Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

here's my log...please help


  • This topic is locked This topic is locked
4 replies to this topic

#1 knomad

knomad

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 02 April 2005 - 04:33 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:30:47 PM, on 4/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ioazdqp\Kzdcyt.exe
C:\WINNT\mrjpmsa.exe
C:\WINNT\sys5047.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cosmi\StealthSurf Pro\wc\wcservice.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=34508
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\STEALT~1\pop\ABG_PL~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Qmbja] C:\Program Files\Ioazdqp\Kzdcyt.exe
O4 - HKLM\..\Run: [bwbwTVy4] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [bwbwTVz$v*C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [D7DB3456] C:\WINNT\sys5047.exe
O4 - HKLM\..\Run: [94807206] C:\WINNT\sys510.exe
O4 - HKLM\..\Run: [DB3AF656] C:\WINNT\sys5413.exe
O4 - HKLM\..\Run: [DDDCDFD6] C:\WINNT\sys5536.exe
O4 - HKLM\..\Run: [C11ADDD6] C:\WINNT\sys5923.exe
O4 - HKLM\..\Run: [9BBCDDD6] C:\WINNT\sys5928.exe
O4 - HKLM\..\Run: [94403206] C:\WINNT\sys650.exe
O4 - HKLM\..\Run: [90403206] C:\WINNT\sys658.exe
O4 - HKLM\..\Run: [8FE03206] C:\WINNT\sys852.exe
O4 - HKLM\..\Run: [95665A86] C:\WINNT\sys433.exe
O4 - HKLM\..\Run: [DBDD344E] C:\WINNT\sys4542.exe
O4 - HKLM\..\Run: [97265C86] C:\WINNT\sys507.exe
O4 - HKLM\..\Run: [DC1CDFD6] C:\WINNT\sys5236.exe
O4 - HKLM\..\Run: [80BADFD6] C:\WINNT\sys5239.exe
O4 - HKLM\..\Run: [9D06F206] C:\WINNT\sys197.exe
O4 - HKLM\..\Run: [C4BCF676] C:\WINNT\sys1914.exe
O4 - HKLM\..\Run: [8BBCF65E] C:\WINNT\sys2118.exe
O4 - HKLM\..\Run: [DC1CDDDE] C:\WINNT\sys2620.exe
O4 - HKLM\..\Run: [msnappau] C:\Program Files\StealthSurf Pro\SpyWare Killer\quarantine\{39694709-3A1D-4ECD-95D1-3CE1593A9649}\{EA77BB0B-AE1A-49E5-8FCB-298289FCFC78}\01.02.3000.1001\en-us\msnappau.exe
O4 - HKLM\..\Run: [DFBAF64E] C:\WINNT\sys4215.exe
O4 - HKLM\..\Run: [801CF64E] C:\WINNT\sys4218.exe
O4 - HKLM\..\Run: [DA1CDDCE] C:\WINNT\sys4222.exe
O4 - HKLM\..\Run: [9D865886] C:\WINNT\sys327.exe
O4 - HKLM\..\Run: [9E205A86] C:\WINNT\sys732.exe
O4 - HKLM\..\Run: [81FADFF6] C:\WINNT\sys1739.exe
O4 - HKLM\..\Run: [DEFB3476] C:\WINNT\sys1745.exe
O4 - HKLM\..\Run: [81DCDFDE] C:\WINNT\sys2538.exe
O4 - HKLM\..\Run: [DC7B345E] C:\WINNT\sys2541.exe
O4 - HKLM\..\Run: [DE7B345E] C:\WINNT\sys2545.exe
O4 - HKLM\..\Run: [DFBADFE6] C:\WINNT\sys3235.exe
O4 - HKLM\..\Run: [801CDFE6] C:\WINNT\sys3238.exe
O4 - HKLM\..\Run: [D73D3466] C:\WINNT\sys3346.exe
O4 - HKLM\..\Run: [DC3AF666] C:\WINNT\sys3411.exe
O4 - HKLM\..\Run: [DE9CF666] C:\WINNT\sys3414.exe
O4 - HKLM\..\Run: [DD3AF666] C:\WINNT\sys3417.exe
O4 - HKLM\..\Run: [DE3B3666] C:\WINNT\sys3455.exe
O4 - HKLM\..\Run: [819D3666] C:\WINNT\sys3458.exe
O4 - HKLM\..\Run: [9C203206] C:\WINNT\sys354.exe
O4 - HKLM\..\Run: [DCDCDFE6] C:\WINNT\sys3530.exe
O4 - HKLM\..\Run: [C71ADFCE] C:\WINNT\sys4937.exe
O4 - HKLM\..\Run: [DE3ADDD6] C:\WINNT\sys5425.exe
O4 - HKLM\..\Run: [813ADDD6] C:\WINNT\sys5429.exe
O4 - HKLM\..\Run: [DCDD3456] C:\WINNT\sys5540.exe
O4 - HKLM\..\Run: [DEDD3456] C:\WINNT\sys5544.exe
O4 - HKLM\..\Run: [DE1D3656] C:\WINNT\sys5654.exe
O4 - HKLM\..\Run: [811D3656] C:\WINNT\sys5658.exe
O4 - HKLM\..\Run: [9B7CF656] C:\WINNT\sys5818.exe
O4 - HKLM\..\Run: [C47CDDD6] C:\WINNT\sys5824.exe
O4 - HKLM\..\Run: [C67CDFD6] C:\WINNT\sys5830.exe
O4 - HKLM\..\Run: [C61ADFD6] C:\WINNT\sys5931.exe
O4 - HKLM\..\Run: [C7BD3656] C:\WINNT\sys5956.exe
O4 - HKLM\..\Run: [C7BD3456] C:\WINNT\sys5946.exe
O4 - HKLM\..\Run: [9FE05886] C:\WINNT\sys022.exe
O4 - HKLM\..\Run: [9C461C86] C:\WINNT\sys045.exe
O4 - HKLM\..\Run: [9F463206] C:\WINNT\sys053.exe
O4 - HKLM\..\Run: [E6E8A8C6] C:\WINNT\sys12.exe
O4 - HKLM\..\Run: [9FA07206] C:\WINNT\sys112.exe
O4 - HKLM\..\Run: [9DA05886] C:\WINNT\sys126.exe
O4 - HKLM\..\Run: [9FC67206] C:\WINNT\sys213.exe
O4 - HKLM\..\Run: [9D607206] C:\WINNT\sys216.exe
O4 - HKLM\..\Run: [9DC65886] C:\WINNT\sys227.exe
O4 - HKLM\..\Run: [9D601C86] C:\WINNT\sys246.exe
O4 - HKLM\..\Run: [E7E88146] C:\WINNT\sys34.exe
O4 - HKLM\..\Run: [9F205A86] C:\WINNT\sys332.exe
O4 - HKLM\..\Run: [9C865A86] C:\WINNT\sys335.exe
O4 - HKLM\..\Run: [96665A86] C:\WINNT\sys435.exe
O4 - HKLM\..\Run: [97661C86] C:\WINNT\sys447.exe
O4 - HKLM\..\Run: [90265A86] C:\WINNT\sys539.exe
O4 - HKLM\..\Run: [95801C86] C:\WINNT\sys542.exe
O4 - HKLM\..\Run: [96261C86] C:\WINNT\sys545.exe
O4 - HKLM\..\Run: [E6F8C346] C:\WINNT\sys63.exe
O4 - HKLM\..\Run: [E4E8C346] C:\WINNT\sys66.exe
O4 - HKLM\..\Run: [9E867206] C:\WINNT\sys713.exe
O4 - HKLM\..\Run: [9C207206] C:\WINNT\sys716.exe
O4 - HKLM\..\Run: [8EE05A86] C:\WINNT\sys830.exe
O4 - HKLM\..\Run: [8DE05A86] C:\WINNT\sys836.exe
O4 - HKLM\..\Run: [8DE01C86] C:\WINNT\sys846.exe
O4 - HKLM\..\Run: [8F067206] C:\WINNT\sys913.exe
O4 - HKLM\..\Run: [8FA01C86] C:\WINNT\sys942.exe
O4 - HKLM\..\Run: [8C061C86] C:\WINNT\sys945.exe
O4 - HKLM\..\Run: [8A061C86] C:\WINNT\sys949.exe
O4 - HKLM\..\Run: [9E067206] C:\WINNT\sys111.exe
O4 - HKLM\..\Run: [D1BCF676] C:\WINNT\sys1112.exe
O4 - HKLM\..\Run: [8B1ADFF6] C:\WINNT\sys1139.exe
O4 - HKLM\..\Run: [D61B3676] C:\WINNT\sys1151.exe
O4 - HKLM\..\Run: [9A065886] C:\WINNT\sys129.exe
O4 - HKLM\..\Run: [DABAF676] C:\WINNT\sys1213.exe
O4 - HKLM\..\Run: [DD1CDFF6] C:\WINNT\sys1230.exe
O4 - HKLM\..\Run: [DC1CDFF6] C:\WINNT\sys1236.exe
O4 - HKLM\..\Run: [DD1D3676] C:\WINNT\sys1250.exe
O4 - HKLM\..\Run: [9EA05A86] C:\WINNT\sys130.exe
O4 - HKLM\..\Run: [9AA05A86] C:\WINNT\sys138.exe
O4 - HKLM\..\Run: [9A065A86] C:\WINNT\sys139.exe
O4 - HKLM\..\Run: [D49AF676] C:\WINNT\sys1315.exe
O4 - HKLM\..\Run: [D69B3476] C:\WINNT\sys1341.exe
O4 - HKLM\..\Run: [8B3D3476] C:\WINNT\sys1348.exe
O4 - HKLM\..\Run: [8B9B3676] C:\WINNT\sys1359.exe
O4 - HKLM\..\Run: [DE3ADDF6] C:\WINNT\sys1425.exe
O4 - HKLM\..\Run: [9D063206] C:\WINNT\sys157.exe
O4 - HKLM\..\Run: [DBDCF676] C:\WINNT\sys1512.exe
O4 - HKLM\..\Run: [D19B365E] C:\WINNT\sys2353.exe
O4 - HKLM\..\Run: [8B3D365E] C:\WINNT\sys2358.exe
O4 - HKLM\..\Run: [9F601C86] C:\WINNT\sys242.exe
O4 - HKLM\..\Run: [DD3AF65E] C:\WINNT\sys2417.exe
O4 - HKLM\..\Run: [DC9CDDDE] C:\WINNT\sys2420.exe
O4 - HKLM\..\Run: [DB3ADDDE] C:\WINNT\sys2423.exe
O4 - HKLM\..\Run: [9D603206] C:\WINNT\sys256.exe
O4 - HKLM\..\Run: [9AC63206] C:\WINNT\sys259.exe
O4 - HKLM\..\Run: [DC7ADFDE] C:\WINNT\sys2531.exe
O4 - HKLM\..\Run: [DBDCDFDE] C:\WINNT\sys2532.exe
O4 - HKLM\..\Run: [DE1CDDDE] C:\WINNT\sys2624.exe
O4 - HKLM\..\Run: [DDBADDDE] C:\WINNT\sys2627.exe
O4 - HKLM\..\Run: [81BADDDE] C:\WINNT\sys2629.exe
O4 - HKLM\..\Run: [DB1CDFDE] C:\WINNT\sys2632.exe
O4 - HKLM\..\Run: [811D365E] C:\WINNT\sys2658.exe
O4 - HKLM\..\Run: [DB1CDDCE] C:\WINNT\sys4622.exe
O4 - HKLM\..\Run: [DDBADDCE] C:\WINNT\sys4627.exe
O4 - HKLM\..\Run: [81BADDCE] C:\WINNT\sys4629.exe
O4 - HKLM\..\Run: [DDFB344E] C:\WINNT\sys4747.exe
O4 - HKLM\..\Run: [DC5D364E] C:\WINNT\sys4750.exe
O4 - HKLM\..\Run: [DBFB364E] C:\WINNT\sys4753.exe
O4 - HKLM\..\Run: [9066F206] C:\WINNT\sys499.exe
O4 - HKLM\..\Run: [C1BCF64E] C:\WINNT\sys4912.exe
O4 - HKLM\..\Run: [8B7CDDD6] C:\WINNT\sys5028.exe
O4 - HKLM\..\Run: [D77CDFD6] C:\WINNT\sys5036.exe
O4 - HKLM\..\Run: [DE1CDFDE] C:\WINNT\sys2634.exe
O4 - HKLM\..\Run: [9A601A86] C:\WINNT\sys278.exe
O4 - HKLM\..\Run: [DCFAF65E] C:\WINNT\sys2711.exe
O4 - HKLM\..\Run: [81FADFDE] C:\WINNT\sys2739.exe
O4 - HKLM\..\Run: [DE5D345E] C:\WINNT\sys2744.exe
O4 - HKLM\..\Run: [9DC6DC86] C:\WINNT\sys287.exe
O4 - HKLM\..\Run: [C17CF65E] C:\WINNT\sys2812.exe
O4 - HKLM\..\Run: [9BDAF65E] C:\WINNT\sys2819.exe
O4 - HKLM\..\Run: [C7DADFDE] C:\WINNT\sys2837.exe
O4 - HKLM\..\Run: [9C60F206] C:\WINNT\sys294.exe
O4 - HKLM\..\Run: [9B1AF65E] C:\WINNT\sys2919.exe
O4 - HKLM\..\Run: [9B1ADDDE] C:\WINNT\sys2929.exe
O4 - HKLM\..\Run: [C4BCDFDE] C:\WINNT\sys2934.exe
O4 - HKLM\..\Run: [C41B345E] C:\WINNT\sys2945.exe
O4 - HKLM\..\Run: [C6BD365E] C:\WINNT\sys2950.exe
O4 - HKLM\..\Run: [C41B365E] C:\WINNT\sys2955.exe
O4 - HKLM\..\Run: [8B7D3666] C:\WINNT\sys3058.exe
O4 - HKLM\..\Run: [9C865886] C:\WINNT\sys325.exe
O4 - HKLM\..\Run: [DDBAF666] C:\WINNT\sys3211.exe
O4 - HKLM\..\Run: [D49AF666] C:\WINNT\sys3315.exe
O4 - HKLM\..\Run: [8B3CF666] C:\WINNT\sys3318.exe
O4 - HKLM\..\Run: [8B9ADDE6] C:\WINNT\sys3329.exe
O4 - HKLM\..\Run: [D19ADFE6] C:\WINNT\sys3333.exe
O4 - HKLM\..\Run: [DC9CDFE6] C:\WINNT\sys3430.exe
O4 - HKLM\..\Run: [DC9D3466] C:\WINNT\sys3440.exe
O4 - HKLM\..\Run: [DE9D3466] C:\WINNT\sys3444.exe
O4 - HKLM\..\Run: [DD3B3466] C:\WINNT\sys3447.exe
O4 - HKLM\..\Run: [DC9D3666] C:\WINNT\sys3450.exe
O4 - HKLM\..\Run: [DB7B3466] C:\WINNT\sys3543.exe
O4 - HKLM\..\Run: [81DD3466] C:\WINNT\sys3548.exe
O4 - HKLM\..\Run: [DCDD3666] C:\WINNT\sys3550.exe
O4 - HKLM\..\Run: [DE7B3666] C:\WINNT\sys3555.exe
O4 - HKLM\..\Run: [96261886] C:\WINNT\sys565.exe
O4 - HKLM\..\Run: [DBBAF656] C:\WINNT\sys5613.exe
O4 - HKLM\..\Run: [DC1D3456] C:\WINNT\sys5640.exe
O4 - HKLM\..\Run: [811D3456] C:\WINNT\sys5648.exe
O4 - HKLM\..\Run: [DB5CDDD6] C:\WINNT\sys5722.exe
O4 - HKLM\..\Run: [DE5CDDD6] C:\WINNT\sys5724.exe
O4 - HKLM\..\Run: [C41AF656] C:\WINNT\sys5915.exe
O4 - HKLM\..\Run: [C1BCDDD6] C:\WINNT\sys5922.exe
O4 - HKLM\..\Run: [9E203206] C:\WINNT\sys752.exe
O4 - HKLM\..\Run: [9F863206] C:\WINNT\sys353.exe
O4 - HKLM\..\Run: [94401C86] C:\WINNT\sys640.exe
O4 - HKLM\..\Run: [95401C86] C:\WINNT\sys642.exe
O4 - HKLM\..\Run: [96401C86] C:\WINNT\sys644.exe
O4 - HKLM\..\Run: [9F203206] C:\WINNT\sys750.exe
O4 - HKLM\..\Run: [9D203206] C:\WINNT\sys754.exe
O4 - HKLM\..\Run: [BAE828C6] C:\WINNT\sys98.exe
O4 - HKLM\..\Run: [8E067206] C:\WINNT\sys911.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [D6DADDF6] C:\WINNT\sys1021.exe
O4 - HKLM\..\Run: [D47CDDF6] C:\WINNT\sys1024.exe
O4 - HKLM\..\Run: [D1BCDFF6] C:\WINNT\sys1132.exe
O4 - HKLM\..\Run: [D7BCDFF6] C:\WINNT\sys1136.exe
O4 - HKLM\..\Run: [DF1D3676] C:\WINNT\sys1254.exe
O4 - HKLM\..\Run: [DCBB3676] C:\WINNT\sys1257.exe
O4 - HKLM\..\Run: [DB3AF676] C:\WINNT\sys1413.exe
O4 - HKLM\..\Run: [811D3476] C:\WINNT\sys1648.exe
O4 - HKLM\..\Run: [DC5CDDF6] C:\WINNT\sys1720.exe
O4 - HKLM\..\Run: [9B7CDDF6] C:\WINNT\sys1828.exe
O4 - HKLM\..\Run: [9B7CDFF6] C:\WINNT\sys1838.exe
O4 - HKLM\..\Run: [C47D3476] C:\WINNT\sys1844.exe
O4 - HKLM\..\Run: [C1BD3476] C:\WINNT\sys1942.exe
O4 - HKLM\..\Run: [C71B3676] C:\WINNT\sys1957.exe
O4 - HKLM\..\Run: [9FC65C86] C:\WINNT\sys203.exe
O4 - HKLM\..\Run: [D6DAF65E] C:\WINNT\sys2011.exe
O4 - HKLM\..\Run: [D7BCDFDE] C:\WINNT\sys2136.exe
O4 - HKLM\..\Run: [D11B345E] C:\WINNT\sys2143.exe
O4 - HKLM\..\Run: [D1BD365E] C:\WINNT\sys2152.exe
O4 - HKLM\..\Run: [D49AF65E] C:\WINNT\sys2315.exe
O4 - HKLM\..\Run: [D69ADDDE] C:\WINNT\sys2321.exe
O4 - HKLM\..\Run: [815CF65E] C:\WINNT\sys2718.exe
O4 - HKLM\..\Run: [DD5CDDDE] C:\WINNT\sys2726.exe
O4 - HKLM\..\Run: [DEFADFDE] C:\WINNT\sys2735.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [bwbwTVz$vfC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [bwbwTVh$/G%)C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [bwbwTVh$v/C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [HotqRONtP] a3dntlog.exe
O4 - HKCU\..\Run: [80BADDCE] C:\WINNT\sys4229.exe
O4 - HKCU\..\Run: [DDBADFCE] C:\WINNT\sys4231.exe
O4 - HKCU\..\Run: [D73CF64E] C:\WINNT\sys4316.exe
O4 - HKCU\..\Run: [8B9AF64E] C:\WINNT\sys4319.exe
O4 - HKCU\..\Run: [D69ADDCE] C:\WINNT\sys4321.exe
O4 - HKCU\..\Run: [D19B344E] C:\WINNT\sys4343.exe
O4 - HKCU\..\Run: [D73D344E] C:\WINNT\sys4346.exe
O4 - HKCU\..\Run: [8B3D344E] C:\WINNT\sys4348.exe
O4 - HKCU\..\Run: [D7DB3456] C:\WINNT\sys5047.exe
O4 - HKCU\..\Run: [8B7D3656] C:\WINNT\sys5058.exe
O4 - HKCU\..\Run: [94807206] C:\WINNT\sys510.exe
O4 - HKCU\..\Run: [DABAF656] C:\WINNT\sys5213.exe
O4 - HKCU\..\Run: [DFBAF656] C:\WINNT\sys5215.exe
O4 - HKCU\..\Run: [DCBAF656] C:\WINNT\sys5217.exe
O4 - HKCU\..\Run: [DB3AF656] C:\WINNT\sys5413.exe
O4 - HKCU\..\Run: [DD9CF656] C:\WINNT\sys5416.exe
O4 - HKCU\..\Run: [DC3ADDD6] C:\WINNT\sys5421.exe
O4 - HKCU\..\Run: [DDDCDFD6] C:\WINNT\sys5536.exe
O4 - HKCU\..\Run: [DC7B3456] C:\WINNT\sys5541.exe
O4 - HKCU\..\Run: [C11ADDD6] C:\WINNT\sys5923.exe
O4 - HKCU\..\Run: [C7BCDDD6] C:\WINNT\sys5926.exe
O4 - HKCU\..\Run: [9BBCDDD6] C:\WINNT\sys5928.exe
O4 - HKCU\..\Run: [94403206] C:\WINNT\sys650.exe
O4 - HKCU\..\Run: [90403206] C:\WINNT\sys658.exe
O4 - HKCU\..\Run: [8FE03206] C:\WINNT\sys852.exe
O4 - HKCU\..\Run: [DA1D364E] C:\WINNT\sys4252.exe
O4 - HKCU\..\Run: [94C05A86] C:\WINNT\sys430.exe
O4 - HKCU\..\Run: [95665A86] C:\WINNT\sys433.exe
O4 - HKCU\..\Run: [DBDD344E] C:\WINNT\sys4542.exe
O4 - HKCU\..\Run: [DDDD364E] C:\WINNT\sys4556.exe
O4 - HKCU\..\Run: [81DD364E] C:\WINNT\sys4558.exe
O4 - HKCU\..\Run: [9B1B364E] C:\WINNT\sys4959.exe
O4 - HKCU\..\Run: [95805C86] C:\WINNT\sys502.exe
O4 - HKCU\..\Run: [97265C86] C:\WINNT\sys507.exe
O4 - HKCU\..\Run: [DDBADFD6] C:\WINNT\sys5231.exe
O4 - HKCU\..\Run: [DC1CDFD6] C:\WINNT\sys5236.exe
O4 - HKCU\..\Run: [80BADFD6] C:\WINNT\sys5239.exe
O4 - HKCU\..\Run: [9D06F206] C:\WINNT\sys197.exe
O4 - HKCU\..\Run: [C61AF676] C:\WINNT\sys1911.exe
O4 - HKCU\..\Run: [C4BCF676] C:\WINNT\sys1914.exe
O4 - HKCU\..\Run: [8BBCF65E] C:\WINNT\sys2118.exe
O4 - HKCU\..\Run: [D1BCDDDE] C:\WINNT\sys2122.exe
O4 - HKCU\..\Run: [D41ADDDE] C:\WINNT\sys2125.exe
O4 - HKCU\..\Run: [DC1CDDDE] C:\WINNT\sys2620.exe
O4 - HKCU\..\Run: [DA1CDFDE] C:\WINNT\sys2232.exe
O4 - HKCU\..\Run: [DFBADFDE] C:\WINNT\sys2235.exe
O4 - HKCU\..\Run: [DFBAF64E] C:\WINNT\sys4215.exe
O4 - HKCU\..\Run: [801CF64E] C:\WINNT\sys4218.exe
O4 - HKCU\..\Run: [DA1CDDCE] C:\WINNT\sys4222.exe
O4 - HKCU\..\Run: [9D865886] C:\WINNT\sys327.exe
O4 - HKCU\..\Run: [9E205A86] C:\WINNT\sys732.exe
O4 - HKCU\..\Run: [9F865A86] C:\WINNT\sys333.exe
O4 - HKCU\..\Run: [81FADFF6] C:\WINNT\sys1739.exe
O4 - HKCU\..\Run: [DB5D3476] C:\WINNT\sys1742.exe
O4 - HKCU\..\Run: [DEFB3476] C:\WINNT\sys1745.exe
O4 - HKCU\..\Run: [81DCDFDE] C:\WINNT\sys2538.exe
O4 - HKCU\..\Run: [DC7B345E] C:\WINNT\sys2541.exe
O4 - HKCU\..\Run: [DE7B345E] C:\WINNT\sys2545.exe
O4 - HKCU\..\Run: [DD1CDFE6] C:\WINNT\sys3230.exe
O4 - HKCU\..\Run: [DFBADFE6] C:\WINNT\sys3235.exe
O4 - HKCU\..\Run: [801CDFE6] C:\WINNT\sys3238.exe
O4 - HKCU\..\Run: [D13D3466] C:\WINNT\sys3342.exe
O4 - HKCU\..\Run: [D43D3466] C:\WINNT\sys3344.exe
O4 - HKCU\..\Run: [D73D3466] C:\WINNT\sys3346.exe
O4 - HKCU\..\Run: [DC3AF666] C:\WINNT\sys3411.exe
O4 - HKCU\..\Run: [DE9CF666] C:\WINNT\sys3414.exe
