SDFix v1.240
Updated 6th November 9am
SDFix will only run on Windows 2000 and Windows XP in Safe Mode !
( Requires Administrator Account Privileges )
Press Enter or CTRL & F to Search with Firefox
View SDFix Instructions at BleepingComputer.com
View Changelog
Catchme W2K/XP/Vista - Rootkit/Stealth Malware Detector by Gmer - www.gmer.net
Download Links:
SDFix.exe:
Link 1 Link 2 Link 3
SDFix.zip:
Link 1 Link 2 Link 3
SDFix uses files by the following developers:
Thankyou to them. everyone at SpywareInfo and the MR team
Notes:
If this error message is displayed when running SDFix:
The command prompt has been disabled by your administrator.
Press any key to continue . . .
Goto Start Menu > Run > then copy and paste either of the following lines:
rundll32 setupapi,InstallHinfSection DefaultInstall 128 %systemdrive%\SDFix\apps\Enable_Command_Prompt.inf
or
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
If SDFix is unable to add its run key and does not load after reboot following its run in Safe Mode
Run SDFix in either Mode and type F then press Enter for it to finish the final stage and produce the report
If the PC has been infected with the VirusAlert! malware and the Start Menu icons or drives are not visible
Right click either the XP or W2K VirusAlert_Repair.inf (depending on the version of Windows)
which are inside the SDFix folder and choose Install to restore the default settings,
SDFix should then be run to remove the malware and VirusAlert! warning from the clock and product Id,
Both Inf files can also be downloaded below
Windows 2000 - VirusAlert_Repair.inf
Windows XP - VirusAlert_Repair.inf
If the PC cannot boot in to Safe Mode as the SafeBoot registry key is either missing or damaged
Goto Start Menu > Run > then copy and paste one of the following lines to restore the default SafeBoot entries
Windows XP (SP2):
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
Windows XP (SP3):
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
Windows 2000 (SP4):
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Restore_SafeBoot_Windows2000_SP4.reg
If the Command Prompt window flashes on then off again on XP or Windows2000
Goto Start Menu > Run > then copy and paste the following line:
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Click OK, then type Y and press Enter when prompted, Reboot and start SDFix again
If SDFix still doesnt run check the %comspec% variable
Goto Start Menu > Right click My Computer > click properties > click Advanced
Click Environment Variables and check that the ComSpec variable points to cmd.exe
%SystemRoot%\system32\cmd.exe
SDFix uses ERUNT to create a registry backup which can be restored using Start > Run:
%SystemRoot%\ERUNT\SDFix\ERDNT.EXE
The fixtool removes these Trojan Variants (Listed using Trend Micro's - HijackThis)
Backdoor (IRCBot) Trojans:
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\accwiz.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\astra32.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Avsynmgr.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\BTStack.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\BTTray.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\btwdin.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\clmcs.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ctfmon.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\cygwin.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\czsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\DivXsm.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\dsserv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\hkcmd.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ImgBurn.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\kasvc.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\lanbg.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\LBTSERV.EXE
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Manager.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Mctray.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Mrshield.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\MSASCu.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\mssq.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\MSTask.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\naPrdMgr.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\navapsvc.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\nbsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\netserv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ntlsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ntvdm.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\nzbd.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\pcsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\pdf.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Qtime.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\QuickTime.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\rstrui.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\rtvscan.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\schedhlp.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\slysom.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\srvrmgr.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\stisvc.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\MSVCRT.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\Spool.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\svchost.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\btwdins.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\FmMgr.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\LBTWiz.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\PrdMgr.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\regvcs.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\service.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\winlogon.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\wuaclt.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\wuact.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\NMBgMonitor.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\service.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\tcpip.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\tremapi.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\VTTray.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\VTTrayp.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\winlogon.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinMgmt.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\winsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\wspl.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\wuauclt.exe
F2 - REG:system.ini: Shell=Explorer.exe asus.exe
F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\CRSVS.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Media\csrss.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\svcmgr32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\winlogon.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\WinConfSrv.exe
F2 - REG:system.ini: Shell=Explorer.exe chh.exe
F2 - REG:system.ini: Shell=Explorer.exe creative.exe
F2 - REG:system.ini: Shell=Explorer.exe esijavaupdt32.exe
F2 - REG:system.ini: Shell=Explorer.exe glossary.exe
F2 - REG:system.ini: Shell=Explorer.exe javaapplet.exe
F2 - REG:system.ini: Shell=Explorer.exe javaapplets.exe
F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: Shell=Explorer.exe jconsole.exe
F2 - REG:system.ini: Shell=Explorer.exe msclt.exe
F2 - REG:system.ini: Shell=Explorer.exe msdhcp.exe
F2 - REG:system.ini: Shell=Explorer.exe msdhcprs.exe
F2 - REG:system.ini: Shell=Explorer.exe msdn-nt.exe
F2 - REG:system.ini: Shell=Explorer.exe msdnxp.exe
F2 - REG:system.ini: Shell=Explorer.exe msguard.exe
F2 - REG:system.ini: Shell=Explorer.exe msi32info.exe
F2 - REG:system.ini: Shell=Explorer.exe msident.exe
F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
F2 - REG:system.ini: Shell=Explorer.exe msjava.exe
F2 - REG:system.ini: Shell=Explorer.exe msjavames.exe
F2 - REG:system.ini: Shell=Explorer.exe msjavaxps.exe
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
F2 - REG:system.ini: Shell=Explorer.exe mssqlsnt.exe
F2 - REG:system.ini: Shell=Explorer.exe osndyrn.exe
F2 - REG:system.ini: Shell=Explorer.exe SndMAX.exe
F2 - REG:system.ini: Shell=explorer.exe SNDVOLTASK.EXE
F2 - REG:system.ini: Shell=Explorer.exe update.exe
F2 - REG:system.ini: Shell=Explorer.exe wincomm.exe
F2 - REG:system.ini: Shell=Explorer.exe windfe.exe
F2 - REG:system.ini: Shell=Explorer.exe winser.exe
F2 - REG:system.ini: Shell=Explorer.exe winservicess.exe
F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: Shell=Explorer.exe winskd.exe
F2 - REG:system.ini: Shell=Explorer.exe winsys.exe
F2 - REG:system.ini: Shell=Explorer.exe wintask32.exe
F2 - REG:system.ini: Shell=Explorer.exe wkssvr.exe
F2 - REG:system.ini: Shell=Explorer.exe wrapper.exe
F2 - REG:system.ini: Shell=Explorer.exe xpjavams.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%Temp%\winlogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,asus.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^^.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%%%.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\W,),),W,*.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\cftmon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,chh.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,creative.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,glossary.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplets.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jconsole.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdn-nt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdnxp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msguard.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msi32info.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msident.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjava.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavames.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavaxps.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mssqlsnt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,osndyrn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,update.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wincomm.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,windfe.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winser.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winskd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winsys.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wintask32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,wkssvr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,wrapper.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjavams.exe
F3 - REG:win.ini: run=c:\windows\system\programas\svchost.exe
F3 - REG:win.ini: run=c:\windows\system32\shellext\czvhost.exe
F3 - REG:win.ini: load=C:\DaNeT\RVHOST.exe
F3 - REG:win.ini: load=C:\Jaws\RVHOST.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\zura\RVHOST.exe
O4 - Startup: MY_C4D.jpg
O4 - Startup: rBot.exe
O4 - Startup: svchost.exe
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: msconfig.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: Wincbr.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: wupdmgr.exe
O4 - HKLM\..\Run: [] ajsha5.exe
O4 - HKLM\..\RunServices: [] ajsha5.exe
O4 - HKCU\..\Run: [] ajsha5.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] fada.exe
O4 - HKLM\..\RunServices: [] fada.exe
O4 - HKCU\..\Run: [] fada.exe
O4 - HKLM\..\Run: [] iexplorer.exe
O4 - HKLM\..\RunServices: [] iexplorer.exe
O4 - HKLM\..\Run: [] ifconfig.exe
O4 - HKLM\..\RunServices: [] ifconfig.exe
O4 - HKCU\..\Run: [] ifconfig.exe
O4 - HKLM\..\Run: [] lsvhostwinlk.exe
O4 - HKLM\..\RunServices: [] lsvhostwinlk.exe
O4 - HKLM\..\Run: [] ne.exe
O4 - HKLM\..\RunServices: [] ne.exe
O4 - HKCU\..\Run: [] ne.exe
O4 - HKLM\..\Run: [] win32sys.exe
O4 - HKLM\..\RunServices: [] win32sys.exe
O4 - HKLM\..\Run: [] winlogom.exe
O4 - HKLM\..\RunServices: [] winlogom.exe
O4 - HKCU\..\Run: [] winlogom.exe
O4 - HKLM\..\Run: [] winxp.exe
O4 - HKLM\..\RunServices: [] winxp.exe
O4 - HKCU\..\Run: [] winxp.exe
O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [:] C:\WINDOWS\rbot.exe
O4 - HKLM\..\Run: [1] system32.exe
O4 - HKLM\..\RunServices: [1] system32.exe
O4 - HKLM\..\Run: [388529725448] AutomaticUpdates.exe
O4 - HKLM\..\RunServices: [388529725448] AutomaticUpdates.exe
O4 - HKCU\..\Run: [388529725448] AutomaticUpdates.exe
O4 - HKLM\..\Run: [4684735485910] netdll32.exe
O4 - HKLM\..\RunServices: [4684735485910] netdll32.exe
O4 - HKCU\..\Run: [4684735485910] netdll32.exe
O4 - HKLM\..\Run: [6435748] winupdates.exe
O4 - HKLM\..\RunServices: [6435748] winupdates.exe
O4 - HKCU\..\Run: [6435748] winupdates.exe
O4 - HKLM\..\Run: [64823457] taskdll32.exe
O4 - HKLM\..\RunServices: [64823457] taskdll32.exe
O4 - HKCU\..\Run: [64823457] taskdll32.exe
O4 - HKLM\..\Run: [.nvsvc] %Appdata%\smss.exe /w
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [.nvsvcb] C:\WINDOWS\System32\smssb.exe
O4 - HKLM\..\Run: [*windows update] wscxt.exe
O4 - HKLM\..\RunServices: [*windows update] wscxt.exe
O4 - HKCU\..\Run: [*windows update] wscxt.exe
O4 - HKLM\..\Run: [aa bbcc dde effgghh jj] update.exe
O4 - HKCU\..\Run: [aa bbcc dde effgghh jj] update.exe
O4 - HKLM\..\Run: [AAMSFree702] C:\windows\system32\sys.exe
O4 - HKLM\..\Run: [Acess2007a] access2007a.exe
O4 - HKLM\..\RunServices: [Acess2007a] access2007a.exe
O4 - HKLM\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKCU\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKLM\..\Run: [Acronis.exe] C:\WINDOWS\Acronis.exe
O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKLM\..\Run: [ActiveScript32] C:\WINDOWS\System32\nod.exe
O4 - HKLM\..\RunServices: [ActiveScript32] C:\WINDOWS\System32\nod.exe
O4 - HKLM\..\Run: [ActiveSync] C:\WINDOWS\System32\wcescom32.exe
O4 - HKCU\..\Run: [ActiveSync] C:\WINDOWS\System32\wcescom32.exe
O4 - HKLM\..\Run: [ADDITIONAL Services] pkgadd.exe
O4 - HKLM\..\RunServices: [ADDITIONAL Services] pkgadd.exe
O4 - HKCU\..\Run: [ADDITIONAL Services] pkgadd.exe
O4 - HKCU\..\RunServices: [ADDITIONAL Services] pkgadd.exe
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnserve.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnserve.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
O4 - HKCU\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\Run: [AdobeReaderPro] subset.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] subset.exe
O4 - HKLM\..\Run: [AdobeReaderPro] updt.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] updt.exe
O4 - HKLM\..\Run: [AdobeReaderPro] winini.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winini.exe
O4 - HKLM\..\Run: [AdobeReaderPro] winslog.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winslog.exe
O4 - HKCU\..\Run: [AdobeReaderPro] winslog.exe
O4 - HKLM\..\Run: [AdobeReaderProfessional] msx64.exe
O4 - HKLM\..\RunServices: [AdobeReaderProfessional] msx64.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [Adobe SpeedLaunch] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Adobe SpeedLaunch] (Random 6 Letter).exe
O4 - HKCU\..\Run: [Adobe SpeedLaunch] (Random 6 Letter).exe
O4 - HKLM\..\Run: [ADSL Rundll32.exe] C:\WINDOWS\system32\helpw86.exe
O4 - HKLM\..\RunServices: [ADSL Rundll32.exe] C:\WINDOWS\system32\helpw86.exe
O4 - HKLM\..\Run: [Advanced Graphics Driver] smvhost.exe
O4 - HKLM\..\RunServices: [Advanced Graphics Driver] smvhost.exe
O4 - HKLM\..\Run: [Ag3nt Servers Nt] ag3nt.exe
O4 - HKLM\..\RunServices: [Ag3nt Servers Nt] ag3nt.exe
O4 - HKLM\..\Run: [America Online 8.0] taskrg.exe
O4 - HKCU\..\RunOnce: [America Online 8.0] taskrg.exe
O4 - HKLM\..\Run: [antike] wingate32.exe
O4 - HKLM\..\RunServices: [antike] wingate32.exe
O4 - HKCU\..\Run: [antike] wingate32.exe
O4 - HKLM\..\Run: [AntiVirus Process] C:\WINDOWS\system32\Com\virprot.exe
O4 - HKLM\..\RunServices: [AntiVirus Process] C:\WINDOWS\system32\Com\virprot.exe
O4 - HKCU\..\Run: [AntiVirus Process] C:\WINDOWS\system32\Com\virprot.exe
O4 - HKLM\..\Run: [Antivirus Startup] C:\WINDOWS\system32\inetsrv\antivir.exe
O4 - HKLM\..\RunServices: [Antivirus Startup] C:\WINDOWS\system32\inetsrv\antivir.exe
O4 - HKCU\..\Run: [Antivirus Startup] C:\WINDOWS\system32\inetsrv\antivir.exe
O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe
O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe
O4 - HKLM\..\Run: [aolupdater.exe] aolupdater.exe
O4 - HKLM\..\RunServices: [aolupdater.exe] aolupdater.exe
O4 - HKLM\..\Run: [Append] C:\WINDOWS\system32\apend.exe
O4 - HKLM\..\Run: [AppletINIT] INITIATE.EXE
O4 - HKCU\..\RunOnce: [AppletINIT] INITIATE.EXE
O4 - HKLM\..\Run: [Application Adapter] abvsvc.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] aIg.exe
O4 - HKLM\..\RunServices: [Application Layer Gateway Service] aIg.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe
O4 - HKLM\..\Run: [Application Layer Scheduler] agtsvc.exe
O4 - HKLM\..\Run: [Application Layer Services] avrsvc.exe
O4 - HKLM\..\Run: [Application Manager] acnsvc.exe
O4 - HKLM\..\Run: [ApplicationProtocolRun] smsbvl32.exe
O4 - HKCU\..\Run: [ApplicationProtocolRun] smsbvl32.exe
O4 - HKLM\..\Run: [Application Task Service] lssys.exe
O4 - HKLM\..\RunServices: [Application Task Service] lssys.exe
O4 - HKLM\..\Run: [asedwes] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKCU\..\Run: [asedwes] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [asnconsole] msasn.exe
O4 - HKLM\..\RunServices: [asnconsole] msasn.exe
O4 - HKLM\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKLM\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - HKLM\..\Run: [ATI] msnmsur.exe
O4 - HKLM\..\Run: [Ati2evxx] C:\WINDOWS\system32\Ati2evxx.com
O4 - HKLM\..\Run: [ATI Active Graphics Card Monitor] C:\WINDOWS\System32\atievx.exe
O4 - HKLM\..\Run: [ATI AS Filter] msnse.exe
O4 - HKLM\..\RunServices: [ATI AS Filter] msnse.exe
O4 - HKCU\..\Run: [ATI AS Filter] msnse.exe
O4 - HKCU\..\RunServices: [ATI AS Filter] msnse.exe
O4 - HKLM\..\Run: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe
O4 - HKLM\..\RunServices: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe
O4 - HKLM\..\Run: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe
O4 - HKLM\..\RunServices: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe
O4 - HKLM\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] atigfx.exe
O4 - HKLM\..\Run: [ATI Video Driver Control] blah.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] blah.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] blah.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] blah.exe
O4 - HKLM..Run: [ATI Video Driver Control] btorrent.exe
O4 - HKLM..RunServices: [ATI Video Driver Control] btorrent.exe
O4 - HKCU..Run: [ATI Video Driver Control] btorrent.exe
O4 - HKCU..RunServices: [ATI Video Driver Control] btorrent.exe
O4 - HKLM\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] pixman.exe
O4 - HKLM\..\Run: [Audio Device Manager] sfhgj.exe
O4 - HKLM\..\Run: [Audio Device Manager] windrivers.exe
O4 - HKLM\..\Run: [Audio Device Manager] winfp.exe
O4 - HKLM\..\Run: [Audio Device Manager] WinNT.exe
O4 - HKLM\..\Run: [Audio Device Manager] WNDXP.exe
O4 - HKLM\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKLM\..\Run: [Automatic Updates] algs.exe
O4 - HKLM\..\Run: [Automatic Updates] wupdmgr32.exe
O4 - HKLM\..\RunServices: [Automatic Updates] wupdmgr32.exe
O4 - HKCU\..\Run: [Automatic Updates] wupdmgr32.exe
O4 - HKCU\..\RunServices: [Automatic Updates] wupdmgr32.exe
O4 - HKLM\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKLM\..\RunServices: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\RunServices: [Automatic Updates] wupdmgr32x.exe
O4 - HKLM\..\Run: [Auto Scroll Loader] (Random 6 Letter).exe
O4 - HKCU\..\RunOnce: [Auto Scroll Loader] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [avast] C:\WINDOWS\troyan.exe
O4 - HKLM\..\Run: [Avast AntiVirus Process] msav.exe
O4 - HKLM\..\RunServices: [Avast AntiVirus Process] msav.exe
O4 - HKLM\..\Run: [Avg AntiVirus PE] av.exe
O4 - HKLM\..\RunServices: [Avg AntiVirus PE] av.exe
O4 - HKLM\..\Run: [Avira Antivir PE] antivir.exe
O4 - HKLM\..\RunServices: [Avira Antivir PE] antivir.exe
O4 - HKLM\..\Run: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe
O4 - HKLM\..\RunServices: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe
O4 - HKCU\..\Run: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe
O4 - HKLM\..\Run: [AVupdate32 Update] AVupdate32.exe
