei lain
    ~Vi fa-ru les shutai am, En riga-lint
     
    Norman Miller, Jul 29, 2004
    #2
    1. Advertising

  3. Jeanette

    JamesBenson Guest

    Hi, all the entries with the name run or run once mean that each time your
    pc start's then all these entries will be run, with my pc there is nothing
    in the run once section and only a few in the run section, this should give
    you an idea what should be there, virtually nothing, which is why it is
    unusable, do a clean install of your OS with trusted CD's if you have them
    and be careful what you click yes to, sound's like most programs installed
    third party spyware/adware along with them without you knowing. Be careful
    of free program's


    "Norman Miller" <> wrote in message
    news:...
    > In article <>, Jeanette
    > says...
    >
    > > I am trying to figure out what is going on on my brothers computer.
    > > It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into
    > > each profile, IE is virtually unusuable, can't visit any search site
    > > and just about any other site I try is blocked as well. Netscape
    > > still remains useable. Downloaded Google Toolbar and that got rid of
    > > lots of porn pop ups, but we've still got lots of spyware, etc messing
    > > things up. Have Spy-Bot and Ad-aware and am running them a few times
    > > a day (keeps finding new things). Just downloaded Hijack This - but
    > > have to admit I have no idea what needs to say and what should go.
    > > Already fixed a few obvious URL redirections, but they keep coming
    > > back. I've copied over the log file and would really appreciate the
    > > help.

    >
    > > Also, are there any other programs I should download for this problem
    > > - and how often should I run them? Is there any way to keep this from
    > > happeneing, we've never had this problem on our home computer.

    >
    > For your last question; yes, it is possible to prevent this, but a lot of
    > the methodology requires discipline on the part of the operator. Don't
    > install every slick gadget that the marketers insist will "improve" your
    > Internet experience; more often then not it only improves their marketing
    > experience; at no small cost to your convenience.
    >
    > For your next to the last question; if proper discipline is applied,

    "Hijack
    > This" once, for a baseline report on a new install, and that should be it.
    > Run it after any significant change in software to grab a new baseline
    > snapshot. If you practice good discipline, you shouldn't need to run it as

    a
    > troubleshooter; but if you do encounter a problem, you can run it and

    check
    > the log against your baseline log.
    >
    > As for the log, itself, it is really busy, and I don't have a lot of
    > experience at HJT. One item did stand out, though, and should be too
    > difficult to deal with. Unless your brother really needs to play with the
    > games, and other goodies offered by WildTangent, dump it. It should be
    > available for removal using "Add/Remove Programs". After running that, you
    > just delete the folders, then run Ad Aware to handle any residual
    > components. Ad Aware does identify WildTangent files. They are a data

    miner,
    > as well as a game provider. Unless you don't mind marketers mining your
    > data, it is useless fluff; but it is not malware, or harmful, if your
    > brother really likes playing those online games.
    >
    > Frankly, I don't care for anything to do with RealPlayer, either, but it

    is
    > like WildTangent. Straightforward removal, but if your brother likes what

    it
    > does, it isn't nasty, or malware.
    >
    > Others are less well known to me, and I can't say one way or the other.

    I'd
    > start with a small subset of that rather lengthy list of applications;

    say,
    > this part:
    >
    > > O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe
    > > O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe
    > > O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe
    > > O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe
    > > O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe
    > > O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe
    > > O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe
    > > O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe
    > > O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe
    > > O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe
    > > O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe
    > > O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe
    > > O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe
    > > O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe
    > > O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe
    > > O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe
    > > O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe
    > > O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe
    > > O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe
    > > O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe
    > > O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe
    > > O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe
    > > O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe
    > > O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe

    >
    > I'd start with a Google search on each of the application names.

    Hopefully,
    > you can see a pattern in my choices. One of those file names should give

    you
    > a Google hit, and you can take it from there. Hopefully (again!), some of
    > those hits will lead you to information about the other items in that

    list.
    > It is now wonder that computer is so cranky; it is trying to load too much
    > stuff.
    >
    > With the exception of the Google, Yahoo!, or MSN toolbar, you really don't
    > need anything else; and I used the Yahoo! BHO so infrequently that I

    finally
    > removed it. No BHOs here; just a well secured browser and a hosts file

    which
    > redirects advertising trackers to localhost. And, as nearly as I can tell,
    > MSIE6, with the latest patches, can be made reasonably secure, though I
    > prefer Mozilla 1.7.1 for real security. Use the zones. Put that small
    > handful of sites you would really trust to run scripts into the "Trusted
    > sites" zone, and set the "Internet" zone to the highest level of security;
    > that will tame DestructiveX (okay, MSFT calls it, "ActiveX"; but if you

    know
    > how remote sites can use it to abuse your system, you know why I call it,
    > "DestructiveX"!)
    >
    > I thought there were HJT forums at the site where you downloaded it; have
    > you posted your log there?
    >
    > --
    > Norman
    > ~Win dain a lotica, En vai tu ri, Si lo ta
    > ~Fin dein a loluca, En dragu a sei lain
    > ~Vi fa-ru les shutai am, En riga-lint
     
    JamesBenson, Jul 30, 2004
    #3
  4. Jeanette

    °Mike° Guest

    You have been Hijacked by CoolWebSearch.
    ------------------------------------------


    Before you proceed, make sure that you have
    SpyBot S&D installed, AND Ad-Aware installed.

    Be sure to download and install the Ad-Aware
    VX2 cleaner plug-in
    http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

    Download SpHjfix fix.
    http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix

    Download AboutBuster
    http://tools.zerosrealm.com/AboutBuster.zip

    Download CWShredder
    http://www.spywareinfo.com/~merijn/cwschronicles.html


    Boot into Safe Mode once that's done. As soon as you
    have booted into Safe Mode, empty your TEMP folder,
    your Temporary Internet Files (including Offline Content),
    and your IE History.

    Continued inline....