O4 - HKCU\..\Run: [DD3AF666] C:\WINNT\sys3417.exe
O4 - HKCU\..\Run: [DE3B3666] C:\WINNT\sys3455.exe
O4 - HKCU\..\Run: [819D3666] C:\WINNT\sys3458.exe
O4 - HKCU\..\Run: [9C203206] C:\WINNT\sys354.exe
O4 - HKCU\..\Run: [DBDCDDE6] C:\WINNT\sys3522.exe
O4 - HKCU\..\Run: [DEDCDDE6] C:\WINNT\sys3524.exe
O4 - HKCU\..\Run: [81DCDDE6] C:\WINNT\sys3528.exe
O4 - HKCU\..\Run: [DCDCDFE6] C:\WINNT\sys3530.exe
O4 - HKCU\..\Run: [DB7ADFE6] C:\WINNT\sys3533.exe
O4 - HKCU\..\Run: [C6BCDFCE] C:\WINNT\sys4930.exe
O4 - HKCU\..\Run: [C41ADFCE] C:\WINNT\sys4935.exe
O4 - HKCU\..\Run: [C71ADFCE] C:\WINNT\sys4937.exe
O4 - HKCU\..\Run: [DB3ADDD6] C:\WINNT\sys5423.exe
O4 - HKCU\..\Run: [DE3ADDD6] C:\WINNT\sys5425.exe
O4 - HKCU\..\Run: [813ADDD6] C:\WINNT\sys5429.exe
O4 - HKCU\..\Run: [DCDD3456] C:\WINNT\sys5540.exe
O4 - HKCU\..\Run: [DB7B3456] C:\WINNT\sys5543.exe
O4 - HKCU\..\Run: [DEDD3456] C:\WINNT\sys5544.exe
O4 - HKCU\..\Run: [DB1D3656] C:\WINNT\sys5652.exe
O4 - HKCU\..\Run: [DE1D3656] C:\WINNT\sys5654.exe
O4 - HKCU\..\Run: [811D3656] C:\WINNT\sys5658.exe
O4 - HKCU\..\Run: [9B7CF656] C:\WINNT\sys5818.exe
O4 - HKCU\..\Run: [C47CDDD6] C:\WINNT\sys5824.exe
O4 - HKCU\..\Run: [C67CDFD6] C:\WINNT\sys5830.exe
O4 - HKCU\..\Run: [C61ADFD6] C:\WINNT\sys5931.exe
O4 - HKCU\..\Run: [C71ADFD6] C:\WINNT\sys5937.exe
O4 - HKCU\..\Run: [C61B3456] C:\WINNT\sys5941.exe
O4 - HKCU\..\Run: [C61B3656] C:\WINNT\sys5951.exe
O4 - HKCU\..\Run: [C7BD3656] C:\WINNT\sys5956.exe
O4 - HKCU\..\Run: [C7BD3456] C:\WINNT\sys5946.exe
O4 - HKCU\..\Run: [9FE05886] C:\WINNT\sys022.exe
O4 - HKCU\..\Run: [9C461C86] C:\WINNT\sys045.exe
O4 - HKCU\..\Run: [9AE01C86] C:\WINNT\sys048.exe
O4 - HKCU\..\Run: [9F463206] C:\WINNT\sys053.exe
O4 - HKCU\..\Run: [E6E8A8C6] C:\WINNT\sys12.exe
O4 - HKCU\..\Run: [9FA07206] C:\WINNT\sys112.exe
O4 - HKCU\..\Run: [9DA05886] C:\WINNT\sys126.exe
O4 - HKCU\..\Run: [9FC67206] C:\WINNT\sys213.exe
O4 - HKCU\..\Run: [9D607206] C:\WINNT\sys216.exe
O4 - HKCU\..\Run: [9AC67206] C:\WINNT\sys219.exe
O4 - HKCU\..\Run: [9EC65886] C:\WINNT\sys221.exe
O4 - HKCU\..\Run: [9DC65886] C:\WINNT\sys227.exe
O4 - HKCU\..\Run: [9D601C86] C:\WINNT\sys246.exe
O4 - HKCU\..\Run: [E7E88146] C:\WINNT\sys34.exe
O4 - HKCU\..\Run: [9A207206] C:\WINNT\sys318.exe
O4 - HKCU\..\Run: [9F865886] C:\WINNT\sys323.exe
O4 - HKCU\..\Run: [9F205A86] C:\WINNT\sys332.exe
O4 - HKCU\..\Run: [9C865A86] C:\WINNT\sys335.exe
O4 - HKCU\..\Run: [90C05886] C:\WINNT\sys428.exe
O4 - HKCU\..\Run: [96665A86] C:\WINNT\sys435.exe
O4 - HKCU\..\Run: [90665A86] C:\WINNT\sys439.exe
O4 - HKCU\..\Run: [95C01C86] C:\WINNT\sys442.exe
O4 - HKCU\..\Run: [97661C86] C:\WINNT\sys447.exe
O4 - HKCU\..\Run: [90265A86] C:\WINNT\sys539.exe
O4 - HKCU\..\Run: [95801C86] C:\WINNT\sys542.exe
O4 - HKCU\..\Run: [96261C86] C:\WINNT\sys545.exe
O4 - HKCU\..\Run: [E1F8C346] C:\WINNT\sys61.exe
O4 - HKCU\..\Run: [E6F8C346] C:\WINNT\sys63.exe
O4 - HKCU\..\Run: [E4E8C346] C:\WINNT\sys66.exe
O4 - HKCU\..\Run: [9E867206] C:\WINNT\sys713.exe
O4 - HKCU\..\Run: [9C207206] C:\WINNT\sys716.exe
O4 - HKCU\..\Run: [8EE05A86] C:\WINNT\sys830.exe
O4 - HKCU\..\Run: [8DE05A86] C:\WINNT\sys836.exe
O4 - HKCU\..\Run: [8EE01C86] C:\WINNT\sys840.exe
O4 - HKCU\..\Run: [8DE01C86] C:\WINNT\sys846.exe
O4 - HKCU\..\Run: [8A461C86] C:\WINNT\sys849.exe
O4 - HKCU\..\Run: [8F067206] C:\WINNT\sys913.exe
O4 - HKCU\..\Run: [8FA01C86] C:\WINNT\sys942.exe
O4 - HKCU\..\Run: [8C061C86] C:\WINNT\sys945.exe
O4 - HKCU\..\Run: [8A061C86] C:\WINNT\sys949.exe
O4 - HKCU\..\Run: [8BDB3476] C:\WINNT\sys1049.exe
O4 - HKCU\..\Run: [9E067206] C:\WINNT\sys111.exe
O4 - HKCU\..\Run: [D1BCF676] C:\WINNT\sys1112.exe
O4 - HKCU\..\Run: [8B1ADFF6] C:\WINNT\sys1139.exe
O4 - HKCU\..\Run: [8BBD3476] C:\WINNT\sys1148.exe
O4 - HKCU\..\Run: [D61B3676] C:\WINNT\sys1151.exe
O4 - HKCU\..\Run: [9A065886] C:\WINNT\sys129.exe
O4 - HKCU\..\Run: [DABAF676] C:\WINNT\sys1213.exe
O4 - HKCU\..\Run: [DC1CDDF6] C:\WINNT\sys1226.exe
O4 - HKCU\..\Run: [DD1CDFF6] C:\WINNT\sys1230.exe
O4 - HKCU\..\Run: [DC1CDFF6] C:\WINNT\sys1236.exe
O4 - HKCU\..\Run: [DD1D3676] C:\WINNT\sys1250.exe
O4 - HKCU\..\Run: [9EA05A86] C:\WINNT\sys130.exe
O4 - HKCU\..\Run: [9AA05A86] C:\WINNT\sys138.exe
O4 - HKCU\..\Run: [9A065A86] C:\WINNT\sys139.exe
O4 - HKCU\..\Run: [D49AF676] C:\WINNT\sys1315.exe
O4 - HKCU\..\Run: [8B3CF676] C:\WINNT\sys1318.exe
O4 - HKCU\..\Run: [D13CDFF6] C:\WINNT\sys1332.exe
O4 - HKCU\..\Run: [D69B3476] C:\WINNT\sys1341.exe
O4 - HKCU\..\Run: [8B3D3476] C:\WINNT\sys1348.exe
O4 - HKCU\..\Run: [8B9B3676] C:\WINNT\sys1359.exe
O4 - HKCU\..\Run: [DD3AF676] C:\WINNT\sys1417.exe
O4 - HKCU\..\Run: [DC9CDDF6] C:\WINNT\sys1420.exe
O4 - HKCU\..\Run: [DE3ADDF6] C:\WINNT\sys1425.exe
O4 - HKCU\..\Run: [9D063206] C:\WINNT\sys157.exe
O4 - HKCU\..\Run: [DCDCF676] C:\WINNT\sys1510.exe
O4 - HKCU\..\Run: [DBDCF676] C:\WINNT\sys1512.exe
O4 - HKCU\..\Run: [D19B365E] C:\WINNT\sys2353.exe
O4 - HKCU\..\Run: [8B3D365E] C:\WINNT\sys2358.exe
O4 - HKCU\..\Run: [9F601C86] C:\WINNT\sys242.exe
O4 - HKCU\..\Run: [DD3AF65E] C:\WINNT\sys2417.exe
O4 - HKCU\..\Run: [DC9CDDDE] C:\WINNT\sys2420.exe
O4 - HKCU\..\Run: [DB3ADDDE] C:\WINNT\sys2423.exe
O4 - HKCU\..\Run: [9C603206] C:\WINNT\sys254.exe
O4 - HKCU\..\Run: [9D603206] C:\WINNT\sys256.exe
O4 - HKCU\..\Run: [9AC63206] C:\WINNT\sys259.exe
O4 - HKCU\..\Run: [DB7AF65E] C:\WINNT\sys2513.exe
O4 - HKCU\..\Run: [817AF65E] C:\WINNT\sys2519.exe
O4 - HKCU\..\Run: [DC7ADFDE] C:\WINNT\sys2531.exe
O4 - HKCU\..\Run: [DBDCDFDE] C:\WINNT\sys2532.exe
O4 - HKCU\..\Run: [DDDCDFDE] C:\WINNT\sys2536.exe
O4 - HKCU\..\Run: [DE1CDDDE] C:\WINNT\sys2624.exe
O4 - HKCU\..\Run: [DDBADDDE] C:\WINNT\sys2627.exe
O4 - HKCU\..\Run: [81BADDDE] C:\WINNT\sys2629.exe
O4 - HKCU\..\Run: [DB1CDFDE] C:\WINNT\sys2632.exe
O4 - HKCU\..\Run: [DEBB365E] C:\WINNT\sys2655.exe
O4 - HKCU\..\Run: [811D365E] C:\WINNT\sys2658.exe
O4 - HKCU\..\Run: [9C601A86] C:\WINNT\sys274.exe
O4 - HKCU\..\Run: [C41ADDDE] C:\WINNT\sys2925.exe
O4 - HKCU\..\Run: [C71ADDDE] C:\WINNT\sys2927.exe
O4 - HKCU\..\Run: [C6BCDFDE] C:\WINNT\sys2930.exe
O4 - HKCU\..\Run: [DB1CDDCE] C:\WINNT\sys4622.exe
O4 - HKCU\..\Run: [DDBADDCE] C:\WINNT\sys4627.exe
O4 - HKCU\..\Run: [81BADDCE] C:\WINNT\sys4629.exe
O4 - HKCU\..\Run: [DDFB344E] C:\WINNT\sys4747.exe
O4 - HKCU\..\Run: [DC5D364E] C:\WINNT\sys4750.exe
O4 - HKCU\..\Run: [DBFB364E] C:\WINNT\sys4753.exe
O4 - HKCU\..\Run: [9766F206] C:\WINNT\sys497.exe
O4 - HKCU\..\Run: [9066F206] C:\WINNT\sys499.exe
O4 - HKCU\..\Run: [C1BCF64E] C:\WINNT\sys4912.exe
O4 - HKCU\..\Run: [8B7CDDD6] C:\WINNT\sys5028.exe
O4 - HKCU\..\Run: [D47CDFD6] C:\WINNT\sys5034.exe
O4 - HKCU\..\Run: [D77CDFD6] C:\WINNT\sys5036.exe
O4 - HKCU\..\Run: [DE1CDFDE] C:\WINNT\sys2634.exe
O4 - HKCU\..\Run: [9E601A86] C:\WINNT\sys270.exe
O4 - HKCU\..\Run: [9A601A86] C:\WINNT\sys278.exe
O4 - HKCU\..\Run: [DCFAF65E] C:\WINNT\sys2711.exe
O4 - HKCU\..\Run: [81FADFDE] C:\WINNT\sys2739.exe
O4 - HKCU\..\Run: [DB5D345E] C:\WINNT\sys2742.exe
O4 - HKCU\..\Run: [DE5D345E] C:\WINNT\sys2744.exe
O4 - HKCU\..\Run: [9DC6DC86] C:\WINNT\sys287.exe
O4 - HKCU\..\Run: [C67CF65E] C:\WINNT\sys2810.exe
O4 - HKCU\..\Run: [C17CF65E] C:\WINNT\sys2812.exe
O4 - HKCU\..\Run: [9BDAF65E] C:\WINNT\sys2819.exe
O4 - HKCU\..\Run: [C6DADFDE] C:\WINNT\sys2831.exe
O4 - HKCU\..\Run: [C7DADFDE] C:\WINNT\sys2837.exe
O4 - HKCU\..\Run: [9E60F206] C:\WINNT\sys290.exe
O4 - HKCU\..\Run: [9F60F206] C:\WINNT\sys292.exe
O4 - HKCU\..\Run: [9C60F206] C:\WINNT\sys294.exe
O4 - HKCU\..\Run: [C71AF65E] C:\WINNT\sys2917.exe
O4 - HKCU\..\Run: [9B1AF65E] C:\WINNT\sys2919.exe
O4 - HKCU\..\Run: [9B1ADDDE] C:\WINNT\sys2929.exe
O4 - HKCU\..\Run: [C1BCDFDE] C:\WINNT\sys2932.exe
O4 - HKCU\..\Run: [C4BCDFDE] C:\WINNT\sys2934.exe
O4 - HKCU\..\Run: [C61B345E] C:\WINNT\sys2941.exe
O4 - HKCU\..\Run: [C11B345E] C:\WINNT\sys2943.exe
O4 - HKCU\..\Run: [C41B345E] C:\WINNT\sys2945.exe
O4 - HKCU\..\Run: [C6BD365E] C:\WINNT\sys2950.exe
O4 - HKCU\..\Run: [C11B365E] C:\WINNT\sys2953.exe
O4 - HKCU\..\Run: [C41B365E] C:\WINNT\sys2955.exe
O4 - HKCU\..\Run: [D1DB3666] C:\WINNT\sys3053.exe
O4 - HKCU\..\Run: [8B7D3666] C:\WINNT\sys3058.exe
O4 - HKCU\..\Run: [9C865886] C:\WINNT\sys325.exe
O4 - HKCU\..\Run: [DDBAF666] C:\WINNT\sys3211.exe
O4 - HKCU\..\Run: [D19AF666] C:\WINNT\sys3313.exe
O4 - HKCU\..\Run: [D49AF666] C:\WINNT\sys3315.exe
O4 - HKCU\..\Run: [8B3CF666] C:\WINNT\sys3318.exe
O4 - HKCU\..\Run: [D73CDDE6] C:\WINNT\sys3326.exe
O4 - HKCU\..\Run: [8B9ADDE6] C:\WINNT\sys3329.exe
O4 - HKCU\..\Run: [D19ADFE6] C:\WINNT\sys3333.exe
O4 - HKCU\..\Run: [DE3ADDE6] C:\WINNT\sys3425.exe
O4 - HKCU\..\Run: [DC9CDFE6] C:\WINNT\sys3430.exe
O4 - HKCU\..\Run: [DD3ADFE6] C:\WINNT\sys3437.exe
O4 - HKCU\..\Run: [DC9D3466] C:\WINNT\sys3440.exe
O4 - HKCU\..\Run: [DE9D3466] C:\WINNT\sys3444.exe
O4 - HKCU\..\Run: [DD3B3466] C:\WINNT\sys3447.exe
O4 - HKCU\..\Run: [DC9D3666] C:\WINNT\sys3450.exe
O4 - HKCU\..\Run: [817ADFE6] C:\WINNT\sys3539.exe
O4 - HKCU\..\Run: [DC7B3466] C:\WINNT\sys3541.exe
O4 - HKCU\..\Run: [DB7B3466] C:\WINNT\sys3543.exe
O4 - HKCU\..\Run: [81DD3466] C:\WINNT\sys3548.exe
O4 - HKCU\..\Run: [DCDD3666] C:\WINNT\sys3550.exe
O4 - HKCU\..\Run: [DE7B3666] C:\WINNT\sys3555.exe
O4 - HKCU\..\Run: [96261886] C:\WINNT\sys565.exe
O4 - HKCU\..\Run: [DC1CF656] C:\WINNT\sys5610.exe
O4 - HKCU\..\Run: [DBBAF656] C:\WINNT\sys5613.exe
O4 - HKCU\..\Run: [DC1D3456] C:\WINNT\sys5640.exe
O4 - HKCU\..\Run: [DBBB3456] C:\WINNT\sys5643.exe
O4 - HKCU\..\Run: [811D3456] C:\WINNT\sys5648.exe
O4 - HKCU\..\Run: [DC5CDDD6] C:\WINNT\sys5720.exe
O4 - HKCU\..\Run: [DB5CDDD6] C:\WINNT\sys5722.exe
O4 - HKCU\..\Run: [DE5CDDD6] C:\WINNT\sys5724.exe
O4 - HKCU\..\Run: [C41AF656] C:\WINNT\sys5915.exe
O4 - HKCU\..\Run: [C6BCDDD6] C:\WINNT\sys5920.exe
O4 - HKCU\..\Run: [C1BCDDD6] C:\WINNT\sys5922.exe
O4 - HKCU\..\Run: [9A201C86] C:\WINNT\sys348.exe
O4 - HKCU\..\Run: [9E203206] C:\WINNT\sys752.exe
O4 - HKCU\..\Run: [9F863206] C:\WINNT\sys353.exe
O4 - HKCU\..\Run: [94401C86] C:\WINNT\sys640.exe
O4 - HKCU\..\Run: [95401C86] C:\WINNT\sys642.exe
O4 - HKCU\..\Run: [96401C86] C:\WINNT\sys644.exe
O4 - HKCU\..\Run: [9F203206] C:\WINNT\sys750.exe
O4 - HKCU\..\Run: [9D203206] C:\WINNT\sys754.exe
O4 - HKCU\..\Run: [E4E828C6] C:\WINNT\sys96.exe
O4 - HKCU\..\Run: [BAE828C6] C:\WINNT\sys98.exe
O4 - HKCU\..\Run: [8E067206] C:\WINNT\sys911.exe
O4 - HKCU\..\Run: [8BDAF676] C:\WINNT\sys1019.exe
O4 - HKCU\..\Run: [D6DADDF6] C:\WINNT\sys1021.exe
O4 - HKCU\..\Run: [D47CDDF6] C:\WINNT\sys1024.exe
O4 - HKCU\..\Run: [D1BCDFF6] C:\WINNT\sys1132.exe
O4 - HKCU\..\Run: [D7BCDFF6] C:\WINNT\sys1136.exe
O4 - HKCU\..\Run: [DA1D3676] C:\WINNT\sys1252.exe
O4 - HKCU\..\Run: [DF1D3676] C:\WINNT\sys1254.exe
O4 - HKCU\..\Run: [DCBB3676] C:\WINNT\sys1257.exe
O4 - HKCU\..\Run: [9AA01C86] C:\WINNT\sys148.exe
O4 - HKCU\..\Run: [DC9CF676] C:\WINNT\sys1410.exe
O4 - HKCU\..\Run: [DB3AF676] C:\WINNT\sys1413.exe
O4 - HKCU\..\Run: [811D3476] C:\WINNT\sys1648.exe
O4 - HKCU\..\Run: [9D061A86] C:\WINNT\sys177.exe
O4 - HKCU\..\Run: [DC5CDDF6] C:\WINNT\sys1720.exe
O4 - HKCU\..\Run: [C1DAF676] C:\WINNT\sys1813.exe
O4 - HKCU\..\Run: [9BDAF676] C:\WINNT\sys1819.exe
O4 - HKCU\..\Run: [9B7CDDF6] C:\WINNT\sys1828.exe
O4 - HKCU\..\Run: [C6DADFF6] C:\WINNT\sys1831.exe
O4 - HKCU\..\Run: [9B7CDFF6] C:\WINNT\sys1838.exe
O4 - HKCU\..\Run: [C47D3476] C:\WINNT\sys1844.exe
O4 - HKCU\..\Run: [C6BCDFF6] C:\WINNT\sys1930.exe
O4 - HKCU\..\Run: [C7BCDFF6] C:\WINNT\sys1936.exe
O4 - HKCU\..\Run: [C1BD3476] C:\WINNT\sys1942.exe
O4 - HKCU\..\Run: [C71B3676] C:\WINNT\sys1957.exe
O4 - HKCU\..\Run: [9FC65C86] C:\WINNT\sys203.exe
O4 - HKCU\..\Run: [D6DAF65E] C:\WINNT\sys2011.exe
O4 - HKCU\..\Run: [D7BCDFDE] C:\WINNT\sys2136.exe
O4 - HKCU\..\Run: [D11B345E] C:\WINNT\sys2143.exe
O4 - HKCU\..\Run: [D1BD365E] C:\WINNT\sys2152.exe
O4 - HKCU\..\Run: [80BB365E] C:\WINNT\sys2259.exe
O4 - HKCU\..\Run: [9DC65A86] C:\WINNT\sys237.exe
O4 - HKCU\..\Run: [D49AF65E] C:\WINNT\sys2315.exe
O4 - HKCU\..\Run: [D69ADDDE] C:\WINNT\sys2321.exe
O4 - HKCU\..\Run: [815CF65E] C:\WINNT\sys2718.exe
O4 - HKCU\..\Run: [DD5CDDDE] C:\WINNT\sys2726.exe
O4 - HKCU\..\Run: [DEFADFDE] C:\WINNT\sys2735.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [rkzk] C:\PROGRA~1\COMMON~1\rkzk\rkzkm.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {26153573-C421-4D5C-99ED-B84F75E98914} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26153573-C421-4D5C-99ED-B84F75E98914} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {28253424-2877-4B72-94BE-F86A590359B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {28253424-2877-4B72-94BE-F86A590359B1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {49C978DD-7716-422A-AAF2-756D336D8D37} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {49C978DD-7716-422A-AAF2-756D336D8D37} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {63A74C98-C751-4D54-AB75-FB0B26C6A2AC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {63A74C98-C751-4D54-AB75-FB0B26C6A2AC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {73E4F5F1-ABF7-419D-BDB1-5B5A7C83C9AF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {73E4F5F1-ABF7-419D-BDB1-5B5A7C83C9AF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8AF7698B-04CC-4431-BC1B-209BC7A287FB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AF7698B-04CC-4431-BC1B-209BC7A287FB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D3A8D931-1EA3-4033-9BD9-CEFC15E85D6F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D3A8D931-1EA3-4033-9BD9-CEFC15E85D6F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F41F2BCC-0CF4-478A-A7F3-79D0A46E6138} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F41F2BCC-0CF4-478A-A7F3-79D0A46E6138} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.iframeprofit.com/
O15 - Trusted Zone: http://*.mycounter.biz/
O15 - Trusted Zone: http://*.porno-search.biz/porn/
O15 - Trusted Zone: http://*.porno-search.biz/sex/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 - HKLM\System\CCS\Services\Tcpip\..\{5344CE7B-9552-4BD5-9B08-B9F45D32C7CB}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DBD00E8-8F6A-4A29-A147-95534343C296}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F460F5-5BFE-455F-9A90-9ABAA773EFAB}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{5344CE7B-9552-4BD5-9B08-B9F45D32C7CB}: NameServer = 69.50.176.197,195.225.176.31
O20 - AppInit_DLLs: 7sftpk1i6xunt6dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CXPT_Service - Cyberspace Headquarters, LLC - C:\Program Files\Cosmi\StealthSurf Pro\wc\wcservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 AM