O4 - HKLM\..\RunServices: [AVupdate32 Update] AVupdate32.exe
04 - HKLM\..\Run: [Basic_14_Process.exe] C:\WINDOWS\system32\Basic_14_process.exe
O4 - HKLM\..\Run: [BIG] C:\WINDOWS\system32\biggy.exe
O4 - HKLM\..\Run: [BIOS Config] sytray.exe
O4 - HKLM\..\RunServices: [BIOS Config] sytray.exe
O4 - HKLM\..\Run: [blah service] b0bq4n.exe
O4 - HKLM\..\RunServices: [blah service] b0bq4n.exe
O4 - HKLM\..\Run: [blah service] svchosts.exe
O4 - HKLM\..\RunServices: [blah service] svchosts.exe
O4 - HKLM\..\Run: [blah service.] widows.exe
O4 - HKLM\..\RunServices: [blah service.] widows.exe
O4 - HKLM\..\Run: [blah services] xagwxzy.exe
O4 - HKLM\..\RunServices: [blah services] xagwxzy.exe
O4 - HKLM\..\Run: [blahh service] msengine.exe
O4 - HKLM\..\RunServices: [blahh service] msengine.exe
O4 - HKLM\..\Run: [BLF] C:\WINDOWS\system32\blf.exe
O4 - HKLM\..\Run: [Bluetooth Config] btwindin32.exe
O4 - HKLM\..\RunServices: [Bluetooth Config] btwindin32.exe
O4 - HKCU\..\Run: [Bluetooth Config] btwindin32.exe
O4 - HKCU\..\RunServices: [Bluetooth Config] btwindin32.exe
O4 - HKLM\..\Run: [boat32] boat32.exe
O4 - HKLM\..\RunServices: [boat32] boat32.exe
O4 - HKLM\..\Run: [Boot Check] C:\WINDOWS\system32\bootchk.exe
O4 - HKLM\..\Run: [Boot Client] bootcli.exe
O4 - HKLM\..\Run: [Boot Conf] bootconf.exe
O4 - HKLM\..\Run: [Boot Config] bootconfig.exe
O4 - HKLM\..\Run: [Boot K] bootk.exe
O4 - HKLM\..\Run: [BootLoader] (Random 10 Letter).exe
O4 - HKLM\..\RunServices: [BootLoader] (Random 10 Letter).exe
O4 - HKLM\..\Run: [Boot Server] bootserver.exe
O4 - HKLM\..\Run: [Boot Service] bootservice.exe
O4 - HKLM\..\Run: [Boot Service] bootsv.exe
O4 - HKLM\..\Run: [Boot SFV] Bootsfv.exe
O4 - HKLM\..\Run: [Boot Starter] bootst.exe
O4 - HKLM\..\Run: [Boot Verify] bootvfy.exe
O4 - HKLM\..\Run: [Botnet] blablabla.exe
O4 - HKLM\..\Run: [btmsre.exe] C:\WINDOWS\btmsre.exe
O4 - HKLM\..\Run: [btwdins.exe] C:\WINDOWS\system32\drivers\btwdins.exe
O4 - HKLM\..\Run: [by h1dd3n] lkjgf.exe
O4 - HKCU\..\RunOnce: [by h1dd3n] lkjgf.exe
O4 - HKLM\..\Run: [Call Function System32] C:\WINDOWS\system32\Com\sddriver.exe
O4 - HKLM\..\RunServices: [Call Function System32] C:\WINDOWS\system32\Com\sddriver.exe
O4 - HKCU\..\Run: [Call Function System32] C:\WINDOWS\system32\Com\sddriver.exe
O4 - HKLM\..\Run: [Casino Royale] jamesbond.exe
O4 - HKLM\..\RunServices: [Casino Royale] jamesbond.exe
O4 - HKLM\..\Run: [Catalyst Control Centre] atixvdm.exe
O4 - HKLM\..\RunServices: [Catalyst Control Centre] atixvdm.exe
O4 - HKLM\..\Run: [ccSvcHst.exe] C:\WINDOWS\ccSvcHst.exe
O4 - HKLM\..\Run: [CD AutoPlay] cdplayer.exe
O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe
O4 - HKLM\..\Run: [cftmon] C:\Program Files\Common Files\System\sfcmonit.exe
O4 - HKLM\..\Run: [chcp.exe] C:\WINDOWS\chcp.exe
O4 - HKLM\..\Run: [CHK Disker] chkdsker.exe
O4 - HKLM\..\Run: [CHK NT] chkntf.exe
O4 - HKLM\..\Run: [Ci Svr] cisvr.exe
O4 - HKLM\..\Run: [cleanmgr.exe] C:\WINDOWS\cleanmgr.exe
O4 - HKLM\..\Run: [Clean Mgr] cleanmg.exe
O4 - HKLM\..\Run: [Cli Confg] cliconfig.exe
O4 - HKLM\..\Run: [CLI Services] clisrv.exe
O4 - HKLM\..\Run: [Client Server] C:\WINDOWS\system\csrcs.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\csrs.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe
O4 - HKLM\..\Run: [Client Server Run Time Proccess] csrsrv.exe
O4 - HKLM\..\RunServices: [Client Server Run Time Proccess] csrsrv.exe
O4 - HKLM\..\Run: [Clip Service Manager] clipmg.exe
O4 - HKLM\..\Run: [Clip Servicer] clipsrvc.exe
O4 - HKLM\..\Run: [Clip Srv] clipsv.exe
O4 - HKLM\..\Run: [Command Interpreter] ucmd.exe
O4 - HKLM\..\RunServices: [Command Interpreter] ucmd.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - HKCU\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] msnsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] msnsvc.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] msnsvc.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] rundll42.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] rundll42.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] rundll42.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] rundll42.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] winsvc.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers 32] compq32.exe
O4 - HKLM\..\Run: [Complete Antivirus] complete.exe
O4 - HKLM\..\RunServices: [Complete Antivirus] complete.exe
O4 - HKCU\..\Run: [Complete Antivirus] complete.exe
O4 - HKLM\..\Run: [Computer Driver] scshost.exe
O4 - HKLM\..\RunServices: [Computer Driver] scshost.exe
O4 - HKLM\..\Run: [Configuration] ntsys32.exe
O4 - HKLM\..\RunServices: [Configuration] ntsys32.exe
O4 - HKCU\..\Run: [Configuration] ntsys32.exe
O4 - HKLM\..\Run: [Configuration Loader] cnfgld32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] cnfgld32.exe
O4 - HKLM\..\Run: [Configuration Loader] configldr.exe
O4 - HKLM\..\RunServices: [Configuration Loader] configldr.exe
O4 - HKLM\..\Run: [Configuration Loader] iexpl3re.exe
O4 - HKLM\..\RunServices: [Configuration Loader] iexpl3re.exe
O4 - HKLM\..\Run: [Configuration Loader] iexplore.exe
O4 - HKLM\..\RunServices: [Configuration Loader] iexplore.exe
O4 - HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 - HKLM\..\RunServices: [Configuration Loader] msgfix.exe
O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [Configuration Loader] svchost2.exe
O4 - HKLM\..\RunServices: [Configuration Loader] svchost2.exe
O4 - HKLM\..\Run: [Configuration Loader] syscfg32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] syscfg32.exe
O4 - HKLM\..\Run: [Configuration Loader] sysdevice.exe
O4 - HKLM\..\RunServices: [Configuration Loader] sysdevice.exe
O4 - HKLM\..\RunServices: [Configuration Loader] loadcfg32.exe
O4 - HKLM\..\Run: [Configuration Servecie] sewins.exe
O4 - HKLM\..\RunServices: [Configuration Servecie] sewins.exe
O4 - HKCU\..\Run: [Configuration Servecie] sewins.exe
O4 - HKLM\..\Run: [Configuration win32] cnfgld32.exe
O4 - HKLM\..\RunServices: [Configuration win32] cnfgld32.exe
O4 - HKLM\..\Run: [control panel software service] cprs.exe
O4 - HKLM\..\RunServices: [control panel software service] cprs.exe
O4 - HKCU\..\Run: [control panel software service] cprs.exe
O4 - HKLM\..\Run: [Core Process Aplication] C:\WINDOWS\system32\Com\ccapl.exe
O4 - HKLM\..\RunServices: [Core Process Aplication] C:\WINDOWS\system32\Com\ccapl.exe
O4 - HKCU\..\Run: [Core Process Aplication] C:\WINDOWS\system32\Com\ccapl.exe
O4 - HKLM\..\Run: [Core Process Aplication x16] C:\WINDOWS\system32\Com\ccapl16.exe
O4 - HKLM\..\RunServices: [Core Process Aplication x16] C:\WINDOWS\system32\Com\ccapl16.exe
O4 - HKCU\..\Run: [Core Process Aplication x16] C:\WINDOWS\system32\Com\ccapl16.exe
O4 - HKLM\..\Run: [Core Process Aplication x32] C:\WINDOWS\system32\Com\ccapl32.exe
O4 - HKLM\..\RunServices: [Core Process Aplication x32] C:\WINDOWS\system32\Com\ccapl32.exe
O4 - HKCU\..\Run: [Core Process Aplication x32] C:\WINDOWS\system32\Com\ccapl32.exe
O4 - HKLM\..\Run: [Core System Hardware] syscorehd.exe
O4 - HKLM\..\Run: [Corporate Microsoft Update] uptask.exe
O4 - HKLM\..\RunServices: [Corporate Microsoft Update] uptask.exe
O4 - HKLM\..\Run: [Counterstrike Service Agent] czrzns.exe
O4 - HKLM\..\RunServices: [Counterstrike Service Agent] czrzns.exe
O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe
O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe
O4 - HKLM\..\Run: [CPMP32 Settings] cpmp32.exe
O4 - HKLM\..\RunServices: [CPMP32 Settings] cpmp32.exe
O4 - HKCU\..\Run: [CPMP32 Settings] cpmp32.exe
O4 - HKLM\..\Run: [CPVHOST Settings] cpvhost.exe
O4 - HKLM\..\RunServices: [CPVHOST Settings] cpvhost.exe
O4 - HKCU\..\Run: [CPVHOST Settings] cpvhost.exe
O4 - HKLM\..\Run: [CRC Value Verifier] crsss64.exe
O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss64.exe
O4 - HKCU\..\Run: [CRC Value Verifier] crsss64.exe
O4 - HKLM\..\Run: [CRCSS] crcss.exe
O4 - HKLM\..\Run: [Creates Files Systems Protections] C:\WINDOWS\system32\inetsrv\csrs.exe
O4 - HKLM\..\RunServices: [Creates Files Systems Protections] C:\WINDOWS\system32\inetsrv\csrs.exe
O4 - HKCU\..\Run: [Creates Files Systems Protections] C:\WINDOWS\system32\inetsrv\csrs.exe
O4 - HKLM\..\Run: [Creates R Files Systems] C:\WINDOWS\system32\inetsrv\crsss.exe
O4 - HKLM\..\RunServices: [Creates R Files Systems] C:\WINDOWS\system32\inetsrv\crsss.exe
O4 - HKCU\..\Run: [Creates R Files Systems] C:\WINDOWS\system32\inetsrv\crsss.exe
O4 - HKLM\..\Run: [Creates Remote Systems] C:\WINDOWS\system32\inetsrv\crs.exe
O4 - HKLM\..\RunServices: [Creates Remote Systems] C:\WINDOWS\system32\inetsrv\crs.exe
O4 - HKCU\..\Run: [Creates Remote Systems] C:\WINDOWS\system32\inetsrv\crs.exe
O4 - HKLM\..\Run: [Creates stractures for system management] C:\WINDOWS\system32\inetsrv\stacture.exe
O4 - HKLM\..\RunServices: [Creates stractures for system management] C:\WINDOWS\system32\inetsrv\stacture.exe
O4 - HKCU\..\Run: [Creates stractures for system management] C:\WINDOWS\system32\inetsrv\stacture.exe
O4 - HKLM\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKLM\..\RunServices: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\RunServices: [Creative Audio Drivers] creative.exe
O4 - HKLM\..\Run: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunOnce: [Creative Devldr32] devldr32exe
O4 - HKCU\..\Run: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunOnce: [Creative Devldr32] devldr32exe
O4 - HKLM\..\Run: [Critical sysup] syncinups.exe
O4 - HKLM\..\RunServices: [Critical sysup] syncinups.exe
O4 - HKLM\..\Run: [crmssrlt] (Random 8 Letter).exe
O4 - HKCU\..\Run: [crmssrlt] (Random 8 Letter).exe
O4 - HKLM\..\Run: [CRP386 Networking] crp386.exe
O4 - HKLM\..\RunServices: [CRP386 Networking] crp386.exe
O4 - HKCU\..\Run: [CRP386 Networking] crp386.exe
O4 - HKLM\..\Run: [CRSSXP SysInfo] crssxp.exe
O4 - HKLM\..\RunServices: [CRSSXP SysInfo] crssxp.exe
O4 - HKCU\..\Run: [CRSSXP SysInfo] crssxp.exe
O4 - HKLM\..\Run: [cScripts] cscripts.exe
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\ssms.exe
O4 - HKLM\..\Run: [Csrss Host] csrhost.exe
O4 - HKLM\..\Run: [csrvss] csrvss.exe
O4 - HKLM\..\RunServices: [csrvss] csrvss.exe
O4 - HKLM\..\Run: [ctrmode] -C:\WINDOWS\ctrmode.exe
O4 - HKLM\..\Run: [Current32] msnpla.exe
O4 - HKLM\..\RunServices: [Current32] msnpla.exe
O4 - HKLM\..\Run: [cxsemse] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKCU\..\Run: [cxsemse] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [DateTimeUpdater] %windir%\system\rundll.exe
O4 - HKLM\..\Run: [DCOM CNF] dcomcnf.exe
O4 - HKLM\..\Run: [Dcom Helper] dcmhlp.exe
O4 - HKLM\..\RunServices: [Dcom Helper] dcmhlp.exe
O4 - HKCU\..\Run: [Dcom Helper] dcmhlp.exe
O4 - HKLM\..\Run: [Dcom Helper] utorrent.exe
O4 - HKLM\..\RunServices: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [Dcom Helper] utorrent.exe
O4 - HKLM\..\Run: [DDE Sharer] ddesharer.exe
O4 - HKLM\..\Run: [Defrag FAT32] dfrgfat32.exe
O4 - HKLM\..\Run: [DELXP Protocol] delxp.exe
O4 - HKLM\..\RunServices: [DELXP Protocol] delxp.exe
O4 - HKCU\..\Run: [DELXP Protocol] delxp.exe
O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\Run: [Development Environment] C:\WINDOWS\system32\devenv.exe
O4 - HKLM\..\Run: [Device Hardware] devicehnd.exe
O4 - HKLM\..\Run: [Device IO System] deviceio.exe
O4 - HKLM\..\Run: [Device Manager] wfxmgr.exe
O4 - HKLM\..\RunServices: [Device Manager] wfxmgr.exe
O4 - HKLM\..\Run: [Device Security] dvcsecure.exe
O4 - HKLM\..\Run: [Device Security Driver] devicesec.exe
O4 - HKLM\..\Run: [Device Security Manager] dvcsecure.exe
O4 - HKLM\..\Run: [dfkj] C:\WINDOWS\system32\win32sp.exe
O4 - HKLM\..\RunServices: [dfkj] C:\WINDOWS\system32\win32sp.exe
O4 - HKLM\..\Run: [DirectX Driver] stdhost.exe
O4 - HKLM\..\RunServices: [DirectX Driver] stdhost.exe
O4 - HKLM\..\Run: [Directx Startup Drivers] C:\WINDOWS\system32\inetsrv\direct.exe
O4 - HKLM\..\RunServices: [Directx Startup Drivers] C:\WINDOWS\system32\inetsrv\direct.exe
O4 - HKCU\..\Run: [Directx Startup Drivers] C:\WINDOWS\system32\inetsrv\direct.exe
O4 - HKLM\..\Run: [DirectX9] %Temp%\direct3d.exe
O4 - HKLM\..\Run: [Disk Defragmentation Loader] pmsvcr.exe
O4 - HKLM\..\Run: [Disk Essensial Tools] detsvc.exe
O4 - HKLM\..\Run: [Disk Panel Configuration] dpcsvc.exe
O4 - HKLM\..\Run: [Disk Panel Setup] npcsvc.exe
O4 - HKLM\..\Run: [Display Device Driver] winadll.exe
O4 - HKLM\..\RunServices: [Display Device Driver] winadll.exe
O4 - HKLM\..\Run: [DIVX Video Player] DIVXPloyer.exe
O4 - HKLM\..\RunServices: [DIVX Video Player] DIVXPloyer.exe
O4 - HKLM\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKLM\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKLM\..\Run: [dllcvss] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKCU\..\Run: [dllcvss] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [DLL executes156] xg165.exe
O4 - HKLM\..\RunServices: [DLL executes156] xg165.exe
O4 - HKCU\..\Run: [DLL executes156] xg165.exe
O4 - HKCU\..\RunServices: [DLL executes156] xg165.exe
O4 - HKLM\..\Run: [DLLHost] C:\WINDOWS\system32\dllhst.exe
O4 - HKLM\..\Run: [DNS Service] C:\WINDOWS\system32\dnssvc.exe
O4 - HKLM\..\Run: [DRam Monitor 23] tskman3.exe
O4 - HKLM\..\RunServices: [DRam Monitor 23] tskman3.exe
O4 - HKLM\..\Run: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\RunServices: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\Run: [DRam prosessor] dll.exe
O4 - HKLM\..\RunServices: [DRam prosessor] dll.exe
O4 - HKLM\..\Run: [DRam prosessor] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [DRam prosessor] (Random 6 Letter).exe
O4 - HKLM\..\Run: [DRam prosessor] DTBoT.exe
O4 - HKLM\..\RunServices: [DRam prosessor] DTBoT.exe
O4 - HKLM\..\Run: [DRam prosessor] HWAPI.exe
O4 - HKLM\..\RunServices: [DRam prosessor] HWAPI.exe
O4 - HKLM\..\Run: [DRam prosessor] mngr.exe
O4 - HKLM\..\RunServices: [DRam prosessor] mngr.exe
O4 - HKLM\..\Run: [DRam prosessor] msconfig.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msconfig.exe
O4 - HKLM\..\Run: [DRam prosessor] msupdate.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msupdate.exe
O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKLM\..\Run: [DRam prosessor] System32.exe
O4 - HKLM\..\RunServices: [DRam prosessor] System32.exe
O4 - HKLM\..\Run: [DRam prosessor] Task.exe
O4 - HKLM\..\RunServices: [DRam prosessor] Task.exe
O4 - HKLM\..\Run: [DRam prosessor] TskMngr.exe
O4 - HKLM\..\RunServices: [DRam prosessor] TskMngr.exe
O4 - HKLM\..\Run: [DRam prosessor] Winsyncupxxx.exe
O4 - HKLM\..\RunServices: [DRam prosessor] Winsyncupxxx.exe
O4 - HKLM\..\Run: [DRam prosessor] winsys.exe
O4 - HKLM\..\RunServices: [DRam prosessor] winsys.exe
O4 - HKLM\..\Run: [DRam prosessor] winupdate.exe
O4 - HKLM\..\RunServices: [DRam prosessor] winupdate.exe
O4 - HKLM\..\Run: [DRam prosessor] Windws.exe
O4 - HKLM\..\RunServices: [DRam prosessor] Windws.exe
O4 - HKLM\..\Run: [DRam rar proc] winupdaterar.exe
O4 - HKLM\..\RunServices: [DRam rar proc] winupdaterar.exe
O4 - HKLM\..\Run: [DRam rare proc] updaterarwin.exe
O4 - HKLM\..\RunServices: [DRam rare proc] updaterarwin.exe
O4 - HKLM\..\Run: [Drammm] lolla.exe
O4 - HKLM\..\RunServices: [Drammm] lolla.exe
O4 - HKLM\..\Run: [DRan posessor] DAP.exe
O4 - HKLM\..\RunServices: [DRan posessor] DAP.exe
O4 - HKLM\..\Run: [drimmsd] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Driver] h.exe
O4 - HKLM\..\RunServices: [Driver] h.exe
O4 - HKCU\..\Run: [Driver] h.exe
O4 - HKCU\..\RunServices: [Driver] h.exe
O4 - HKLM\..\Run: [DRM Upgrade] drmupgd.exe
O4 - HKLM\..\Run: [dsd] zz.exe
O4 - HKLM\..\RunServices: [dsd] zz.exe
O4 - HKCU\..\Run: [dsd] zz.exe
O4 - HKCU\..\RunServices: [dsd] zz.exe
O4 - HKLM\..\Run: [DumpPrep] Isass32.exe
O4 - HKLM\..\RunServices: [DumpPrep] Isass32.exe
O4 - HKCU\..\Run: [DumpPrep] Isass32.exe
O4 - HKCU\..\RunServices: [DumpPrep] Isass32.exe
O4 - HKLM\..\Run: [DVD Upgrade] dvdupgd.exe
O4 - HKLM\..\Run: [dxdiag diagnose] msidxdia.exe
O4 - HKLM\..\RunServices: [dxdiag diagnose] msidxdia.exe
O4 - HKCU\..\Run: [dxdiag diagnose] msidxdia.exe
O4 - HKCU\..\RunServices: [dxdiag diagnose] msidxdia.exe
O4 - HKLM\..\Run: [dxo] dxo.exe
O4 - HKLM\..\RunServices: [dxo] dxo.exe
O4 - HKCU\..\Run: [dxo] dxo.exe
O4 - HKLM\..\Run: [Dynamic Dns Binary] cmd16.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] cmd16.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] cmd16.exe
O4 - HKLM\..\Run: [Eclipse Environment] C:\WINDOWS\system32\eclipse.exe
O4 - HKLM\..\Run: [EcoLite] polyair.exe
O4 - HKLM\..\RunServices: [EcoLite] polyair.exe
O4 - HKCU\..\Run: [EcoLite] polyair.exe
O4 - HKLM\..\Run: [Edzy AntiVirus] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Edzy AntiVirus] (Random 6 Letter).exe
O4 - HKLM\..\Run: [ehSched] C:\WINDOWS\system\ehSched.exe
O4 - HKLM\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe
O4 - HKCU\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe
O4 - HKLM\..\Run: [emre1] emre1.exe
O4 - HKLM\..\RunServices: [emre1] emre1.exe
O4 - HKCU\..\Run: [emre1] emre1.exe
O4 - HKLM\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKLM\..\RunServices: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKCU\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKLM\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe
O4 - HKCU\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe
O4 - HKLM\..\Run: [ethernet] msftp.exe
O4 - HKLM\..\RunServices: [ethernet] msftp.exe
O4 - HKLM\..\Run: [ethernet adapter] csrmss.exe
O4 - HKLM\..\RunServices: [ethernet adapter] csrmss.exe
O4 - HKLM\..\Run: [Ethernet Driver] cmsrrs.exe
O4 - HKLM\..\RunServices: [Ethernet Driver] cmsrrs.exe
O4 - HKLM\..\Run: [Ethernet Drivers] smrrs.exe
O4 - HKLM\..\RunServices: [Ethernet Drivers] smrrs.exe
O4 - HKLM\..\Run: [Ethernet Linking] ethernet.exe
O4 - HKLM\..\Run: [EUP Service] C:\WINDOWS\system32\eupsvc.exe
O4 - HKLM\..\Run: [Event Manager] C:\WINDOWS\system32\eventmgr.exe
O4 - HKLM\..\Run: [exn] C:\WINDOWS\system32\exn.exe
O4 - HKLM\..\Run: [expcrt] C:\WINDOWS\system32\liscrts.exe
O4 - HKCU\..\Run: [expcrt] C:\WINDOWS\system32\liscrts.exe
O4 - HKLM\..\Run: [Expl0rer soft] expl0rer.pif
O4 - HKLM\..\RunServices: [Expl0rer soft] expl0rer.pif
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\CRSVS.exe
O4 - HKLM\..\Run: [explorer] iexplore.exe
O4 - HKLM\..\RunServices: [explorer] iexplore.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\scif\explorer.exe
O4 - HKLM\..\Run: [Explorer6.1.EXE] Explorer.exe
O4 - HKLM\..\RunServices: [Explorer6.1.EXE] Explorer.exe
O4 - HKCU\..\Run: [Explorer6.1.EXE] Explorer.exe
O4 - HKLM\..\Run: [FC Tilecom] Tilecomfc.com
O4 - HKLM\..\RunServices: [FC Tilecom] Tilecomfc.com
O4 - HKLM\..\Run: [Fdaemon security] C:\WINDOWS\system32\Com\fsecur.exe
O4 - HKLM\..\RunServices: [Fdaemon security] C:\WINDOWS\system32\Com\fsecur.exe
O4 - HKCU\..\Run: [Fdaemon security] C:\WINDOWS\system32\Com\fsecur.exe
O4 - HKLM\..\Run: [fgggfd] lockx.exe
O4 - HKLM\..\RunServices: [fgggfd] lockx.exe
O4 - HKCU\..\Run: [fgggfd] lockx.exe
O4 - HKLM\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKLM\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - HKLM\..\Run: [File Protection Monitor] C:\WINDOWS\system32\Com\filemon.exe
O4 - HKLM\..\RunServices: [File Protection Monitor] C:\WINDOWS\system32\Com\filemon.exe
O4 - HKCU\..\Run: [File Protection Monitor] C:\WINDOWS\system32\Com\filemon.exe
O4 - HKLM\..\Run: [File-Sharing Wizard] shwizard.exe
O4 - HKLM\..\Run: [File System] taskmqr.exe
O4 - HKLM\..\RunServices: [File System] taskmqr.exe
O4 - HKCU\..\Run: [File System] taskmqr.exe
O4 - HKLM\..\Run: [File System] taskmqrs.exe
O4 - HKLM\..\RunServices: [File System] taskmqrs.exe
O4 - HKCU\..\Run: [File System] taskmqrs.exe
O4 - HKLM\..\Run: [Files Driver] sfdhost.exe
O4 - HKLM\..\RunServices: [Files Driver] sfdhost.exe
O4 - HKLM\..\Run: [FireExplore Update] FireExplore.exe
O4 - HKLM\..\RunServices: [FireExplore Update] FireExplore.exe
O4 - HKLM\..\Run: [Firefox Plugin Manager] firefoxpgm.exe
O4 - HKLM\..\Run: [Firewall] C:\WINDOWS\ctfmon.exe
O4 - HKLM\..\Run: [Firewall Controls] sys32.exe
O4 - HKLM\..\RunServices: [Firewall Controls] sys32.exe
O4 - HKCU\..\Run: [Firewall Controls] sys32.exe
O4 - HKCU\..\RunServices: [Firewall Controls] sys32.exe
O4 - HKLM\..\Run: [Firewall DRV] spfhost.exe
O4 - HKLM\..\RunServices: [Firewall DRV] spfhost.exe
O4 - HKLM\..\Run: [Flash Driver] %Temp%\winlogon.exe
O4 - HKLM\..\Run: [Flash Media] %Temp%\services.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%%%.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^^.exe
O4 - HKLM\..\Run: [Flash Player2] %Temp%\services.exe
O4 - HKLM\..\Run: [flxplamis] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe
O4 - HKLM\..\Run: [Font Viewer] fontviewer.exe