    On 29 Jul 2004 08:07:16 -0700, in
    <>
    Jeanette scrawled:

    >Hi,
    >I am trying to figure out what is going on on my brothers computer.
    >It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into
    >each profile, IE is virtually unusuable, can't visit any search site
    >and just about any other site I try is blocked as well. Netscape
    >still remains useable. Downloaded Google Toolbar and that got rid of
    >lots of porn pop ups, but we've still got lots of spyware, etc messing
    >things up. Have Spy-Bot and Ad-aware and am running them a few times
    >a day (keeps finding new things). Just downloaded Hijack This - but
    >have to admit I have no idea what needs to say and what should go.
    >Already fixed a few obvious URL redirections, but they keep coming
    >back. I've copied over the log file and would really appreciate the
    >help.
    >
    >Also, are there any other programs I should download for this problem
    >- and how often should I run them? Is there any way to keep this from
    >happeneing, we've never had this problem on our home computer.
    >
    >Thanks so much
    >Jeanette
    >
    >Logfile of HijackThis v1.98.0
    >Scan saved at 10:58:02 AM, on 29/07/2004
    >Platform: Windows XP SP1 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



    DO THIS IN SAFE MODE
    =================

    DISCONNECT FROM THE NET
    =====================

    CLOSE ALL OTHER APPLICATIONS EXCEPT HJT
    ==================================


    >Running processes:


    >C:\WINDOWS\appln.exe
    >C:\WINDOWS\mfcvi.exe
    >C:\WINDOWS\system32\addwg.exe


    End Task the above three processes (CTRL+ALT+DEL).
    Delete the appln.exe, mfcvi.exe and addwg.exe files,
    and empty the recycle bin.


    >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://213.159.117.134/index.php


    >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://213.159.117.134/index.php


    >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    >http://213.159.117.134/index.php


    >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    >http://213.159.117.134/index.php


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    >http://213.159.117.134/index.php


    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    >http://213.159.117.134/index.php


    Have HijackThis fix the above entries.


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    >res://C:\WINDOWS\eluix.dll/sp.html#22776


    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    >= res://C:\WINDOWS\eluix.dll/sp.html#22776


    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    >res://C:\WINDOWS\eluix.dll/sp.html#22776


    Have HijackThis fix the above entries.
    Delete the eluix.dll file, and remove it from the recycle bin.


    >R3 - Default URLSearchHook is missing


    Have HijackThis fix the above entry.


    >O2 - BHO: (no name) - {118BA3A3-204B-60CC-DF7A-B655B766277D} -
    >C:\WINDOWS\system32\addgr.dll


    Have HijackThis fix the above entry.
    Delete the addgr.dll file and empty the recycle bin.


    >O4 - HKLM\..\Run: [addwg.exe] C:\WINDOWS\system32\addwg.exe


    >O4 - HKLM\..\RunOnce: [mfcvi.exe] C:\WINDOWS\mfcvi.exe


    >O4 - HKLM\..\RunOnce: [appln.exe] C:\WINDOWS\appln.exe


    Have HijackThis fix the above entries.
    You should have already End Tasked the above processes,
    and deleted the files.