Posted 03 April 2005 - 02:39 AM

Hello,

Download the latest version of Ad-Aware:
http://www.lavasoft.de/support/download/

After installing AAW, and before running the program.
Please be sure to update the reference file following the instructions here:
http://www.lavahelp.net/howto/updref/

* Reboot into Safe Mode`:
To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

Reconfigure Ad-Aware for Full Scan:

Launch the program, and click on the Gear at the top of the start screen.

Click the 'Scanning' button.
Under Drives, Folders and Files, select 'Scan within Archives'.
Click 'Click here to select Drives + folders' and select your installed hard drives.

Under Memory & Registry, select all options.
Click the 'Advanced' button.
Under 'Log-file detail level', select all options.
Click the 'Tweaks' button.

Under 'Scanning Engine', select the following:
'Unload recognized processes during scanning.'
Under 'Cleaning Engine', select the following:
'Let Windows remove files in use after reboot.'
Click on 'Proceed' to save these Preferences.

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT to allow it to finish.

Post a fresh hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 knomad

knomad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 03 April 2005 - 02:34 PM

Ok, 2nd log file... main problem is the 4 items numbered 015. Even after I use Hijackthis to remove them them come back and show up as a "Trusted Site" in IE. Just for info, I have used Adaware, Spybot S&D, MS Antispyware(Beta), Norton SystemWorks & StealthsurferPro. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 3:26:14 PM, on 4/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ioazdqp\Kzdcyt.exe
C:\WINNT\mrjpmsa.exe
C:\WINNT\sys5047.exe
C:\Program Files\StealthSurf Pro\SpyWare Killer\quarantine\{39694709-3A1D-4ECD-95D1-3CE1593A9649}\{EA77BB0B-AE1A-49E5-8FCB-298289FCFC78}\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Qmbja] C:\Program Files\Ioazdqp\Kzdcyt.exe
O4 - HKLM\..\Run: [bwbwTVy4] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [bwbwTVz$v*C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [D7DB3456] C:\WINNT\sys5047.exe
O4 - HKLM\..\Run: [94807206] C:\WINNT\sys510.exe
O4 - HKLM\..\Run: [DB3AF656] C:\WINNT\sys5413.exe
O4 - HKLM\..\Run: [DDDCDFD6] C:\WINNT\sys5536.exe
O4 - HKLM\..\Run: [C11ADDD6] C:\WINNT\sys5923.exe
O4 - HKLM\..\Run: [9BBCDDD6] C:\WINNT\sys5928.exe
O4 - HKLM\..\Run: [94403206] C:\WINNT\sys650.exe
O4 - HKLM\..\Run: [90403206] C:\WINNT\sys658.exe
O4 - HKLM\..\Run: [8FE03206] C:\WINNT\sys852.exe
O4 - HKLM\..\Run: [95665A86] C:\WINNT\sys433.exe
O4 - HKLM\..\Run: [DBDD344E] C:\WINNT\sys4542.exe
O4 - HKLM\..\Run: [97265C86] C:\WINNT\sys507.exe
O4 - HKLM\..\Run: [DC1CDFD6] C:\WINNT\sys5236.exe
O4 - HKLM\..\Run: [80BADFD6] C:\WINNT\sys5239.exe
O4 - HKLM\..\Run: [9D06F206] C:\WINNT\sys197.exe
O4 - HKLM\..\Run: [C4BCF676] C:\WINNT\sys1914.exe
O4 - HKLM\..\Run: [8BBCF65E] C:\WINNT\sys2118.exe
O4 - HKLM\..\Run: [DC1CDDDE] C:\WINNT\sys2620.exe
O4 - HKLM\..\Run: [msnappau] C:\Program Files\StealthSurf Pro\SpyWare Killer\quarantine\{39694709-3A1D-4ECD-95D1-3CE1593A9649}\{EA77BB0B-AE1A-49E5-8FCB-298289FCFC78}\01.02.3000.1001\en-us\msnappau.exe
O4 - HKLM\..\Run: [DFBAF64E] C:\WINNT\sys4215.exe
O4 - HKLM\..\Run: [801CF64E] C:\WINNT\sys4218.exe
O4 - HKLM\..\Run: [DA1CDDCE] C:\WINNT\sys4222.exe
O4 - HKLM\..\Run: [9D865886] C:\WINNT\sys327.exe
O4 - HKLM\..\Run: [9E205A86] C:\WINNT\sys732.exe
O4 - HKLM\..\Run: [81FADFF6] C:\WINNT\sys1739.exe
O4 - HKLM\..\Run: [DEFB3476] C:\WINNT\sys1745.exe
O4 - HKLM\..\Run: [81DCDFDE] C:\WINNT\sys2538.exe
O4 - HKLM\..\Run: [DC7B345E] C:\WINNT\sys2541.exe
O4 - HKLM\..\Run: [DE7B345E] C:\WINNT\sys2545.exe
O4 - HKLM\..\Run: [DFBADFE6] C:\WINNT\sys3235.exe
O4 - HKLM\..\Run: [801CDFE6] C:\WINNT\sys3238.exe
O4 - HKLM\..\Run: [D73D3466] C:\WINNT\sys3346.exe
O4 - HKLM\..\Run: [DC3AF666] C:\WINNT\sys3411.exe
O4 - HKLM\..\Run: [DE9CF666] C:\WINNT\sys3414.exe
O4 - HKLM\..\Run: [DD3AF666] C:\WINNT\sys3417.exe
O4 - HKLM\..\Run: [DE3B3666] C:\WINNT\sys3455.exe
O4 - HKLM\..\Run: [819D3666] C:\WINNT\sys3458.exe
O4 - HKLM\..\Run: [9C203206] C:\WINNT\sys354.exe
O4 - HKLM\..\Run: [DCDCDFE6] C:\WINNT\sys3530.exe
O4 - HKLM\..\Run: [C71ADFCE] C:\WINNT\sys4937.exe
O4 - HKLM\..\Run: [DE3ADDD6] C:\WINNT\sys5425.exe
O4 - HKLM\..\Run: [813ADDD6] C:\WINNT\sys5429.exe
O4 - HKLM\..\Run: [DCDD3456] C:\WINNT\sys5540.exe
O4 - HKLM\..\Run: [DEDD3456] C:\WINNT\sys5544.exe
O4 - HKLM\..\Run: [DE1D3656] C:\WINNT\sys5654.exe
O4 - HKLM\..\Run: [811D3656] C:\WINNT\sys5658.exe
O4 - HKLM\..\Run: [9B7CF656] C:\WINNT\sys5818.exe
O4 - HKLM\..\Run: [C47CDDD6] C:\WINNT\sys5824.exe
O4 - HKLM\..\Run: [C67CDFD6] C:\WINNT\sys5830.exe
O4 - HKLM\..\Run: [C61ADFD6] C:\WINNT\sys5931.exe
O4 - HKLM\..\Run: [C7BD3656] C:\WINNT\sys5956.exe
O4 - HKLM\..\Run: [C7BD3456] C:\WINNT\sys5946.exe
O4 - HKLM\..\Run: [9FE05886] C:\WINNT\sys022.exe
O4 - HKLM\..\Run: [9C461C86] C:\WINNT\sys045.exe
O4 - HKLM\..\Run: [9F463206] C:\WINNT\sys053.exe
O4 - HKLM\..\Run: [E6E8A8C6] C:\WINNT\sys12.exe
O4 - HKLM\..\Run: [9FA07206] C:\WINNT\sys112.exe
O4 - HKLM\..\Run: [9DA05886] C:\WINNT\sys126.exe
O4 - HKLM\..\Run: [9FC67206] C:\WINNT\sys213.exe
O4 - HKLM\..\Run: [9D607206] C:\WINNT\sys216.exe
O4 - HKLM\..\Run: [9DC65886] C:\WINNT\sys227.exe
O4 - HKLM\..\Run: [9D601C86] C:\WINNT\sys246.exe
O4 - HKLM\..\Run: [E7E88146] C:\WINNT\sys34.exe
O4 - HKLM\..\Run: [9F205A86] C:\WINNT\sys332.exe
O4 - HKLM\..\Run: [9C865A86] C:\WINNT\sys335.exe
O4 - HKLM\..\Run: [96665A86] C:\WINNT\sys435.exe
O4 - HKLM\..\Run: [97661C86] C:\WINNT\sys447.exe
O4 - HKLM\..\Run: [90265A86] C:\WINNT\sys539.exe
O4 - HKLM\..\Run: [95801C86] C:\WINNT\sys542.exe
O4 - HKLM\..\Run: [96261C86] C:\WINNT\sys545.exe
O4 - HKLM\..\Run: [E6F8C346] C:\WINNT\sys63.exe
O4 - HKLM\..\Run: [E4E8C346] C:\WINNT\sys66.exe
O4 - HKLM\..\Run: [9E867206] C:\WINNT\sys713.exe
O4 - HKLM\..\Run: [9C207206] C:\WINNT\sys716.exe
O4 - HKLM\..\Run: [8EE05A86] C:\WINNT\sys830.exe
O4 - HKLM\..\Run: [8DE05A86] C:\WINNT\sys836.exe
O4 - HKLM\..\Run: [8DE01C86] C:\WINNT\sys846.exe
O4 - HKLM\..\Run: [8F067206] C:\WINNT\sys913.exe
O4 - HKLM\..\Run: [8FA01C86] C:\WINNT\sys942.exe
O4 - HKLM\..\Run: [8C061C86] C:\WINNT\sys945.exe
O4 - HKLM\..\Run: [8A061C86] C:\WINNT\sys949.exe
O4 - HKLM\..\Run: [9E067206] C:\WINNT\sys111.exe
O4 - HKLM\..\Run: [D1BCF676] C:\WINNT\sys1112.exe
O4 - HKLM\..\Run: [8B1ADFF6] C:\WINNT\sys1139.exe
O4 - HKLM\..\Run: [D61B3676] C:\WINNT\sys1151.exe
O4 - HKLM\..\Run: [9A065886] C:\WINNT\sys129.exe
O4 - HKLM\..\Run: [DABAF676] C:\WINNT\sys1213.exe
O4 - HKLM\..\Run: [DD1CDFF6] C:\WINNT\sys1230.exe
O4 - HKLM\..\Run: [DC1CDFF6] C:\WINNT\sys1236.exe
O4 - HKLM\..\Run: [DD1D3676] C:\WINNT\sys1250.exe
O4 - HKLM\..\Run: [9EA05A86] C:\WINNT\sys130.exe
O4 - HKLM\..\Run: [9AA05A86] C:\WINNT\sys138.exe
O4 - HKLM\..\Run: [9A065A86] C:\WINNT\sys139.exe
O4 - HKLM\..\Run: [D49AF676] C:\WINNT\sys1315.exe
O4 - HKLM\..\Run: [D69B3476] C:\WINNT\sys1341.exe
O4 - HKLM\..\Run: [8B3D3476] C:\WINNT\sys1348.exe
O4 - HKLM\..\Run: [8B9B3676] C:\WINNT\sys1359.exe
O4 - HKLM\..\Run: [DE3ADDF6] C:\WINNT\sys1425.exe
O4 - HKLM\..\Run: [9D063206] C:\WINNT\sys157.exe
O4 - HKLM\..\Run: [DBDCF676] C:\WINNT\sys1512.exe
O4 - HKLM\..\Run: [D19B365E] C:\WINNT\sys2353.exe
O4 - HKLM\..\Run: [8B3D365E] C:\WINNT\sys2358.exe
O4 - HKLM\..\Run: [9F601C86] C:\WINNT\sys242.exe
O4 - HKLM\..\Run: [DD3AF65E] C:\WINNT\sys2417.exe
O4 - HKLM\..\Run: [DC9CDDDE] C:\WINNT\sys2420.exe
O4 - HKLM\..\Run: [DB3ADDDE] C:\WINNT\sys2423.exe
O4 - HKLM\..\Run: [9D603206] C:\WINNT\sys256.exe
O4 - HKLM\..\Run: [9AC63206] C:\WINNT\sys259.exe
O4 - HKLM\..\Run: [DC7ADFDE] C:\WINNT\sys2531.exe
O4 - HKLM\..\Run: [DBDCDFDE] C:\WINNT\sys2532.exe
O4 - HKLM\..\Run: [DE1CDDDE] C:\WINNT\sys2624.exe
O4 - HKLM\..\Run: [DDBADDDE] C:\WINNT\sys2627.exe
O4 - HKLM\..\Run: [81BADDDE] C:\WINNT\sys2629.exe
O4 - HKLM\..\Run: [DB1CDFDE] C:\WINNT\sys2632.exe
O4 - HKLM\..\Run: [811D365E] C:\WINNT\sys2658.exe
O4 - HKLM\..\Run: [DB1CDDCE] C:\WINNT\sys4622.exe
O4 - HKLM\..\Run: [DDBADDCE] C:\WINNT\sys4627.exe
O4 - HKLM\..\Run: [81BADDCE] C:\WINNT\sys4629.exe
O4 - HKLM\..\Run: [DDFB344E] C:\WINNT\sys4747.exe
O4 - HKLM\..\Run: [DC5D364E] C:\WINNT\sys4750.exe
O4 - HKLM\..\Run: [DBFB364E] C:\WINNT\sys4753.exe
O4 - HKLM\..\Run: [9066F206] C:\WINNT\sys499.exe
O4 - HKLM\..\Run: [C1BCF64E] C:\WINNT\sys4912.exe
O4 - HKLM\..\Run: [8B7CDDD6] C:\WINNT\sys5028.exe
O4 - HKLM\..\Run: [D77CDFD6] C:\WINNT\sys5036.exe
O4 - HKLM\..\Run: [DE1CDFDE] C:\WINNT\sys2634.exe
O4 - HKLM\..\Run: [9A601A86] C:\WINNT\sys278.exe
O4 - HKLM\..\Run: [DCFAF65E] C:\WINNT\sys2711.exe
O4 - HKLM\..\Run: [81FADFDE] C:\WINNT\sys2739.exe
O4 - HKLM\..\Run: [DE5D345E] C:\WINNT\sys2744.exe
O4 - HKLM\..\Run: [9DC6DC86] C:\WINNT\sys287.exe
O4 - HKLM\..\Run: [C17CF65E] C:\WINNT\sys2812.exe
O4 - HKLM\..\Run: [9BDAF65E] C:\WINNT\sys2819.exe
O4 - HKLM\..\Run: [C7DADFDE] C:\WINNT\sys2837.exe
O4 - HKLM\..\Run: [9C60F206] C:\WINNT\sys294.exe
O4 - HKLM\..\Run: [9B1AF65E] C:\WINNT\sys2919.exe
O4 - HKLM\..\Run: [9B1ADDDE] C:\WINNT\sys2929.exe
O4 - HKLM\..\Run: [C4BCDFDE] C:\WINNT\sys2934.exe
O4 - HKLM\..\Run: [C41B345E] C:\WINNT\sys2945.exe
O4 - HKLM\..\Run: [C6BD365E] C:\WINNT\sys2950.exe
O4 - HKLM\..\Run: [C41B365E] C:\WINNT\sys2955.exe
O4 - HKLM\..\Run: [8B7D3666] C:\WINNT\sys3058.exe
O4 - HKLM\..\Run: [9C865886] C:\WINNT\sys325.exe
O4 - HKLM\..\Run: [DDBAF666] C:\WINNT\sys3211.exe
O4 - HKLM\..\Run: [D49AF666] C:\WINNT\sys3315.exe
O4 - HKLM\..\Run: [8B3CF666] C:\WINNT\sys3318.exe
O4 - HKLM\..\Run: [8B9ADDE6] C:\WINNT\sys3329.exe
O4 - HKLM\..\Run: [D19ADFE6] C:\WINNT\sys3333.exe
O4 - HKLM\..\Run: [DC9CDFE6] C:\WINNT\sys3430.exe
O4 - HKLM\..\Run: [DC9D3466] C:\WINNT\sys3440.exe
O4 - HKLM\..\Run: [DE9D3466] C:\WINNT\sys3444.exe
O4 - HKLM\..\Run: [DD3B3466] C:\WINNT\sys3447.exe
O4 - HKLM\..\Run: [DC9D3666] C:\WINNT\sys3450.exe
O4 - HKLM\..\Run: [DB7B3466] C:\WINNT\sys3543.exe
O4 - HKLM\..\Run: [81DD3466] C:\WINNT\sys3548.exe
O4 - HKLM\..\Run: [DCDD3666] C:\WINNT\sys3550.exe