O4 - HKLM\..\Run: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\RunServices: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\Run: [F-Secure Gatekeeper] taskmon.exe
O4 - HKLM\..\Run: [FW Manager] C:\WINDOWS\system32\fwcheck.exe
O4 - HKLM\..\Run: [gangsta] C:\WINDOWS\System32\gangsta.exe
O4 - HKLM\..\Run: [gcasServ32] gcasServ32.exe
O4 - HKCU\..\RunOnce: [gcasServ32] gcasServ32.exe
O4 - HKLM\..\Run: [Generic Host Process for Win Services] mscvs.exe
O4 - HKLM\..\RunServices: [Generic Host Process for Win Services] mscvs.exe
O4 - HKLM\..\RunOnce: [Generic Host Process for Win Services] mscvs.exe
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\system\winlogon.exe
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] svchosts.exe
O4 - HKLM\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe
O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] svchosts.exe
O4 - HKCU\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe
O4 - HKLM\..\Run: [Genius Mose Driver] svghost.exe
O4 - HKLM\..\RunServices: [Genius Mose Driver] svghost.exe
O4 - HKLM\..\Run: [Ghost Relay] C:\WINDOWS\system32\W,),),W,*exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\update1.exe
O4 - HKLM\..\Run: [google] google.exe
O4 - HKLM\..\RunServices: [google] google.exe
O4 - HKLM\..\Run: [Google service] Googlesetup.exe
O4 - HKLM\..\RunServices: [Google service] Googlesetup.exe
O4 - HKLM\..\Run: [Google Service FR] GO0GLEFREE.EXE
O4 - HKLM\..\RunServices: [Google Service FR] GO0GLEFREE.EXE
O4 - HKCU\..\Run: [Google Service FR] GO0GLEFREE.EXE
O4 - HKLM\..\Run: [GP Updater] gpupdater.exe
O4 - HKLM\..\Run: [Graphic Update] %temp%\msnmsgr.exe
O4 - HKLM\..\Run: [Graphic Update] %Temp%\msnmsgs.exe
O4 - HKLM\..\Run: [Graphic Update] C:\WINDOWS\system32\openglx.exe
O4 - HKLM\..\Run: [gummy] C:\WINDOWS\system32\gummy.exe
O4 - HKLM\..\Run: [HanUpdate] hanz.exe
O4 - HKLM\..\RunServices: [HanUpdate] hanz.exe
O4 - HKCU\..\Run: [HanUpdate] hanz.exe
O4 - HKLM\..\Run: [Hardware Shell Detection] WinHSD.exe
O4 - HKLM\..\RunServices: [Hardware Shell Detection] WinHSD.exe
O4 - HKCU\..\Run: [Hardware Shell Detection] WinHSD.exe
O4 - HKLM\..\Run: [hcksys32.exe] hck.exe
O4 - HKLM\..\RunServices: [hcksys32.exe] hck.exe
O4 - HKLM\..\Run: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe
O4 - HKLM\..\RunServices: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe
O4 - HKCU\..\Run: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe
O4 - HKLM\..\Run: [Hostname Manager Server] C:\WINDOWS\system32\inetsrv\host32srv.exe
O4 - HKLM\..\RunServices: [Hostname Manager Server] C:\WINDOWS\system32\inetsrv\host32srv.exe
O4 - HKCU\..\Run: [Hostname Manager Server] C:\WINDOWS\system32\inetsrv\host32srv.exe
O4 - HKLM\..\Run: [hotfix] msnnmaneger.exe
O4 - HKLM\..\RunServices: [hotfix] msnnmaneger.exe
O4 - HKLM\..\RunOnce: [hotfix] msnnmaneger.exe
O4 - HKCU\..\Run: [hotfix] msnnmaneger.exe
O4 - HKCU\..\RunOnce: [hotfix] msnnmaneger.exe
O4 - HKLM\..\Run: [hotefix] msnmanegers.exe
O4 - HKLM\..\RunServices: [hotefix] msnmanegers.exe
O4 - HKLM\..\RunOnce: [hotefix] msnmanegers.exe
O4 - HKCU\..\Run: [hotefix] msnmanegers.exe
O4 - HKCU\..\RunOnce: [hotefix] msnmanegers.exe
O4 - HKLM\..\Run: [HOT FIX] Gothic.exe
O4 - HKLM\..\RunOnce: [HOT FIX] Gothic.exe
O4 - HKLM\..\RunServices: [HOT FIX] Gothic.exe
O4 - HKCU\..\Run: [HOT FIX] Gothic.exe
O4 - HKCU\..\RunOnce: [HOT FIX] Gothic.exe
O4 - HKLM\..\Run: [HOT FIX] windsys2.exe
O4 - HKLM\..\RunOnce: [HOT FIX] windsys2.exe
O4 - HKLM\..\RunServices: [HOT FIX] windsys2.exe
O4 - HKCU\..\Run: [HOT FIX] windsys2.exe
O4 - HKCU\..\RunOnce: [HOT FIX] windsys2.exe
O4 - HKLM\..\Run: [htssv32.exe] C:\WINDOWS\htssv32.exe
O4 - HKLM\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKLM\..\RunServices: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\RunServices: [HTTP Tunneling Server] mstunnel.exe
O4 - HKLM\..\Run: [icccomp] (Random 8 Letter).exe
O4 - HKCU\..\Run: [icccomp] (Random 8 Letter).exe
O4 - HKLM\..\Run: [idlesam] (Random 8 Letter).exe
O4 - HKCU\..\Run: [idlesam] (Random 8 Letter).exe
O4 - HKLM\..\Run: [idmlssp] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKCU\..\Run: [idmlssp] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [IE6] winsnt.exe
O4 - HKLM\..\RunServices: [IE6] winsnt.exe
O4 - HKLM\..\Run: [IE6] ypag3r.exe
O4 - HKLM\..\RunServices: [IE6] ypag3r.exe
O4 - HKLM\..\Run: [IEexplorer AUpdate] IEexplore32.exe
O4 - HKLM\..\RunServices: [IEexplorer AUpdate] IEexplore32.exe
O4 - HKLM\..\Run: [iesetup7b] iesetup7b.exe
O4 - HKLM\..\RunRunServices: [iesetup7b] iesetup7b.exe
O4 - HKLM\..\Run: [iesetupi.exe] iesetupi.exe
O4 - HKLM\..\RunServices: [iesetupi.exe] iesetupi.exe
O4 - HKLM\..\Run: [IEUpdate] ieupdate.exe
O4 - HKLM\..\RunServices: [IEUpdate] ieupdate.exe
O4 - HKCU\..\Run: [IEUpdate] ieupdate.exe
O4 - HKCU\..\Run: [iexplor.exe] C:\WINDOWS\system32\iexplor.exe
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [iexplore] iexplore.exe
O4 - HKLM\..\RunServices: [iexplore] iexplore.exe
O4 - HKLM\..\Run: [iExplore Ini] ie4uini.exe
O4 - HKLM\..\Run: [iexplore start] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [iexplore start] IEXPLORE.EXE
O4 - HKLM\..\Run: [IExplorer] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKLM\..\RunServices: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKCU\..\Run: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKCU\..\Run: [IExplorerService] C:\WINDOWS\system32\WinSock.exe
O4 - HKLM\..\Run: [iExpresser] iexpresser.exe
O4 - HKLM\..\Run: [Image Remote Players] sysvn.exe
O4 - HKLM\..\Run: [Index Service] dllhost32.exe
O4 - HKLM\..\RunServices: [Index Service] dllhost32.exe
O4 - HKLM\..\Run: [InstallTheme] Lune.exe
O4 - HKLM\..\RunServices: [InstallTheme] Lune.exe
O4 - HKCU\..\Run: [InstallTheme] Lune.exe
O4 - HKLM\..\Run: [Instant Messenger Service] imservice.exe
O4 - HKLM\..\Run: [Intec Service Drivers] msconfig32x.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] msconfig32x.exe
O4 - HKCU\..\Run: [Intec Service Drivers] msconfig32x.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] msconfig32x.exe
O4 - HKLM\..\Run: [Intec Service Drivers] msmsgr.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] msmsgr.exe
O4 - HKCU\..\Run: [Intec Service Drivers] msmsgr.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] msmsgr.exe
O4 - HKLM\..\Run: [Intec Service Drivers] msmsgrs.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] msmsgrs.exe
O4 - HKCU\..\Run: [Intec Service Drivers] msmsgrs.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] msmsgrs.exe
O4 - HKLM\..\Run: [Intec Service Drivers] mss.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] mss.exe
O4 - HKCU\..\Run: [Intec Service Drivers] mss.exe
O4 - HKLM\..\Run: [Intec Service Drivers] ntservice.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] ntservice.exe
O4 - HKCU\..\Run: [Intec Service Drivers] ntservice.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] ntservice.exe
O4 - HKLM\..\Run: [Intec Service Drivers] tktest.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] tktest.exe
O4 - HKCU\..\Run: [Intec Service Drivers] tktest.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] tktest.exe
O4 - HKLM\..\Run: [Intec Service Drivers] C:\WINDOWS\system32\wing32.exe
O4 - HKCU\..\Run: [Intec Service Drivers] C:\WINDOWS\system32\wing32.exe
O4 - HKLM\..\Run: [Intec Services Driverrs] winrvc.exe
O4 - HKLM\..\RunServices: [Intec Services Driverrs] winrvc.exe
O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe
O4 - HKLM\..\Run: [Internal Memory File] sysintmemory.exe
O4 - HKLM\..\RunServices: [Internal Memory File] sysintmemory.exe
O4 - HKCU\..\Run: [Internal Memory File] sysintmemory.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\alm7tas.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\alm7tas.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\alota.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\alota.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\l1nksys.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\l1nksys.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\msn.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\msn.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\System32\nteusodp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\System32\nteusodp.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\wins.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\wins.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\WinSecUp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\WinSecUp.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\WinSecUps.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\WinSecUps.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\System32\WinSUp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\System32\WinSUp.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\wints.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\wints.exe
O4 - HKLM\..\Run: [internet] winsas32.exe
O4 - HKLM\..\RunServices: [internet] winsas32.exe
O4 - HKCU\..\Run: [internet] winsas32.exe
O4 - HKLM\..\Run: [InternetExplorer2] C:\WINDOWS\System32\windows.exe
O4 - HKLM\..\RunServices: [InternetExplorer2] C:\WINDOWS\System32\windows.exe
O4 - HKLM\..\Run: [InternetExplorer32] iexplore32.exe
O4 - HKLM\..\RunServices: [InternetExplorer32] iexplore32.exe
O4 - HKLM\..\Run: [Internet Application Driver] C:\WINDOWS\system32\expIorer.exe
O4 - HKLM\..\RunServices: [Internet Application Driver] C:\WINDOWS\system32\expIorer.exe
O4 - HKLM\..\Run: [INTERNET EXPLORER] iexpllore.exe
O4 - HKLM\..\RunServices: [INTERNET EXPLORER] iexpllore.exe
O4 - HKCU\..\Run: [INTERNET EXPLORER] iexpllore.exe
O4 - HKLM\..\Run: [INTERNET EXPLORER] iexplor.exe
O4 - HKLM\..\RunServices: [INTERNET EXPLORER] iexplor.exe
O4 - HKCU\..\Run: [INTERNET EXPLORER] iexplor.exe
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [Internet Explorer 6.0] iexplore.exe
O4 - HKLM\..\RunServices: [Internet Explorer 6.0] iexplore.exe
O4 - HKCU\..\Run: [Internet Explorer 6.0] iexplore.exe
O4 - HKCU\..\RunServices: [Internet Explorer 6.0] iexplore.exe
O4 - HKLM\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKLM\..\RunServices: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\RunServices: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\Run: [internet security manager] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe
O4 - HKLM\..\Run: [Internet Security Service] msq23.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msq23.exe
O4 - HKCU\..\Run: [Internet Security Service] msq23.exe
O4 - HKLM\..\Run: [Internet Security Service] msq32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msq32.exe
O4 - HKCU\..\Run: [Internet Security Service] msq32.exe
O4 - HKLM\..\Run: [Internet Security Service] msql23.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msql23.exe
O4 - HKCU\..\Run: [Internet Security Service] msql23.exe
O4 - HKLM\..\Run: [Internet Security Service] mysqlwin32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] mysqlwin32.exe
O4 - HKCU\..\Run: [Internet Security Service] mysqlwin32.exe
O4 - HKLM\..\Run: [Internet Security Service] ssyst3m32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] ssyst3m32.exe
O4 - HKCU\..\Run: [Internet Security Service] ssyst3m32.exe
O4 - HKLM\..\Run: [internet service] svho0st98.exe
O4 - HKLM\..\RunServices: [internet service] svho0st98.exe
O4 - HKLM\..\Run: [Internet Service Provider] C:\WINDOWS\system32\ispinstall.exe
O4 - HKLM\..\RunServices: [Internet Service Provider] C:\WINDOWS\system32\ispinstall.exe
O4 - HKLM\..\Run: [Intranet] schost.exe
O4 - HKLM\..\RunServices: [Intranet] schost.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] system32.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] system32.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] system32.exe
O4 - HKLM\..\Run: [IPLog Security] iplogsec.exe
O4 - HKLM\..\Run: [Ipod Help] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Ipod Help] (Random 9 Letter).exe
O4 - HKCU\..\Run: [Ipod Help] (Random 9 Letter).exe
O4 - HKLM\..\Run: [iPSec7] ipsec7.exe
O4 - HKLM\..\Run: [iPX Router] ipxrouter.exe
O4 - HKLM\..\Run: [IRQ Assigning Agent] IRQconf.exe
O4 - HKLM\..\RunServices: [IRQ Assigning Agent] IRQconf.exe
O4 - HKLM\..\Run: [ISPSERVICE] C:\WINDOWS\system32\wintmp.exe
O4 - HKLM\..\Run: [iTunes Music] iTunesHelper32.exe
O4 - HKLM\..\RunServices: [iTunes Music] iTunesHelper32.exe
O4 - HKLM\..\Run: [ivhost] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [ivhost] (Random 6 Letter).exe
O4 - HKCU\..\Run: [ivhost] (Random 6 Letter).exe
O4 - HKLM\..\Run: [JA Config 32] Awesome32.exe
O4 - HKLM\..\RunServices: [JA Config 32] Awesome32.exe
O4 - HKCU\..\Run: [JA Config 32] Awesome32.exe
O4 - HKLM\..\Run: [java] system.exe
O4 - HKLM\..\RunServices: [java] system.exe
O4 - HKLM\..\Run: [Java32 Configuration Loader] msnmesgr.exe
O4 - HKLM\..\RunServices: [Java32 Configuration Loader] msnmesgr.exe
O4 - HKCU\..\Run: [Java32 Configuration Loader] msnmesgr.exe
O4 - HKLM\..\Run: [Java Runtime Environment] C:\WINDOWS\system32\jbuild.exe
O4 - HKLM\..\Run: [Java Runtime Value] runjava.exe
O4 - HKLM\..\RunServices: [Java Runtime Value] runjava.exe
O4 - HKCU\..\Run: [Java Runtime Value] runjava.exe
O4 - HKCU\..\RunServices: [Java Runtime Value] runjava.exe
O4 - HKLM\..\Run: [Java Softe] Java32.com
O4 - HKLM\..\RunServices: [Java Softe] Java32.com
O4 - HKLM\..\Run: [Javascript] C:\WINDOWS\system32\jscript.exe
O4 - HKLM\..\Run: [Java Update] nod.exe
O4 - HKLM\..\RunServices: [Java Update] nod.exe
O4 - HKCU\..\Run: [Java Update] nod.exe
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [Jufualt] j2.exe
O4 - HKCU\..\Run: [Jufualt] j2.exe
O4 - HKLM\..\Run: [JvcHost] jvcsvc32.exe
O4 - HKLM\..\RunServices: [JvcHost] jvcsvc32.exe
O4 - HKLM\..\Run: [JW Manager] jwmngr.exe
O4 - HKLM\..\Run: [JXL Radio] jxl.exe
O4 - HKLM\..\RunServices: [JXL Radio] jxl.exe
O4 - HKCU\..\Run: [JXL Radio] jxl.exe
O4 - HKCU\..\RunServices: [JXL Radio] jxl.exe
O4 - HKLM\..\Run: [kaspersky32] kasperskyLabs32.exe
O4 - HKLM\..\RunServices: [kaspersky32] kasperskyLabs32.exe
O4 - HKLM\..\Run: [Keyboard Driver] skfhost.exe
O4 - HKLM\..\RunServices: [Keyboard Driver] skfhost.exe
O4 - HKLM\..\Run: [Killer XP Key] killer.exe
O4 - HKLM\..\RunServices: [Killer XP Key] killer.exe
O4 - HKLM\..\Run: [kiss] %ProgramFiles%\dfsdfsd\pingy.exe
O4 - HKLM\..\Run: [kdmsx] (Random 8 Letter).exe
O4 - HKCU\..\Run: [kdmsx] (Random 8 Letter).exe
O4 - HKLM\..\Run: [kernel32.exe] C:\WINDOWS\system32\kernel32.exe
O4 - HKLM\..\RunServices: [kernel32.exe] C:\WINDOWS\system32\kernel32.exe
O4 - HKLM\..\Run: [kernel32dll] guardpc.exe
O4 - HKLM\..\RunServices: [kernel32dll] guardpc.exe
O4 - HKLM\..\RunOnce: [kernel32dll] guardpc.exe
O4 - HKCU\..\Run: [kernel32dll] guardpc.exe
O4 - HKCU\..\RunOnce: [kernel32dll] guardpc.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\LBTWiz.exe
O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\system32\drivers\LBTWiz.exe
O4 - HKLM\..\Run: [LCASS] lcass.exe
O4 - HKLM\..\RunServices: [LCASS] lcass.exe
O4 - HKCU\..\Run: [LCASS] lcass.exe
O4 - HKLM\..\Run: [LEMSRV] C:\WINDOWS\system32\lemsrv.exe
O4 - HKLM\..\Run: [LetsRock] TODOTWO.EXE
O4 - HKLM\..\Run: [Lexmark Print] lexmark.exe
O4 - HKLM\..\RunServices: [Lexmark Print] lexmark.exe
O4 - HKLM\..\Run: [Linksys Modem Drivers] linksys.exe
O4 - HKLM\..\RunServices: [Linksys Modem Drivers] linksys.exe
O4 - HKCU\..\Run: [Linksys Modem Drivers] linksys.exe
O4 - HKLM\..\Run: [Limewire] LimeWire.exe
O4 - HKLM\..\RunServices: [Limewire] LimeWire.exe
O4 - HKLM\..\RunServices: [limewirepro.exe] C:\limewirepro.exe
O4 - HKLM\..\Run: [Live-Help] lmns.exe
O4 - HKLM\..\RunServices: [Live-Help] lmns.exe
O4 - HKCU\..\Run: [Live-Help] lmns.exe
O4 - HKLM\..\Run: [Live Messanger] livemsgr.exe
O4 - HKLM\..\RunServices: [Live Messanger] livemsgr.exe
O4 - HKCU\..\Run: [Live Messanger] livemsgr.exe
O4 - HKLM\..\Run: [Live Messanger] wllmsngr.exe
O4 - HKLM\..\Run: [Live Windows Messenger Version] msnmessage7.7.exe
O4 - HKLM\..\Run: [Live Windows Messenger Version] msnmsngrlive.exe
O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
O4 - HKLM\..\Run: [lnternet Update] sysmem.exe
O4 - HKLM\..\RunServices: [lnternet Update] sysmem.exe
O4 - HKLM\..\Run: [L0aders] faxneti.exe
O4 - HKLM\..\RunServices: [L0aders] faxneti.exe
O4 - HKCU\..\Run: [L0aders] faxneti.exe
O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe
O4 - HKLM\..\RunServices: [Loader msgzl] msgzl.exe
O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe
O4 - HKLM\..\Run: [Local area connection] winlive.exe
O4 - HKLM\..\RunServices: [Local area connection] winlive.exe
O4 - HKLM\..\Run: [localhost] winlogom.exe
O4 - HKLM\..\RunServices: [localhost] winlogom.exe
O4 - HKCU\..\Run: [localhost] winlogom.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [Local Services] winserv32.exe
O4 - HKLM\..\RunServices: [Local Services] winserv32.exe
O4 - HKLM\..\Run: [LoghDriver] winlde.exe
O4 - HKLM\..\RunServices: [LoghDriver] winlde.exe
O4 - HKLM\..\Run: [LoghDriverr] winnlde.exe
O4 - HKLM\..\RunServices: [LoghDriverr] winnlde.exe
O4 - HKLM\..\Run: [Logical Disk Browser] mcrsvc.exe
O4 - HKLM\..\Run: [Logical Disk Detection] mrisvc.exe
O4 - HKLM\..\Run: [Logical Volume] slvhost.exe
O4 - HKLM\..\RunServices: [Logical Volume] slvhost.exe
O4 - HKLM\..\Run: [Logitech RX] slrhost.exe
O4 - HKLM\..\RunServices: [Logitech RX] slrhost.exe
O4 - HKLM\..\Run: [Logon Agent] logonagt.exe
O4 - HKLM\..\Run: [lost] WinUpdate.exe
O4 - HKLM\..\RunServices: [lost] WinUpdate.exe
O4 - HKCU\..\Run: [lost] WinUpdate.exe
O4 - HKCU\..\Policies\Explorer\Run: [LowRiskFileTypes] C:\WINDOWS\system32\svchost32.exe
O4 - HKLM\..\Run: [lpddcls] (Random 8 Letter).exe
O4 - HKCU\..\Run: [lpddcls] (Random 8 Letter).exe
O4 - HKLM\..\Run: [LSA] run.exe
O4 - HKLM\..\RunServices: [LSA] run.exe
O4 - HKCU\..\Run: [LSA] run.exe
O4 - HKCU\..\RunServices: [LSA] run.exe
O4 - HKLM\..\Run: [LSA] scvhost.exe
O4 - HKLM\..\RunServices: [LSA] scvhost.exe
O4 - HKCU\..\Run: [LSA] scvhost.exe
O4 - HKCU\..\RunServices: [LSA] scvhost.exe
O4 - HKLM\..\Run: [LSA Shell] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [LSA Shell (Export Version)] lsasss.exe
O4 - HKLM\..\RunServices: [LSA Shell (Export Version)] lsasss.exe
O4 - HKCU\..\Run: [LSA Shell (Export Version)] lsasss.exe
O4 - HKLM\..\Run: [LSA Shellu] %UserProfile%\lsass.exe
O4 - HKLM\..\Run: [lsass] svchost32.exe
O4 - HKLM\..\RunServices: [lsass] svchost32.exe
O4 - HKLM\..\Run: [Lsass16] C:\WINDOWS\lsass16.exe
O4 - HKLM\..\Run: [lsass.exe] C:\WINDOWS\pchealth\helpctr\binaries\lsass.exe
O4 - HKLM\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKLM\..\RunServices: [lsass2k Update] lsass2k.exe
O4 - HKCU\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\RunServices: [lsass32] lsass32.exe
O4 - HKLM\..\Run: [ltoqhdmw] C:\WINDOWS\System32\wuvenr.exe
O4 - HKCU\..\Run: [ltoqhdmw] C:\WINDOWS\System32\wuvenr.exe
O4 - HKLM\..\Run: [m0rgan.org] bling.exe
O4 - HKLM\..\RunServices: [m0rgan.org] bling.exe
O4 - HKLM\..\Run: [Machine Debug Mgr] mdn.exe
O4 - HKLM\..\Run: [mackfy.exe] msms.exe
O4 - HKLM\..\RunServices: [mackfy.exe] msms.exe
O4 - HKCU\..\Run: [MalP] C:\WINDOWS\wkssvr.exe
O4 - HKLM\..\Run: [manager] C:\WINDOWS\system32\drivers\setup\manager.exe
O4 - HKCU\..\Run: [manager] C:\WINDOWS\system32\drivers\setup\manager.exe
O4 - HKLM\..\Run: [Managment Service] xagwxzyrxbce.exe
O4 - HKLM\..\RunServices: [Managment Service] xagwxzyrxbce.exe
O4 - HKLM\..\Run: [MasterBoot Switch] popupkill.exe
O4 - HKLM\..\RunServices: [MasterBoot Switch] popupkill.exe
O4 - HKCU\..\Run: [MasterBoot Switch] popupkill.exe
O4 - HKLM\..\Run: [Master Card Updaate 32] Mastercard32.exe
O4 - HKLM\..\RunServices: [Master Card Updaate 32] Mastercard32.exe
O4 - HKLM\..\Run: [McAfee Online virus Scanner] avp.exe
O4 - HKLM\..\RunServices: [McAfee Online virus Scanner] avp.exe
O4 - HKLM\..\Run: [mceipww] (Random 8 Letter).exe
O4 - HKCU\..\Run: [mceipww] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Media Server] msdts.exe
O4 - HKLM\..\Run: [Media Software UPdater] sscs.exe
O4 - HKLM\..\RunServices: [Media Software UPdater] sscs.exe
O4 - HKCU\..\Run: [Media Software UPdater] sscs.exe
O4 - HKLM\..\Run: [Media Transfer Protocals] msstc.exe
O4 - HKLM\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKLM\..\RunServices: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\RunServices: [MediaXPServicePack] mxpsp.exe
O4 - HKLM\..\Run: [Memory Allocation Host] cihost.exe
O4 - HKLM\..\Run: [Memory Allocation Server] ciserv.exe
O4 - HKLM\..\Run: [Memory Allocation Services] cisrv.exe