    >O4 - HKLM\..\RunOnce: [sdkff32.exe] C:\WINDOWS\system32\sdkff32.exe
    >O4 - HKLM\..\RunOnce: [msxq32.exe] C:\WINDOWS\msxq32.exe
    >O4 - HKLM\..\RunOnce: [d3mi.exe] C:\WINDOWS\d3mi.exe
    >O4 - HKLM\..\RunOnce: [appfe32.exe] C:\WINDOWS\system32\appfe32.exe
    >O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\system32\javaeg.exe
    >O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\system32\crjx.exe
    >O4 - HKLM\..\RunOnce: [javahn.exe] C:\WINDOWS\javahn.exe
    >O4 - HKLM\..\RunOnce: [addhy32.exe] C:\WINDOWS\addhy32.exe
    >O4 - HKLM\..\RunOnce: [addfo.exe] C:\WINDOWS\system32\addfo.exe
    >O4 - HKLM\..\RunOnce: [atlnm32.exe] C:\WINDOWS\system32\atlnm32.exe
    >O4 - HKLM\..\RunOnce: [ntzj32.exe] C:\WINDOWS\system32\ntzj32.exe
    >O4 - HKLM\..\RunOnce: [ntrr32.exe] C:\WINDOWS\system32\ntrr32.exe
    >O4 - HKLM\..\RunOnce: [mskn32.exe] C:\WINDOWS\mskn32.exe
    >O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe
    >O4 - HKLM\..\RunOnce: [crpd.exe] C:\WINDOWS\system32\crpd.exe
    >O4 - HKLM\..\RunOnce: [crmu.exe] C:\WINDOWS\system32\crmu.exe
    >O4 - HKLM\..\RunOnce: [apphd32.exe] C:\WINDOWS\apphd32.exe
    >O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\sdkgr32.exe
    >O4 - HKLM\..\RunOnce: [ntpz32.exe] C:\WINDOWS\ntpz32.exe
    >O4 - HKLM\..\RunOnce: [sdksb.exe] C:\WINDOWS\system32\sdksb.exe
    >O4 - HKLM\..\RunOnce: [sysgv.exe] C:\WINDOWS\system32\sysgv.exe
    >O4 - HKLM\..\RunOnce: [atlul32.exe] C:\WINDOWS\atlul32.exe
    >O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\system32\iexi32.exe
    >O4 - HKLM\..\RunOnce: [crid.exe] C:\WINDOWS\crid.exe
    >O4 - HKLM\..\RunOnce: [sdkal.exe] C:\WINDOWS\sdkal.exe
    >O4 - HKLM\..\RunOnce: [mscn.exe] C:\WINDOWS\mscn.exe
    >O4 - HKLM\..\RunOnce: [msae.exe] C:\WINDOWS\system32\msae.exe
    >O4 - HKLM\..\RunOnce: [mfcbw.exe] C:\WINDOWS\mfcbw.exe
    >O4 - HKLM\..\RunOnce: [appgs.exe] C:\WINDOWS\appgs.exe
    >O4 - HKLM\..\RunOnce: [netpc32.exe] C:\WINDOWS\system32\netpc32.exe
    >O4 - HKLM\..\RunOnce: [javaue32.exe] C:\WINDOWS\system32\javaue32.exe
    >O4 - HKLM\..\RunOnce: [javaok32.exe] C:\WINDOWS\javaok32.exe
    >O4 - HKLM\..\RunOnce: [mfcai.exe] C:\WINDOWS\system32\mfcai.exe
    >O4 - HKLM\..\RunOnce: [atlpn32.exe] C:\WINDOWS\system32\atlpn32.exe
    >O4 - HKLM\..\RunOnce: [mshk.exe] C:\WINDOWS\mshk.exe
    >O4 - HKLM\..\RunOnce: [winrx32.exe] C:\WINDOWS\winrx32.exe
    >O4 - HKLM\..\RunOnce: [javath32.exe] C:\WINDOWS\system32\javath32.exe
    >O4 - HKLM\..\RunOnce: [syskh32.exe] C:\WINDOWS\system32\syskh32.exe
    >O4 - HKLM\..\RunOnce: [atlde.exe] C:\WINDOWS\system32\atlde.exe
    >O4 - HKLM\..\RunOnce: [nethf32.exe] C:\WINDOWS\nethf32.exe
    >O4 - HKLM\..\RunOnce: [appoy.exe] C:\WINDOWS\system32\appoy.exe
    >O4 - HKLM\..\RunOnce: [winhq.exe] C:\WINDOWS\system32\winhq.exe
    >O4 - HKLM\..\RunOnce: [mfcsz32.exe] C:\WINDOWS\system32\mfcsz32.exe
    >O4 - HKLM\..\RunOnce: [appra.exe] C:\WINDOWS\system32\appra.exe
    >O4 - HKLM\..\RunOnce: [crep.exe] C:\WINDOWS\crep.exe
    >O4 - HKLM\..\RunOnce: [mfcow32.exe] C:\WINDOWS\mfcow32.exe
    >O4 - HKLM\..\RunOnce: [addsa.exe] C:\WINDOWS\addsa.exe
    >O4 - HKLM\..\RunOnce: [apiyg32.exe] C:\WINDOWS\system32\apiyg32.exe
    >O4 - HKLM\..\RunOnce: [ipgz32.exe] C:\WINDOWS\system32\ipgz32.exe
    >O4 - HKLM\..\RunOnce: [mswh32.exe] C:\WINDOWS\system32\mswh32.exe
    >O4 - HKLM\..\RunOnce: [crpz32.exe] C:\WINDOWS\system32\crpz32.exe
    >O4 - HKLM\..\RunOnce: [d3kg.exe] C:\WINDOWS\d3kg.exe
    >O4 - HKLM\..\RunOnce: [msta.exe] C:\WINDOWS\system32\msta.exe
    >O4 - HKLM\..\RunOnce: [d3ff.exe] C:\WINDOWS\system32\d3ff.exe
    >O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\addyc.exe
    >O4 - HKLM\..\RunOnce: [sdkbz32.exe] C:\WINDOWS\sdkbz32.exe
    >O4 - HKLM\..\RunOnce: [msgr32.exe] C:\WINDOWS\system32\msgr32.exe
    >O4 - HKLM\..\RunOnce: [addeq32.exe] C:\WINDOWS\addeq32.exe
    >O4 - HKLM\..\RunOnce: [atljf32.exe] C:\WINDOWS\system32\atljf32.exe
    >O4 - HKLM\..\RunOnce: [appdk32.exe] C:\WINDOWS\system32\appdk32.exe
    >O4 - HKLM\..\RunOnce: [winwk32.exe] C:\WINDOWS\system32\winwk32.exe
    >O4 - HKLM\..\RunOnce: [ieft.exe] C:\WINDOWS\system32\ieft.exe
    >O4 - HKLM\..\RunOnce: [ntef.exe] C:\WINDOWS\ntef.exe
    >O4 - HKLM\..\RunOnce: [appds.exe] C:\WINDOWS\appds.exe
    >O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
    >O4 - HKLM\..\RunOnce: [syszx.exe] C:\WINDOWS\syszx.exe
    >O4 - HKLM\..\RunOnce: [atlby.exe] C:\WINDOWS\atlby.exe
    >O4 - HKLM\..\RunOnce: [apphy32.exe] C:\WINDOWS\apphy32.exe
    >O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\system32\apiep32.exe
    >O4 - HKLM\..\RunOnce: [javaal32.exe] C:\WINDOWS\system32\javaal32.exe
    >O4 - HKLM\..\RunOnce: [nethb32.exe] C:\WINDOWS\nethb32.exe
    >O4 - HKLM\..\RunOnce: [cray32.exe] C:\WINDOWS\system32\cray32.exe
    >O4 - HKLM\..\RunOnce: [apifs.exe] C:\WINDOWS\apifs.exe
    >O4 - HKLM\..\RunOnce: [atlhs32.exe] C:\WINDOWS\system32\atlhs32.exe
    >O4 - HKLM\..\RunOnce: [crbe32.exe] C:\WINDOWS\crbe32.exe
    >O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\system32\mshg32.exe
    >O4 - HKLM\..\RunOnce: [msks.exe] C:\WINDOWS\msks.exe