O4 - HKLM\..\Run: [DE7B3666] C:\WINNT\sys3555.exe
O4 - HKLM\..\Run: [96261886] C:\WINNT\sys565.exe
O4 - HKLM\..\Run: [DBBAF656] C:\WINNT\sys5613.exe
O4 - HKLM\..\Run: [DC1D3456] C:\WINNT\sys5640.exe
O4 - HKLM\..\Run: [811D3456] C:\WINNT\sys5648.exe
O4 - HKLM\..\Run: [DB5CDDD6] C:\WINNT\sys5722.exe
O4 - HKLM\..\Run: [DE5CDDD6] C:\WINNT\sys5724.exe
O4 - HKLM\..\Run: [C41AF656] C:\WINNT\sys5915.exe
O4 - HKLM\..\Run: [C1BCDDD6] C:\WINNT\sys5922.exe
O4 - HKLM\..\Run: [9E203206] C:\WINNT\sys752.exe
O4 - HKLM\..\Run: [9F863206] C:\WINNT\sys353.exe
O4 - HKLM\..\Run: [94401C86] C:\WINNT\sys640.exe
O4 - HKLM\..\Run: [95401C86] C:\WINNT\sys642.exe
O4 - HKLM\..\Run: [96401C86] C:\WINNT\sys644.exe
O4 - HKLM\..\Run: [9F203206] C:\WINNT\sys750.exe
O4 - HKLM\..\Run: [9D203206] C:\WINNT\sys754.exe
O4 - HKLM\..\Run: [BAE828C6] C:\WINNT\sys98.exe
O4 - HKLM\..\Run: [8E067206] C:\WINNT\sys911.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [D6DADDF6] C:\WINNT\sys1021.exe
O4 - HKLM\..\Run: [D47CDDF6] C:\WINNT\sys1024.exe
O4 - HKLM\..\Run: [D1BCDFF6] C:\WINNT\sys1132.exe
O4 - HKLM\..\Run: [D7BCDFF6] C:\WINNT\sys1136.exe
O4 - HKLM\..\Run: [DF1D3676] C:\WINNT\sys1254.exe
O4 - HKLM\..\Run: [DCBB3676] C:\WINNT\sys1257.exe
O4 - HKLM\..\Run: [DB3AF676] C:\WINNT\sys1413.exe
O4 - HKLM\..\Run: [811D3476] C:\WINNT\sys1648.exe
O4 - HKLM\..\Run: [DC5CDDF6] C:\WINNT\sys1720.exe
O4 - HKLM\..\Run: [9B7CDDF6] C:\WINNT\sys1828.exe
O4 - HKLM\..\Run: [9B7CDFF6] C:\WINNT\sys1838.exe
O4 - HKLM\..\Run: [C47D3476] C:\WINNT\sys1844.exe
O4 - HKLM\..\Run: [C1BD3476] C:\WINNT\sys1942.exe
O4 - HKLM\..\Run: [C71B3676] C:\WINNT\sys1957.exe
O4 - HKLM\..\Run: [9FC65C86] C:\WINNT\sys203.exe
O4 - HKLM\..\Run: [D6DAF65E] C:\WINNT\sys2011.exe
O4 - HKLM\..\Run: [D7BCDFDE] C:\WINNT\sys2136.exe
O4 - HKLM\..\Run: [D11B345E] C:\WINNT\sys2143.exe
O4 - HKLM\..\Run: [D1BD365E] C:\WINNT\sys2152.exe
O4 - HKLM\..\Run: [D49AF65E] C:\WINNT\sys2315.exe
O4 - HKLM\..\Run: [D69ADDDE] C:\WINNT\sys2321.exe
O4 - HKLM\..\Run: [815CF65E] C:\WINNT\sys2718.exe
O4 - HKLM\..\Run: [DD5CDDDE] C:\WINNT\sys2726.exe
O4 - HKLM\..\Run: [DEFADFDE] C:\WINNT\sys2735.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [bwbwTVz$vfC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [bwbwTVh$/G%)C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [bwbwTVh$v/C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [HotqRONtP] a3dntlog.exe
O4 - HKCU\..\Run: [80BADDCE] C:\WINNT\sys4229.exe
O4 - HKCU\..\Run: [DDBADFCE] C:\WINNT\sys4231.exe
O4 - HKCU\..\Run: [D73CF64E] C:\WINNT\sys4316.exe
O4 - HKCU\..\Run: [8B9AF64E] C:\WINNT\sys4319.exe
O4 - HKCU\..\Run: [D69ADDCE] C:\WINNT\sys4321.exe
O4 - HKCU\..\Run: [D19B344E] C:\WINNT\sys4343.exe
O4 - HKCU\..\Run: [D73D344E] C:\WINNT\sys4346.exe
O4 - HKCU\..\Run: [8B3D344E] C:\WINNT\sys4348.exe
O4 - HKCU\..\Run: [D7DB3456] C:\WINNT\sys5047.exe
O4 - HKCU\..\Run: [8B7D3656] C:\WINNT\sys5058.exe
O4 - HKCU\..\Run: [94807206] C:\WINNT\sys510.exe
O4 - HKCU\..\Run: [DABAF656] C:\WINNT\sys5213.exe
O4 - HKCU\..\Run: [DFBAF656] C:\WINNT\sys5215.exe
O4 - HKCU\..\Run: [DCBAF656] C:\WINNT\sys5217.exe
O4 - HKCU\..\Run: [DB3AF656] C:\WINNT\sys5413.exe
O4 - HKCU\..\Run: [DD9CF656] C:\WINNT\sys5416.exe
O4 - HKCU\..\Run: [DC3ADDD6] C:\WINNT\sys5421.exe
O4 - HKCU\..\Run: [DDDCDFD6] C:\WINNT\sys5536.exe
O4 - HKCU\..\Run: [DC7B3456] C:\WINNT\sys5541.exe
O4 - HKCU\..\Run: [C11ADDD6] C:\WINNT\sys5923.exe
O4 - HKCU\..\Run: [C7BCDDD6] C:\WINNT\sys5926.exe
O4 - HKCU\..\Run: [9BBCDDD6] C:\WINNT\sys5928.exe
O4 - HKCU\..\Run: [94403206] C:\WINNT\sys650.exe
O4 - HKCU\..\Run: [90403206] C:\WINNT\sys658.exe
O4 - HKCU\..\Run: [8FE03206] C:\WINNT\sys852.exe
O4 - HKCU\..\Run: [DA1D364E] C:\WINNT\sys4252.exe
O4 - HKCU\..\Run: [94C05A86] C:\WINNT\sys430.exe
O4 - HKCU\..\Run: [95665A86] C:\WINNT\sys433.exe
O4 - HKCU\..\Run: [DBDD344E] C:\WINNT\sys4542.exe
O4 - HKCU\..\Run: [DDDD364E] C:\WINNT\sys4556.exe
O4 - HKCU\..\Run: [81DD364E] C:\WINNT\sys4558.exe
O4 - HKCU\..\Run: [9B1B364E] C:\WINNT\sys4959.exe
O4 - HKCU\..\Run: [95805C86] C:\WINNT\sys502.exe
O4 - HKCU\..\Run: [97265C86] C:\WINNT\sys507.exe
O4 - HKCU\..\Run: [DDBADFD6] C:\WINNT\sys5231.exe
O4 - HKCU\..\Run: [DC1CDFD6] C:\WINNT\sys5236.exe
O4 - HKCU\..\Run: [80BADFD6] C:\WINNT\sys5239.exe
O4 - HKCU\..\Run: [9D06F206] C:\WINNT\sys197.exe
O4 - HKCU\..\Run: [C61AF676] C:\WINNT\sys1911.exe
O4 - HKCU\..\Run: [C4BCF676] C:\WINNT\sys1914.exe
O4 - HKCU\..\Run: [8BBCF65E] C:\WINNT\sys2118.exe
O4 - HKCU\..\Run: [D1BCDDDE] C:\WINNT\sys2122.exe
O4 - HKCU\..\Run: [D41ADDDE] C:\WINNT\sys2125.exe
O4 - HKCU\..\Run: [DC1CDDDE] C:\WINNT\sys2620.exe
O4 - HKCU\..\Run: [DA1CDFDE] C:\WINNT\sys2232.exe
O4 - HKCU\..\Run: [DFBADFDE] C:\WINNT\sys2235.exe
O4 - HKCU\..\Run: [DFBAF64E] C:\WINNT\sys4215.exe
O4 - HKCU\..\Run: [801CF64E] C:\WINNT\sys4218.exe
O4 - HKCU\..\Run: [DA1CDDCE] C:\WINNT\sys4222.exe
O4 - HKCU\..\Run: [9D865886] C:\WINNT\sys327.exe
O4 - HKCU\..\Run: [9E205A86] C:\WINNT\sys732.exe
O4 - HKCU\..\Run: [9F865A86] C:\WINNT\sys333.exe
O4 - HKCU\..\Run: [81FADFF6] C:\WINNT\sys1739.exe
O4 - HKCU\..\Run: [DB5D3476] C:\WINNT\sys1742.exe
O4 - HKCU\..\Run: [DEFB3476] C:\WINNT\sys1745.exe
O4 - HKCU\..\Run: [81DCDFDE] C:\WINNT\sys2538.exe
O4 - HKCU\..\Run: [DC7B345E] C:\WINNT\sys2541.exe
O4 - HKCU\..\Run: [DE7B345E] C:\WINNT\sys2545.exe
O4 - HKCU\..\Run: [DD1CDFE6] C:\WINNT\sys3230.exe
O4 - HKCU\..\Run: [DFBADFE6] C:\WINNT\sys3235.exe
O4 - HKCU\..\Run: [801CDFE6] C:\WINNT\sys3238.exe
O4 - HKCU\..\Run: [D13D3466] C:\WINNT\sys3342.exe
O4 - HKCU\..\Run: [D43D3466] C:\WINNT\sys3344.exe
O4 - HKCU\..\Run: [D73D3466] C:\WINNT\sys3346.exe
O4 - HKCU\..\Run: [DC3AF666] C:\WINNT\sys3411.exe
O4 - HKCU\..\Run: [DE9CF666] C:\WINNT\sys3414.exe
O4 - HKCU\..\Run: [DD3AF666] C:\WINNT\sys3417.exe
O4 - HKCU\..\Run: [DE3B3666] C:\WINNT\sys3455.exe
O4 - HKCU\..\Run: [819D3666] C:\WINNT\sys3458.exe
O4 - HKCU\..\Run: [9C203206] C:\WINNT\sys354.exe
O4 - HKCU\..\Run: [DBDCDDE6] C:\WINNT\sys3522.exe
O4 - HKCU\..\Run: [DEDCDDE6] C:\WINNT\sys3524.exe
O4 - HKCU\..\Run: [81DCDDE6] C:\WINNT\sys3528.exe
O4 - HKCU\..\Run: [DCDCDFE6] C:\WINNT\sys3530.exe
O4 - HKCU\..\Run: [DB7ADFE6] C:\WINNT\sys3533.exe
O4 - HKCU\..\Run: [C6BCDFCE] C:\WINNT\sys4930.exe
O4 - HKCU\..\Run: [C41ADFCE] C:\WINNT\sys4935.exe
O4 - HKCU\..\Run: [C71ADFCE] C:\WINNT\sys4937.exe
O4 - HKCU\..\Run: [DB3ADDD6] C:\WINNT\sys5423.exe
O4 - HKCU\..\Run: [DE3ADDD6] C:\WINNT\sys5425.exe
O4 - HKCU\..\Run: [813ADDD6] C:\WINNT\sys5429.exe
O4 - HKCU\..\Run: [DCDD3456] C:\WINNT\sys5540.exe
O4 - HKCU\..\Run: [DB7B3456] C:\WINNT\sys5543.exe
O4 - HKCU\..\Run: [DEDD3456] C:\WINNT\sys5544.exe
O4 - HKCU\..\Run: [DB1D3656] C:\WINNT\sys5652.exe
O4 - HKCU\..\Run: [DE1D3656] C:\WINNT\sys5654.exe
O4 - HKCU\..\Run: [811D3656] C:\WINNT\sys5658.exe
O4 - HKCU\..\Run: [9B7CF656] C:\WINNT\sys5818.exe
O4 - HKCU\..\Run: [C47CDDD6] C:\WINNT\sys5824.exe
O4 - HKCU\..\Run: [C67CDFD6] C:\WINNT\sys5830.exe
O4 - HKCU\..\Run: [C61ADFD6] C:\WINNT\sys5931.exe
O4 - HKCU\..\Run: [C71ADFD6] C:\WINNT\sys5937.exe
O4 - HKCU\..\Run: [C61B3456] C:\WINNT\sys5941.exe
O4 - HKCU\..\Run: [C61B3656] C:\WINNT\sys5951.exe
O4 - HKCU\..\Run: [C7BD3656] C:\WINNT\sys5956.exe
O4 - HKCU\..\Run: [C7BD3456] C:\WINNT\sys5946.exe
O4 - HKCU\..\Run: [9FE05886] C:\WINNT\sys022.exe
O4 - HKCU\..\Run: [9C461C86] C:\WINNT\sys045.exe
O4 - HKCU\..\Run: [9AE01C86] C:\WINNT\sys048.exe
O4 - HKCU\..\Run: [9F463206] C:\WINNT\sys053.exe
O4 - HKCU\..\Run: [E6E8A8C6] C:\WINNT\sys12.exe
O4 - HKCU\..\Run: [9FA07206] C:\WINNT\sys112.exe
O4 - HKCU\..\Run: [9DA05886] C:\WINNT\sys126.exe
O4 - HKCU\..\Run: [9FC67206] C:\WINNT\sys213.exe
O4 - HKCU\..\Run: [9D607206] C:\WINNT\sys216.exe
O4 - HKCU\..\Run: [9AC67206] C:\WINNT\sys219.exe
O4 - HKCU\..\Run: [9EC65886] C:\WINNT\sys221.exe
O4 - HKCU\..\Run: [9DC65886] C:\WINNT\sys227.exe
O4 - HKCU\..\Run: [9D601C86] C:\WINNT\sys246.exe
O4 - HKCU\..\Run: [E7E88146] C:\WINNT\sys34.exe
O4 - HKCU\..\Run: [9A207206] C:\WINNT\sys318.exe
O4 - HKCU\..\Run: [9F865886] C:\WINNT\sys323.exe
O4 - HKCU\..\Run: [9F205A86] C:\WINNT\sys332.exe
O4 - HKCU\..\Run: [9C865A86] C:\WINNT\sys335.exe
O4 - HKCU\..\Run: [90C05886] C:\WINNT\sys428.exe
O4 - HKCU\..\Run: [96665A86] C:\WINNT\sys435.exe
O4 - HKCU\..\Run: [90665A86] C:\WINNT\sys439.exe
O4 - HKCU\..\Run: [95C01C86] C:\WINNT\sys442.exe
O4 - HKCU\..\Run: [97661C86] C:\WINNT\sys447.exe
O4 - HKCU\..\Run: [90265A86] C:\WINNT\sys539.exe
O4 - HKCU\..\Run: [95801C86] C:\WINNT\sys542.exe
O4 - HKCU\..\Run: [96261C86] C:\WINNT\sys545.exe
O4 - HKCU\..\Run: [E1F8C346] C:\WINNT\sys61.exe
O4 - HKCU\..\Run: [E6F8C346] C:\WINNT\sys63.exe
O4 - HKCU\..\Run: [E4E8C346] C:\WINNT\sys66.exe
O4 - HKCU\..\Run: [9E867206] C:\WINNT\sys713.exe
O4 - HKCU\..\Run: [9C207206] C:\WINNT\sys716.exe
O4 - HKCU\..\Run: [8EE05A86] C:\WINNT\sys830.exe
O4 - HKCU\..\Run: [8DE05A86] C:\WINNT\sys836.exe
O4 - HKCU\..\Run: [8EE01C86] C:\WINNT\sys840.exe
O4 - HKCU\..\Run: [8DE01C86] C:\WINNT\sys846.exe
O4 - HKCU\..\Run: [8A461C86] C:\WINNT\sys849.exe
O4 - HKCU\..\Run: [8F067206] C:\WINNT\sys913.exe
O4 - HKCU\..\Run: [8FA01C86] C:\WINNT\sys942.exe
O4 - HKCU\..\Run: [8C061C86] C:\WINNT\sys945.exe
O4 - HKCU\..\Run: [8A061C86] C:\WINNT\sys949.exe
O4 - HKCU\..\Run: [8BDB3476] C:\WINNT\sys1049.exe
O4 - HKCU\..\Run: [9E067206] C:\WINNT\sys111.exe
O4 - HKCU\..\Run: [D1BCF676] C:\WINNT\sys1112.exe
O4 - HKCU\..\Run: [8B1ADFF6] C:\WINNT\sys1139.exe
O4 - HKCU\..\Run: [8BBD3476] C:\WINNT\sys1148.exe
O4 - HKCU\..\Run: [D61B3676] C:\WINNT\sys1151.exe
O4 - HKCU\..\Run: [9A065886] C:\WINNT\sys129.exe
O4 - HKCU\..\Run: [DABAF676] C:\WINNT\sys1213.exe
O4 - HKCU\..\Run: [DC1CDDF6] C:\WINNT\sys1226.exe
O4 - HKCU\..\Run: [DD1CDFF6] C:\WINNT\sys1230.exe
O4 - HKCU\..\Run: [DC1CDFF6] C:\WINNT\sys1236.exe
O4 - HKCU\..\Run: [DD1D3676] C:\WINNT\sys1250.exe
O4 - HKCU\..\Run: [9EA05A86] C:\WINNT\sys130.exe
O4 - HKCU\..\Run: [9AA05A86] C:\WINNT\sys138.exe
O4 - HKCU\..\Run: [9A065A86] C:\WINNT\sys139.exe
O4 - HKCU\..\Run: [D49AF676] C:\WINNT\sys1315.exe
O4 - HKCU\..\Run: [8B3CF676] C:\WINNT\sys1318.exe
O4 - HKCU\..\Run: [D13CDFF6] C:\WINNT\sys1332.exe