O4 - HKLM\..\Run: [Messanger modix Configuration] winmsn.exe
O4 - HKLM\..\RunServices: [Messanger modix Configuration] winmsn.exe
O4 - HKLM\..\Run: [Messenger] msnmgsr.exe
O4 - HKLM\..\RunServices: [Messenger] msnmgsr.exe
O4 - HKLM\..\Policies\Explorer\Run: [Messenger] msnmgsr.exe
O4 - HKLM\..\Run: [Messenger91] messengersystem.exe
O4 - HKLM\..\RunServices: [Messenger91] messengersystem.exe
O4 - HKLM\..\Run: [Messenger Sharing Control] mnwsvc.exe
O4 - HKLM\..\Run: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\Run: [Micosoft Data Core] antivir32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] antivir32.exe
O4 - HKLM\..\Run: [Micosoft Data Core] iexplore.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] iexplore.exe
O4 - HKLM\..\Run: [Micosoft Data Core] shell32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] shell32.exe
O4 - HKLM\..\Run: [Micosoft Data Core stuff] atiwarez.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core stuff] atiwarez.exe
O4 - HKLM\..\Run: [Micosoft Data Core stuff] cores.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core stuff] cores.exe
O4 - HKLM\..\Run: [Micosoft Data Core stuff] datacorez.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core stuff] datacorez.exe
O4 - HKLM\..\Run: [Micosoft Data Core stuff] svshosts.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core stuff] svshosts.exe
O4 - HKLM\..\Run: [Micromedia Flash Update] xptxt.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] xptxt.exe
O4 - HKLM\..\Run: [Microsft Conf 32] msaconf.exe
O4 - HKLM\..\RunServices: [Microsft Conf 32] msaconf.exe
O4 - HKCU\..\Run: [Microsft Conf 32] msaconf.exe
O4 - HKLM\..\Run: [Microsft Corporation Version 2001.12.4414] C:\WINDOWS\system32\Com\comrel.exe
O4 - HKLM\..\RunServices: [Microsft Corporation Version 2001.12.4414] C:\WINDOWS\system32\Com\comrel.exe
O4 - HKCU\..\Run: [Microsft Corporation Version 2001.12.4414] C:\WINDOWS\system32\Com\comrel.exe
O4 - HKLM\..\Run: [Microsft Corporation Version 2002.12.2414] C:\WINDOWS\system32\Com\comserv.exe
O4 - HKLM\..\RunServices: [Microsft Corporation Version 2002.12.2414] C:\WINDOWS\system32\Com\comserv.exe
O4 - HKCU\..\Run: [Microsft Corporation Version 2002.12.2414] C:\WINDOWS\system32\Com\comserv.exe
O4 - HKLM\..\Run: [Microsft Remote Procedure Daemon] msrpcd.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] cmh.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] cmh.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKLM\..\Run: [microsft windows updates] mswupdate32.exe
O4 - HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe
O4 - HKLM\..\Run: [Microsft Word] MSWORD.exe
O4 - HKLM\..\RunServices: [Microsft Word] MSWORD.exe
O4 - HKLM\..\Run: [Microsoff Windows Update] mswins.exe
O4 - HKLM\..\RunServices: [Microsoff Windows Update] mswins.exe
O4 - HKLM\..\Run: [Microsoft] .exe
O4 - HKLM\..\RunServices: [Microsoft] .exe
O4 - HKLM\..\Run: [Microsoft] aim.exe
O4 - HKLM\..\RunServices: [Microsoft] aim.exe
O4 - HKLM\..\Run: [Microsoft] avgemcu.exe
O4 - HKLM\..\RunServices: [Microsoft] avgemcu.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\taskbar.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\taskbar.exe
O4 - HKLM\..\Run: [Microsoft] derservice.exe
O4 - HKLM\..\RunServices: [Microsoft] derservice.exe
O4 - HKLM\..\Run: [Microsoft] Explorer.exe
O4 - HKLM\..\RunServices: [Microsoft] Explorer.exe
O4 - HKLM\..\Run: [Microsoft] Explorerr.exe
O4 - HKLM\..\RunServices: [Microsoft] Explorerr.exe
O4 - HKLM\..\Run: [Microsoft] firefox.exe
O4 - HKLM\..\RunServices: [Microsoft] firefox.exe
O4 - HKLM\..\Run: [Microsoft] guard.exe
O4 - HKLM\..\RunServices: [Microsoft] guard.exe
O4 - HKCU\..\Run: [Microsoft] guard.exe
O4 - HKLM\..\Run: [Microsoft] iexplore.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplore.exe
O4 - HKLM\..\Run: [Microsoft] iexplorer.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe
O4 - HKLM\..\Run: [Microsoft] install.exe
O4 - HKLM\..\RunServices: [Microsoft] install.exe
O4 - HKLM\..\Run: [Microsoft] internetdat.exe
O4 - HKLM\..\RunServices: [Microsoft] internetdat.exe
O4 - HKLM\..\Run: [Microsoft] iusr.exe
O4 - HKLM\..\RunServices: [Microsoft] iusr.exe
O4 - HKCU\..\Run: [Microsoft] iusr.exe
O4 - HKLM\..\Run: [Microsoft] kasperskyLive32.exe
O4 - HKLM\..\RunServices: [Microsoft] kasperskyLive32.exe
O4 - HKLM\..\Run: [Microsoft] listc.exe
O4 - HKLM\..\RunServices: [Microsoft] listc.exe
O4 - HKCU\..\Run: [Microsoft] listc.exe
O4 - HKLM\..\Run: [Microsoft] livemessenger.exe
O4 - HKLM\..\RunServices: [Microsoft] livemessenger.exe
O4 - HKLM\..\Run: [Microsoft] lol.exe
O4 - HKLM\..\RunServices: [Microsoft] lol.exe
O4 - HKLM\..\Run: [Microsoft] loval32.exe
O4 - HKLM\..\RunServices: [Microsoft] loval32.exe
O4 - HKLM\..\Run: [Microsoft] lsass.ppf
O4 - HKLM\..\RunServices: [Microsoft] lsass.ppf
O4 - HKCU\..\Run: [Microsoft] lsass.ppf
O4 - HKLM\..\Run: [Microsoft] mdms.exe
O4 - HKLM\..\RunServices: [Microsoft] mdms.exe
O4 - HKCU\..\Run: [Microsoft] mdms.exe
O4 - HKLM\..\Run: [Microsoft] mixers.exe
O4 - HKLM\..\RunServices: [Microsoft] mixers.exe
O4 - HKCU\..\Run: [Microsoft] mixers.exe
O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\Run: [Microsoft] msngerf.exe
O4 - HKLM\..\RunServices: [Microsoft] msngerf.exe
O4 - HKLM\..\Run: [Microsoft] msns.exe
O4 - HKLM\..\RunServices: [Microsoft] msns.exe
O4 - HKLM\..\Run: [Microsoft] msserv32.exe
O4 - HKLM\..\RunServices: [Microsoft] msserv32.exe
O4 - HKLM\..\Run: [Microsoft] MSUPDATE.exe
O4 - HKCU\..\Run: [Microsoft] MSUPDATE.exe
O4 - HKLM\..\Run: [Microsoft] msvchost.exe
O4 - HKLM\..\RunServices: [Microsoft] msvchost.exe
O4 - HKLM\..\Run: [Microsoft] msvcs.exe
O4 - HKLM\..\RunServices: [Microsoft] msvcs.exe
O4 - HKLM\..\Run: [Microsoft] netfix32.exe
O4 - HKLM\..\RunServices: [Microsoft] netfix32.exe
O4 - HKLM\..\Run: [Microsoft] netshield.exe
O4 - HKLM\..\RunServices: [Microsoft] netshield.exe
O4 - HKLM\..\Run: [Microsoft] netsrv.exe
O4 - HKLM\..\RunServices: [Microsoft] netsrv.exe
O4 - HKCU\..\Run: [Microsoft] netsrv.exe
O4 - HKLM\..\Run: [Microsoft] ntsvr.exe
O4 - HKLM\..\RunServices: [Microsoft] ntsvr.exe
O4 - HKLM\..\Run: [Microsoft] Nvpss.exe
O4 - HKLM\..\RunServices: [Microsoft] Nvpss.exe
O4 - HKLM\..\Run: [Microsoft] prefinal.exe
O4 - HKLM\..\RunServices: [Microsoft] prefinal.exe
O4 - HKLM\..\Run: [Microsoft] qtask.exe
O4 - HKLM\..\RunServices: [Microsoft] qtask.exe
O4 - HKCU\..\Run: [Microsoft] qtask.exe
O4 - HKLM\..\Run: [Microsoft] radnom.exe
O4 - HKLM\..\RunServices: [Microsoft] radnom.exe
O4 - HKCU\..\Run: [Microsoft] radnom.exe
O4 - HKLM\..\Run: [Microsoft] rtvcscan.exe
O4 - HKLM\..\RunServices: [Microsoft] rtvcscan.exe
O4 - HKCU\..\Run: [Microsoft] rtvcscan.exe
O4 - HKLM\..\Run: [Microsoft] rundll.exe
O4 - HKLM\..\RunServices: [Microsoft] rundll.exe
O4 - HKCU\..\Run: [Microsoft] rundll.exe
O4 - HKLM\..\Run: [Microsoft] scvhost32.exe
O4 - HKLM\..\RunServices: [Microsoft] scvhost32.exe
O4 - HKLM\..\Run: [Microsoft] sdcom.exe
O4 - HKLM\..\RunServices: [Microsoft] sdcom.exe
O4 - HKLM\..\Run: [Microsoft] Security.exe
O4 - HKLM\..\RunServices: [Microsoft] Security.exe
O4 - HKLM\..\Run: [Microsoft] services.exe
O4 - HKLM\..\RunServices: [Microsoft] services.exe
O4 - HKLM\..\Run: [Microsoft] servicess.exe
O4 - HKLM\..\RunServices: [Microsoft] servicess.exe
O4 - HKCU\..\Run: [Microsoft] servicess.exe
O4 - HKLM\..\Run: [Microsoft Update] SetPoints.exe
O4 - HKLM\..\RunServices: [Microsoft Update] SetPoints.exe
O4 - HKLM\..\Run: [Microsoft] soundvol32.exe
O4 - HKLM\..\RunServices: [Microsoft] soundvol32.exe
O4 - HKLM\..\Run: [Microsoft] sql.exe
O4 - HKLM\..\RunServices: [Microsoft] sql.exe
O4 - HKLM\..\Run: [Microsoft] sqlservice.exe
O4 - HKLM\..\RunServices: [Microsoft] sqlservice.exe
O4 - HKLM\..\Run: [Microsoft] steam.exe
O4 - HKLM\..\RunServices: [Microsoft] steam.exe
O4 - HKLM\..\Run: [Microsoft] svchost32.exe
O4 - HKLM\..\RunServices: [Microsoft] svchost32.exe
O4 - HKLM\..\Run: [Microsoft] svhost.exe
O4 - HKLM\..\RunServices: [Microsoft] svhost.exe
O4 - HKLM\..\Run: [Microsoft] svhcost.exe
O4 - HKLM\..\RunServices: [Microsoft] svhcost.exe
O4 - HKLM\..\Run: [Microsoft] synstat.exe
O4 - HKLM\..\RunServices: [Microsoft] synstat.exe
O4 - HKCU\..\Run: [Microsoft] synstat.exe
O4 - HKLM\..\Run: [Microsoft] system32.exe
O4 - HKLM\..\RunServices: [Microsoft] system32.exe
O4 - HKLM\..\Run: [Microsoft] systemdtm.exe
O4 - HKLM\..\RunServices: [Microsoft] systemdtm.exe
O4 - HKLM\..\Run: [Microsoft] systern.exe
O4 - HKLM\..\RunServices: [Microsoft] systern.exe
O4 - HKLM\..\Run: [Microsoft] taskmaneger.exe
O4 - HKLM\..\RunServices: [Microsoft] taskmaneger.exe
O4 - HKLM\..\Run: [Microsoft] updater.exe
O4 - HKLM\..\RunServices: [Microsoft] updater.exe
O4 - HKLM\..\Run: [Microsoft] verticals.exe
O4 - HKLM\..\RunServices: [Microsoft] verticals.exe
O4 - HKLM\..\Run: [Microsoft] wcsntfy.exe
O4 - HKLM\..\RunServices: [Microsoft] wcsntfy.exe
O4 - HKCU\..\Run: [Microsoft] wcsntfy.exe
O4 - HKLM\..\Run: [Microsoft] winampaa.exe
O4 - HKLM\..\RunServices: [Microsoft] winampaa.exe
O4 - HKLM\..\Run: [Microsoft] windl32.exe
O4 - HKLM\..\RunServices: [Microsoft] windl32.exe
O4 - HKCU\..\Run: [Microsoft] windl32.exe
O4 - HKLM\..\Run: [Microsoft] winline.exe
O4 - HKLM\..\RunServices: [Microsoft] winline.exe
O4 - HKLM\..\Run: [Microsoft] winlog.exe
O4 - HKLM\..\RunServices: [Microsoft] winlog.exe
O4 - HKCU\..\Run: [Microsoft] winlog.exe
O4 - HKLM\..\Run: [Microsoft] winlogom.exe
O4 - HKLM\..\RunServices: [Microsoft] winlogom.exe
O4 - HKLM\..\Run: [Microsoft] winlogon.exe
O4 - HKLM\..\RunServices: [Microsoft] winlogon.exe
O4 - HKLM\..\Run: [Microsoft] winlogonsys.exe
O4 - HKLM\..\RunServices: [Microsoft] winlogonsys.exe
O4 - HKLM\..\Run: [Microsoft] WinSecUp.exe
O4 - HKLM\..\RunServices: [Microsoft] WinSecUp.exe
O4 - HKLM\..\Run: [Microsoft] winsock.exe
O4 - HKLM\..\RunServices: [Microsoft] winsock.exe
O4 - HKLM\..\Run: [Microsoft] winsys32.exe
O4 - HKLM\..\RunServices: [Microsoft] winsys32.exe
O4 - HKLM\..\Run: [Microsoft] wplayer.exe
O4 - HKLM\..\RunServices: [Microsoft] wplayer.exe
O4 - HKLM\..\Run: [Microsoft] wsim32.exe
O4 - HKLM\..\RunServices: [Microsoft] wsim32.exe
O4 - HKLM\..\Run: [Microsoft] wuaudit.exe
O4 - HKLM\..\RunServices: [Microsoft] wuaudit.exe
O4 - HKLM\..\Run: [Microsoft] xhost.exe
O4 - HKLM\..\RunServices: [Microsoft] xhost.exe
O4 - HKCU\..\Run: [Microsoft] xhost.exe
O4 - HKLM\..\Run: [Microsoft.exe] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft.exe] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft32] win32sys.exe
O4 - HKLM\..\RunServices: [Microsoft32] win32sys.exe
O4 - HKLM\..\Run: [Microsoft Admin Protocal] MSADNIN.exe
O4 - HKLM\..\RunServices: [Microsoft Admin Protocal] MSADNIN.exe
O4 - HKCU\..\Run: [Microsoft Admin Protocal] MSADNIN.exe
O4 - HKCU\..\RunServices: [Microsoft Admin Protocal] MSADNIN.exe
O4 - HKLM\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\RunServices: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKCU\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsoft AntiSpyware] KT06.pif
O4 - HKLM\..\RunServices: [Microsoft AntiSpyware] KT06.pif
O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc.exe
O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc32.exe
O4 - HKLM\..\Run: [Microsoft AntiVirus] winav32.exe
O4 - HKLM\..\RunServices: [Microsoft AntiVirus] winav32.exe
O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\Run: [Microsoft Browser Services] Brwsr32.exe
O4 - HKLM\..\Run: [Microsoft Browser Services] Brwsr64.exe
O4 - HKLM\..\Run: [Microsoft Calculator] calc.exe
O4 - HKLM\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKLM\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKLM\..\Run: [Microsoft Chat] mIRC.exe
O4 - HKLM\..\RunServices: [Microsoft Chat] mIRC.exe
O4 - HKLM\..\Run: [Microsoft Client] msclient.exe
O4 - HKLM\..\Run: [Microsoft Client] mshost.exe
O4 - HKLM\..\RunServices: [Microsoft Client] mshost.exe
O4 - HKCU\..\Run: [Microsoft Client] mshost.exe
O4 - HKCU\..\RunServices: [Microsoft Client] mshost.exe
O4 - HKLM\..\Run: [Microsoft Clients] msclients.exe
O4 - HKLM\..\Run: [Microsoft Command Line] wincmd.exe
O4 - HKLM\..\RunServices: [Microsoft Command Line] wincmd.exe
O4 - HKLM\..\Run: [Microsoft CONFIG] winmx.exe
O4 - HKLM\..\RunServices: [Microsoft CONFIG] winmx.exe
O4 - HKCU\..\Run: [Microsoft CONFIG] winmx.exe
O4 - HKLM\..\Run: [Microsoft Compiler Pack] DSDEV.EXE
O4 - HKLM\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKLM\..\RunServices: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\RunServices: [Microsoft Configoration Service] msconfigs.exe
O4 - HKLM\..\Run: [Microsoft Configure 32] msgconfigre.exe
O4 - HKLM\..\RunServices: [Microsoft Configure 32] msgconfigre.exe
O4 - HKCU\..\Run: [Microsoft Configure 32] msgconfigre.exe
O4 - HKLM\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\RunServices: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\Run: [Microsoft Core Support] MSbz32.exe
O4 - HKLM\..\RunServices: [Microsoft Core Support] MSbz32.exe
O4 - HKLM\..\Run: [Microsoft Corp. Critical Services] csrs.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Critical Services] csrs.exe
O4 - HKCU\..\Run: [Microsoft Corp. Critical Services] csrs.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Critical Services] csrs.exe
O4 - HKLM\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKLM\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKLM\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKLM\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKLM\..\Run: [Microsoft Corp Updates] synet-ud.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] synet-ud.exe
O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe
O4 - HKCU\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKCU\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKLM\..\Run: [Microsoft Corporation] nsvdec.exe
O4 - HKLM\..\Run: [Microsoft Corporation RCMD] msrcmd.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation RCMD] msrcmd.exe
O4 - HKLM\..\Run: [Microsoft Corporation Server] wupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation Server] wupdate.exe
O4 - HKLM\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKLM\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKLM\..\Run: [Microsoft Corporation Svchost Service] mswsc.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Service] mswsc.exe
O4 - HKCU\..\Run: [Microsoft Corporation Svchost Service] mswsc.exe
O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Service] mswsc.exe
O4 - HKLM\..\Run: [Microsoft Corporation SYM monitor] mssym.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation SYM monitor] mssym.exe
O4 - HKLM\..\Run: [Microsoft CP Web Manager] webcp.exe
O4 - HKLM\..\Run: [Microsoft CPU Over Heat Manager] CPU.exe
O4 - HKLM\..\Run: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKLM\..\RunServices: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKCU\..\Run: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKLM\..\Run: [Microsoft Critical Services] svhhost.exe
O4 - HKLM\..\RunServices: [Microsoft Critical Services] svhhost.exe
O4 - HKLM\..\Run: [Microsoft CRT Monitor Manager] crtmon.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKLM\..\RunServices: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\RunServices: [Microsoft Development Services] msdevelop.exe
O4 - HKLM\..\Run: [Microsoft Digital Clock] msclock.exe
O4 - HKLM\..\RunServices: [Microsoft Digital Clock] msclock.exe
O4 - HKLM\..\Run: [Microsoft Directx] directxat.exe
O4 - HKLM\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKCU\..\Run: [Microsoft Directx] directxat.exe
O4 - HKCU\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKLM\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O4 - HKLM\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\Run: [Microsoft Display Driver] keyboard.exe
O4 - HKLM\..\RunServices: [Microsoft Display Driver] keyboard.exe
O4 - HKCU\..\Run: [Microsoft Display Driver] keyboard.exe
O4 - HKCU\..\RunServices: [Microsoft Display Driver] keyboard.exe
O4 - HKLM\..\Run: [Microsoft Display Driver] windsp.exe
O4 - HKLM\..\RunServices: [Microsoft Display Driver] windsp.exe
O4 - HKLM\..\Run: [Microsoft Device Manager] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Microsoft Device Manager] C:\WINDOWS\svcswin.exe
O4 - HKLM\..\Run: [Microsoft Dll] runapidll.exe
O4 - HKLM\..\RunServices: [Microsoft Dll] runapidll.exe
O4 - HKLM\..\Run: [Microsoft DLL Authentification] dllsecure.exe
O4 - HKLM\..\Run: [Microsoft DLL Host Service] dllmemhost.exe
O4 - HKLM\..\Run: [Microsoft DLL Host Service] svcdllhost.exe
O4 - HKLM\..\Run: [Microsoft DLL Host Service] svcdllhst.exe
O4 - HKLM\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKLM\..\RunServices: [Microsoft dll Host Service ] wkssr.exe
O4 - HKCU\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKLM\..\Run: [Microsoft Dll Manager] microsoft32dll.exe
O4 - HKLM\..\Run: [Microsoft DLL Monitor] dllmon64.exe
O4 - HKLM\..\Run: [Microsoft DLL Monitor] dllmonitor.exe
O4 - HKLM\..\Run: [Microsoft DLL Service] servicedll.exe
O4 - HKLM\..\Run: [Microsoft DLL Service] svcdll.exe
O4 - HKLM\..\Run: [Microsoft DLL Source] dllsrc.exe
O4 - HKLM\..\Run: [Microsoft DLL Suspension] dllsuspend.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] Desktop.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] Desktop.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] drivedate.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] drivedate.exe
O4 - HKLM\..\Run: [Microsoft DLL verifier] file.exe
O4 - HKLM\..\RunServices: [Microsoft DLL verifier] file.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] rundll.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] rundll.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] svhosts.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] svhosts.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] system33.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] system33.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] winavguard.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] winavguard.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] wind0w.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] wind0w.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] windowsvista.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] windowsvista.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] wns.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] wns.exe
O4 - HKLM\..\Run: [Microsoft DNSx] C:\WINDOWS\system32\mdnex.exe
O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\system32\mstc.exe
O4 - HKLM\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] msdriver.exe
O4 - HKCU\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\Run: [MicrosoftDriverService32] drsys32.exe
O4 - HKLM\..\Run: [Microsoft Event Engine] EvtEngn.exe
O4 - HKLM\..\RunServices: [Microsoft Event Engine] EvtEngn.exe
O4 - HKLM\..\Run: [Microsoft Excele] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Excele] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Microsoft Exchange Server Resource] msese.exe
O4 - HKLM\..\Run: [Microsoft Explorer Service] msexplore.exe
O4 - HKLM\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunServices: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunOnce: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\RunOnce: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\Run: [Microsoft Firewall] suvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall] suvhost.exe
O4 - HKLM\..\Run: [MicroSoft FTPCheck] msftp.exe
O4 - HKLM\..\RunServices: [MicroSoft FTPCheck] msftp.exe
O4 - HKLM\..\Run: [Microsoft Genuine Logon] msnmsg.exe
O4 - HKLM\..\Run: [MicroSoft Getway Dire] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [MicroSoft Getway Dire] (Random 9 Letter).exe
O4 - HKLM\..\Run: [MicroSoft Getway mqbol] (Random 12 Letter).exe
O4 - HKLM\..\RunServices: [MicroSoft Getway mqbol] (Random 12 Letter).exe
O4 - HKCU\..\Run: [MicroSoft Getway mqbol] (Random 12 Letter).exe
O4 - HKLM\..\Run: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKLM\..\RunServices: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKCU\..\Run: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKCU\..\RunServices: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKLM\..\Run: [Microsoft HDCP for NT and Win9x] msdhcprs.exe
O4 - HKLM\..\RunServices: [Microsoft HDCP for NT and Win9x] msdhcprs.exe
O4 - HKCU\..\Run: [Microsoft HDCP for NT and Win9x] msdhcprs.exe
O4 - HKCU\..\RunServices: [Microsoft HDCP for NT and Win9x] msdhcprs.exe