    >O4 - HKLM\..\RunOnce: [ipgl32.exe] C:\WINDOWS\ipgl32.exe
    >O4 - HKLM\..\RunOnce: [addex32.exe] C:\WINDOWS\addex32.exe
    >O4 - HKLM\..\RunOnce: [atlvu32.exe] C:\WINDOWS\system32\atlvu32.exe
    >O4 - HKLM\..\RunOnce: [winqn32.exe] C:\WINDOWS\system32\winqn32.exe
    >O4 - HKLM\..\RunOnce: [msgn32.exe] C:\WINDOWS\msgn32.exe
    >O4 - HKLM\..\RunOnce: [atlyq.exe] C:\WINDOWS\atlyq.exe
    >O4 - HKLM\..\RunOnce: [apicx32.exe] C:\WINDOWS\apicx32.exe
    >O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\system32\crms32.exe
    >O4 - HKLM\..\RunOnce: [wincq32.exe] C:\WINDOWS\system32\wincq32.exe
    >O4 - HKLM\..\RunOnce: [d3qf32.exe] C:\WINDOWS\d3qf32.exe
    >O4 - HKLM\..\RunOnce: [mslk.exe] C:\WINDOWS\mslk.exe
    >O4 - HKLM\..\RunOnce: [netfy.exe] C:\WINDOWS\netfy.exe
    >O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\system32\apipu32.exe
    >O4 - HKLM\..\RunOnce: [mfcvt32.exe] C:\WINDOWS\mfcvt32.exe
    >O4 - HKLM\..\RunOnce: [atlcg.exe] C:\WINDOWS\atlcg.exe
    >O4 - HKLM\..\RunOnce: [ipte32.exe] C:\WINDOWS\ipte32.exe
    >O4 - HKLM\..\RunOnce: [iekd.exe] C:\WINDOWS\system32\iekd.exe
    >O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\system32\appoe.exe
    >O4 - HKLM\..\RunOnce: [winmm32.exe] C:\WINDOWS\winmm32.exe
    >O4 - HKLM\..\RunOnce: [apiwi.exe] C:\WINDOWS\system32\apiwi.exe
    >O4 - HKLM\..\RunOnce: [mfcuh.exe] C:\WINDOWS\mfcuh.exe
    >O4 - HKLM\..\RunOnce: [netjr32.exe] C:\WINDOWS\netjr32.exe
    >O4 - HKLM\..\RunOnce: [appoa32.exe] C:\WINDOWS\system32\appoa32.exe
    >O4 - HKLM\..\RunOnce: [javajr32.exe] C:\WINDOWS\javajr32.exe
    >O4 - HKLM\..\RunOnce: [appjt32.exe] C:\WINDOWS\appjt32.exe
    >O4 - HKLM\..\RunOnce: [netlr.exe] C:\WINDOWS\system32\netlr.exe
    >O4 - HKLM\..\RunOnce: [msij.exe] C:\WINDOWS\system32\msij.exe
    >O4 - HKLM\..\RunOnce: [javapz.exe] C:\WINDOWS\system32\javapz.exe
    >O4 - HKLM\..\RunOnce: [mfcom.exe] C:\WINDOWS\system32\mfcom.exe
    >O4 - HKLM\..\RunOnce: [addgf32.exe] C:\WINDOWS\addgf32.exe
    >O4 - HKLM\..\RunOnce: [netwx32.exe] C:\WINDOWS\system32\netwx32.exe
    >O4 - HKLM\..\RunOnce: [ieky.exe] C:\WINDOWS\ieky.exe
    >O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\system32\winmp.exe
    >O4 - HKLM\..\RunOnce: [msdq32.exe] C:\WINDOWS\system32\msdq32.exe
    >O4 - HKLM\..\RunOnce: [atltf32.exe] C:\WINDOWS\atltf32.exe
    >O4 - HKLM\..\RunOnce: [sdker.exe] C:\WINDOWS\system32\sdker.exe
    >O4 - HKLM\..\RunOnce: [msyh32.exe] C:\WINDOWS\system32\msyh32.exe
    >O4 - HKLM\..\RunOnce: [ntbe32.exe] C:\WINDOWS\ntbe32.exe
    >O4 - HKLM\..\RunOnce: [atlpz32.exe] C:\WINDOWS\system32\atlpz32.exe
    >O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\system32\appsl32.exe
    >O4 - HKLM\..\RunOnce: [apide.exe] C:\WINDOWS\apide.exe
    >O4 - HKLM\..\RunOnce: [mssj32.exe] C:\WINDOWS\system32\mssj32.exe
    >O4 - HKLM\..\RunOnce: [appny32.exe] C:\WINDOWS\system32\appny32.exe
    >O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINDOWS\addpj.exe
    >O4 - HKLM\..\RunOnce: [ipzg.exe] C:\WINDOWS\ipzg.exe
    >O4 - HKLM\..\RunOnce: [apppo.exe] C:\WINDOWS\system32\apppo.exe
    >O4 - HKLM\..\RunOnce: [javaqp32.exe] C:\WINDOWS\system32\javaqp32.exe
    >O4 - HKLM\..\RunOnce: [sdksi32.exe] C:\WINDOWS\sdksi32.exe
    >O4 - HKLM\..\RunOnce: [applf32.exe] C:\WINDOWS\system32\applf32.exe
    >O4 - HKLM\..\RunOnce: [netlw32.exe] C:\WINDOWS\netlw32.exe
    >O4 - HKLM\..\RunOnce: [msyt.exe] C:\WINDOWS\system32\msyt.exe
    >O4 - HKLM\..\RunOnce: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe
    >O4 - HKLM\..\RunOnce: [appyt32.exe] C:\WINDOWS\system32\appyt32.exe
    >O4 - HKLM\..\RunOnce: [iprq32.exe] C:\WINDOWS\system32\iprq32.exe
    >O4 - HKLM\..\RunOnce: [addui.exe] C:\WINDOWS\system32\addui.exe
    >O4 - HKLM\..\RunOnce: [atloa.exe] C:\WINDOWS\system32\atloa.exe
    >O4 - HKLM\..\RunOnce: [sdkkj.exe] C:\WINDOWS\sdkkj.exe
    >O4 - HKLM\..\RunOnce: [mspj.exe] C:\WINDOWS\system32\mspj.exe
    >O4 - HKLM\..\RunOnce: [netst32.exe] C:\WINDOWS\system32\netst32.exe
    >O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\sysap32.exe
    >O4 - HKLM\..\RunOnce: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
    >O4 - HKLM\..\RunOnce: [iemk32.exe] C:\WINDOWS\system32\iemk32.exe
    >O4 - HKLM\..\RunOnce: [ntlx32.exe] C:\WINDOWS\ntlx32.exe
    >O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\system32\ipfh.exe
    >O4 - HKLM\..\RunOnce: [mfcwr32.exe] C:\WINDOWS\system32\mfcwr32.exe
    >O4 - HKLM\..\RunOnce: [ipls.exe] C:\WINDOWS\system32\ipls.exe
    >O4 - HKLM\..\RunOnce: [netwv.exe] C:\WINDOWS\netwv.exe
    >O4 - HKLM\..\RunOnce: [syswv32.exe] C:\WINDOWS\system32\syswv32.exe
    >O4 - HKLM\..\RunOnce: [javadd32.exe] C:\WINDOWS\system32\javadd32.exe
    >O4 - HKLM\..\RunOnce: [appsa.exe] C:\WINDOWS\system32\appsa.exe
    >O4 - HKLM\..\RunOnce: [addhv32.exe] C:\WINDOWS\addhv32.exe
    >O4 - HKLM\..\RunOnce: [apilh.exe] C:\WINDOWS\system32\apilh.exe
    >O4 - HKLM\..\RunOnce: [iezd.exe] C:\WINDOWS\iezd.exe
    >O4 - HKLM\..\RunOnce: [sdkqy.exe] C:\WINDOWS\sdkqy.exe
    >O4 - HKLM\..\RunOnce: [mfcbx.exe] C:\WINDOWS\mfcbx.exe
    >O4 - HKLM\..\RunOnce: [apity32.exe] C:\WINDOWS\apity32.exe
    >O4 - HKLM\..\RunOnce: [ntfv.exe] C:\WINDOWS\system32\ntfv.exe