O4 - HKCU\..\Run: [D69B3476] C:\WINNT\sys1341.exe
O4 - HKCU\..\Run: [8B3D3476] C:\WINNT\sys1348.exe
O4 - HKCU\..\Run: [8B9B3676] C:\WINNT\sys1359.exe
O4 - HKCU\..\Run: [DD3AF676] C:\WINNT\sys1417.exe
O4 - HKCU\..\Run: [DC9CDDF6] C:\WINNT\sys1420.exe
O4 - HKCU\..\Run: [DE3ADDF6] C:\WINNT\sys1425.exe
O4 - HKCU\..\Run: [9D063206] C:\WINNT\sys157.exe
O4 - HKCU\..\Run: [DCDCF676] C:\WINNT\sys1510.exe
O4 - HKCU\..\Run: [DBDCF676] C:\WINNT\sys1512.exe
O4 - HKCU\..\Run: [D19B365E] C:\WINNT\sys2353.exe
O4 - HKCU\..\Run: [8B3D365E] C:\WINNT\sys2358.exe
O4 - HKCU\..\Run: [9F601C86] C:\WINNT\sys242.exe
O4 - HKCU\..\Run: [DD3AF65E] C:\WINNT\sys2417.exe
O4 - HKCU\..\Run: [DC9CDDDE] C:\WINNT\sys2420.exe
O4 - HKCU\..\Run: [DB3ADDDE] C:\WINNT\sys2423.exe
O4 - HKCU\..\Run: [9C603206] C:\WINNT\sys254.exe
O4 - HKCU\..\Run: [9D603206] C:\WINNT\sys256.exe
O4 - HKCU\..\Run: [9AC63206] C:\WINNT\sys259.exe
O4 - HKCU\..\Run: [DB7AF65E] C:\WINNT\sys2513.exe
O4 - HKCU\..\Run: [817AF65E] C:\WINNT\sys2519.exe
O4 - HKCU\..\Run: [DC7ADFDE] C:\WINNT\sys2531.exe
O4 - HKCU\..\Run: [DBDCDFDE] C:\WINNT\sys2532.exe
O4 - HKCU\..\Run: [DDDCDFDE] C:\WINNT\sys2536.exe
O4 - HKCU\..\Run: [DE1CDDDE] C:\WINNT\sys2624.exe
O4 - HKCU\..\Run: [DDBADDDE] C:\WINNT\sys2627.exe
O4 - HKCU\..\Run: [81BADDDE] C:\WINNT\sys2629.exe
O4 - HKCU\..\Run: [DB1CDFDE] C:\WINNT\sys2632.exe
O4 - HKCU\..\Run: [DEBB365E] C:\WINNT\sys2655.exe
O4 - HKCU\..\Run: [811D365E] C:\WINNT\sys2658.exe
O4 - HKCU\..\Run: [9C601A86] C:\WINNT\sys274.exe
O4 - HKCU\..\Run: [C41ADDDE] C:\WINNT\sys2925.exe
O4 - HKCU\..\Run: [C71ADDDE] C:\WINNT\sys2927.exe
O4 - HKCU\..\Run: [C6BCDFDE] C:\WINNT\sys2930.exe
O4 - HKCU\..\Run: [DB1CDDCE] C:\WINNT\sys4622.exe
O4 - HKCU\..\Run: [DDBADDCE] C:\WINNT\sys4627.exe
O4 - HKCU\..\Run: [81BADDCE] C:\WINNT\sys4629.exe
O4 - HKCU\..\Run: [DDFB344E] C:\WINNT\sys4747.exe
O4 - HKCU\..\Run: [DC5D364E] C:\WINNT\sys4750.exe
O4 - HKCU\..\Run: [DBFB364E] C:\WINNT\sys4753.exe
O4 - HKCU\..\Run: [9766F206] C:\WINNT\sys497.exe
O4 - HKCU\..\Run: [9066F206] C:\WINNT\sys499.exe
O4 - HKCU\..\Run: [C1BCF64E] C:\WINNT\sys4912.exe
O4 - HKCU\..\Run: [8B7CDDD6] C:\WINNT\sys5028.exe
O4 - HKCU\..\Run: [D47CDFD6] C:\WINNT\sys5034.exe
O4 - HKCU\..\Run: [D77CDFD6] C:\WINNT\sys5036.exe
O4 - HKCU\..\Run: [DE1CDFDE] C:\WINNT\sys2634.exe
O4 - HKCU\..\Run: [9E601A86] C:\WINNT\sys270.exe
O4 - HKCU\..\Run: [9A601A86] C:\WINNT\sys278.exe
O4 - HKCU\..\Run: [DCFAF65E] C:\WINNT\sys2711.exe
O4 - HKCU\..\Run: [81FADFDE] C:\WINNT\sys2739.exe
O4 - HKCU\..\Run: [DB5D345E] C:\WINNT\sys2742.exe
O4 - HKCU\..\Run: [DE5D345E] C:\WINNT\sys2744.exe
O4 - HKCU\..\Run: [9DC6DC86] C:\WINNT\sys287.exe
O4 - HKCU\..\Run: [C67CF65E] C:\WINNT\sys2810.exe
O4 - HKCU\..\Run: [C17CF65E] C:\WINNT\sys2812.exe
O4 - HKCU\..\Run: [9BDAF65E] C:\WINNT\sys2819.exe
O4 - HKCU\..\Run: [C6DADFDE] C:\WINNT\sys2831.exe
O4 - HKCU\..\Run: [C7DADFDE] C:\WINNT\sys2837.exe
O4 - HKCU\..\Run: [9E60F206] C:\WINNT\sys290.exe
O4 - HKCU\..\Run: [9F60F206] C:\WINNT\sys292.exe
O4 - HKCU\..\Run: [9C60F206] C:\WINNT\sys294.exe
O4 - HKCU\..\Run: [C71AF65E] C:\WINNT\sys2917.exe
O4 - HKCU\..\Run: [9B1AF65E] C:\WINNT\sys2919.exe
O4 - HKCU\..\Run: [9B1ADDDE] C:\WINNT\sys2929.exe
O4 - HKCU\..\Run: [C1BCDFDE] C:\WINNT\sys2932.exe
O4 - HKCU\..\Run: [C4BCDFDE] C:\WINNT\sys2934.exe
O4 - HKCU\..\Run: [C61B345E] C:\WINNT\sys2941.exe
O4 - HKCU\..\Run: [C11B345E] C:\WINNT\sys2943.exe
O4 - HKCU\..\Run: [C41B345E] C:\WINNT\sys2945.exe
O4 - HKCU\..\Run: [C6BD365E] C:\WINNT\sys2950.exe
O4 - HKCU\..\Run: [C11B365E] C:\WINNT\sys2953.exe
O4 - HKCU\..\Run: [C41B365E] C:\WINNT\sys2955.exe
O4 - HKCU\..\Run: [D1DB3666] C:\WINNT\sys3053.exe
O4 - HKCU\..\Run: [8B7D3666] C:\WINNT\sys3058.exe
O4 - HKCU\..\Run: [9C865886] C:\WINNT\sys325.exe
O4 - HKCU\..\Run: [DDBAF666] C:\WINNT\sys3211.exe
O4 - HKCU\..\Run: [D19AF666] C:\WINNT\sys3313.exe
O4 - HKCU\..\Run: [D49AF666] C:\WINNT\sys3315.exe
O4 - HKCU\..\Run: [8B3CF666] C:\WINNT\sys3318.exe
O4 - HKCU\..\Run: [D73CDDE6] C:\WINNT\sys3326.exe
O4 - HKCU\..\Run: [8B9ADDE6] C:\WINNT\sys3329.exe
O4 - HKCU\..\Run: [D19ADFE6] C:\WINNT\sys3333.exe
O4 - HKCU\..\Run: [DE3ADDE6] C:\WINNT\sys3425.exe
O4 - HKCU\..\Run: [DC9CDFE6] C:\WINNT\sys3430.exe
O4 - HKCU\..\Run: [DD3ADFE6] C:\WINNT\sys3437.exe
O4 - HKCU\..\Run: [DC9D3466] C:\WINNT\sys3440.exe
O4 - HKCU\..\Run: [DE9D3466] C:\WINNT\sys3444.exe
O4 - HKCU\..\Run: [DD3B3466] C:\WINNT\sys3447.exe
O4 - HKCU\..\Run: [DC9D3666] C:\WINNT\sys3450.exe
O4 - HKCU\..\Run: [817ADFE6] C:\WINNT\sys3539.exe
O4 - HKCU\..\Run: [DC7B3466] C:\WINNT\sys3541.exe
O4 - HKCU\..\Run: [DB7B3466] C:\WINNT\sys3543.exe
O4 - HKCU\..\Run: [81DD3466] C:\WINNT\sys3548.exe
O4 - HKCU\..\Run: [DCDD3666] C:\WINNT\sys3550.exe
O4 - HKCU\..\Run: [DE7B3666] C:\WINNT\sys3555.exe
O4 - HKCU\..\Run: [96261886] C:\WINNT\sys565.exe
O4 - HKCU\..\Run: [DC1CF656] C:\WINNT\sys5610.exe
O4 - HKCU\..\Run: [DBBAF656] C:\WINNT\sys5613.exe
O4 - HKCU\..\Run: [DC1D3456] C:\WINNT\sys5640.exe
O4 - HKCU\..\Run: [DBBB3456] C:\WINNT\sys5643.exe
O4 - HKCU\..\Run: [811D3456] C:\WINNT\sys5648.exe
O4 - HKCU\..\Run: [DC5CDDD6] C:\WINNT\sys5720.exe
O4 - HKCU\..\Run: [DB5CDDD6] C:\WINNT\sys5722.exe
O4 - HKCU\..\Run: [DE5CDDD6] C:\WINNT\sys5724.exe
O4 - HKCU\..\Run: [C41AF656] C:\WINNT\sys5915.exe
O4 - HKCU\..\Run: [C6BCDDD6] C:\WINNT\sys5920.exe
O4 - HKCU\..\Run: [C1BCDDD6] C:\WINNT\sys5922.exe
O4 - HKCU\..\Run: [9A201C86] C:\WINNT\sys348.exe
O4 - HKCU\..\Run: [9E203206] C:\WINNT\sys752.exe
O4 - HKCU\..\Run: [9F863206] C:\WINNT\sys353.exe
O4 - HKCU\..\Run: [94401C86] C:\WINNT\sys640.exe
O4 - HKCU\..\Run: [95401C86] C:\WINNT\sys642.exe
O4 - HKCU\..\Run: [96401C86] C:\WINNT\sys644.exe
O4 - HKCU\..\Run: [9F203206] C:\WINNT\sys750.exe
O4 - HKCU\..\Run: [9D203206] C:\WINNT\sys754.exe
O4 - HKCU\..\Run: [E4E828C6] C:\WINNT\sys96.exe
O4 - HKCU\..\Run: [BAE828C6] C:\WINNT\sys98.exe
O4 - HKCU\..\Run: [8E067206] C:\WINNT\sys911.exe
O4 - HKCU\..\Run: [8BDAF676] C:\WINNT\sys1019.exe
O4 - HKCU\..\Run: [D6DADDF6] C:\WINNT\sys1021.exe
O4 - HKCU\..\Run: [D47CDDF6] C:\WINNT\sys1024.exe
O4 - HKCU\..\Run: [D1BCDFF6] C:\WINNT\sys1132.exe
O4 - HKCU\..\Run: [D7BCDFF6] C:\WINNT\sys1136.exe
O4 - HKCU\..\Run: [DA1D3676] C:\WINNT\sys1252.exe
O4 - HKCU\..\Run: [DF1D3676] C:\WINNT\sys1254.exe
O4 - HKCU\..\Run: [DCBB3676] C:\WINNT\sys1257.exe
O4 - HKCU\..\Run: [9AA01C86] C:\WINNT\sys148.exe
O4 - HKCU\..\Run: [DC9CF676] C:\WINNT\sys1410.exe
O4 - HKCU\..\Run: [DB3AF676] C:\WINNT\sys1413.exe
O4 - HKCU\..\Run: [811D3476] C:\WINNT\sys1648.exe
O4 - HKCU\..\Run: [9D061A86] C:\WINNT\sys177.exe
O4 - HKCU\..\Run: [DC5CDDF6] C:\WINNT\sys1720.exe
O4 - HKCU\..\Run: [C1DAF676] C:\WINNT\sys1813.exe
O4 - HKCU\..\Run: [9BDAF676] C:\WINNT\sys1819.exe
O4 - HKCU\..\Run: [9B7CDDF6] C:\WINNT\sys1828.exe
O4 - HKCU\..\Run: [C6DADFF6] C:\WINNT\sys1831.exe
O4 - HKCU\..\Run: [9B7CDFF6] C:\WINNT\sys1838.exe
O4 - HKCU\..\Run: [C47D3476] C:\WINNT\sys1844.exe
O4 - HKCU\..\Run: [C6BCDFF6] C:\WINNT\sys1930.exe
O4 - HKCU\..\Run: [C7BCDFF6] C:\WINNT\sys1936.exe
O4 - HKCU\..\Run: [C1BD3476] C:\WINNT\sys1942.exe
O4 - HKCU\..\Run: [C71B3676] C:\WINNT\sys1957.exe
O4 - HKCU\..\Run: [9FC65C86] C:\WINNT\sys203.exe
O4 - HKCU\..\Run: [D6DAF65E] C:\WINNT\sys2011.exe
O4 - HKCU\..\Run: [D7BCDFDE] C:\WINNT\sys2136.exe
O4 - HKCU\..\Run: [D11B345E] C:\WINNT\sys2143.exe
O4 - HKCU\..\Run: [D1BD365E] C:\WINNT\sys2152.exe
O4 - HKCU\..\Run: [80BB365E] C:\WINNT\sys2259.exe
O4 - HKCU\..\Run: [9DC65A86] C:\WINNT\sys237.exe
O4 - HKCU\..\Run: [D49AF65E] C:\WINNT\sys2315.exe
O4 - HKCU\..\Run: [D69ADDDE] C:\WINNT\sys2321.exe
O4 - HKCU\..\Run: [815CF65E] C:\WINNT\sys2718.exe
O4 - HKCU\..\Run: [DD5CDDDE] C:\WINNT\sys2726.exe
O4 - HKCU\..\Run: [DEFADFDE] C:\WINNT\sys2735.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [rkzk] C:\PROGRA~1\COMMON~1\rkzk\rkzkm.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {26153573-C421-4D5C-99ED-B84F75E98914} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26153573-C421-4D5C-99ED-B84F75E98914} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {28253424-2877-4B72-94BE-F86A590359B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {28253424-2877-4B72-94BE-F86A590359B1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {49C978DD-7716-422A-AAF2-756D336D8D37} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {49C978DD-7716-422A-AAF2-756D336D8D37} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {63A74C98-C751-4D54-AB75-FB0B26C6A2AC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {63A74C98-C751-4D54-AB75-FB0B26C6A2AC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {73E4F5F1-ABF7-419D-BDB1-5B5A7C83C9AF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {73E4F5F1-ABF7-419D-BDB1-5B5A7C83C9AF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8AF7698B-04CC-4431-BC1B-209BC7A287FB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AF7698B-04CC-4431-BC1B-209BC7A287FB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D3A8D931-1EA3-4033-9BD9-CEFC15E85D6F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D3A8D931-1EA3-4033-9BD9-CEFC15E85D6F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F41F2BCC-0CF4-478A-A7F3-79D0A46E6138} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F41F2BCC-0CF4-478A-A7F3-79D0A46E6138} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.iframeprofit.com/
O15 - Trusted Zone: http://*.mycounter.biz/
O15 - Trusted Zone: http://*.porno-search.biz/porn/
O15 - Trusted Zone: http://*.porno-search.biz/sex/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 - HKLM\System\CCS\Services\Tcpip\..\{5344CE7B-9552-4BD5-9B08-B9F45D32C7CB}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DBD00E8-8F6A-4A29-A147-95534343C296}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F460F5-5BFE-455F-9A90-9ABAA773EFAB}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{5344CE7B-9552-4BD5-9B08-B9F45D32C7CB}: NameServer = 69.50.176.197,195.225.176.31
O20 - AppInit_DLLs: 7sftpk1i6xunt6dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by knomad, 03 April 2005 - 02:36 PM.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 AM