O4 - HKLM\..\Run: [Microsoft Help] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Help] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft Help Process for Win32 Services] mshelp.exe
O4 - HKLM\..\RunServices: [Microsoft Help Process for Win32 Services] mshelp.exe
O4 - HKLM\..\Run: [Microsoft Host Scheduler] svchostt32.exe
O4 - HKLM\..\RunServices: [Microsoft Host Scheduler] svchostt32.exe
O4 - HKLM\..\Run: [Microsoft Hyptertext Helper] MSHTHA.EXE
O4 - HKCU\..\RunOnce: [Microsoft Hyptertext Helper] MSHTHA.EXE
O4 - HKLM\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\Run: [Microsoft Incroporate] mfs.exe
O4 - HKLM\..\RunServices: [Microsoft Incroporate] mfs.exe
O4 - HKLM\..\Run: [Microsoft Information Check] microsoft.exe
O4 - HKLM\..\Run: [Microsoft Initialization Service] initsvc.exe
O4 - HKLM\..\Run: [Microsoft Initialization Services] initserv.exe
O4 - HKLM\..\Run: [Microsoft Installshield] nundll32.exe
O4 - HKLM\..\RunServices: [Microsoft Installshield] nundll32.exe
O4 - HKLM\..\Run: [Microsoft Internal Service] spoolsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Internal Service] spoolsrv.exe
O4 - HKCU\..\Run: [Microsoft Internal Service] spoolsrv.exe
O4 - HKLM\..\Run: [Microsoft Internel Corporat ] netvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] netvhost.exe
O4 - HKLM\..\Run: [Microsoft Internel Corporat ] smbvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] smbvhost.exe
O4 - HKLM\..\Run: [Microsoft Internet Antivirus Protection] antivirus.exe
O4 - HKLM\..\Run: [Microsoft Internet Dumping Protocol] inetdump.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [Microsoft Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\Run: [Microsoft Internet Explorer Manager] ie.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer Update] ieupdate.exe
O4 - HKLM\..\Run: [Microsoft Internet Firewall] firewall.exe
O4 - HKLM\..\Run: [Microsoft Internet Firewall Update] updater.exe
O4 - HKLM\..\Run: [Microsoft Internet Syncing] inetsync.exe
O4 - HKLM\..\Run: [Microsoft IT Update] Rhost32.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] Rhost32.exe
O4 - HKCU\..\Run: [Microsoft IT Update] Rhost32.exe
O4 - HKLM\..\Run: [Microsoft IT Update] Rvhost32.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] Rvhost32.exe
O4 - HKCU\..\Run: [Microsoft IT Update] Rvhost32.exe
O4 - HKLM\..\Run: [Microsoft Java Virtual Machine] msvmjava.exe
O4 - HKLM\..\RunServices: [Microsoft Java Virtual Machine] msvmjava.exe
O4 - HKCU\..\Run: [Microsoft Java Virtual Machine] msvmjava.exe
O4 - HKLM\..\Run: [Microsoft Kinetik Svc] msftksvc.exe
O4 - HKLM\..\Run: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKLM\..\RunOnce: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKLM\..\RunServices: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKCU\..\Run: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKCU\..\RunOnce: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKLM\..\Run: [Microsoft lnternet Update] aim.exe
O4 - HKLM\..\RunServices: [Microsoft lnternet Update] aim.exe
O4 - HKLM\..\Run: [Microsoft Live 8.5] (Random 7 Letters).exe
O4 - HKLM\..\RunServices: [Microsoft Live 8.5] (Random 7 Letters).exe
O4 - HKLM\..\Run: [Microsoft Lsass Center] Isass.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Center] Isass.exe
O4 - HKCU\..\Run: [Microsoft Lsass Center] Isass.exe
O4 - HKLM\..\Run: [Microsoft Lsass Center] telecomes.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Center] telecomes.exe
O4 - HKCU\..\Run: [Microsoft Lsass Center] telecomes.exe
O4 - HKLM\..\Run: [Microsoft Lsass Manager] lsass.exe
O4 - HKLM\..\Run: [Microsoft Lsass Service] wintcp32.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Service] wintcp32.exe
O4 - HKLM\..\Run: [Microsoft machine] blah.exe
O4 - HKLM\..\RunServices: [Microsoft machine] blah.exe
O4 - HKLM\..\Run: [Microsoft Machine] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] system32.exe
O4 - HKLM\..\Run: [Microsoft Machine] temp.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] temp.exe
04 - HKLM\..\Run: [Microsoft MachineUpdatese] tempes.exe
O4 - HKLM\..\RunServices: [Microsoft MachineUpdatese] tempes.exe
O4 - HKLM\..\Run: [Microsoft Manage Services] schost.exe
O4 - HKLM\..\Run: [Microsoft Manage Services] sychost.exe
O4 - HKLM\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\RunServices: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKCU\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [Microsoft Memory Dumping Protocol] memdump.exe
O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycle.exe
O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycles.exe
O4 - HKLM\..\Run: [Microsoft Monitors] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Monitors] explorers.exe
O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsger.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsger.exe
O4 - HKLM\..\Run: [Microsoft MSN Messenger] C:\RECYCLER\msnmnsgr.exe
O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\Run: [Microsoft Network Neighbourhood] networknbh.exe
O4 - HKLM\..\RunServices: [Microsoft Servicez Manager] servicemgrz.exe
O4 - HKLM\..\Run: [Microsoft Norotn Anti Virus] mnhpot.exe
O4 - HKLM\..\RunServices: [Microsoft Norotn Anti Virus] mnhpot.exe
O4 - HKLM\..\Run: [Microsoft Norton Antivirus] norton.exe
O4 - HKLM\..\Run: [Microsoft Notepad Manager] notepad.exe
O4 - HKLM\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKLM\..\RunServices: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\RunServices: [Microsoft NT Drivers] ntdrv.exe
O4 - HKLM\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKLM\..\RunServices: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\RunServices: [Microsoft Nvidia Video] nvidia.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Office] C:\WINDOWS\system32\mdm.exe
O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe
O4 - HKLM\..\RunServices: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe
O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe
O4 - HKCU\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe
O4 - HKLM\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Microsoft Oftice] C:\WINDOWS\system32\msn.exe
O4 - HKCU\..\Run: [Microsoft Oftice] C:\WINDOWS\system32\msn.exe
O4 - HKLM\..\Run: [MicroSoft OneCare] FreeS3x.exe
O4 - HKLM\..\RunServices: [MicroSoft OneCare] FreeS3x.exe
O4 - HKLM\..\RunOnce: [MicroSoft OneCare] FreeS3x.exe
O4 - HKCU\..\Run: [MicroSoft OneCare] FreeS3x.exe
O4 - HKCU\..\RunOnce: [MicroSoft OneCare] FreeS3x.exe
O4 - HKLM\..\Run: [Microsoft Patch Update] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Patch Update] bootini.exe
O4 - HKLM\..\Run: [Microsoft Printer Drivers] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Printer Drivers] scvhost.exe
O4 - HKCU\..\Run: [Microsoft Printer Drivers] scvhost.exe
O4 - HKLM\..\Run: [Microsoft Printer Status] mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Printer Status] mssmp.exe
O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr32.exe
O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr64.exe
O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr128.exe
O4 - HKLM\..\Run: [Microsoft Process Manager] process32.exe
O4 - HKLM\..\Run: [Microsoft Profile Manager] profile.exe
O4 - HKLM\..\Run: [Microsoft Protection] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Protection] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Microsoft Protection] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKLM\..\RunServices: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKCU\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\Run: [Microsoft Regestry Edit Manager] regedit.exe
O4 - HKLM\..\Run: [Microsoft Regestry Manager] regedit32.exe
O4 - HKLM\..\Run: [Microsoft Regestry Manager] registry32.exe
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [MicrosoftROMDriverService] cdrss.exe
O4 - HKLM\..\Run: [Microsoft Router Manager] linksys.exe
O4 - HKLM\..\Run: [Microsoft Router Manager] router.exe
O4 - HKLM\..\Run: [Microsoft Runtime Initialization] msvcbm.exe
O4 - HKLM\..\RunServices: [Microsoft Runtime Initialization] msvcbm.exe
O4 - HKLM\..\Run: [Microsoft Safe Mode Manager] safemode.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] com.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] com.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] firewall.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] firewall.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] lsas.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] lsas.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mail.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mail.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mnsmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mnsmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssm32.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssm32.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssmp32.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssmp32.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] msword.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] msword.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] ofice.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] ofice.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] service.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] service.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] spools.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] spools.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] svcchost.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] svcchost.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] update.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] update.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] windowsupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] windowsupdate.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [Microsoft Security Process] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Security Process] wininit.exe
O4 - HKCU\..\Run: [Microsoft Security Process] wininit.exe
O4 - HKLM\..\Run: [Microsoft Security System] C:\Program Files\Common Files\System\mssecsys.exe
O4 - HKLM\..\Run: [Microsoft Security Updater] system.exe
O4 - HKLM\..\RunServices: [Microsoft Security Updater] system.exe
O4 - HKCU\..\Run: [Microsoft Security Updater] system.exe
O4 - HKLM\..\Run: [Microsoft Server] BVvcDtyPuol.exe
O4 - HKLM\..\RunServices: [Microsoft Server] BVvcDtyPuol.exe
O4 - HKCU\..\Run: [Microsoft Server] BVvcDtyPuol.exe
O4 - HKCU\..\RunServices: [Microsoft Server] BVvcDtyPuol.exe
O4 - HKLM\..\Run: [Microsoft Server] rserv.exe
O4 - HKLM\..\RunServices: [Microsoft Server] rserv.exe
O4 - HKCU\..\Run: [Microsoft Server] rserv.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] ms-doss.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] ms-doss.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] ms-doss.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] Q8See.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] Q8See.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] Q8See.exe
O4 - HKLM\..\Run: [Microsoft Service] sysreg11.exe
O4 - HKLM\..\RunServices: [Microsoft Service] sysreg11.exe
O4 - HKLM\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\Run: [Microsoft Service 32] mssvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Service 32] mssvc32.exe
O4 - HKLM\..\RunOnce: [Microsoft Service 32] mssvc32.exe
O4 - HKLM\..\Run: [Microsoft Service Access Manager] Access.exe
O4 - HKLM\..\Run: [Microsoft Service Boot] sboot.exe
O4 - HKLM\..\RunServices: [Microsoft Service Boot] sboot.exe
O4 - HKLM\..\Run: [Microsoft Service Disk Cycle] disksave.exe
O4 - HKLM\..\Run: [Microsoft Service Evaluator Engin] mssee.exe
O4 - HKLM\..\Run: [Microsoft Service Execution Manager] execute.exe
O4 - HKLM\..\Run: [Microsoft Service firewall Manager] firewall.exe
O4 - HKLM\..\Run: [Microsoft Service Login Manager] winlogin.exe
O4 - HKLM\..\Run: [Microsoft Service Manager] service32.exe
O4 - HKLM\..\Run: [Microsoft Services] iislsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] iislsrv.exe
O4 - HKCU\..\Run: [Microsoft Services] iislsrv.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKCU\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [Microsoft Services] module.exe
O4 - HKLM\..\RunServices: [Microsoft Services] module.exe
O4 - HKCU\..\Run: [Microsoft Services] module.exe
O4 - HKLM\..\Run: [Microsoft Services] msmpserv.exe
O4 - HKLM\..\Run: [Microsoft Services] srvchost.exe
O4 - HKLM\..\RunServices: [Microsoft Services] srvchost.exe
O4 - HKCU\..\Run: [Microsoft Services] srvchost.exe
O4 - HKLM\..\Run: [Microsoft Servicesv] .exe
O4 - HKLM\..\RunServices: [Microsoft Servicesv] .exe
O4 - HKLM\..\Run: [Microsoft Servicez Manager] servicemgrz.exe
O4 - HKLM\..\RunServices: [Microsoft Network Neighbourhood] networknbh.exe
O4 - HKLM\..\Run: [Microsoft Setup Initializazion] localhost.exe
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] localhost.exe
O4 - HKCU\..\Run: [Microsoft Setup Initializazion] localhost.exe
O4 - HKLM\..\Run: [Microsoft Setup Initializazion] Microsoft
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] Microsoft
O4 - HKCU\..\Run: [Microsoft Setup Initializazion] Microsoft
O4 - HKLM\..\Run: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\Run: [Microsoft Software cleaner] mssofts.exe
O4 - HKLM\..\RunServices: [Microsoft Software cleaner] mssofts.exe
O4 - HKLM\..\Run: [Microsoft Sounds] soundman.exe
O4 - HKLM\..\RunServices: [Microsoft Sounds] soundman.exe
O4 - HKLM\..\Run: [Microsoft SpA Service] msapps.exe
O4 - HKLM\..\RunServices: [Microsoft SpA Service] msapps.exe
O4 - HKCU\..\Run: [Microsoft SpA Service] msapps.exe
O4 - HKLM\..\Run: [Microsoft Spool 11 Service] spool11.exe
O4 - HKLM\..\Run: [Microsoft Spool 12 Service] spool12.exe
O4 - HKLM\..\Run: [Microsoft Spool 13 Service] spool13.exe
O4 - HKLM\..\Run: [Microsoft Spool 14 Service] spool14.exe
O4 - HKLM\..\Run: [Microsoft Spool 15 Service] spool15.exe
O4 - HKLM\..\Run: [Microsoft Spool 16 Service] spool16.exe
O4 - HKLM\..\Run: [Microsoft Spool 17 Service] spool17.exe
O4 - HKLM\..\Run: [Microsoft Spool 18 Service] spool18.exe
O4 - HKLM\..\Run: [Microsoft Spool 19 Service] spool19.exe
O4 - HKLM\..\Run: [Microsoft Spool 20 Service] spool20.exe
O4 - HKLM\..\Run: [Microsoft Spool 21 Service] spool21.exe
O4 - HKLM\..\Run: [Microsoft Spool 22 Service] spool22.exe
O4 - HKLM\..\Run: [Microsoft Spool 23 Service] spool23.exe
O4 - HKLM\..\Run: [Microsoft Spool 24 Service] spool24.exe
O4 - HKLM\..\Run: [Microsoft Spool 25 Service] spool25.exe
O4 - HKLM\..\Run: [Microsoft Spool 26 Service] spool26.exe
O4 - HKLM\..\Run: [Microsoft Spool 27 Service] spool27.exe
O4 - HKLM\..\Run: [Microsoft Spool 28 Service] spool28.exe
O4 - HKLM\..\Run: [Microsoft Spool 29 Service] spool29.exe
O4 - HKLM\..\Run: [Microsoft Spool 30 Service] spool30.exe
O4 - HKLM\..\Run: [Microsoft Spool 87 Service] spool87.exe
O4 - HKLM\..\Run: [Microsoft Spool Service] spool23.exe
O4 - HKLM\..\Run: [Microsoft Spool Svc] spoolsvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Spool Svc] spoolsvc32.exe
O4 - HKLM\..\Run: [Microsoft Spooler Service] svcwin32.exe
O4 - HKLM\..\RunServices: [Microsoft Spooler Service] svcwin32.exe
O4 - HKLM\..\Run: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe
O4 - HKLM\..\RunServices: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe
O4 - HKCU\..\Run: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe
O4 - HKCU\..\RunServices: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe
O4 - HKLM\..\Run: [Microsoft SQL Services] scvhost.exe
O4 - HKLM\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunServices: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKLM\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKLM\..\Run: [Microsoft ssrsc update] ssrsc.exe
O4 - HKLM\..\RunServices: [Microsoft ssrsc update] ssrsc.exe
O4 - HKCU\..\Run: [Microsoft ssrsc update] ssrsc.exe
O4 - HKCU\..\RunServices: [Microsoft ssrsc update] ssrsc.exe
O4 - HKLM\..\Run: [Microsoft startup] SoftwareUpdates.exe
O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe
O4 - HKLM\..\Run: [Microsoft startup] wmpIayer.exe
O4 - HKLM\..\RunServices: [Microsoft startup] wmpIayer.exe
O4 - HKLM\..\Run: [Microsoft Stuff you know] winslogin.exe
O4 - HKLM\..\RunServices: [Microsoft Stuff you know] winslogin.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] botcrx.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] botcrx.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] msnmesseng.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] msnmesseng.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] msnserver.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] msnserver.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] nodkrn23.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] nodkrn23.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] nzm23.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] nzm23.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] updater.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] updater.exe
04 - HKLM\..\Run: [Microsoft Svchost local services] winoem.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] winoem.exe
04 - HKLM\..\Run: [Microsoft Svchost local services] Winsec32.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] Winsec32.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] winupdate.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] bot.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] bot.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] EcrandeMoi2.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] EcrandeMoi2.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] EcrandeMoi2.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] netscape.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] netscape.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] netscape.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] sexcam.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] sexcam.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] sexcam.exe
O4 - HKLM\..\Run: [MicroSoft sys32] sysmsgr32.exe
O4 - HKLM\..\RunServices: [MicroSoft sys32] sysmsgr32.exe
O4 - HKLM\..\RunOnce: [MicroSoft sys32] sysmsgr32.exe
O4 - HKCU\..\Run: [MicroSoft sys32] sysmsgr32.exe
O4 - HKCU\..\RunOnce: [MicroSoft sys32] sysmsgr32.exe
O4 - HKLM\..\Run: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKLM\..\RunServices: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKLM\..\RunOnce: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKCU\..\Run: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKCU\..\RunOnce: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKLM\..\Run: [Microsoft System Administration] system.exe
O4 - HKLM\..\RunServices: [Microsoft System Administration] system.exe
O4 - HKCU\..\Run: [Microsoft System Administration] system.exe
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msnmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msnmsgr.exe
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] reg32.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] reg32.exe
O4 - HKLM\..\Run: [Microsoft System Monitor] system.exe
O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe
O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\Run: [Microsoft System Service] winIogon2.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] winIogon2.exe
O4 - HKLM\..\Run: [Microsoft System Service Device] mssdh.exe
O4 - HKLM\..\RunServices: [Microsoft System Service Device] mssdh.exe
O4 - HKLM\..\Run: [Microsoft System Services] msmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Services] msmsgr.exe
O4 - HKCU\..\Run: [Microsoft System Services] msmsgr.exe
O4 - HKLM\..\Run: [Microsoft system Value] sys57.exe
O4 - HKLM\..\RunServices: [Microsoft system Value] sys57.exe
O4 - HKLM\..\Run: [Microsoft task tray monitor] ctray.exe
O4 - HKLM\..\RunServices: [Microsoft task tray monitor] ctray.exe
O4 - HKLM\..\Run: [Microsoft TCP Protocol] wintcp32.exe
O4 - HKLM\..\RunServices: [Microsoft TCP Protocol] wintcp32.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestore.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKLM\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKLM\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKLM\..\Run: [Micrcoft Updat] spoolsae.exe
O4 - HKLM\..\RunServices: [Micrcoft Updat] spoolsae.exe
O4 - HKLM\..\Run: [Microsft Updtes] sarvice.exe
O4 - HKLM\..\RunServices: [Microsft Updtes] sarvice.exe