    >O4 - HKLM\..\RunOnce: [msnk32.exe] C:\WINDOWS\system32\msnk32.exe
    >O4 - HKLM\..\RunOnce: [msem32.exe] C:\WINDOWS\system32\msem32.exe
    >O4 - HKLM\..\RunOnce: [sysko.exe] C:\WINDOWS\system32\sysko.exe
    >O4 - HKLM\..\RunOnce: [atlbv32.exe] C:\WINDOWS\system32\atlbv32.exe
    >O4 - HKLM\..\RunOnce: [msgs32.exe] C:\WINDOWS\system32\msgs32.exe
    >O4 - HKLM\..\RunOnce: [appfj.exe] C:\WINDOWS\system32\appfj.exe
    >O4 - HKLM\..\RunOnce: [ipdg.exe] C:\WINDOWS\ipdg.exe
    >O4 - HKLM\..\RunOnce: [sysqx32.exe] C:\WINDOWS\sysqx32.exe
    >O4 - HKLM\..\RunOnce: [wintk.exe] C:\WINDOWS\system32\wintk.exe
    >O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\system32\atlpk.exe
    >O4 - HKLM\..\RunOnce: [nttr32.exe] C:\WINDOWS\system32\nttr32.exe
    >O4 - HKLM\..\RunOnce: [cruv.exe] C:\WINDOWS\cruv.exe
    >O4 - HKLM\..\RunOnce: [iplq.exe] C:\WINDOWS\iplq.exe
    >O4 - HKLM\..\RunOnce: [ieyw.exe] C:\WINDOWS\system32\ieyw.exe
    >O4 - HKLM\..\RunOnce: [ntbp32.exe] C:\WINDOWS\system32\ntbp32.exe
    >O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
    >O4 - HKLM\..\RunOnce: [atlzo.exe] C:\WINDOWS\system32\atlzo.exe
    >O4 - HKLM\..\RunOnce: [javakd.exe] C:\WINDOWS\javakd.exe
    >O4 - HKLM\..\RunOnce: [sdkcm.exe] C:\WINDOWS\sdkcm.exe
    >O4 - HKLM\..\RunOnce: [winal.exe] C:\WINDOWS\system32\winal.exe
    >O4 - HKLM\..\RunOnce: [ipsz.exe] C:\WINDOWS\system32\ipsz.exe
    >O4 - HKLM\..\RunOnce: [ieiu.exe] C:\WINDOWS\system32\ieiu.exe
    >O4 - HKLM\..\RunOnce: [appnt.exe] C:\WINDOWS\appnt.exe
    >O4 - HKLM\..\RunOnce: [addwu.exe] C:\WINDOWS\system32\addwu.exe
    >O4 - HKLM\..\RunOnce: [wincn32.exe] C:\WINDOWS\wincn32.exe
    >O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\system32\ieob.exe
    >O4 - HKLM\..\RunOnce: [appsi32.exe] C:\WINDOWS\system32\appsi32.exe
    >O4 - HKLM\..\RunOnce: [crqc.exe] C:\WINDOWS\system32\crqc.exe
    >O4 - HKLM\..\RunOnce: [appls.exe] C:\WINDOWS\appls.exe
    >O4 - HKLM\..\RunOnce: [netjq.exe] C:\WINDOWS\netjq.exe
    >O4 - HKLM\..\RunOnce: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe
    >O4 - HKLM\..\RunOnce: [apiat32.exe] C:\WINDOWS\system32\apiat32.exe
    >O4 - HKLM\..\RunOnce: [javakt.exe] C:\WINDOWS\javakt.exe
    >O4 - HKLM\..\RunOnce: [winla.exe] C:\WINDOWS\system32\winla.exe
    >O4 - HKLM\..\RunOnce: [cryo32.exe] C:\WINDOWS\system32\cryo32.exe
    >O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\ntlh.exe
    >O4 - HKLM\..\RunOnce: [iptv32.exe] C:\WINDOWS\iptv32.exe
    >O4 - HKLM\..\RunOnce: [ieyt.exe] C:\WINDOWS\ieyt.exe
    >O4 - HKLM\..\RunOnce: [netsn.exe] C:\WINDOWS\system32\netsn.exe
    >O4 - HKLM\..\RunOnce: [winjs.exe] C:\WINDOWS\system32\winjs.exe
    >O4 - HKLM\..\RunOnce: [mfcjx.exe] C:\WINDOWS\mfcjx.exe
    >O4 - HKLM\..\RunOnce: [addts32.exe] C:\WINDOWS\system32\addts32.exe
    >O4 - HKLM\..\RunOnce: [sysch32.exe] C:\WINDOWS\system32\sysch32.exe
    >O4 - HKLM\..\RunOnce: [ntzf32.exe] C:\WINDOWS\ntzf32.exe
    >O4 - HKLM\..\RunOnce: [ntyz.exe] C:\WINDOWS\ntyz.exe
    >O4 - HKLM\..\RunOnce: [ipid32.exe] C:\WINDOWS\system32\ipid32.exe
    >O4 - HKLM\..\RunOnce: [crmw32.exe] C:\WINDOWS\crmw32.exe
    >O4 - HKLM\..\RunOnce: [apifq32.exe] C:\WINDOWS\system32\apifq32.exe
    >O4 - HKLM\..\RunOnce: [ntls.exe] C:\WINDOWS\ntls.exe
    >O4 - HKLM\..\RunOnce: [sysgb32.exe] C:\WINDOWS\system32\sysgb32.exe
    >O4 - HKLM\..\RunOnce: [winft.exe] C:\WINDOWS\system32\winft.exe
    >O4 - HKLM\..\RunOnce: [ieoo.exe] C:\WINDOWS\ieoo.exe
    >O4 - HKLM\..\RunOnce: [d3fg32.exe] C:\WINDOWS\system32\d3fg32.exe
    >O4 - HKLM\..\RunOnce: [javadk.exe] C:\WINDOWS\system32\javadk.exe
    >O4 - HKLM\..\RunOnce: [mfcai32.exe] C:\WINDOWS\mfcai32.exe
    >O4 - HKLM\..\RunOnce: [netuk.exe] C:\WINDOWS\system32\netuk.exe
    >O4 - HKLM\..\RunOnce: [ntfd.exe] C:\WINDOWS\system32\ntfd.exe
    >O4 - HKLM\..\RunOnce: [appwo.exe] C:\WINDOWS\system32\appwo.exe
    >O4 - HKLM\..\RunOnce: [crhc.exe] C:\WINDOWS\crhc.exe
    >O4 - HKLM\..\RunOnce: [javafs32.exe] C:\WINDOWS\javafs32.exe
    >O4 - HKLM\..\RunOnce: [apiku32.exe] C:\WINDOWS\system32\apiku32.exe
    >O4 - HKLM\..\RunOnce: [ntbh32.exe] C:\WINDOWS\system32\ntbh32.exe
    >O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\system32\nthv32.exe
    >O4 - HKLM\..\RunOnce: [mfcfj32.exe] C:\WINDOWS\mfcfj32.exe
    >O4 - HKLM\..\RunOnce: [appgj.exe] C:\WINDOWS\system32\appgj.exe
    >O4 - HKLM\..\RunOnce: [ntbx32.exe] C:\WINDOWS\system32\ntbx32.exe
    >O4 - HKLM\..\RunOnce: [netaw.exe] C:\WINDOWS\netaw.exe
    >O4 - HKLM\..\RunOnce: [ipjk.exe] C:\WINDOWS\ipjk.exe
    >O4 - HKLM\..\RunOnce: [netqe32.exe] C:\WINDOWS\netqe32.exe
    >O4 - HKLM\..\RunOnce: [iezv32.exe] C:\WINDOWS\iezv32.exe
    >O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe
    >O4 - HKLM\..\RunOnce: [iecw.exe] C:\WINDOWS\iecw.exe
    >O4 - HKLM\..\RunOnce: [sdkot.exe] C:\WINDOWS\sdkot.exe
    >O4 - HKLM\..\RunOnce: [msql.exe] C:\WINDOWS\system32\msql.exe
    >O4 - HKLM\..\RunOnce: [crth.exe] C:\WINDOWS\crth.exe
    >O4 - HKLM\..\RunOnce: [sdknh.exe] C:\WINDOWS\sdknh.exe
    >O4 - HKLM\..\RunOnce: [apiyd.exe] C:\WINDOWS\system32\apiyd.exe
    >O4 - HKLM\..\RunOnce: [netcy32.exe] C:\WINDOWS\netcy32.exe