Posted 03 April 2005 - 03:05 PM

Hello,

Well, there is a lot more going on on your system than those O15's.
We also have to work in safe mode because you have to delete a lot of files manually, so it's better to print out the next instructions or copy and paste them in notepad.
Don't miss any steps!!

First of all, I see you are using StealtSurfPro with an built-in so called spywareremover (SpyKiller).
Seems like it failed in doing its job properly.. and to be honest, I think this is a spywareremover with a dubious reputation.
You already have spybot, adaware and microsoft antispyware installed on your system that do a great job.

I suggest you to uninstall StealthsurfPro.

I see that Microsoft antispyware and teatimer are running in the background.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup

For Microsoft antispyware, perform the following action:

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

* Download and install CCleaner
Do not use it yet.

* Please set your system to show all files:
Open My Computer.
Select the View menu and click Folder Options.
Select the View Tab.
In the Hidden files section select Show all files.
Click OK.

* Download CWShredder. Start CWShredder and click FIX}

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [Qmbja] C:\Program Files\Ioazdqp\Kzdcyt.exe
O4 - HKLM\..\Run: [bwbwTVy4] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [bwbwTVz$v*C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [D7DB3456] C:\WINNT\sys5047.exe
O4 - HKLM\..\Run: [94807206] C:\WINNT\sys510.exe
O4 - HKLM\..\Run: [DB3AF656] C:\WINNT\sys5413.exe
O4 - HKLM\..\Run: [DDDCDFD6] C:\WINNT\sys5536.exe
O4 - HKLM\..\Run: [C11ADDD6] C:\WINNT\sys5923.exe
O4 - HKLM\..\Run: [9BBCDDD6] C:\WINNT\sys5928.exe
O4 - HKLM\..\Run: [94403206] C:\WINNT\sys650.exe
O4 - HKLM\..\Run: [90403206] C:\WINNT\sys658.exe
O4 - HKLM\..\Run: [8FE03206] C:\WINNT\sys852.exe
O4 - HKLM\..\Run: [95665A86] C:\WINNT\sys433.exe
O4 - HKLM\..\Run: [DBDD344E] C:\WINNT\sys4542.exe
O4 - HKLM\..\Run: [97265C86] C:\WINNT\sys507.exe
O4 - HKLM\..\Run: [DC1CDFD6] C:\WINNT\sys5236.exe
O4 - HKLM\..\Run: [80BADFD6] C:\WINNT\sys5239.exe
O4 - HKLM\..\Run: [9D06F206] C:\WINNT\sys197.exe
O4 - HKLM\..\Run: [C4BCF676] C:\WINNT\sys1914.exe
O4 - HKLM\..\Run: [8BBCF65E] C:\WINNT\sys2118.exe
O4 - HKLM\..\Run: [DC1CDDDE] C:\WINNT\sys2620.exe
O4 - HKLM\..\Run: [msnappau] C:\Program Files\StealthSurf Pro\SpyWare Killer\quarantine\{39694709-3A1D-4ECD-95D1-3CE1593A9649}\{EA77BB0B-AE1A-49E5-8FCB-298289FCFC78}\01.02.3000.1001\en-us\msnappau.exe
O4 - HKLM\..\Run: [DFBAF64E] C:\WINNT\sys4215.exe
O4 - HKLM\..\Run: [801CF64E] C:\WINNT\sys4218.exe
O4 - HKLM\..\Run: [DA1CDDCE] C:\WINNT\sys4222.exe
O4 - HKLM\..\Run: [9D865886] C:\WINNT\sys327.exe
O4 - HKLM\..\Run: [9E205A86] C:\WINNT\sys732.exe
O4 - HKLM\..\Run: [81FADFF6] C:\WINNT\sys1739.exe
O4 - HKLM\..\Run: [DEFB3476] C:\WINNT\sys1745.exe
O4 - HKLM\..\Run: [81DCDFDE] C:\WINNT\sys2538.exe
O4 - HKLM\..\Run: [DC7B345E] C:\WINNT\sys2541.exe
O4 - HKLM\..\Run: [DE7B345E] C:\WINNT\sys2545.exe
O4 - HKLM\..\Run: [DFBADFE6] C:\WINNT\sys3235.exe
O4 - HKLM\..\Run: [801CDFE6] C:\WINNT\sys3238.exe
O4 - HKLM\..\Run: [D73D3466] C:\WINNT\sys3346.exe
O4 - HKLM\..\Run: [DC3AF666] C:\WINNT\sys3411.exe
O4 - HKLM\..\Run: [DE9CF666] C:\WINNT\sys3414.exe
O4 - HKLM\..\Run: [DD3AF666] C:\WINNT\sys3417.exe
O4 - HKLM\..\Run: [DE3B3666] C:\WINNT\sys3455.exe
O4 - HKLM\..\Run: [819D3666] C:\WINNT\sys3458.exe
O4 - HKLM\..\Run: [9C203206] C:\WINNT\sys354.exe
O4 - HKLM\..\Run: [DCDCDFE6] C:\WINNT\sys3530.exe
O4 - HKLM\..\Run: [C71ADFCE] C:\WINNT\sys4937.exe
O4 - HKLM\..\Run: [DE3ADDD6] C:\WINNT\sys5425.exe
O4 - HKLM\..\Run: [813ADDD6] C:\WINNT\sys5429.exe
O4 - HKLM\..\Run: [DCDD3456] C:\WINNT\sys5540.exe
O4 - HKLM\..\Run: [DEDD3456] C:\WINNT\sys5544.exe
O4 - HKLM\..\Run: [DE1D3656] C:\WINNT\sys5654.exe
O4 - HKLM\..\Run: [811D3656] C:\WINNT\sys5658.exe
O4 - HKLM\..\Run: [9B7CF656] C:\WINNT\sys5818.exe
O4 - HKLM\..\Run: [C47CDDD6] C:\WINNT\sys5824.exe
O4 - HKLM\..\Run: [C67CDFD6] C:\WINNT\sys5830.exe
O4 - HKLM\..\Run: [C61ADFD6] C:\WINNT\sys5931.exe
O4 - HKLM\..\Run: [C7BD3656] C:\WINNT\sys5956.exe
O4 - HKLM\..\Run: [C7BD3456] C:\WINNT\sys5946.exe
O4 - HKLM\..\Run: [9FE05886] C:\WINNT\sys022.exe
O4 - HKLM\..\Run: [9C461C86] C:\WINNT\sys045.exe
O4 - HKLM\..\Run: [9F463206] C:\WINNT\sys053.exe
O4 - HKLM\..\Run: [E6E8A8C6] C:\WINNT\sys12.exe
O4 - HKLM\..\Run: [9FA07206] C:\WINNT\sys112.exe
O4 - HKLM\..\Run: [9DA05886] C:\WINNT\sys126.exe
O4 - HKLM\..\Run: [9FC67206] C:\WINNT\sys213.exe
O4 - HKLM\..\Run: [9D607206] C:\WINNT\sys216.exe
O4 - HKLM\..\Run: [9DC65886] C:\WINNT\sys227.exe
O4 - HKLM\..\Run: [9D601C86] C:\WINNT\sys246.exe
O4 - HKLM\..\Run: [E7E88146] C:\WINNT\sys34.exe
O4 - HKLM\..\Run: [9F205A86] C:\WINNT\sys332.exe
O4 - HKLM\..\Run: [9C865A86] C:\WINNT\sys335.exe
O4 - HKLM\..\Run: [96665A86] C:\WINNT\sys435.exe
O4 - HKLM\..\Run: [97661C86] C:\WINNT\sys447.exe
O4 - HKLM\..\Run: [90265A86] C:\WINNT\sys539.exe
O4 - HKLM\..\Run: [95801C86] C:\WINNT\sys542.exe
O4 - HKLM\..\Run: [96261C86] C:\WINNT\sys545.exe
O4 - HKLM\..\Run: [E6F8C346] C:\WINNT\sys63.exe
O4 - HKLM\..\Run: [E4E8C346] C:\WINNT\sys66.exe
O4 - HKLM\..\Run: [9E867206] C:\WINNT\sys713.exe
O4 - HKLM\..\Run: [9C207206] C:\WINNT\sys716.exe
O4 - HKLM\..\Run: [8EE05A86] C:\WINNT\sys830.exe
O4 - HKLM\..\Run: [8DE05A86] C:\WINNT\sys836.exe
O4 - HKLM\..\Run: [8DE01C86] C:\WINNT\sys846.exe
O4 - HKLM\..\Run: [8F067206] C:\WINNT\sys913.exe
O4 - HKLM\..\Run: [8FA01C86] C:\WINNT\sys942.exe
O4 - HKLM\..\Run: [8C061C86] C:\WINNT\sys945.exe
O4 - HKLM\..\Run: [8A061C86] C:\WINNT\sys949.exe
O4 - HKLM\..\Run: [9E067206] C:\WINNT\sys111.exe
O4 - HKLM\..\Run: [D1BCF676] C:\WINNT\sys1112.exe
O4 - HKLM\..\Run: [8B1ADFF6] C:\WINNT\sys1139.exe
O4 - HKLM\..\Run: [D61B3676] C:\WINNT\sys1151.exe
O4 - HKLM\..\Run: [9A065886] C:\WINNT\sys129.exe
O4 - HKLM\..\Run: [DABAF676] C:\WINNT\sys1213.exe
O4 - HKLM\..\Run: [DD1CDFF6] C:\WINNT\sys1230.exe
O4 - HKLM\..\Run: [DC1CDFF6] C:\WINNT\sys1236.exe
O4 - HKLM\..\Run: [DD1D3676] C:\WINNT\sys1250.exe
O4 - HKLM\..\Run: [9EA05A86] C:\WINNT\sys130.exe
O4 - HKLM\..\Run: [9AA05A86] C:\WINNT\sys138.exe
O4 - HKLM\..\Run: [9A065A86] C:\WINNT\sys139.exe
O4 - HKLM\..\Run: [D49AF676] C:\WINNT\sys1315.exe
O4 - HKLM\..\Run: [D69B3476] C:\WINNT\sys1341.exe
O4 - HKLM\..\Run: [8B3D3476] C:\WINNT\sys1348.exe
O4 - HKLM\..\Run: [8B9B3676] C:\WINNT\sys1359.exe
O4 - HKLM\..\Run: [DE3ADDF6] C:\WINNT\sys1425.exe
O4 - HKLM\..\Run: [9D063206] C:\WINNT\sys157.exe
O4 - HKLM\..\Run: [DBDCF676] C:\WINNT\sys1512.exe
O4 - HKLM\..\Run: [D19B365E] C:\WINNT\sys2353.exe
O4 - HKLM\..\Run: [8B3D365E] C:\WINNT\sys2358.exe
O4 - HKLM\..\Run: [9F601C86] C:\WINNT\sys242.exe
O4 - HKLM\..\Run: [DD3AF65E] C:\WINNT\sys2417.exe
O4 - HKLM\..\Run: [DC9CDDDE] C:\WINNT\sys2420.exe
O4 - HKLM\..\Run: [DB3ADDDE] C:\WINNT\sys2423.exe
O4 - HKLM\..\Run: [9D603206] C:\WINNT\sys256.exe
O4 - HKLM\..\Run: [9AC63206] C:\WINNT\sys259.exe
O4 - HKLM\..\Run: [DC7ADFDE] C:\WINNT\sys2531.exe
O4 - HKLM\..\Run: [DBDCDFDE] C:\WINNT\sys2532.exe
O4 - HKLM\..\Run: [DE1CDDDE] C:\WINNT\sys2624.exe
O4 - HKLM\..\Run: [DDBADDDE] C:\WINNT\sys2627.exe
O4 - HKLM\..\Run: [81BADDDE] C:\WINNT\sys2629.exe
O4 - HKLM\..\Run: [DB1CDFDE] C:\WINNT\sys2632.exe
O4 - HKLM\..\Run: [811D365E] C:\WINNT\sys2658.exe
O4 - HKLM\..\Run: [DB1CDDCE] C:\WINNT\sys4622.exe
O4 - HKLM\..\Run: [DDBADDCE] C:\WINNT\sys4627.exe
O4 - HKLM\..\Run: [81BADDCE] C:\WINNT\sys4629.exe
O4 - HKLM\..\Run: [DDFB344E] C:\WINNT\sys4747.exe
O4 - HKLM\..\Run: [DC5D364E] C:\WINNT\sys4750.exe
O4 - HKLM\..\Run: [DBFB364E] C:\WINNT\sys4753.exe
O4 - HKLM\..\Run: [9066F206] C:\WINNT\sys499.exe
O4 - HKLM\..\Run: [C1BCF64E] C:\WINNT\sys4912.exe
O4 - HKLM\..\Run: [8B7CDDD6] C:\WINNT\sys5028.exe
O4 - HKLM\..\Run: [D77CDFD6] C:\WINNT\sys5036.exe
O4 - HKLM\..\Run: [DE1CDFDE] C:\WINNT\sys2634.exe
O4 - HKLM\..\Run: [9A601A86] C:\WINNT\sys278.exe
O4 - HKLM\..\Run: [DCFAF65E] C:\WINNT\sys2711.exe
O4 - HKLM\..\Run: [81FADFDE] C:\WINNT\sys2739.exe
O4 - HKLM\..\Run: [DE5D345E] C:\WINNT\sys2744.exe
O4 - HKLM\..\Run: [9DC6DC86] C:\WINNT\sys287.exe
O4 - HKLM\..\Run: [C17CF65E] C:\WINNT\sys2812.exe
O4 - HKLM\..\Run: [9BDAF65E] C:\WINNT\sys2819.exe
O4 - HKLM\..\Run: [C7DADFDE] C:\WINNT\sys2837.exe
O4 - HKLM\..\Run: [9C60F206] C:\WINNT\sys294.exe
O4 - HKLM\..\Run: [9B1AF65E] C:\WINNT\sys2919.exe
O4 - HKLM\..\Run: [9B1ADDDE] C:\WINNT\sys2929.exe
O4 - HKLM\..\Run: [C4BCDFDE] C:\WINNT\sys2934.exe
O4 - HKLM\..\Run: [C41B345E] C:\WINNT\sys2945.exe
O4 - HKLM\..\Run: [C6BD365E] C:\WINNT\sys2950.exe
O4 - HKLM\..\Run: [C41B365E] C:\WINNT\sys2955.exe
O4 - HKLM\..\Run: [8B7D3666] C:\WINNT\sys3058.exe
O4 - HKLM\..\Run: [9C865886] C:\WINNT\sys325.exe
O4 - HKLM\..\Run: [DDBAF666] C:\WINNT\sys3211.exe
O4 - HKLM\..\Run: [D49AF666] C:\WINNT\sys3315.exe
O4 - HKLM\..\Run: [8B3CF666] C:\WINNT\sys3318.exe
O4 - HKLM\..\Run: [8B9ADDE6] C:\WINNT\sys3329.exe
O4 - HKLM\..\Run: [D19ADFE6] C:\WINNT\sys3333.exe
O4 - HKLM\..\Run: [DC9CDFE6] C:\WINNT\sys3430.exe
O4 - HKLM\..\Run: [DC9D3466] C:\WINNT\sys3440.exe
O4 - HKLM\..\Run: [DE9D3466] C:\WINNT\sys3444.exe
O4 - HKLM\..\Run: [DD3B3466] C:\WINNT\sys3447.exe
O4 - HKLM\..\Run: [DC9D3666] C:\WINNT\sys3450.exe
O4 - HKLM\..\Run: [DB7B3466] C:\WINNT\sys3543.exe
O4 - HKLM\..\Run: [81DD3466] C:\WINNT\sys3548.exe
O4 - HKLM\..\Run: [DCDD3666] C:\WINNT\sys3550.exe
O4 - HKLM\..\Run: [DE7B3666] C:\WINNT\sys3555.exe
O4 - HKLM\..\Run: [96261886] C:\WINNT\sys565.exe
O4 - HKLM\..\Run: [DBBAF656] C:\WINNT\sys5613.exe
O4 - HKLM\..\Run: [DC1D3456] C:\WINNT\sys5640.exe
O4 - HKLM\..\Run: [811D3456] C:\WINNT\sys5648.exe
O4 - HKLM\..\Run: [DB5CDDD6] C:\WINNT\sys5722.exe
O4 - HKLM\..\Run: [DE5CDDD6] C:\WINNT\sys5724.exe
O4 - HKLM\..\Run: [C41AF656] C:\WINNT\sys5915.exe
O4 - HKLM\..\Run: [C1BCDDD6] C:\WINNT\sys5922.exe
O4 - HKLM\..\Run: [9E203206] C:\WINNT\sys752.exe
O4 - HKLM\..\Run: [9F863206] C:\WINNT\sys353.exe
O4 - HKLM\..\Run: [94401C86] C:\WINNT\sys640.exe
O4 - HKLM\..\Run: [95401C86] C:\WINNT\sys642.exe
O4 - HKLM\..\Run: [96401C86] C:\WINNT\sys644.exe