O4 - HKLM\..\Run: [Microsoft Update] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Update] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Microsoft Update] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft Update] aaupdt.exe
O4 - HKLM\..\RunServices: [Microsoft Update] aaupdt.exe
O4 - HKCU\..\Run: [Microsoft Update] aaupdt.exe
O4 - HKLM\..\Run: [Microsoft Update] bling.exe
O4 - HKLM\..\RunServices: [Microsoft Update] bling.exe
O4 - HKCU\..\Run: [Microsoft Update] bling.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\windows\system32\msupdate.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\system32\spool.exe
O4 - HKCU\..\Run: [Microsoft Update] C:\WINDOWS\system32\spool.exe
O4 - HKLM\..\Run: [Microsoft Update] CONlME.EXE
O4 - HKLM\..\RunServices: [Microsoft Update] CONlME.EXE
O4 - HKLM\..\Run: [Microsoft Update] drive.exe
O4 - HKLM\..\RunServices: [Microsoft Update] drive.exe
O4 - HKCU\..\Run: [Microsoft Update] drive.exe
O4 - HKLM\..\Run: [Microsoft Update] enule.exe
O4 - HKLM\..\RunServices: [Microsoft Update] enule.exe
O4 - HKLM\..\Run: [Microsoft Update] fixed.exe
O4 - HKLM\..\RunServices: [Microsoft Update] fixed.exe
O4 - HKCU\..\Run: [Microsoft Update] fixed.exe
O4 - HKLM\..\Run: [Microsoft Update] info.exe
O4 - HKLM\..\RunServices: [Microsoft Update] info.exe
O4 - HKLM\..\Run: [Microsoft Update] livemessenger.com
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Microsoft Update] msn.exe
O4 - HKCU\..\Run: [Microsoft Update] msn.exe
O4 - HKLM\..\Run: [Microsoft Update] msnmessenger.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msnmessenger.exe
O4 - HKCU\..\Run: [Microsoft Update] msnmessenger.exe
O4 - HKLM\..\Run: [Microsoft Update] mswins.exe
O4 - HKLM\..\RunServices: [Microsoft Update] mswins.exe
O4 - HKLM\..\Run: [Microsoft Update] nbdos.exe
O4 - HKLM\..\RunServices: [Microsoft Update] nbdos.exe
O4 - HKCU\..\Run: [Microsoft Update] nbdos.exe
O4 - HKLM\..\Run: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\RunServices: [Microsoft Update] rxbot2.exe
O4 - HKCU\..\Run: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\Run: [Microsoft Update] service.exe
O4 - HKLM\..\RunServices: [Microsoft Update] service.exe
O4 - HKLM\..\Run: [Microsoft Update] smss32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] smss32.exe
O4 - HKCU\..\Run: [Microsoft Update] smss32.exe
O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\Run: [Microsoft Update] SP00lSV.exe
O4 - HKLM\..\RunServices: [Microsoft Update] SP00lSV.exe
O4 - HKLM\..\Run: [Microsoft Update] svschost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] svschost.exe
O4 - HKCU\..\Run: [Microsoft Update] svschost.exe
O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\Run: [Microsoft Update] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] system32.exe
O4 - HKCU\..\Run: [Microsoft Update] system32.exe
O4 - HKLM\..\Run: [Microsoft Update] taksmanager.exe
O4 - HKLM\..\RunServices: [Microsoft Update] taksmanager.exe
O4 - HKLM\..\Run: [Microsoft Update] taskmgr32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] taskmgr32.exe
O4 - HKCU\..\Run: [Microsoft Update] taskmgr32.exe
O4 - HKLM\..\Run: [Microsoft update] tskmgr.exe
O4 - HKLM\..\RunServices: [Microsoft update] tskmgr.exe
O4 - HKLM\..\Run: [Microsoft Update] update.exe
O4 - HKLM\..\RunServices: [Microsoft Update] update.exe
O4 - HKCU\..\Run: [Microsoft Update] update.exe
O4 - HKLM\..\Run: [Microsoft Update] wangard.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wangard.exe
O4 - HKCU\..\Run: [Microsoft Update] wangard.exe
O4 - HKLM\..\Run: [Microsoft Update] win32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] win32.exe
O4 - HKCU\..\Run: [Microsoft Update] win32.exe
O4 - HKLM\..\Run: [Microsoft Update] WinDrv32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] WinDrv32.exe
O4 - HKCU\..\Run: [Microsoft Update] WinDrv32.exe
O4 - HKLM\..\Run: [Microsoft Update] wingrd32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wingrd32.exe
O4 - HKCU\..\Run: [Microsoft Update] wingrd32.exe
O4 - HKLM\..\Run: [Microsoft Update] winsys.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys.exe
O4 - HKCU\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuampd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\Run: [Microsoft Updates] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Updates] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Microsoft Updates] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Updates] (Random 9 Letter).exe
O4 - HKLM\..\Run: [Microsoft Updates] helps.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] helps.exe
O4 - HKCU\..\Run: [Microsoft Updates] helps.exe
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Microsoft Updates] svshost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe
O4 - HKLM\..\Run: [Microsoft Updates] winit.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] winit.exe
O4 - HKLM\..\Run: [Microsoft Updates] wkops.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wkops.exe
O4 - HKLM\..\Run: [Microft Update 32] winssx.exe
O4 - HKLM\..\RunServices: [Microft Update 32] winssx.exe
O4 - HKLM\..\Run: [Microsoft Update 32] neta.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] neta.exe
O4 - HKLM\..\Run: [Microsoft Update 32] network.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] network.exe
O4 - HKLM\..\Run: [Microsoft Update 32] windowsp.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] windowsp.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininxt.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininxt.exe
O4 - HKLM\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKLM\..\Run: [Microsoft Update Device Drivers] C:\WINDOWS\system32\drivers\wuauclt.exe
O4 - HKLM\..\RunServices: [Microsoft Update Device Drivers] C:\WINDOWS\system32\drivers\wuauclt.exe
O4 - HKCU\..\Run: [Microsoft Update Device Drivers] C:\WINDOWS\system32\drivers\wuauclt.exe
O4 - HKCU\..\RunServices: [Microsoft Update Device Drivers] C:\WINDOWS\system32\drivers\wuauclt.exe
O4 - HKLM\..\Run: [Microsoft Update Drivers] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Drivers] explorers.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] bee.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bee.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bot.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] bot.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] cssrssv.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] explore.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] explore.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] explore.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] infoDLL.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] infoDLL.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] infoDLL.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] MSlti32.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] MSlti32.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] rx.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] rx.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] rx.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] rxhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] rxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] rxhost.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] svrhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] svrhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] svrhost.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] syspic9.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] syspic9.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] syspic9.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] System.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] System.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] System.exe
O4 - HKCU\..\RunServices: [Microsoft Update Machine] System.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] systemi.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemi.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] systemi.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] WINDOWSUPDATE.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] WINDOWSUPDATE.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] WINDOWSUPDATE.exe
O4 - HKCU\..\RunServices: [Microsoft Update Machine] WINDOWSUPDATE.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winhost.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winmgr.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winmgr.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winsys.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winsys.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winsys.exe
O4 - HKCU\..\RunServices: [Microsoft Update Machine] winsys.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winupdte.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winupdte.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winupdte.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] (Random 6 Letter).exe
O4 - HKCU\..\Run: [Microsoft Update Machine] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Microsoft Update Machine] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Microsoft Update Machine] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft Update Manager] AdAware.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] AdAware.exe
O4 - HKCU\..\Run: [Microsoft Update Manager] AdAware.exe
O4 - HKLM\..\Run: [Microsoft Update Manager] scvideo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] scvideo.exe
O4 - HKLM\..\Run: [Microsoft Update Schedule] mscomt32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Schedule] mscomt32.exe
O4 - HKLM\..\Run: [Microsoft Updater] msconsole.exe
O4 - HKLM\..\RunServices: [Microsoft Updater] msconsole.exe
O4 - HKCU\..\Run: [Microsoft Updater] msconsole.exe
O4 - HKCU\..\RunServices: [Microsoft Updater] msconsole.exe
O4 - HKLM\..\Run: [Microsoft Updote] winmsg.exe
O4 - HKLM\..\RunServices: [Microsoft Updote] winmsg.exe
O4 - HKLM\..\Run: [Microsoft Value Service] spool.exe
O4 - HKLM\..\RunServices: [Microsoft Value Service] spool.exe
O4 - HKCU\..\Run: [Microsoft Value Service] spool.exe
O4 - HKCU\..\RunServices: [Microsoft Value Service] spool.exe
O4 - HKLM\..\Run: [Microsoft Values] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Values] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Microsoft Viewer Monitor Manager] viewmon.exe
O4 - HKLM\..\Run: [Microsoft Virtual Service Manager] vservice32.exe
O4 - HKLM\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKLM\..\RunServices: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKCU\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKLM\..\Run: [Microsoft Visual Application] vpcrtf.exe
O4 - HKLM\..\Run: [Microsoft Visual Application] winsyshp.exe
O4 - HKLM\..\Run: [microsoft visual basic] C:\WINDOWS\system32\vb.exe
O4 - HKLM\..\RunServices: [microsoft visual basic] C:\WINDOWS\system32\vb.exe
O4 - HKLM\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\Run: [Microsoft Web CP Manager] webcp32.exe
O4 - HKLM\..\Run: [Microsoft web update] webmsn.exe
O4 - HKLM\..\RunServices: [Microsoft web update] webmsn.exe
O4 - HKLM\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKLM\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKLM\..\Run: [Microsoft WIN32 DOS] MSdos32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 DOS] MSdos32.exe
O4 - HKLM\..\Run: [Microsoft WIN32 Security] MSsec32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 Security] MSsec32.exe
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] bootini.exe
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O4 - HKCU\..\RunServices: [Microsoft Windows] bootini.exe
O4 - HKLM\..\Run: [Microsoft Windows] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Windows] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Microsoft Windows] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Microsoft Windows] System.exe.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] System.exe.exe
O4 - HKCU\..\Run: [Microsoft Windows] System.exe.exe
O4 - HKLM\..\Run: [Microsoft Windows 32 Update] win32update.exe
O4 - HKLM\..\RunServices: [Microsoft Windows 32 Update] win32update.exe
O4 - HKLM\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKLM\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe
O4 - HKCU\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe
O4 - HKLM\..\Run: [Microsoft Windows Config 32] win32conf.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Config 32] win32conf.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [Microsoft Windows Drivers] windrv.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Drivers] windrv.exe
O4 - HKCU\..\Run: [Microsoft Windows Drivers] windrv.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Drivers] windrv.exe
O4 - HKLM\..\Run: [Microsoft Windows Expl0rer] expl0rer.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Expl0rer] expl0rer.exe
O4 - HKLM\..\Run: [Microsoft Windows Explorer] C:\WINDOWS\system32\explorewin.exe
O4 - HKLM\..\Run: [Microsoft Windows Express] Microsoft Update
O4 - HKLM\..\RunServices: [Microsoft Windows Express] Microsoft Update
O4 - HKLM\..\Run: [Microsoft Windows Express] websploit.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Express] websploit.exe
O4 - HKLM\..\Run: [Microsoft Windows Firewall] firewall.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Firewall] firewall.exe
O4 - HKCU\..\Run: [Microsoft Windows Firewall] firewall.exe
O4 - HKLM\..\Run: [Microsoft Windows Locator] mswin32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Locator] mswin32.exe
O4 - HKCU\..\Run: [Microsoft Windows Locator] mswin32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Locator] mswin32.exe
O4 - HKLM\..\Run: [Microsoft Windows Loader] windat32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Loader] windat32.exe
O4 - HKLM\..\Run: [Microsoft windows log service] winlog.exe
O4 - HKLM\..\RunServices: [Microsoft windows log service] winlog.exe
O4 - HKLM\..\Run: [Microsoft Windows RUN DLL] rundl32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows RUN DLL] rundl32.exe
O4 - HKCU\..\Run: [Microsoft Windows RUN DLL] rundl32.exe
O4 - HKLM\..\Run: [Microsoft Windows Secure] windocs.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Secure] windocs.exe
O4 - HKCU\..\Run: [Microsoft Windows Secure] windocs.exe
O4 - HKLM\..\Run: [Microsoft Windows Service] explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Service] explorer.exe
O4 - HKCU\..\Run: [Microsoft Windows Service] explorer.exe
O4 - HKLM\..\Run: [Microsoft Windows Services] msw32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services] msw32.exe
O4 - HKCU\..\Run: [Microsoft Windows Services] msw32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Services] msw32.exe
O4 - HKLM\..\Run: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKCU\..\Run: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKLM\..\Run: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKCU\..\Run: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKLM\..\Run: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKCU\..\Run: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKLM\..\Run: [Microsoft Windows Sound] svghost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svghost.exe
O4 - HKLM\..\Run: [Microsoft Windows Sound] svrhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svrhost.exe
O4 - HKLM\..\Run: [Microsoft Windows Sound] svshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svshost.exe
O4 - HKLM\..\Run: [Microsoft Windows Sound] svuhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svuhost.exe
O4 - HKLM\..\Run: [Microsoft Windows Startup] explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Startup] explorer.exe
O4 - HKLM\..\Run: [Microsoft Windows System] srwhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] srwhost.exe
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [Microsoft Windows System Kernel] kernel32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System Kernel] kernel32.exe
O4 - HKCU\..\Run: [Microsoft Windows System Kernel] kernel32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows System Kernel] kernel32.exe
O4 - HKLM\..\Run: [Microsoft Windows Task Management] mstasks.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Task Management] mstasks.exe
O4 - HKCU\..\Run: [Microsoft Windows Task Management] mstasks.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Task Management] mstasks.exe
O4 - HKLM\..\Run: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKCU\..\Run: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKLM\..\Run: [Microsoft Windows Updata] windows.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] windows.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] mozilla.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] mozilla.exe
O4 - HKLM\..\Run: [MICROSOFT Windows update] pdate.exe
O4 - HKLM\..\RunServices: [MICROSOFT Windows update] pdate.exe
O4 - HKCU\..\Run: [MICROSOFT Windows update] pdate.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] rhost32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] rhost32.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] rhost32.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] syssinfos.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] syssinfos.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] syssinfos.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] windowsapp.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] windowsapp.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] Windows Update.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] Windows Update.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] WINUPDATE.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] WINUPDATE.exe
O4 - HKLM\..\Run: [Microsoft Windows Update 32] winupdate32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update 32] winupdate32.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update 32] winupdate32.exe
O4 - HKCU\..\Run: [Microsoft Windows Update 32] winupdate32.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update 32] winupdate32.exe
O4 - HKLM\..\Run: [Microsoft Windows Update Service] msnmsg.exe
O4 - HKLM\..\Run: [Microsoft Windows Update x86] firefox.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] firefox.exe
O4 - HKLM\..\Run: [Microsoft Windows Update x86] opera.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] opera.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] winupdate.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] winupdate.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater2] WINUPDATE2.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows Updater2] WINUPDATE2.EXE
O4 - HKCU\..\Run: [Microsoft Windows Updater2] WINUPDATE2.EXE
O4 - HKLM\..\Run: [Microsoft Windows Updates] wsap32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updates] wsap32.exe
O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\Run: [Microsoft Windows XP/2K Explorer] winexplorer.exe
O4 - HKLM\..\Run: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKLM\..\RunServices: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKCU\..\Run: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKLM\..\Run: [Microsoft Winedows startup] WinKey.exe
O4 - HKLM\..\RunOnce: [Microsoft Winedows startup] WinKey.exe
O4 - HKLM\..\RunServices: [Microsoft Winedows startup] WinKey.exe
O4 - HKCU\..\Run: [Microsoft Winedows startup] WinKey.exe
O4 - HKCU\..\RunOnce: [Microsoft Winedows startup] WinKey.exe
O4 - HKLM\..\Run: [Microsoft Winedows WinServ] iPodFix.exe
O4 - HKLM\..\RunServices: [Microsoft Winedows WinServ] iPodFix.exe
O4 - HKCU\..\Run: [Microsoft Winedows WinServ] iPodFix.exe
O4 - HKLM\..\Run: [Microsoft Winedows WinServ32] Winserv23.exe
O4 - HKLM\..\RunServices: [Microsoft Winedows WinServ32] Winserv23.exe
O4 - HKLM\..\Run: [Microsoft Winsocks 32 Controller] MSWSCK32.exe
O4 - HKLM\..\RunServices: [Microsoft Winsocks 32 Controller] MSWSCK32.exe
O4 - HKCU\..\Run: [Microsoft Winsocks 32 Controller] MSWSCK32.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\RunOnce: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] syswin32.exe
O4 - HKCU\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\Run: [Microsoft Xp] pdate.exe
O4 - HKLM\..\RunServices: [Microsoft Xp] pdate.exe
O4 - HKLM\..\Run: [Microsoft XPSP Protocol] xp386.exe
O4 - HKLM\..\RunServices: [Microsoft XPSP Protocol] xp386.exe
O4 - HKCU\..\Run: [Microsoft XPSP Protocol] xp386.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] Erun.pif