    >O4 - HKLM\..\RunOnce: [addnp.exe] C:\WINDOWS\system32\addnp.exe
    >O4 - HKLM\..\RunOnce: [netxo32.exe] C:\WINDOWS\netxo32.exe
    >O4 - HKLM\..\RunOnce: [mfcdb32.exe] C:\WINDOWS\system32\mfcdb32.exe
    >O4 - HKLM\..\RunOnce: [iebi.exe] C:\WINDOWS\iebi.exe
    >O4 - HKLM\..\RunOnce: [mfczd.exe] C:\WINDOWS\system32\mfczd.exe
    >O4 - HKLM\..\RunOnce: [atlns.exe] C:\WINDOWS\atlns.exe
    >O4 - HKLM\..\RunOnce: [ipby32.exe] C:\WINDOWS\system32\ipby32.exe
    >O4 - HKLM\..\RunOnce: [javazh.exe] C:\WINDOWS\system32\javazh.exe
    >O4 - HKLM\..\RunOnce: [ipnm.exe] C:\WINDOWS\ipnm.exe
    >O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe
    >O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe
    >O4 - HKLM\..\RunOnce: [sysai.exe] C:\WINDOWS\sysai.exe
    >O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe
    >O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe
    >O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe
    >O4 - HKLM\..\RunOnce: [mfcgc32.exe] C:\WINDOWS\mfcgc32.exe
    >O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe
    >O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe
    >O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe
    >O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe
    >O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe
    >O4 - HKLM\..\RunOnce: [d3ss.exe] C:\WINDOWS\system32\d3ss.exe
    >O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe
    >O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe
    >O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe
    >O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe
    >O4 - HKLM\..\RunOnce: [javakj32.exe] C:\WINDOWS\system32\javakj32.exe
    >O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe
    >O4 - HKLM\..\RunOnce: [atlba.exe] C:\WINDOWS\system32\atlba.exe
    >O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\addpr.exe
    >O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe
    >O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe
    >O4 - HKLM\..\RunOnce: [atldn.exe] C:\WINDOWS\system32\atldn.exe
    >O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe
    >O4 - HKLM\..\RunOnce: [syscl32.exe] C:\WINDOWS\syscl32.exe
    >O4 - HKLM\..\RunOnce: [apisi.exe] C:\WINDOWS\apisi.exe
    >O4 - HKLM\..\RunOnce: [javaeo.exe] C:\WINDOWS\javaeo.exe
    >O4 - HKLM\..\RunOnce: [javacp32.exe] C:\WINDOWS\system32\javacp32.exe
    >O4 - HKLM\..\RunOnce: [javaiv32.exe] C:\WINDOWS\system32\javaiv32.exe
    >O4 - HKLM\..\RunOnce: [atlgm.exe] C:\WINDOWS\system32\atlgm.exe
    >O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe
    >O4 - HKLM\..\RunOnce: [appiw32.exe] C:\WINDOWS\system32\appiw32.exe
    >O4 - HKLM\..\RunOnce: [appbc.exe] C:\WINDOWS\system32\appbc.exe
    >O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe
    >O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe
    >O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe
    >O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe
    >O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe
    >O4 - HKLM\..\RunOnce: [javatw32.exe] C:\WINDOWS\system32\javatw32.exe
    >O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\system32\mssv32.exe
    >O4 - HKLM\..\RunOnce: [appyr.exe] C:\WINDOWS\system32\appyr.exe
    >O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\system32\iehm32.exe
    >O4 - HKLM\..\RunOnce: [neter32.exe] C:\WINDOWS\neter32.exe
    >O4 - HKLM\..\RunOnce: [mfcwn.exe] C:\WINDOWS\system32\mfcwn.exe
    >O4 - HKLM\..\RunOnce: [sdkmn32.exe] C:\WINDOWS\sdkmn32.exe
    >O4 - HKLM\..\RunOnce: [appjl32.exe] C:\WINDOWS\appjl32.exe
    >O4 - HKLM\..\RunOnce: [javaer32.exe] C:\WINDOWS\system32\javaer32.exe
    >O4 - HKLM\..\RunOnce: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe
    >O4 - HKLM\..\RunOnce: [mfcua.exe] C:\WINDOWS\system32\mfcua.exe
    >O4 - HKLM\..\RunOnce: [netjv.exe] C:\WINDOWS\netjv.exe
    >O4 - HKLM\..\RunOnce: [syssz.exe] C:\WINDOWS\syssz.exe
    >O4 - HKLM\..\RunOnce: [atlao32.exe] C:\WINDOWS\atlao32.exe
    >O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\system32\msee32.exe
    >O4 - HKLM\..\RunOnce: [javato.exe] C:\WINDOWS\javato.exe
    >O4 - HKLM\..\RunOnce: [crbm32.exe] C:\WINDOWS\system32\crbm32.exe
    >O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
    >O4 - HKLM\..\RunOnce: [msqp32.exe] C:\WINDOWS\msqp32.exe
    >O4 - HKLM\..\RunOnce: [javael.exe] C:\WINDOWS\javael.exe
    >O4 - HKLM\..\RunOnce: [mfcmw32.exe] C:\WINDOWS\mfcmw32.exe
    >O4 - HKLM\..\RunOnce: [mstq32.exe] C:\WINDOWS\mstq32.exe
    >O4 - HKLM\..\RunOnce: [winjy.exe] C:\WINDOWS\winjy.exe
    >O4 - HKLM\..\RunOnce: [iely32.exe] C:\WINDOWS\iely32.exe
    >O4 - HKLM\..\RunOnce: [apimq.exe] C:\WINDOWS\system32\apimq.exe
    >O4 - HKLM\..\RunOnce: [atlqa32.exe] C:\WINDOWS\atlqa32.exe
    >O4 - HKLM\..\RunOnce: [appdr32.exe] C:\WINDOWS\appdr32.exe
    >O4 - HKLM\..\RunOnce: [netyr.exe] C:\WINDOWS\netyr.exe
    >O4 - HKLM\..\RunOnce: [mszv.exe] C:\WINDOWS\system32\mszv.exe
    >O4 - HKLM\..\RunOnce: [mshs.exe] C:\WINDOWS\mshs.exe
    >O4 - HKLM\..\RunOnce: [atluz.exe] C:\WINDOWS\atluz.exe
    >O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\system32\sdkzn.exe