O4 - HKLM\..\Run: [9F203206] C:\WINNT\sys750.exe
O4 - HKLM\..\Run: [9D203206] C:\WINNT\sys754.exe
O4 - HKLM\..\Run: [BAE828C6] C:\WINNT\sys98.exe
O4 - HKLM\..\Run: [8E067206] C:\WINNT\sys911.exe
O4 - HKLM\..\Run: [D6DADDF6] C:\WINNT\sys1021.exe
O4 - HKLM\..\Run: [D47CDDF6] C:\WINNT\sys1024.exe
O4 - HKLM\..\Run: [D1BCDFF6] C:\WINNT\sys1132.exe
O4 - HKLM\..\Run: [D7BCDFF6] C:\WINNT\sys1136.exe
O4 - HKLM\..\Run: [DF1D3676] C:\WINNT\sys1254.exe
O4 - HKLM\..\Run: [DCBB3676] C:\WINNT\sys1257.exe
O4 - HKLM\..\Run: [DB3AF676] C:\WINNT\sys1413.exe
O4 - HKLM\..\Run: [811D3476] C:\WINNT\sys1648.exe
O4 - HKLM\..\Run: [DC5CDDF6] C:\WINNT\sys1720.exe
O4 - HKLM\..\Run: [9B7CDDF6] C:\WINNT\sys1828.exe
O4 - HKLM\..\Run: [9B7CDFF6] C:\WINNT\sys1838.exe
O4 - HKLM\..\Run: [C47D3476] C:\WINNT\sys1844.exe
O4 - HKLM\..\Run: [C1BD3476] C:\WINNT\sys1942.exe
O4 - HKLM\..\Run: [C71B3676] C:\WINNT\sys1957.exe
O4 - HKLM\..\Run: [9FC65C86] C:\WINNT\sys203.exe
O4 - HKLM\..\Run: [D6DAF65E] C:\WINNT\sys2011.exe
O4 - HKLM\..\Run: [D7BCDFDE] C:\WINNT\sys2136.exe
O4 - HKLM\..\Run: [D11B345E] C:\WINNT\sys2143.exe
O4 - HKLM\..\Run: [D1BD365E] C:\WINNT\sys2152.exe
O4 - HKLM\..\Run: [D49AF65E] C:\WINNT\sys2315.exe
O4 - HKLM\..\Run: [D69ADDDE] C:\WINNT\sys2321.exe
O4 - HKLM\..\Run: [815CF65E] C:\WINNT\sys2718.exe
O4 - HKLM\..\Run: [DD5CDDDE] C:\WINNT\sys2726.exe
O4 - HKLM\..\Run: [DEFADFDE] C:\WINNT\sys2735.exe
O4 - HKLM\..\Run: [bwbwTVz$vfC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [bwbwTVh$/G%)C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKLM\..\Run: [bwbwTVh$v/C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\mrjpmsa.exe
O4 - HKCU\..\Run: [HotqRONtP] a3dntlog.exe
O4 - HKCU\..\Run: [80BADDCE] C:\WINNT\sys4229.exe
O4 - HKCU\..\Run: [DDBADFCE] C:\WINNT\sys4231.exe
O4 - HKCU\..\Run: [D73CF64E] C:\WINNT\sys4316.exe
O4 - HKCU\..\Run: [8B9AF64E] C:\WINNT\sys4319.exe
O4 - HKCU\..\Run: [D69ADDCE] C:\WINNT\sys4321.exe
O4 - HKCU\..\Run: [D19B344E] C:\WINNT\sys4343.exe
O4 - HKCU\..\Run: [D73D344E] C:\WINNT\sys4346.exe
O4 - HKCU\..\Run: [8B3D344E] C:\WINNT\sys4348.exe
O4 - HKCU\..\Run: [D7DB3456] C:\WINNT\sys5047.exe
O4 - HKCU\..\Run: [8B7D3656] C:\WINNT\sys5058.exe
O4 - HKCU\..\Run: [94807206] C:\WINNT\sys510.exe
O4 - HKCU\..\Run: [DABAF656] C:\WINNT\sys5213.exe
O4 - HKCU\..\Run: [DFBAF656] C:\WINNT\sys5215.exe
O4 - HKCU\..\Run: [DCBAF656] C:\WINNT\sys5217.exe
O4 - HKCU\..\Run: [DB3AF656] C:\WINNT\sys5413.exe
O4 - HKCU\..\Run: [DD9CF656] C:\WINNT\sys5416.exe
O4 - HKCU\..\Run: [DC3ADDD6] C:\WINNT\sys5421.exe
O4 - HKCU\..\Run: [DDDCDFD6] C:\WINNT\sys5536.exe
O4 - HKCU\..\Run: [DC7B3456] C:\WINNT\sys5541.exe
O4 - HKCU\..\Run: [C11ADDD6] C:\WINNT\sys5923.exe
O4 - HKCU\..\Run: [C7BCDDD6] C:\WINNT\sys5926.exe
O4 - HKCU\..\Run: [9BBCDDD6] C:\WINNT\sys5928.exe
O4 - HKCU\..\Run: [94403206] C:\WINNT\sys650.exe
O4 - HKCU\..\Run: [90403206] C:\WINNT\sys658.exe
O4 - HKCU\..\Run: [8FE03206] C:\WINNT\sys852.exe
O4 - HKCU\..\Run: [DA1D364E] C:\WINNT\sys4252.exe
O4 - HKCU\..\Run: [94C05A86] C:\WINNT\sys430.exe
O4 - HKCU\..\Run: [95665A86] C:\WINNT\sys433.exe
O4 - HKCU\..\Run: [DBDD344E] C:\WINNT\sys4542.exe
O4 - HKCU\..\Run: [DDDD364E] C:\WINNT\sys4556.exe
O4 - HKCU\..\Run: [81DD364E] C:\WINNT\sys4558.exe
O4 - HKCU\..\Run: [9B1B364E] C:\WINNT\sys4959.exe
O4 - HKCU\..\Run: [95805C86] C:\WINNT\sys502.exe
O4 - HKCU\..\Run: [97265C86] C:\WINNT\sys507.exe
O4 - HKCU\..\Run: [DDBADFD6] C:\WINNT\sys5231.exe
O4 - HKCU\..\Run: [DC1CDFD6] C:\WINNT\sys5236.exe
O4 - HKCU\..\Run: [80BADFD6] C:\WINNT\sys5239.exe
O4 - HKCU\..\Run: [9D06F206] C:\WINNT\sys197.exe
O4 - HKCU\..\Run: [C61AF676] C:\WINNT\sys1911.exe
O4 - HKCU\..\Run: [C4BCF676] C:\WINNT\sys1914.exe
O4 - HKCU\..\Run: [8BBCF65E] C:\WINNT\sys2118.exe
O4 - HKCU\..\Run: [D1BCDDDE] C:\WINNT\sys2122.exe
O4 - HKCU\..\Run: [D41ADDDE] C:\WINNT\sys2125.exe
O4 - HKCU\..\Run: [DC1CDDDE] C:\WINNT\sys2620.exe
O4 - HKCU\..\Run: [DA1CDFDE] C:\WINNT\sys2232.exe
O4 - HKCU\..\Run: [DFBADFDE] C:\WINNT\sys2235.exe
O4 - HKCU\..\Run: [DFBAF64E] C:\WINNT\sys4215.exe
O4 - HKCU\..\Run: [801CF64E] C:\WINNT\sys4218.exe
O4 - HKCU\..\Run: [DA1CDDCE] C:\WINNT\sys4222.exe
O4 - HKCU\..\Run: [9D865886] C:\WINNT\sys327.exe
O4 - HKCU\..\Run: [9E205A86] C:\WINNT\sys732.exe
O4 - HKCU\..\Run: [9F865A86] C:\WINNT\sys333.exe
O4 - HKCU\..\Run: [81FADFF6] C:\WINNT\sys1739.exe
O4 - HKCU\..\Run: [DB5D3476] C:\WINNT\sys1742.exe
O4 - HKCU\..\Run: [DEFB3476] C:\WINNT\sys1745.exe
O4 - HKCU\..\Run: [81DCDFDE] C:\WINNT\sys2538.exe
O4 - HKCU\..\Run: [DC7B345E] C:\WINNT\sys2541.exe
O4 - HKCU\..\Run: [DE7B345E] C:\WINNT\sys2545.exe
O4 - HKCU\..\Run: [DD1CDFE6] C:\WINNT\sys3230.exe
O4 - HKCU\..\Run: [DFBADFE6] C:\WINNT\sys3235.exe
O4 - HKCU\..\Run: [801CDFE6] C:\WINNT\sys3238.exe
O4 - HKCU\..\Run: [D13D3466] C:\WINNT\sys3342.exe
O4 - HKCU\..\Run: [D43D3466] C:\WINNT\sys3344.exe
O4 - HKCU\..\Run: [D73D3466] C:\WINNT\sys3346.exe
O4 - HKCU\..\Run: [DC3AF666] C:\WINNT\sys3411.exe
O4 - HKCU\..\Run: [DE9CF666] C:\WINNT\sys3414.exe
O4 - HKCU\..\Run: [DD3AF666] C:\WINNT\sys3417.exe
O4 - HKCU\..\Run: [DE3B3666] C:\WINNT\sys3455.exe
O4 - HKCU\..\Run: [819D3666] C:\WINNT\sys3458.exe
O4 - HKCU\..\Run: [9C203206] C:\WINNT\sys354.exe
O4 - HKCU\..\Run: [DBDCDDE6] C:\WINNT\sys3522.exe
O4 - HKCU\..\Run: [DEDCDDE6] C:\WINNT\sys3524.exe
O4 - HKCU\..\Run: [81DCDDE6] C:\WINNT\sys3528.exe
O4 - HKCU\..\Run: [DCDCDFE6] C:\WINNT\sys3530.exe
O4 - HKCU\..\Run: [DB7ADFE6] C:\WINNT\sys3533.exe
O4 - HKCU\..\Run: [C6BCDFCE] C:\WINNT\sys4930.exe
O4 - HKCU\..\Run: [C41ADFCE] C:\WINNT\sys4935.exe
O4 - HKCU\..\Run: [C71ADFCE] C:\WINNT\sys4937.exe
O4 - HKCU\..\Run: [DB3ADDD6] C:\WINNT\sys5423.exe
O4 - HKCU\..\Run: [DE3ADDD6] C:\WINNT\sys5425.exe
O4 - HKCU\..\Run: [813ADDD6] C:\WINNT\sys5429.exe
O4 - HKCU\..\Run: [DCDD3456] C:\WINNT\sys5540.exe
O4 - HKCU\..\Run: [DB7B3456] C:\WINNT\sys5543.exe
O4 - HKCU\..\Run: [DEDD3456] C:\WINNT\sys5544.exe
O4 - HKCU\..\Run: [DB1D3656] C:\WINNT\sys5652.exe
O4 - HKCU\..\Run: [DE1D3656] C:\WINNT\sys5654.exe
O4 - HKCU\..\Run: [811D3656] C:\WINNT\sys5658.exe
O4 - HKCU\..\Run: [9B7CF656] C:\WINNT\sys5818.exe
O4 - HKCU\..\Run: [C47CDDD6] C:\WINNT\sys5824.exe
O4 - HKCU\..\Run: [C67CDFD6] C:\WINNT\sys5830.exe
O4 - HKCU\..\Run: [C61ADFD6] C:\WINNT\sys5931.exe
O4 - HKCU\..\Run: [C71ADFD6] C:\WINNT\sys5937.exe
O4 - HKCU\..\Run: [C61B3456] C:\WINNT\sys5941.exe
O4 - HKCU\..\Run: [C61B3656] C:\WINNT\sys5951.exe
O4 - HKCU\..\Run: [C7BD3656] C:\WINNT\sys5956.exe
O4 - HKCU\..\Run: [C7BD3456] C:\WINNT\sys5946.exe
O4 - HKCU\..\Run: [9FE05886] C:\WINNT\sys022.exe
O4 - HKCU\..\Run: [9C461C86] C:\WINNT\sys045.exe
O4 - HKCU\..\Run: [9AE01C86] C:\WINNT\sys048.exe
O4 - HKCU\..\Run: [9F463206] C:\WINNT\sys053.exe
O4 - HKCU\..\Run: [E6E8A8C6] C:\WINNT\sys12.exe
O4 - HKCU\..\Run: [9FA07206] C:\WINNT\sys112.exe
O4 - HKCU\..\Run: [9DA05886] C:\WINNT\sys126.exe
O4 - HKCU\..\Run: [9FC67206] C:\WINNT\sys213.exe
O4 - HKCU\..\Run: [9D607206] C:\WINNT\sys216.exe
O4 - HKCU\..\Run: [9AC67206] C:\WINNT\sys219.exe
O4 - HKCU\..\Run: [9EC65886] C:\WINNT\sys221.exe
O4 - HKCU\..\Run: [9DC65886] C:\WINNT\sys227.exe
O4 - HKCU\..\Run: [9D601C86] C:\WINNT\sys246.exe
O4 - HKCU\..\Run: [E7E88146] C:\WINNT\sys34.exe
O4 - HKCU\..\Run: [9A207206] C:\WINNT\sys318.exe
O4 - HKCU\..\Run: [9F865886] C:\WINNT\sys323.exe
O4 - HKCU\..\Run: [9F205A86] C:\WINNT\sys332.exe
O4 - HKCU\..\Run: [9C865A86] C:\WINNT\sys335.exe
O4 - HKCU\..\Run: [90C05886] C:\WINNT\sys428.exe
O4 - HKCU\..\Run: [96665A86] C:\WINNT\sys435.exe
O4 - HKCU\..\Run: [90665A86] C:\WINNT\sys439.exe
O4 - HKCU\..\Run: [95C01C86] C:\WINNT\sys442.exe
O4 - HKCU\..\Run: [97661C86] C:\WINNT\sys447.exe
O4 - HKCU\..\Run: [90265A86] C:\WINNT\sys539.exe
O4 - HKCU\..\Run: [95801C86] C:\WINNT\sys542.exe
O4 - HKCU\..\Run: [96261C86] C:\WINNT\sys545.exe
O4 - HKCU\..\Run: [E1F8C346] C:\WINNT\sys61.exe
O4 - HKCU\..\Run: [E6F8C346] C:\WINNT\sys63.exe
O4 - HKCU\..\Run: [E4E8C346] C:\WINNT\sys66.exe
O4 - HKCU\..\Run: [9E867206] C:\WINNT\sys713.exe
O4 - HKCU\..\Run: [9C207206] C:\WINNT\sys716.exe
O4 - HKCU\..\Run: [8EE05A86] C:\WINNT\sys830.exe
O4 - HKCU\..\Run: [8DE05A86] C:\WINNT\sys836.exe
O4 - HKCU\..\Run: [8EE01C86] C:\WINNT\sys840.exe
O4 - HKCU\..\Run: [8DE01C86] C:\WINNT\sys846.exe
O4 - HKCU\..\Run: [8A461C86] C:\WINNT\sys849.exe
O4 - HKCU\..\Run: [8F067206] C:\WINNT\sys913.exe
O4 - HKCU\..\Run: [8FA01C86] C:\WINNT\sys942.exe
O4 - HKCU\..\Run: [8C061C86] C:\WINNT\sys945.exe
O4 - HKCU\..\Run: [8A061C86] C:\WINNT\sys949.exe
O4 - HKCU\..\Run: [8BDB3476] C:\WINNT\sys1049.exe
O4 - HKCU\..\Run: [9E067206] C:\WINNT\sys111.exe
O4 - HKCU\..\Run: [D1BCF676] C:\WINNT\sys1112.exe
O4 - HKCU\..\Run: [8B1ADFF6] C:\WINNT\sys1139.exe
O4 - HKCU\..\Run: [8BBD3476] C:\WINNT\sys1148.exe
O4 - HKCU\..\Run: [D61B3676] C:\WINNT\sys1151.exe
O4 - HKCU\..\Run: [9A065886] C:\WINNT\sys129.exe
O4 - HKCU\..\Run: [DABAF676] C:\WINNT\sys1213.exe
O4 - HKCU\..\Run: [DC1CDDF6] C:\WINNT\sys1226.exe
O4 - HKCU\..\Run: [DD1CDFF6] C:\WINNT\sys1230.exe
O4 - HKCU\..\Run: [DC1CDFF6] C:\WINNT\sys1236.exe
O4 - HKCU\..\Run: [DD1D3676] C:\WINNT\sys1250.exe
O4 - HKCU\..\Run: [9EA05A86] C:\WINNT\sys130.exe
O4 - HKCU\..\Run: [9AA05A86] C:\WINNT\sys138.exe
O4 - HKCU\..\Run: [9A065A86] C:\WINNT\sys139.exe
O4 - HKCU\..\Run: [D49AF676] C:\WINNT\sys1315.exe
O4 - HKCU\..\Run: [8B3CF676] C:\WINNT\sys1318.exe
O4 - HKCU\..\Run: [D13CDFF6] C:\WINNT\sys1332.exe
O4 - HKCU\..\Run: [D69B3476] C:\WINNT\sys1341.exe
O4 - HKCU\..\Run: [8B3D3476] C:\WINNT\sys1348.exe
O4 - HKCU\..\Run: [8B9B3676] C:\WINNT\sys1359.exe
O4 - HKCU\..\Run: [DD3AF676] C:\WINNT\sys1417.exe
O4 - HKCU\..\Run: [DC9CDDF6] C:\WINNT\sys1420.exe
O4 - HKCU\..\Run: [DE3ADDF6] C:\WINNT\sys1425.exe
O4 - HKCU\..\Run: [9D063206] C:\WINNT\sys157.exe
O4 - HKCU\..\Run: [DCDCF676] C:\WINNT\sys1510.exe
O4 - HKCU\..\Run: [DBDCF676] C:\WINNT\sys1512.exe
O4 - HKCU\..\Run: [D19B365E] C:\WINNT\sys2353.exe
O4 - HKCU\..\Run: [8B3D365E] C:\WINNT\sys2358.exe
O4 - HKCU\..\Run: [9F601C86] C:\WINNT\sys242.exe
O4 - HKCU\..\Run: [DD3AF65E] C:\WINNT\sys2417.exe
O4 - HKCU\..\Run: [DC9CDDDE] C:\WINNT\sys2420.exe
O4 - HKCU\..\Run: [DB3ADDDE] C:\WINNT\sys2423.exe