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] Erun.pif
O4 - HKLM\..\Run: [Microsoftf DDEs Control] FEnR.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] FEnR.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] lxes.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] lxes.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] msnn.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] msnn.exe
O4 - HKLM\..\Run: [Microsoftf DDos Contr0l] runs.pif
O4 - HKLM\..\RunServices: [Microsoftf DDos Contr0l] runs.pif
O4 - HKLM\..\Run: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\Run: [Microsoftf DDEs Control] w33s.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] w33s.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] waes.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] waes.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] wees.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] wees.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] why-.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] why-.exe
O4 - HKLM\..\Run: [Microsofts] WinS0ki.exe
O4 - HKLM\..\RunServices: [Microsofts] WinS0ki.exe
O4 - HKLM\..\Run: [Microsofts Service] lcsrv16.exe
O4 - HKLM\..\RunServices: [Microsofts Service] lcsrv16.exe
O4 - HKCU\..\Run: [Microsofts Service] lcsrv16.exe
O4 - HKLM\..\Run: [Microsoftt Windows Update] (Random 3 Letter).exe
O4 - HKLM\..\RunServices: [Microsoftt Windows Update] (Random 3 Letter).exe
O4 - HKCU\..\Run: [Microsoftt Windows Update] (Random 3 Letter).exe
O4 - HKLM\..\Run: [Microst Serviment] C:\WINDOWS\system32\da.exe
O4 - HKLM\..\RunServices: [Microst Serviment] C:\WINDOWS\system32\da.exe
O4 - HKLM\..\Run: [Micrsft Updese] xagwxz.exe
O4 - HKLM\..\RunServices: [Micrsft Updese] xagwxz.exe
O4 - HKLM\..\Run: [Micsoft-Published-Software] explrer.exe
O4 - HKLM\..\RunServices: [Micsoft-Published-Software] explrer.exe
O4 - HKCU\..\Run: [Micsoft-Published-Software] explrer.exe
O4 - HKLM\..\Run: [Mioft Wiws Seice ent] (Random 5 Letter).exe
O4 - HKLM\..\RunServices: [Mioft Wiws Seice ent] (Random 5 Letter).exe
O4 - HKCU\..\Run: [Mioft Wiws Seice ent] (Random 5 Letter).exe
O4 - HKLM\..\Run: [Mircosoft Task Manager] taskmanager.exe
O4 - HKLM\..\RunServices: [Mircosoft Task Manager] taskmanager.exe
O4 - HKCU\..\Run: [Mircosoft Task Manager] taskmanager.exe
O4 - HKLM\..\Run: [Mircosoft Windows Development Environment] devenv.exe
O4 - HKLM\..\RunServices: [Mircosoft Windows Development Environment] devenv
O4 - HKLM\..\Run: [Mirsoft sdcE] taskmegr.exe
O4 - HKLM\..\RunServices: [Mirsoft sdcE] taskmegr.exe
O4 - HKLM\..\Run: [MJ] C:\RECYCLER\te32.exe
O4 - HKLM\..\Run: [Mlcr0s0ftf DDEs C0ntr0i] WAed.pif
O4 - HKLM\..\RunServices: [Mlcr0s0ftf DDEs C0ntr0i] WAed.pif
O4 - HKLM\..\Run: [Mlcrosoft Updates] C:\WINDOWS\System32\wmwplayers.exe
O4 - HKLM\..\RunServices: [Mlcrosoft Updates] C:\WINDOWS\System32\wmwplayers.exe
O4 - HKLM\..\Run: [mlibsysmc] comzcinc.exe
O4 - HKLM\..\RunServices: [mlibsysmc] comzcinc.exe
O4 - HKLM\..\Run: [mmsass] mldmm.exe
O4 - HKLM\..\RunServices: [mmsass] mldmm.exe
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKLM\..\Run: [MNM Srv] mnmsrv.exe
O4 - HKLM\..\Run: [Modifiet Amateur] C:\WINDOWS\system32\msl.exe
O4 - HKCU\..\Run: [Modifiet Amateur] C:\WINDOWS\system32\msl.exe
O4 - HKLM\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\system32\wuaclt.exe
O4 - HKCU\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\system32\wuaclt.exe
O4 - HKLM\..\Run: [Monitor Infrared Output] WinMIO.exe
O4 - HKLM\..\RunServices: [Monitor Infrared Output] WinMIO.exe
O4 - HKCU\..\Run: [Monitor Infrared Output] WinMIO.exe
O4 - HKLM\..\Run: [Monitor Infrared System] WinMIS.exe
O4 - HKLM\..\RunServices: [Monitor Infrared System] WinMIS.exe
O4 - HKCU\..\Run: [Monitor Infrared System] WinMIS.exe
04 - HKLM\..\Run: [Monitor Resolution] svmhost.exe
O4 - HKLM\..\RunServices: [Monitor Resolution] svmhost.exe
O4 - HKLM\..\Run: [mono.exe] C:\WINDOWS\mono.exe
O4 - HKLM\..\Run: [Mozila] C:\WINDOWS\System32\mozila.exe
O4 - HKLM\..\Run: [mplayer3] C:\WINDOWS\system32\mplayer3.exe
O4 - HKCU\..\Run: [mplayer3] C:\WINDOWS\system32\mplayer3.exe
O4 - HKLM\..\Run: [MPNet] C:\WINDOWS\system32\mpn.exe
O4 - HKLM\..\Run: [MQT Svc] mqtsvc.exe
O4 - HKCU\..\Run: [Mr] C:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [mrsvctr] C:\WINDOWS\system32\mrsvctr.exe
O4 - HKLM\..\Run: [MS Agent Protection] ag1.exe
O4 - HKLM\..\RunServices: [MS Agent Protection] ag1.exe
O4 - HKLM\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\RunServices: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKCU\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\Run: [MS Config] msdconfig.exe
O4 - HKLM\..\RunServices: [MS Config] msdconfig.exe
O4 - HKCU\..\Run: [MS Config] msdconfig.exe
O4 - HKLM\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKLM\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKLM\..\Run: [MS Config Service] Msloader32.exe
O4 - HKLM\..\RunServices: [MS Config Service] Msloader32.exe
O4 - HKLM\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\Run: [MS Domain Name Server Deamon] p.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] p.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] p.exe
O4 - HKLM\..\Run: [MS Domain Name System] MSWDNS32.exe
O4 - HKLM\..\RunServices: [MS Domain Name System] MSWDNS32.exe
O4 - HKCU\..\Run: [MS Domain Name System] MSWDNS32.exe
O4 - HKLM\..\Run: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKLM\..\RunServices: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKCU\..\Run: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKLM\..\Run: [MS Host] msthost.exe
O4 - HKLM\..\Run: [MS Hosts] msthosts.exe
O4 - HKLM\..\Run: [MS Initial] mstinitial.exe
O4 - HKLM\..\Run: [MS Internet Executor 32] MSIXEC32.exe
O4 - HKLM\..\RunServices: [MS Internet Executor 32] MSIXEC32.exe
O4 - HKCU\..\Run: [MS Internet Executor 32] MSIXEC32.exe
O4 - HKLM\..\Run: [MS Internet Explore] MSIEx.exe
O4 - HKLM\..\RunServices: [MS Internet Explore] MSIEx.exe
O4 - HKLM\..\Run: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKCU\..\Run: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKLM\..\Run: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKCU\..\Run: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKLM\..\Run: [Ms Java for Windows NT] msjava.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\Run: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msjava.exe
(or filenames mguard.exe / msi32info.exe / msi32java.exe / MS32.exe)
O4 - HKLM\..\Run: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKLM\..\RunServices: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKCU\..\Run: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKCU\..\RunServices: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKLM\..\Run: [MS Java for Windows XP & NT] javanet.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKLM\..\Run: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKCU\..\Run: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKLM\..\Run: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKCU\..\Run: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKLM\..\Run: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKLM\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\Run: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKLM\..\RunServices: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKCU\..\RunServices: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
(or filename - msejavaupdt32.exe)
O4 - HKLM\..\Run: [Ms load for Windows NT] winskd.exe
O4 - HKCU\..\Run: [Ms load for Windows NT] winskd.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [MS Paint] mspainter.exe
O4 - HKLM\..\Run: [MS Remote Procedure Call] msrpc32.exe
O4 - HKLM\..\RunServices: [MS Remote Procedure Call] msrpc32.exe
O4 - HKCU\..\Run: [MS Remote Procedure Call] msrpc32.exe
O4 - HKLM\..\Run: [MS Security Update 993] msident.exe
O4 - HKLM\..\RunServices: [MS Security Update 993] msident.exe
O4 - HKCU\..\Run: [MS Security Update 993] msident.exe
O4 - HKCU\..\RunServices: [MS Security Update 993] msident.exe
O4 - HKLM\..\Run: [Ms sock for Windows NT] winser.exe
O4 - HKCU\..\Run: [Ms sock for Windows NT] winser.exe
O4 - HKLM\..\Run: [Ms Spool32] iexplore.exe
O4 - HKLM\..\RunServices: [Ms Spool32] iexplore.exe
O4 - HKLM\..\Run: [MS System Call Function] MSSCF32.exe
O4 - HKLM\..\RunServices: [MS System Call Function] MSSCF32.exe
O4 - HKCU\..\Run: [MS System Call Function] MSSCF32.exe
O4 - HKLM\..\Run: [Ms System Config] xplsass.exe
O4 - HKLM\..\RunServices: [Ms System Config] xplsass.exe
O4 - HKCU\..\Run: [Ms System Config] xplsass.exe
O4 - HKLM\..\Run: [Ms System Config] Mscfg.exe
O4 - HKLM\..\RunServices: [Ms System Config] Mscfg.exe
O4 - HKCU\..\Run: [Ms System Config] Mscfg.exe
O4 - HKCU\..\RunServices: [Ms System Config] Mscfg.exe
O4 - HKLM\..\Run: [Ms System Config] pcedit.exe
O4 - HKLM\..\RunServices: [Ms System Config] pcedit.exe
O4 - HKCU\..\Run: [Ms System Config] pcedit.exe
O4 - HKLM\..\Run: [MS Service Drivers] winscv.exe
O4 - HKLM\..\RunServices: [MS Service Drivers] winscv.exe
O4 - HKCU\..\Run: [MS Service Drivers] winscv.exe
O4 - HKCU\..\RunServices: [MS Service Drivers] winscv.exe
O4 - HKLM\..\Run: [ms spool service] msspooler.exe
O4 - HKLM\..\RunServices: [ms spool service] msspooler.exe
O4 - HKCU\..\Run: [ms spool service] msspooler.exe
O4 - HKCU\..\RunServices: [ms spool service] msspooler.exe
O4 - HKLM\..\Run: [Ms Task Manager] tskmgr.exe
O4 - HKLM\..\RunServices: [Ms Task Manager] tskmgr.exe
O4 - HKLM\..\Run: [MS Unix Binary] cssrs.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] cssrs.exe
O4 - HKCU\..\Run: [MS Unix Binary] cssrs.exe
O4 - HKLM\..\Run: [MS Unix Binary] hypertrm.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] hypertrm.exe
O4 - HKCU\..\Run: [MS Unix Binary] hypertrm.exe
O4 - HKLM\..\Run: [MS Unix Binary] msnupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnupdate.exe
O4 - HKLM\..\Run: [MS Unix Binary] msmq2inst.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msmq2inst.exe
O4 - HKCU\..\Run: [MS Unix Binary] msmq2inst.exe
O4 - HKLM\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Norton2005Update.exe
O4 - HKCU\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\Run: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe
O4 - HKLM\..\Run: [MS Unix Binary] win32ttb.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] win32ttb.exe
O4 - HKCU\..\Run: [MS Unix Binary] win32ttb.exe
O4 - HKLM\..\Run: [MS Unix Binary] Win32Update.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Win32Update.exe
O4 - HKCU\..\Run: [MS Unix Binary] Win32Update.exe
O4 - HKLM\..\Run: [MS Unix Binary] WinGuard.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] WinGuard.exe
O4 - HKCU\..\Run: [MS Unix Binary] WinGuard.exe
O4 - HKLM\..\Run: [MS Unix Binary] wrdpad05.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] wrdpad05.exe
O4 - HKCU\..\Run: [MS Unix Binary] wrdpad05.exe
O4 - HKLM\..\Run: [msupdate] msupdate.exe
O4 - HKLM\..\RunServices: [msupdate] msupdate.exe
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\RunServices: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\RunServices: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\Run: [MS Windows Executor Process] MSEXECP32.exe
O4 - HKLM\..\RunServices: [MS Windows Executor Process] MSEXECP32.exe
O4 - HKCU\..\Run: [MS Windows Executor Process] MSEXECP32.exe
O4 - HKLM\..\Run: [MS Windows Local Directory] MSWLD32.exe
O4 - HKLM\..\RunServices: [MS Windows Local Directory] MSWLD32.exe
O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe
O4 - HKLM\..\Run: [MS-Windows Login Service] winlogin32.exe
O4 - HKLM\..\RunServices: [MS-Windows Login Service] winlogin32.exe
O4 - HKLM\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKLM\..\RunServices: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKLM\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\Run: [MS Windows TASK Service] MSWTASK32.exe
O4 - HKLM\..\RunServices: [MS Windows TASK Service] MSWTASK32.exe
O4 - HKCU\..\Run: [MS Windows TASK Service] MSWTASK32.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\msconfig.com
O4 - HKCU\..\Run: [msconfig] C:\WINDOWS\msconfig.com
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [MsConfigs] C:\Program Files\MsConfigs\MsConfigs.exe
O4 - HKLM\..\Run: [msdatabase] msdatabase.exe
O4 - HKLM\..\RunServices: [msdatabase] msdatabase.exe
O4 - HKLM\..\Run: [msdev] msdev.exe
O4 - HKLM\..\RunOnce: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [msdev] msdev.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\RunOnce: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [MSDN for Windows NT] msdn.exe
O4 - HKCU\..\RunServices: [MSDN for Windows NT] msdn.exe
O4 - HKLM\..\RunServices: [MSDN for Windows NT & WinXP] msdnxp.exe
O4 - HKCU\..\RunServices: [MSDN for Windows NT & WinXP] msdnxp.exe
O4 - HKLM\..\RunServices: [MSDN for Windows with NT's] msdn-nt.exe
O4 - HKCU\..\RunServices: [MSDN for Windows with NT's] msdn-nt.exe
O4 - HKLM\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\RunServices: [MSDOS Windows Service] MSDOS.PIF
O4 - HKCU\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\Run: [MSFWAVTSM] FTPDev.exe
O4 - HKLM\..\RunServices: [MSFWAVTSM] FTPDev.exe
O4 - HKLM\..\Run: [Msgw32] C:\WINDOWS\system32\WINMSG32.EXE
O4 - HKLM\..\Run: [msimn.exe] C:\WINDOWS\msimn.exe
O4 - HKCU\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe
O4 - HKLM\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\iTuneshelp.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsas.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsass32.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsuss.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msagent\svhost.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msnsrv.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msscomd.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\scvrun.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\service.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\SexyMama.JPG.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\winmedia.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\wkssvrs.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\wmev.exe
O4 - HKLM\..\Run: [MSN] csrsx.exe
O4 - HKLM\..\Run: [MSN] cssr.exe
O4 - HKLM\..\Run: [MSN] cssrs.exe
O4 - HKLM\..\Run: [MSN] cssrss.exe
O4 - HKLM\..\Run: [MSN] csssrss.exe
O4 - HKCU\..\Run: [MSN] DebugMan.exe
O4 - HKLM\..\Run: [MSN] gallery.exe
O4 - HKLM\..\Run: [MSN] HEREB.exe
O4 - HKLM\..\Run: [MSN] HEREBABYs.exe
O4 - HKLM\..\Run: [MSN] install.exe
O4 - HKLM\..\Run: [MSN] msn16.exe
O4 - HKLM\..\RunServices: [MSN] msn16.exe
O4 - HKCU\..\Run: [MSN] msn16.exe
O4 - HKLM\..\Run: [MSN] Msnhelper.exe
O4 - HKLM\..\Run: [MSN] msnmsgs.exe
O4 - HKLM\..\Run: [MSN] msnsgr.exe
O4 - HKLM\..\Run: [MSN] rfxjga.exe
O4 - HKLM\..\Run: [MSN] scvhost.exe
O4 - HKLM\..\Run: [MSN] serv5.exe
O4 - HKLM\..\Run: [MSN] service52.exe
O4 - HKLM\..\Run: [MSN] servicess.exe
O4 - HKLM\..\Run: [MSN] scvhost.exe
O4 - HKLM\..\Run: [MSN] wdlrss.exe
O4 - HKLM\..\Run: [MSN] winlog32.exe
O4 - HKLM\..\Run: [MSN] wplayer.exe
O4 - HKLM\..\Run: [MSN] wkssvr.exe
O4 - HKLM\..\Run: [MSN] wksvr.exe
O4 - HKLM\..\Run: [MSN6.1 Auto-Updater] v6msn.exe
O4 - HKLM\..\Run: [MsnLiveMessenger] msmsgrs.exe
O4 - HKLM\..\Run: [MsnMessengerSvc] msnmsgr.exe
O4 - HKLM\..\RunServices: [MsnMessengerSvc] msnmsgr.exe
O4 - HKLM\..\Run: [msnmgnr] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\RunServices: [msnmgnr] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [Msnplus.exe] Msnplus.exe
O4 - HKLM\..\RunServices: [Msnplus.exe] Msnplus.exe
O4 - HKCU\..\Run: [Msnplus.exe] Msnplus.exe
O4 - HKLM\..\Run: [msnsmgr] MsnMsr.exe
O4 - HKLM\..\Run: [MSN Applet] msnapplet.exe
O4 - HKLM\..\Run: [MSN Application] msnapp.exe
O4 - HKLM\..\Run: [MSN Auto-Updater] msnaupdater.exe
O4 - HKLM\..\Run: [MSN Auto-Updater] msnupdates.exe
O4 - HKLM\..\Run: [MSN Booster] msnbooster.exe
O4 - HKLM\..\Run: [Msn Boot] msnbootcfg.exe
O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKLM\..\Run: [MSn Client Cfg] msnclicfg.exe
O4 - HKLM\..\Run: [MSN Client Manager] msnclimgr.exe
O4 - HKLM\..\Run: [MSN CNF Manager] msncnfmgr.exe
O4 - HKLM\..\Run: [MSN Communication Manager] msncommgr.exe
O4 - HKLM\..\Run: [MSN Config Mgr] msnconfigs.exe
O4 - HKLM\..\Run: [MSN Configuration] msnconfig.exe
O4 - HKLM\..\Run: [MSN Connection] msncon.exe
O4 - HKLM\..\Run: [MSN CST Manager] mancstmgr.exe
O4 - HKLM\..\Run: [MSN Database Client] msndbcli.exe
O4 - HKLM\..\Run: [MSN Debug Mgr] msndebugs.exe
O4 - HKLM\..\Run: [MSN File & Folder Sharing App] msnfileshare.exe
O4 - HKLM\..\Run: [MSN File Configuration] msnfilecfg.exe
O4 - HKLM\..\Run: [MSN File Sharing] msnusr.exe
O4 - HKLM\..\Run: [MSN File Sharing!] msnuser.exe
O4 - HKLM\..\Run: [MSN File Sharing Wizard] msnsharewiz.exe
O4 - HKLM\..\Run: [Msn Flash Update] msnpro.exe
O4 - HKLM\..\RunServices: [Msn Flash Update] msnpro.exe
O4 - HKLM\..\Run: [Msn Host] msnhost.exe
O4 - HKLM\..\Run: [MSN Hostn] msnhostn.exe
O4 - HKLM\..\Run: [MSN LIVE] msnserver.exe
O4 - HKLM\..\RunServices: [MSN LIVE] msnserver.exe
O4 - HKLM\..\Run: [MSN Live Client] msnlvclient.exe
O4 - HKLM\..\Run: [MSN Live Messanger] msnlive.exe
O4 - HKLM\..\RunServices: [MSN Live Messanger] msnlive.exe
O4 - HKCU\..\Run: [MSN Live Messanger] msnlivegs.exe
O4 - HKLM\..\Run: [MSN Live Messanger] msnlivegs.exe
O4 - HKLM\..\Run: [Msn Loader] msnloader.exe
O4 - HKLM\..\Run: [MSN Manager] msnmgrsv.exe
O4 - HKLM\..\Run: [MSN Manager] usnmsn.exe
O4 - HKLM\..\Run: [Msn Message Acount Helper 7.7] msnmessage7.7.exe
O4 - HKLM\..\Run: [MSN Message Service] msnmsg.exe
O4 - HKLM\..\Run: [MSN Messager] msnmgr.exe
O4 - HKLM\..\Run: [MSN Messages] msnmessgs.exe
O4 - HKLM\..\Run: [Msn Messanger] C:\WINDOWS\system32\crsss.exe
O4 - HKLM\..\RunServices: [Msn Messanger] C:\WINDOWS\system32\crsss.exe
O4 - HKLM\..\Run: [MSN Messanger] msnmsgem.exe
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsgem.exe
O4 - HKLM\..\Run: [MSN messanger] msnmsgsm.exe
O4 - HKLM\..\RunServices: [MSN messanger] msnmsgsm.exe
O4 - HKLM\..\Run: [MSN Messanger] msnmsgsmn.exe
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsgsmn.exe
O4 - HKCU\..\Run: [MSN Messanger] msnmsgsmn.exe
O4 - HKLM\..\Run: [MSN Messanger Live] winntmsn.exe
O4 - HKLM\..\RunServices: [MSN Messanger Live] winntmsn.exe
O4 - HKCU\..\Run: [MSN Messanger Live] winntmsn.exe
O4 - HKLM\..\Run: [Msn Messenger] (Random 4 Letter).exe
O4 - HKLM\..\RunServices: [Msn Messenger] (Random 4 Letter).exe
O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
O4 - HKLM\..\Run: [Msn Messenger] msnmesenger.exe
O4 - HKLM\..\RunServices: [Msn Messenger] msnmesenger.exe
O4 - HKCU\..\Run: [Msn Messenger] msnmesenger.exe
O4 - HKCU\..\RunServices: [Msn Messenger] msnmesenger.exe
O4 - HKLM\..\Run: [MSN Messenger] msnmgr.exe
O4 - HKLM\..\RunOnce: [MSN Messenger] msnmgr.exe
O4 - HKLM\..\RunServices: [MSN Messenger] msnmgr.exe
O4 - HKCU\..\Run: [MSN Messenger] msnmgr.exe
O4 - HKCU\..\RunOnce: [MSN Messenger] msnmgr.exe
O4 - HKLM\..\Run: [MSN Messenger] msnmrigr.exe
O4 - HKLM\..\RunServices: [MSN Messenger] msnmrigr.exe
O4 - HKCU\..\Run: [MSN Messenger] msnmrigr.exe
O4 - HKLM\..\Run: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe
O4 - HKLM\..\RunServices: [Msn Messenger] msnmsgs.exe
O4 - HKLM\..\Policies\Explorer\Run: [Msn Messenger] msnmsgs.exe
O4 - HKLM\..\Run: [MSN MESSENGER] svhostes.exe
O4 - HKLM\..\RunServices: [MSN MESSENGER] svhostes.exe
O4 - HKCU\..\Run: [MSN MESSENGER] svhostes.exe
O4 - HKLM\..\Run: [MSN MESSENGER 9.0] messengerr.exe
O4 - HKLM\..\RunServices: [MSN MESSENGER 9.0] messengerr.exe
O4 - HKCU\..\Run: [MSN MESSENGER 9.0] messengerr.exe
O4 - HKLM\..\Run: [MSN Messenger Inbox Loader] msninbox.exe
O4 - HKLM\..\Run: [MSN Messenger Live Login] msnmessengerlive.exe
O4 - HKLM\..\Run: [MSN Messenger Live Windows] messengerlive.exe
O4 - HKLM\..\Run: [Msn Messenger Plugins] msnplugin.exe
O4 - HKLM\..\Run: [Msn Messenger Service] msnmsg.exe
O4 - HKLM\..\RunServices: [Msn Messenger Service] msnmsg.exe
O4 - HKCU\..\Run: [Msn Messenger Service] msnmsg.exe
O4 - HKCU\..\RunServices: [Msn Messenger Service] msnmsg.exe
O4 - HKLM\..\Run: [MSN Messenger Service Startup] msnservice.exe
O4 - HKLM\..\Run: [MSN Messenger Services] msnmgr.exe
O4 - HKLM\..\Run: [Msn Messenger update] msnservice.exe
O4 - HKLM\..\RunServices: [Msn Messenger update] msnservice.exe
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\Run: [MSN P2P Manager] msnp2pmgr.exe
O4 - HKLM\..\Run: [Msn Patch] msndp.exe