    Have HijackThis fix ALL of the above 04 - "RunOnce" entries.
    Go into the Windows and the Windows\System32 folder,
    and delete EACH AND EVERY ONE of the above files.
    Empty the recycle bin.


    >O13 - DefaultPrefix:
    >O13 - WWW Prefix:
    >O13 - Home Prefix: http://nkvd.us/1525/
    >O13 - Mosaic Prefix: http://nkvd.us/1525/


    Have HijackThis fix the above four entries.


    >O16 - DPF:


    Have HijackThis fix ALL of your 016 - DPF entries.


    >O17 - HKLM\System\CCS\Services\Tcpip\..\{B83157E1-841B-4659-9447-7B2D8038B586}:
    >NameServer = 198.164.30.2 198.164.4.2


    Unless the above IPs (University of New Brunswick) are from
    your network or ISP, have HijackThis fix the above.


    >O21 - SSODL: System - {A1A3CE61-D455-48DF-9214-C2B72484DE3A} -
    >C:\WINDOWS\system32\system32.dll


    Have HijackThis fix the above.
    Delete the system32.dll file and empty the recycle bin.


    Open your registry editor (Start / Run / Regedit) to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    If you see an entry named '__NS_Service_3' delete it.

    Still in the registry, navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    If you see an entry named 'LEGACY___NS_Service_3' delete it.

    Close your registry editor.

    Do NOT reconnect; do NOT reboot into normal mode, yet.

    Run SpyBot S&D (full scan)

    Run Ad-Aware (full scan)

    Run the Ad-Aware VX2 cleaner plug-in.

    Run the SpHjfix.

    Run CWShredder

    Run AboutBuster

    Re-run HijackThis and rescan.


    If SpyBot S&D and/or Ad-Aware do not run in Safe
    Mode, leave those steps until last and run them
    in normal mode, BEFORE YOU CONNECT.


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jul 30, 2004
    #4
  5. Jeanette

    °Mike° Guest

    More totally useless advice -- there is absolutely NO need
    for a clean install.