O4 - HKCU\..\Run: [9C603206] C:\WINNT\sys254.exe
O4 - HKCU\..\Run: [9D603206] C:\WINNT\sys256.exe
O4 - HKCU\..\Run: [9AC63206] C:\WINNT\sys259.exe
O4 - HKCU\..\Run: [DB7AF65E] C:\WINNT\sys2513.exe
O4 - HKCU\..\Run: [817AF65E] C:\WINNT\sys2519.exe
O4 - HKCU\..\Run: [DC7ADFDE] C:\WINNT\sys2531.exe
O4 - HKCU\..\Run: [DBDCDFDE] C:\WINNT\sys2532.exe
O4 - HKCU\..\Run: [DDDCDFDE] C:\WINNT\sys2536.exe
O4 - HKCU\..\Run: [DE1CDDDE] C:\WINNT\sys2624.exe
O4 - HKCU\..\Run: [DDBADDDE] C:\WINNT\sys2627.exe
O4 - HKCU\..\Run: [81BADDDE] C:\WINNT\sys2629.exe
O4 - HKCU\..\Run: [DB1CDFDE] C:\WINNT\sys2632.exe
O4 - HKCU\..\Run: [DEBB365E] C:\WINNT\sys2655.exe
O4 - HKCU\..\Run: [811D365E] C:\WINNT\sys2658.exe
O4 - HKCU\..\Run: [9C601A86] C:\WINNT\sys274.exe
O4 - HKCU\..\Run: [C41ADDDE] C:\WINNT\sys2925.exe
O4 - HKCU\..\Run: [C71ADDDE] C:\WINNT\sys2927.exe
O4 - HKCU\..\Run: [C6BCDFDE] C:\WINNT\sys2930.exe
O4 - HKCU\..\Run: [DB1CDDCE] C:\WINNT\sys4622.exe
O4 - HKCU\..\Run: [DDBADDCE] C:\WINNT\sys4627.exe
O4 - HKCU\..\Run: [81BADDCE] C:\WINNT\sys4629.exe
O4 - HKCU\..\Run: [DDFB344E] C:\WINNT\sys4747.exe
O4 - HKCU\..\Run: [DC5D364E] C:\WINNT\sys4750.exe
O4 - HKCU\..\Run: [DBFB364E] C:\WINNT\sys4753.exe
O4 - HKCU\..\Run: [9766F206] C:\WINNT\sys497.exe
O4 - HKCU\..\Run: [9066F206] C:\WINNT\sys499.exe
O4 - HKCU\..\Run: [C1BCF64E] C:\WINNT\sys4912.exe
O4 - HKCU\..\Run: [8B7CDDD6] C:\WINNT\sys5028.exe
O4 - HKCU\..\Run: [D47CDFD6] C:\WINNT\sys5034.exe
O4 - HKCU\..\Run: [D77CDFD6] C:\WINNT\sys5036.exe
O4 - HKCU\..\Run: [DE1CDFDE] C:\WINNT\sys2634.exe
O4 - HKCU\..\Run: [9E601A86] C:\WINNT\sys270.exe
O4 - HKCU\..\Run: [9A601A86] C:\WINNT\sys278.exe
O4 - HKCU\..\Run: [DCFAF65E] C:\WINNT\sys2711.exe
O4 - HKCU\..\Run: [81FADFDE] C:\WINNT\sys2739.exe
O4 - HKCU\..\Run: [DB5D345E] C:\WINNT\sys2742.exe
O4 - HKCU\..\Run: [DE5D345E] C:\WINNT\sys2744.exe
O4 - HKCU\..\Run: [9DC6DC86] C:\WINNT\sys287.exe
O4 - HKCU\..\Run: [C67CF65E] C:\WINNT\sys2810.exe
O4 - HKCU\..\Run: [C17CF65E] C:\WINNT\sys2812.exe
O4 - HKCU\..\Run: [9BDAF65E] C:\WINNT\sys2819.exe
O4 - HKCU\..\Run: [C6DADFDE] C:\WINNT\sys2831.exe
O4 - HKCU\..\Run: [C7DADFDE] C:\WINNT\sys2837.exe
O4 - HKCU\..\Run: [9E60F206] C:\WINNT\sys290.exe
O4 - HKCU\..\Run: [9F60F206] C:\WINNT\sys292.exe
O4 - HKCU\..\Run: [9C60F206] C:\WINNT\sys294.exe
O4 - HKCU\..\Run: [C71AF65E] C:\WINNT\sys2917.exe
O4 - HKCU\..\Run: [9B1AF65E] C:\WINNT\sys2919.exe
O4 - HKCU\..\Run: [9B1ADDDE] C:\WINNT\sys2929.exe
O4 - HKCU\..\Run: [C1BCDFDE] C:\WINNT\sys2932.exe
O4 - HKCU\..\Run: [C4BCDFDE] C:\WINNT\sys2934.exe
O4 - HKCU\..\Run: [C61B345E] C:\WINNT\sys2941.exe
O4 - HKCU\..\Run: [C11B345E] C:\WINNT\sys2943.exe
O4 - HKCU\..\Run: [C41B345E] C:\WINNT\sys2945.exe
O4 - HKCU\..\Run: [C6BD365E] C:\WINNT\sys2950.exe
O4 - HKCU\..\Run: [C11B365E] C:\WINNT\sys2953.exe
O4 - HKCU\..\Run: [C41B365E] C:\WINNT\sys2955.exe
O4 - HKCU\..\Run: [D1DB3666] C:\WINNT\sys3053.exe
O4 - HKCU\..\Run: [8B7D3666] C:\WINNT\sys3058.exe
O4 - HKCU\..\Run: [9C865886] C:\WINNT\sys325.exe
O4 - HKCU\..\Run: [DDBAF666] C:\WINNT\sys3211.exe
O4 - HKCU\..\Run: [D19AF666] C:\WINNT\sys3313.exe
O4 - HKCU\..\Run: [D49AF666] C:\WINNT\sys3315.exe
O4 - HKCU\..\Run: [8B3CF666] C:\WINNT\sys3318.exe
O4 - HKCU\..\Run: [D73CDDE6] C:\WINNT\sys3326.exe
O4 - HKCU\..\Run: [8B9ADDE6] C:\WINNT\sys3329.exe
O4 - HKCU\..\Run: [D19ADFE6] C:\WINNT\sys3333.exe
O4 - HKCU\..\Run: [DE3ADDE6] C:\WINNT\sys3425.exe
O4 - HKCU\..\Run: [DC9CDFE6] C:\WINNT\sys3430.exe
O4 - HKCU\..\Run: [DD3ADFE6] C:\WINNT\sys3437.exe
O4 - HKCU\..\Run: [DC9D3466] C:\WINNT\sys3440.exe
O4 - HKCU\..\Run: [DE9D3466] C:\WINNT\sys3444.exe
O4 - HKCU\..\Run: [DD3B3466] C:\WINNT\sys3447.exe
O4 - HKCU\..\Run: [DC9D3666] C:\WINNT\sys3450.exe
O4 - HKCU\..\Run: [817ADFE6] C:\WINNT\sys3539.exe
O4 - HKCU\..\Run: [DC7B3466] C:\WINNT\sys3541.exe
O4 - HKCU\..\Run: [DB7B3466] C:\WINNT\sys3543.exe
O4 - HKCU\..\Run: [81DD3466] C:\WINNT\sys3548.exe
O4 - HKCU\..\Run: [DCDD3666] C:\WINNT\sys3550.exe
O4 - HKCU\..\Run: [DE7B3666] C:\WINNT\sys3555.exe
O4 - HKCU\..\Run: [96261886] C:\WINNT\sys565.exe
O4 - HKCU\..\Run: [DC1CF656] C:\WINNT\sys5610.exe
O4 - HKCU\..\Run: [DBBAF656] C:\WINNT\sys5613.exe
O4 - HKCU\..\Run: [DC1D3456] C:\WINNT\sys5640.exe
O4 - HKCU\..\Run: [DBBB3456] C:\WINNT\sys5643.exe
O4 - HKCU\..\Run: [811D3456] C:\WINNT\sys5648.exe
O4 - HKCU\..\Run: [DC5CDDD6] C:\WINNT\sys5720.exe
O4 - HKCU\..\Run: [DB5CDDD6] C:\WINNT\sys5722.exe
O4 - HKCU\..\Run: [DE5CDDD6] C:\WINNT\sys5724.exe
O4 - HKCU\..\Run: [C41AF656] C:\WINNT\sys5915.exe
O4 - HKCU\..\Run: [C6BCDDD6] C:\WINNT\sys5920.exe
O4 - HKCU\..\Run: [C1BCDDD6] C:\WINNT\sys5922.exe
O4 - HKCU\..\Run: [9A201C86] C:\WINNT\sys348.exe
O4 - HKCU\..\Run: [9E203206] C:\WINNT\sys752.exe
O4 - HKCU\..\Run: [9F863206] C:\WINNT\sys353.exe
O4 - HKCU\..\Run: [94401C86] C:\WINNT\sys640.exe
O4 - HKCU\..\Run: [95401C86] C:\WINNT\sys642.exe
O4 - HKCU\..\Run: [96401C86] C:\WINNT\sys644.exe
O4 - HKCU\..\Run: [9F203206] C:\WINNT\sys750.exe
O4 - HKCU\..\Run: [9D203206] C:\WINNT\sys754.exe
O4 - HKCU\..\Run: [E4E828C6] C:\WINNT\sys96.exe
O4 - HKCU\..\Run: [BAE828C6] C:\WINNT\sys98.exe
O4 - HKCU\..\Run: [8E067206] C:\WINNT\sys911.exe
O4 - HKCU\..\Run: [8BDAF676] C:\WINNT\sys1019.exe
O4 - HKCU\..\Run: [D6DADDF6] C:\WINNT\sys1021.exe
O4 - HKCU\..\Run: [D47CDDF6] C:\WINNT\sys1024.exe
O4 - HKCU\..\Run: [D1BCDFF6] C:\WINNT\sys1132.exe
O4 - HKCU\..\Run: [D7BCDFF6] C:\WINNT\sys1136.exe
O4 - HKCU\..\Run: [DA1D3676] C:\WINNT\sys1252.exe
O4 - HKCU\..\Run: [DF1D3676] C:\WINNT\sys1254.exe
O4 - HKCU\..\Run: [DCBB3676] C:\WINNT\sys1257.exe
O4 - HKCU\..\Run: [9AA01C86] C:\WINNT\sys148.exe
O4 - HKCU\..\Run: [DC9CF676] C:\WINNT\sys1410.exe
O4 - HKCU\..\Run: [DB3AF676] C:\WINNT\sys1413.exe
O4 - HKCU\..\Run: [811D3476] C:\WINNT\sys1648.exe
O4 - HKCU\..\Run: [9D061A86] C:\WINNT\sys177.exe
O4 - HKCU\..\Run: [DC5CDDF6] C:\WINNT\sys1720.exe
O4 - HKCU\..\Run: [C1DAF676] C:\WINNT\sys1813.exe
O4 - HKCU\..\Run: [9BDAF676] C:\WINNT\sys1819.exe
O4 - HKCU\..\Run: [9B7CDDF6] C:\WINNT\sys1828.exe
O4 - HKCU\..\Run: [C6DADFF6] C:\WINNT\sys1831.exe
O4 - HKCU\..\Run: [9B7CDFF6] C:\WINNT\sys1838.exe
O4 - HKCU\..\Run: [C47D3476] C:\WINNT\sys1844.exe
O4 - HKCU\..\Run: [C6BCDFF6] C:\WINNT\sys1930.exe
O4 - HKCU\..\Run: [C7BCDFF6] C:\WINNT\sys1936.exe
O4 - HKCU\..\Run: [C1BD3476] C:\WINNT\sys1942.exe
O4 - HKCU\..\Run: [C71B3676] C:\WINNT\sys1957.exe
O4 - HKCU\..\Run: [9FC65C86] C:\WINNT\sys203.exe
O4 - HKCU\..\Run: [D6DAF65E] C:\WINNT\sys2011.exe
O4 - HKCU\..\Run: [D7BCDFDE] C:\WINNT\sys2136.exe
O4 - HKCU\..\Run: [D11B345E] C:\WINNT\sys2143.exe
O4 - HKCU\..\Run: [D1BD365E] C:\WINNT\sys2152.exe
O4 - HKCU\..\Run: [80BB365E] C:\WINNT\sys2259.exe
O4 - HKCU\..\Run: [9DC65A86] C:\WINNT\sys237.exe
O4 - HKCU\..\Run: [D49AF65E] C:\WINNT\sys2315.exe
O4 - HKCU\..\Run: [D69ADDDE] C:\WINNT\sys2321.exe
O4 - HKCU\..\Run: [815CF65E] C:\WINNT\sys2718.exe
O4 - HKCU\..\Run: [DD5CDDDE] C:\WINNT\sys2726.exe
O4 - HKCU\..\Run: [DEFADFDE] C:\WINNT\sys2735.exe
O4 - HKCU\..\Run: [rkzk] C:\PROGRA~1\COMMON~1\rkzk\rkzkm.exe
O9 - Extra button: Microsoft AntiSpyware helper - {26153573-C421-4D5C-99ED-B84F75E98914} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26153573-C421-4D5C-99ED-B84F75E98914} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {28253424-2877-4B72-94BE-F86A590359B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {28253424-2877-4B72-94BE-F86A590359B1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {49C978DD-7716-422A-AAF2-756D336D8D37} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {49C978DD-7716-422A-AAF2-756D336D8D37} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {63A74C98-C751-4D54-AB75-FB0B26C6A2AC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {63A74C98-C751-4D54-AB75-FB0B26C6A2AC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {73E4F5F1-ABF7-419D-BDB1-5B5A7C83C9AF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {73E4F5F1-ABF7-419D-BDB1-5B5A7C83C9AF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8AF7698B-04CC-4431-BC1B-209BC7A287FB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AF7698B-04CC-4431-BC1B-209BC7A287FB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D3A8D931-1EA3-4033-9BD9-CEFC15E85D6F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D3A8D931-1EA3-4033-9BD9-CEFC15E85D6F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F41F2BCC-0CF4-478A-A7F3-79D0A46E6138} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F41F2BCC-0CF4-478A-A7F3-79D0A46E6138} - (no file) (HKCU)
O15 - Trusted Zone: http://*.iframeprofit.com/
O15 - Trusted Zone: http://*.mycounter.biz/
O15 - Trusted Zone: http://*.porno-search.biz/porn/
O15 - Trusted Zone: http://*.porno-search.biz/sex/
O17 - HKLM\System\CCS\Services\Tcpip\..\{5344CE7B-9552-4BD5-9B08-B9F45D32C7CB}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DBD00E8-8F6A-4A29-A147-95534343C296}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F460F5-5BFE-455F-9A90-9ABAA773EFAB}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{5344CE7B-9552-4BD5-9B08-B9F45D32C7CB}: NameServer = 69.50.176.197,195.225.176.31
O20 - AppInit_DLLs: 7sftpk1i6xunt6dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll


* Reboot into Safe Mode`:
To get into Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Search and find the next files/folders and delete them manually:

C:\Program Files\Ioazdqp <== this folder
C:\WINNT\mrjpmsa.exe
C:\Program Files\ISTsvc <== this folder
C:\PROGRAM FILES\COMMON FILES\rkzk <== this folder

Also delete ALL those sys*-files that are present in your WINNT-folder
Those are the files you checked and fixed in hijackthis. Make sure you DON'T delete any others.
You'll recognise them very easy. They all start with sys and have a random number in it.


* Start CCleaner and click Run Cleaner.

* Enter your control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.

* Reboot back to normal mode and post a new hijackthislog.

Edited by miekiemoes, 03 April 2005 - 03:07 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 AM

Posted 01 May 2005 - 03:08 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users