    On Fri, 30 Jul 2004 18:48:21 GMT, in
    <VJwOc.407$>
    JamesBenson scrawled:

    >Hi, all the entries with the name run or run once mean that each time your
    >pc start's then all these entries will be run, with my pc there is nothing
    >in the run once section and only a few in the run section, this should give
    >you an idea what should be there, virtually nothing, which is why it is
    >unusable, do a clean install of your OS with trusted CD's if you have them
    >and be careful what you click yes to, sound's like most programs installed
    >third party spyware/adware along with them without you knowing. Be careful
    >of free program's
    >
    >
    >"Norman Miller" <> wrote in message
    >news:...
    >> In article <>, Jeanette
    >> says...
    >>
    >> > I am trying to figure out what is going on on my brothers computer.
    >> > It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into
    >> > each profile, IE is virtually unusuable, can't visit any search site
    >> > and just about any other site I try is blocked as well. Netscape
    >> > still remains useable. Downloaded Google Toolbar and that got rid of
    >> > lots of porn pop ups, but we've still got lots of spyware, etc messing
    >> > things up. Have Spy-Bot and Ad-aware and am running them a few times
    >> > a day (keeps finding new things). Just downloaded Hijack This - but
    >> > have to admit I have no idea what needs to say and what should go.
    >> > Already fixed a few obvious URL redirections, but they keep coming
    >> > back. I've copied over the log file and would really appreciate the
    >> > help.

    >>
    >> > Also, are there any other programs I should download for this problem
    >> > - and how often should I run them? Is there any way to keep this from
    >> > happeneing, we've never had this problem on our home computer.

    >>
    >> For your last question; yes, it is possible to prevent this, but a lot of
    >> the methodology requires discipline on the part of the operator. Don't
    >> install every slick gadget that the marketers insist will "improve" your
    >> Internet experience; more often then not it only improves their marketing
    >> experience; at no small cost to your convenience.
    >>
    >> For your next to the last question; if proper discipline is applied,

    >"Hijack
    >> This" once, for a baseline report on a new install, and that should be it.
    >> Run it after any significant change in software to grab a new baseline
    >> snapshot. If you practice good discipline, you shouldn't need to run it as

    >a
    >> troubleshooter; but if you do encounter a problem, you can run it and

    >check
    >> the log against your baseline log.
    >>
    >> As for the log, itself, it is really busy, and I don't have a lot of
    >> experience at HJT. One item did stand out, though, and should be too
    >> difficult to deal with. Unless your brother really needs to play with the
    >> games, and other goodies offered by WildTangent, dump it. It should be
    >> available for removal using "Add/Remove Programs". After running that, you
    >> just delete the folders, then run Ad Aware to handle any residual
    >> components. Ad Aware does identify WildTangent files. They are a data

    >miner,
    >> as well as a game provider. Unless you don't mind marketers mining your
    >> data, it is useless fluff; but it is not malware, or harmful, if your
    >> brother really likes playing those online games.
    >>
    >> Frankly, I don't care for anything to do with RealPlayer, either, but it

    >is
    >> like WildTangent. Straightforward removal, but if your brother likes what

    >it
    >> does, it isn't nasty, or malware.
    >>
    >> Others are less well known to me, and I can't say one way or the other.

    >I'd
    >> start with a small subset of that rather lengthy list of applications;

    >say,
    >> this part:
    >>
    >> > O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe
    >> > O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe
    >> > O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe
    >> > O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe
    >> > O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe
    >> > O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe
    >> > O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe
    >> > O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe
    >> > O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe
    >> > O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe
    >> > O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe
    >> > O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe
    >> > O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe
    >> > O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe
    >> > O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe
    >> > O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe
    >> > O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe
    >> > O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe
    >> > O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe
    >> > O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe
    >> > O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe
    >> > O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe
    >> > O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe
    >> > O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe

    >>
    >> I'd start with a Google search on each of the application names.

    >Hopefully,
    >> you can see a pattern in my choices. One of those file names should give

    >you
    >> a Google hit, and you can take it from there. Hopefully (again!), some of
    >> those hits will lead you to information about the other items in that

    >list.
    >> It is now wonder that computer is so cranky; it is trying to load too much
    >> stuff.
    >>
    >> With the exception of the Google, Yahoo!, or MSN toolbar, you really don't
    >> need anything else; and I used the Yahoo! BHO so infrequently that I

    >finally
    >> removed it. No BHOs here; just a well secured browser and a hosts file

    >which
    >> redirects advertising trackers to localhost. And, as nearly as I can tell,
    >> MSIE6, with the latest patches, can be made reasonably secure, though I
    >> prefer Mozilla 1.7.1 for real security. Use the zones. Put that small
    >> handful of sites you would really trust to run scripts into the "Trusted
    >> sites" zone, and set the "Internet" zone to the highest level of security;
    >> that will tame DestructiveX (okay, MSFT calls it, "ActiveX"; but if you

    >know
    >> how remote sites can use it to abuse your system, you know why I call it,
    >> "DestructiveX"!)
    >>
    >> I thought there were HJT forums at the site where you downloaded it; have
    >> you posted your log there?
    >>
    >> --
    >> Norman
    >> ~Win dain a lotica, En vai tu ri, Si lo ta
    >> ~Fin dein a loluca, En dragu a sei lain
    >> ~Vi fa-ru les shutai am, En riga-lint

    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jul 30, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. joevan

    Hijack this log por favor

    joevan, Feb 20, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    659
    °Mike°
    Feb 20, 2004
  2. Rich Gabriele

    Hijack This Log - Please Help

    Rich Gabriele, May 26, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    445
    °Mike°
    May 26, 2004
  3. TyzNanny

    Need help on Hijack This log

    TyzNanny, Jun 10, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    478
    °Mike°
    Jun 10, 2004
  4. Lisa Goodman

    hijack this log file

    Lisa Goodman, Aug 11, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    678
    °Mike°
    Aug 11, 2004
  5. Replies:
    8
    Views:
    568
Loading...

Share This Page