O4 - HKLM\..\RunServices: [Msn Patch] msndp.exe
O4 - HKCU\..\Run: [Msn Plus Updater] msnplus.exe
O4 - HKCU\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKLM\..\Run: [Msn Plus Updater] msnplus.exe
O4 - HKLM\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKLM\..\Run: [MSN Popup Blocker] msnpopblck.exe
O4 - HKLM\..\Run: [MSN Router] msnrouter.exe
O4 - HKLM\..\Run: [MSN RPC Manager] msnrpcmgr.exe
O4 - HKLM\..\Run: [MSN Rx Manager] msnrxmgr.exe
O4 - HKLM\..\Run: [MSN Security Agent] msnsecure.exe
O4 - HKLM\..\Run: [MSN Serv] msmsnserv.exe
O4 - HKLM\..\Run: [Msn Serv] msnserv.exe
O4 - HKLM\..\Run: [MSN Server] msmsnserver.exe
O4 - HKLM\..\Run: [MSN Service] msnsvc.exe
O4 - HKLM\..\Run: [MSN Service!] msnservice.exe
O4 - HKLM\..\Run: [MSN Servicer] msnservicer.exe
O4 - HKLM\..\Run: [MSN Servicer] msnsrv.exe
O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
O4 - HKLM\..\Run: [MSN Services] msnserv.exe
O4 - HKLM\..\Run: [MSN Settings] msnsettings.exe
O4 - HKLM\..\Run: [MSN Settings Manager] msnsetmg.exe
O4 - HKLM\..\Run: [MSN Setup] msnsetup.exe
O4 - HKLM\..\Run: [MSN Software] msnsoftware.exe
O4 - HKLM\..\Run: [MSN Starter] msnstarter.exe
O4 - HKLM\..\Run: [Msn Startup] msnstartup.exe
O4 - HKLM\..\Run: [MSN Tray Monitor] C:\WINDOWS\system32\inetsrv\msnmsgr.exe
O4 - HKLM\..\RunServices: [MSN Tray Monitor] C:\WINDOWS\system32\inetsrv\msnmsgr.exe
O4 - HKCU\..\Run: [MSN Tray Monitor] C:\WINDOWS\system32\inetsrv\msnmsgr.exe
O4 - HKLM\..\Run: [MSN TroubleShoot] msnlive.exe
O4 - HKLM\..\RunServices: [MSN TroubleShoot] msnlive.exe
O4 - HKCU\..\Run: [MSN TroubleShoot] msnlive.exe
O4 - HKLM\..\Run: [MSN Update] dllcon.exe
O4 - HKLM\..\RunServices: [MSN Update] dllcon.exe
O4 - HKCU\..\Run: [MSN Update] dllcon.exe
O4 - HKLM\..\Run: [MSN Update Cfg] msnupdbt.exe
O4 - HKLM\..\Run: [MSN Update Client] msnupdater.exe
O4 - HKLM\..\Run: [MSN Update Client] msnupdcli.exe
O4 - HKLM\..\Run: [MSN Update Service] msnupdsv.exe
O4 - HKLM\..\Run: [MSN Updating] msnupdate.exe
O4 - HKLM\..\RunServices: [MSN Updating] msnupdate.exe
O4 - HKLM\..\Run: [MSN UPSP] msnupnp.exe
O4 - HKLM\..\Run: [MSN User] mymsnusr.exe
O4 - HKLM\..\Run: [MSN User Server] msnserver.exe
O4 - HKLM\..\Run: [MSN User Server!] msnservices.exe
O4 - HKLM\..\Run: [MSN User Service!] msnserv.exe
O4 - HKLM\..\Run: [MSN User Services] msnuserv.exe
O4 - HKLM\..\Run: [MSN XP Client] msnxpcli.exe
O4 - HKLM\..\Run: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\Run: [msnupdt] kolie.exe
O4 - HKLM\..\RunServices: [msnupdt] kolie.exe
O4 - HKCU\..\Run: [msnupdt] kolie.exe
O4 - HKLM\..\Run: [msrdc] msrdc.exe
O4 - HKLM\..\RunServices: [msrdc] msrdc.exe
O4 - HKLM\..\Run: [Mss Serv] msssrv.exe
O4 - HKLM\..\Run: [Msshield.exe] C:\WINDOWS\Msshield.exe
O4 - HKLM\..\Run: [mssonfig] winupdate.exe
O4 - HKLM\..\RunServices: [mssonfig] winupdate.exe
O4 - HKLM\..\RunServices: [MSSQL for Windows NT & XP] mssqlsnt.exe
O4 - HKCU\..\RunServices: [MSSQL for Windows NT & XP] mssqlsnt.exe
O4 - HKLM\..\Run: [MSUpdate] winup.exe
O4 - HKLM\..\RunServices: [MSUpdate] winup.exe
O4 - HKLM\..\Run: [MSUpdater] winnoob.exe
O4 - HKLM\..\RunServices: [MSUpdater] winnoob.exe
O4 - HKLM/../Run: [msvcc25] salvage.exe
O4 - HKLM/../RunServices: [msvcc25] salvage.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [msvss] msvss.exe
O4 - HKLM\..\RunServices: [msvss] msvss.exe
O4 - HKCU\..\Run: [msvss] msvss.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [MSWindowsUpdate] C:\WINDOWS\system32\mswinup.exe
O4 - HKLM\..\Run: [MSWindowsUpdate] C:\WINDOWS\system32\winsecurityxp\mswinup.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [mysvcig38] recsl.exe
O4 - HKLM\..\RunServices: [mysvcig38] recsl.exe
O4 - HKLM\..\Run: [Name Server] mswins.exe
O4 - HKLM\..\RunServices: [Name Server] mswins.exe
O4 - HKCU\..\Run: [Name Server] mswins.exe
O4 - HKLM\..\Run: [NamedSvc] C:\WINDOWS\system\named.exe
O4 - HKLM\..\Run: [NAV Auto Update] IAmSad.exe
O4 - HKCU\..\RunOnce: [NAV Auto Update] IAmSad.exe
O4 - HKLM\..\Run: [NAV Auto Updates] slserver.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserver.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserver.exe
O4 - HKLM\..\Run: [nClient] C:\WINDOWS\System32\cnen.exe
O4 - HKLM\..\Run: [NCplDeamon] winservicess.exe
O4 - HKCU\..\RunOnce: [NCplDeamon] winservicess.exe
O4 - HKLM\..\Run: [Nero Burner] svdhost.exe
O4 - HKLM\..\RunServices: [Nero Burner] svdhost.exe
O4 - HKLM\..\Run: [NeroBurningApp] (Random 7 Letter).exe
O4 - HKCU\..\RunOnce: [NeroBurningApp] (Random 7 Letter).exe
O4 - HKLM\..\Run: [NeroFil] NeroFil.EXE
O4 - HKLM\..\RunServices: [NeroFil] NeroFil.EXE
O4 - HKCU\..\Run: [NeroFil] NeroFil.EXE
O4 - HKCU\..\RunServices: [NeroFil] NeroFil.EXE
O4 - HKLM\..\Run: [Nero FR] nerofree.com
O4 - HKLM\..\RunServices: [Nero FR] nerofree.com
O4 - HKCU\..\Run: [Nero FR] nerofree.com
O4 - HKLM\..\Run: [Netbeans] C:\WINDOWS\system32\netbeans.exe
O4 - HKLM\..\Run: [NetBiosSrvc] HPSrvPrt.exe
O4 - HKCU\..\Run: [NetBiosSrvc] HPSrvPrt.exe
O4 - HKLM\..\Run: [NetBioy Client] netbioy.exe
O4 - HKLM\..\Run: [Net Command Senter] C:\RECYCLER\nvscvse.exe
O4 - HKLM\..\Run: [Net Monitor DDE] plscd.exe
O4 - HKLM\..\RunServices: [Net Monitor DDE] plscd.exe
O4 - HKLM\..\Run: [NET protection system] C:\WINDOWS\system32\Com\netst.exe
O4 - HKLM\..\RunServices: [NET protection system] C:\WINDOWS\system32\Com\netst.exe
O4 - HKCU\..\Run: [NET protection system] C:\WINDOWS\system32\Com\netst.exe
O4 - HKLM\..\Run: [netupdate32] netupdate32.exe
O4 - HKLM\..\RunServices: [netupdate32] netupdate32.exe
O4 - HKLM\..\Run: [Network DDE DSDM] WinDDE.exe
O4 - HKLM\..\RunServices: [Network DDE DSDM] WinDDE.exe
O4 - HKCU\..\Run: [Network DDE DSDM] WinDDE.exe
O4 - HKLM\..\Run: [Network Host Service] (Random 7 Letter)32.exe
O4 - HKLM\..\RunServices: [Network Host Service] (Random 7 Letter)32.exe
O4 - HKLM\..\Run: [Network maneger] C:\WINDOWS\system\svchost.exe
O4 - HKCU\..\Run: [Network maneger] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [Network Provisioning Service] WinNPS.exe
O4 - HKLM\..\RunServices: [Network Provisioning Service] WinNPS.exe
O4 - HKCU\..\Run: [Network Provisioning Service] WinNPS.exe
O4 - HKLM\..\Run: [Network Security] C:\WINDOWS\system32\NSecurity.exe
O4 - HKCU\..\Run: [Network Security] C:\WINDOWS\system32\NSecurity.exe
O4 - HKLM\..\Run: [Network Security Monitor] nsmon.exe
O4 - HKCU\..\Run: [Network Security Monitor] nsmon.exe
O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\system32\nvsvc86.exe
O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\system32\nvsvc86.exe
O4 - HKLM\..\Run: [Network Service] MccTrayApp.exe
O4 - HKLM\..\RunServices: [Network Service] MccTrayApp.exe
O4 - HKLM\..\Run: [New Csnm Manager] csmn.exe
O4 - HKLM\..\RunServices: [New Csnm Manager] csmn.exe
O4 - HKCU\..\Run: [New Csnm Manager] csmn.exe
O4 - HKCU\..\RunServices: [New Csnm Manager] csmn.exe
O4 - HKLM\..\Run: [NiroFile Updated] NiroFile.exe
O4 - HKLM\..\RunServices: [NiroFile Updated] NiroFile.exe
O4 - HKCU\..\Run: [NiroFile Updated] NiroFile.exe
O4 - HKCU\..\RunServices: [NiroFile Updated] NiroFile.exe
O4 - HKLM\..\Run: [NiroFilter Updated] NiroFilter.exe
O4 - HKLM\..\RunServices: [NiroFilter Updated] NiroFilter.exe
O4 - HKCU\..\Run: [NiroFilter Updated] NiroFilter.exe
O4 - HKCU\..\RunServices: [NiroFilter Updated] NiroFilter.exe
O4 - HKLM\..\Run: [NLS Monitor] nlsmon.exe
O4 - HKLM\..\RunServices: [NLS Monitor] nlsmon.exe
O4 - HKLM\..\Run: [NMBgMonitor.exe] C:\WINDOWS\system32\NMBgMonitor.exe
O4 - HKLM\..\Run: [Nod23 Service] nod23.exe
O4 - HKLM\..\RunServices: [Nod23 Service] nod23.exe
O4 - HKLM\..\Run: [Nod29 Service] nodwr.exe
O4 - HKLM\..\RunServices: [Nod29 Service] nodwr.exe
O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe
O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe
O4 - HKLM\..\Run: [Nod32 Service] appserv.exe
O4 - HKLM\..\RunServices: [Nod32 Service] appserv.exe
O4 - HKLM\..\Run: [Nod32 Service] AutoUpdateWin32.exe
O4 - HKLM\..\RunServices: [Nod32 Service] AutoUpdateWin32.exe
O4 - HKLM\..\Run: [Nod32 Service] nod6.exe
O4 - HKLM\..\RunServices: [Nod32 Service] nod6.exe
O4 - HKLM\..\Run: [Nod32 Service] nod32.exe
O4 - HKLM\..\RunServices: [Nod32 Service] nod32.exe
O4 - HKLM\..\Run: [Nod32 Service] alserv32.exe
O4 - HKLM\..\RunServices: [Nod32 Service] alserv32.exe
O4 - HKLM\..\Run: [Nod32 Service] archive.exe
O4 - HKLM\..\RunServices: [Nod32 Service] archive.exe
O4 - HKLM\..\Run: [Nod32 Service] iexplor.exe
O4 - HKLM\..\RunServices: [Nod32 Service] iexplor.exe
O4 - HKLM\..\Run: [Nod32 Service] nod64.exe
O4 - HKLM\..\RunServices: [Nod32 Service] nod64.exe
O4 - HKLM\..\Run: [Nod32 Service] n0m.exe
O4 - HKLM\..\RunServices: [Nod32 Service] n0m.exe
O4 - HKLM\..\Run: [Nod3g2 Service] nod6dr4.exe
O4 - HKLM\..\RunServices: [Nod3g2 Service] nod6dr4.exe
O4 - HKLM\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - HKCU\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKCU\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\Run: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe
O4 - HKLM\..\RunServices: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe
O4 - HKCU\..\Run: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe
O4 - HKLM\..\Run: [Norton Antiviral Scanner] C:\WINDOWS\System32\navscnr.exe
O4 - HKLM\..\Run: [Norton Antivirus] nortonav.exe
O4 - HKLM\..\RunServices: [Norton Antivirus] nortonav.exe
O4 - HKCU\..\Run: [Norton Antivirus] nortonav.exe
O4 - HKCU\..\RunServices: [Norton Antivirus] nortonav.exe
O4 - HKLM\..\Run: [Norton Antivirus Kernel Service] C:\WINDOWS\system32\norantivirus.exe
O4 - HKLM\..\Run: [Norton Antivirus Updater] C:\WINDOWS\system32\nortonav.exe
O4 - HKLM\..\Run: [Norton GProtect] ngrfn.exe
O4 - HKLM\..\RunServices: [Norton GProtect] ngrfn.exe
O4 - HKLM\..\Run: [norton system services] vb.exe
O4 - HKLM\..\RunServices: [norton system services] vb.exe
O4 - HKLM\..\Run: [Norton Update] cUpdate.exe
O4 - HKLM\..\RunServices: [Norton Update] cUpdate.exe
O4 - HKLM\..\Run: [Nortons AVS SYSTEM] arse.exe
O4 - HKLM\..\RunServices: [Nortons AVS SYSTEM] arse.exe
O4 - HKCU\..\Run: [Nortons AVS SYSTEM] arse.exe
O4 - HKLM\..\Run: [Notepad] C:\WINDOWS\System32\ntoepad.exe
O4 - HKLM\..\Run: [NPF Value] NPFMONTR.exe
O4 - HKLM\..\RunServices: [NPF Value] NPFMONTR.exe
O4 - HKLM\..\Run: [NT LM Security Support Provider] WinNTLM.exe
O4 - HKLM\..\RunServices: [NT LM Security Support Provider] WinNTLM.exe
O4 - HKLM\..\Run: [nton.exe] C:\WINDOWS\system32\nton.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] fck.exe.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] fck.exe.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] fck.exe.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] fufffy.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] fufffy.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] fufffy.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] soscks32.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] soscks32.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] soscks32.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] sysman.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] sysman.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] sysman.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] systems.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] systems.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] systems.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] WinAbring.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] WinAbring.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] WinAbring.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKLM\..\Run: [Nt System Protocol] ntsystem.exe
O4 - HKLM\..\RunServices: [Nt System Protocol] ntsystem.exe
O4 - HKCU\..\Run: [Nt System Protocol] ntsystem.exe
O4 - HKCU\..\RunServices: [Nt System Protocol] ntsystem.exe
O4 - HKLM\..\Run: [Numerical Xterm Agent] 0x32.exe
O4 - HKLM\..\RunServices: [Numerical Xterm Agent] 0x32.exe
O4 - HKLM\..\Run: [Numerical Xterm Agents] 2x32.exe
O4 - HKLM\..\RunServices: [Numerical Xterm Agents] 2x32.exe
O4 - HKLM\..\Run: [Numerical Xtermz Agent] 1x32.exe
O4 - HKLM\..\RunServices: [Numerical Xtermz Agent] 1x32.exe
O4 - HKLM\..\Run: [NvCpIDeamon] WUAUMQR.EXE
O4 - HKCU\..\RunOnce: [NvCpIDeamon] WUAUMQR.EXE
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [NvGraphicsInterface] Winhost.exe
O4 - HKLM\..\Run: [nVidia Application Drivers] nvidiav32.exe
O4 - HKLM\..\Run: [nVidia Display Drivers (x86)] nvsys86.exe
O4 - HKLM\..\Run: [nVidia System Drivers] nvsys32.exe
O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe
O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Offica Monitor Secura Systeme ] C:\WINDOWS\system32\winxp_sp3.exe
O4 - HKCU\..\Run: [Offica Monitor Secura Systeme ] C:\WINDOWS\system32\winxp_sp3.exe
O4 - HKLM\..\Run: [Office Desktops] C:\WINDOWS\System32\imag.exe
O4 - HKCU\..\Run: [Office Desktops] C:\WINDOWS\System32\imag.exe
O4 - HKLM\..\Run: [Office Monitor] C:\WINDOWS\System32\adv32.exe
O4 - HKCU\..\Run: [Office Monitor] C:\WINDOWS\System32\adv32.exe
O4 - HKLM\..\Run: [Office Monitor] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKCU\..\Run: [Office Monitor] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKLM\..\Run: [Office Monitor Word Exel R] C:\WINDOWS\system32\u.exe
O4 - HKCU\..\Run: [Office Monitor Word Exel R] C:\WINDOWS\system32\u.exe
O4 - HKLM\..\Run: [Office Monitors] C:\WINDOWS\system32\GoogleUpdater.exe
O4 - HKCU\..\Run: [Office Monitors] C:\WINDOWS\system32\GoogleUpdater.exe
O4 - HKLM\..\Run: [Office Monitorse] C:\WINDOWS\System32\algose32.exe
O4 - HKLM\..\RunServices: [Office Monitorse] C:\WINDOWS\System32\algose32.exe
O4 - HKLM\..\Run: [OfficeWord Monitor ] C:\WINDOWS\System32\msn32.exe
O4 - HKCU\..\Run: [OfficeWord Monitor ] C:\WINDOWS\System32\msn32.exe
O4 - HKLM\..\Run: [OfficeWord Monitors] C:\WINDOWS\system32\Offlce.exe
O4 - HKCU\..\Run: [OfficeWord Monitors] C:\WINDOWS\system32\Offlce.exe
O4 - HKLM\..\Run: [Offices Monitors] C:\WINDOWS\system32\algos32.exe
O4 - HKCU\..\Run: [Offices Monitors] C:\WINDOWS\system32\algos32.exe
O4 - HKLM\..\Run: [Offices Monitors] GoogleUpdater.exe
O4 - HKCU\..\Run: [Offices Monitors] GoogleUpdater.exe
O4 - HKLM\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe
O4 - HKLM\..\RunServices: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe
O4 - HKCU\..\Run: [Offices Monitorse] C:\WINDOWS\system32\algose32.exe
04 - HKLM\..\Run: [OpenSSL] C:\WINDOWS\system32\rpcmon.exe
O4 - HKLM\..\Run: [OS Boot Configuration] nspsvc.exe
O4 - HKLM\..\Run: [OS Boot Configuration!] bootconf.exe
O4 - HKLM\..\Run: [OS Boot Load] bootload.exe
O4 - HKLM\..\Run: [OS Boot Loader] bootloader.exe
O4 - HKLM\..\Run: [outlook] outlook.exe
O4 - HKCU\..\Run: [outlook] outlook.exe
O4 - HKLM\..\Run: [Outlook Express] C:\WINDOWS\system32\msinm.exe
O4 - HKLM\..\RunServices: [Outlook Express] C:\WINDOWS\system32\msinm.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [Pag Windows Monitor] pag.exe
O4 - HKLM\..\RunServices: [Pag Windows Monitor] pag.exe
O4 - HKCU\..\Run: [Pag Windows Monitor] pag.exe
O4 - HKLM\..\Run: [Paner cPanle] cPanere.exe
O4 - HKLM\..\RunServices: [Paner cPanle] cPanere.exe
O4 - HKLM\..\Run: [pathname] C:\WINDOWS\system32\pathname.exe
O4 - HKLM\..\Run: [PC Tilecomgm] Tilecomgm.com
O4 - HKLM\..\RunServices: [PC Tilecomgm] Tilecomgm.com
O4 - HKLM\..\Run: [PC Tilecomnu] Tilecomnu.com
O4 - HKLM\..\RunServices: [PC Tilecomnu] Tilecomnu.com
O4 - HKLM\..\Run: [Performs peer to peer connection] WinPTTP.exe
O4 - HKLM\..\RunServices: [Performs peer to peer connection] WinPTTP.exe
O4 - HKCU\..\Run: [Performs peer to peer connection] WinPTTP.exe
O4 - HKLM\..\Run: [PK Guard] C:\WINDOWS\system32\pkguard32.exe
O4 - HKLM\..\RunServices: [PK Guard] C:\WINDOWS\system32\pkguard32.exe
O4 - HKCU\..\Run: [PK Guard] C:\WINDOWS\system32\pkguard32 .exe
O4 - HKLM\..\Run: [playclms] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [PrdMgr.exe] C:\WINDOWS\PrdMgr.exe
O4 - HKLM\..\Run: [PrdMgr.exe] C:\WINDOWS\system32\drivers\PrdMgr.exe
O4 - HKLM\..\Run: [PrevX] C:\WINDOWS\system32\prevx.exe
O4 - HKLM\..\Run: [Print Hp Tray] hpprint.exe
O4 - HKLM\..\RunServices: [Print Hp Tray] hpprint.exe
O4 - HKCU\..\Run: [Print Hp Tray] hpprint.exe
O4 - HKCU\..\Run: [Printer Spooler] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\vmmon32.exe
O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\system32\vmmon32.exe
O4 - HKCU\..\Run: [Printer] C:\WINDOWS\system32\vmmon32.exe
O4 - HKLM\..\Run: [ProAntiVirus] ProAntiVirus.exe
O4 - HKLM\..\RunServices: [ProAntiVirus] ProAntiVirus.exe
O4 - HKCU\..\Run: [ProAntiVirus] ProAntiVirus.exe
O4 - HKLM\..\Run: [procc] C:\WINDOWS\system32\procc32.exe
O4 - HKCU\..\Run: [procc] C:\WINDOWS\system32\procc32.exe
O4 - HKLM\..\Run: [Program Access Service] (Random 10 Letter).exe
O4 - HKLM\..\RunServices: [Program Access Service] (Random 10 Letter).exe
O4 - HKLM\..\Run: [pronto] (Random 4 Letter).exe
O4 - HKLM\..\RunServices: [pronto] (Random 4 Letter).exe
O4 - HKLM\..\Run: [proses] (Random 5 letter).exe
O4 - HKLM\..\RunServices: [proses] (Random 5 letter).exe
O4 - HKLM\..\Run: [Protocol Settings] kav.exe
O4 - HKLM\..\RunServices: [Protocol Settings] kav.exe
O4 - HKCU\..\Run: [Protocol Settings] kav.exe
O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe
O4 - HKLM\..\Run: [Provan Security] psecure.exe
O4 - HKLM\..\RunServices: [Provan Security] psecure.exe
O4 - HKLM\..\Run: [PrU Async Service] C:\WINDOWS\system32\pruas.exe
O4 - HKLM\..\Run: [psyBNC-2.1.4 Client Server] C:\WINDOWS\system32\psyBNC215.exe
O4 - HKLM\..\RunServices: [psyBNC-2.1.4 Client Server] C:\WINDOWS\system32\psyBNC215.exe
O4 - HKLM\..\Run: [psybnc server 3.1] psybnc321.exe
O4 - HKLM\..\RunServices: [psybnc server 3.1] psybnc321.exe
O4 - HKLM\..\Run: [pushbot] service5.exe
O4 - HKLM\..\Run: [pushbot] service52.exe
O4 - HKLM\..\Run: [Qualys] C:\WINDOWS\system32\wmpirvse.exe
O4 - HKLM\..\Run: [Qualys Security] qualysguard.exe
O4 - HKLM\..\RunServices: [Qualys Security] qualysguard.exe
O4 - HKCU\..\Run: [Qualys Security] qualysguard.exe
O4 - HKCU\..\RunServices: [Qualys Security] qualysguard.exe
O4 - HKLM\..\Run: [QuickSet] %systemroot%\system32\mmspng.exe
O4 - HKLM\..\Run: [Random Interface Network] C:\WINDOWS\system32\rst.exe
O4 - HKLM\..\Run: [Random Interface Network Manager] C:\WINDOWS\system32\rinsv.exe
O4 - HKLM\..\Run: [rarup dns] ...explore.xe
O4 - HKLM\..\RunServices: [rarup dns] ...explore.xe
O4 - HKCU\..\Run: [rasman] C:\WINDOWS\System32\rasman32.exe
O4 - HKLM\..\Run: [rasman] C:\WINDOWS\System32\rasman32.exe
O4 - HKLM\..\Run: [RBot v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server] glossary.exe
O4 - HKLM\..\RunServices: [RBot v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server] glossary.exe
O4 - HKCU\..\Run: [RBot v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server] glossary.exe
O4 - HKCU\..\RunServices: [RBot v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server] glossary.exe
O4 - HKLM\..\Run: [rcimlby.exe] C:\WINDOWS\rcimlby.exe
O4 - HKLM\..\Run: [Real Media Player] realplayer2.exe
O4 - HKLM\..\RunServices: [Real Media Player] realplayer2.exe
O4 - HKCU\..\Run: [Real Media Player] realplayer2.exe
O4 - HKLM\..\Run: [Realplayer Video] RealPlay.exe
O4 - HKLM\..\RunServices: [Realplayer Video] RealPlay.exe
O4 - HKLM\..\Run: [Realtek Sound Manager] Realtek.exe
O4 - HKCU\..\Run: [Realtek Sound Manager] Realtek.exe
O4 - HKLM\..\Run: [Realtek Sound Manager] Tecompntwx.exe
O4 - HKCU\..\Run: [Realtek Sound Manager] Tecompntwx.exe
O4 - HKLM\..\Run: [regedit] autoexe.exe
O4 - HKLM\..\RunServices: [regedit] autoexe.exe
O4 - HKCU\..\Run: [regedit] autoexe.exe
O4 - HKLM\..\Run: [Registry Checkup System326a Monitor] Winregs326a.exe
O4 - HKLM\..\RunServices: [Registry Checkup System326a Monitor] Winregs326a.exe
O4 - HKCU\..\Run: [Registry Checkup System326a Monitor] Winregs326a.exe
O4 - HKLM\..\Run: [Registry Serv] regsvr.exe
O4 - HKLM\..\Run: [Registry Server] regserv.exe
O4 - HKLM\..\Run: [Registry Service] C:\WINDOWS\system32\resvs.exe
O4 - HKLM\..\Run: [Registry Services] regsrv.exe
O4 - HKLM\..\Run: [Registry System] Regsys.exe
O4 - HKLM\..\RunServices: [Registry System] Regsys.exe
O4 - HKLM\..\Run: [Registry Value Name] winapi32.exe
O4 - HKLM\..\RunServices: [Registry Value Name] winapi32.exe
O4 - HKLM\..\Run: [Realaudio Player] realaudio32.exe
O4 - HKLM\..\RunServices: [Realaudio Player] realaudio32.exe
O4 - HKLM\..\Run: [Recycler DO NOT MODIFY] recyclecl.exe
O4 - HKLM\..\RunServices: [Recycler DO NOT MODIFY] recyclecl.exe
O4 - HKCU\..\Run: [Recycler DO NOT MODIFY] recyclecl.exe
O4 - HKCU\..\RunServices: [Recycler DO NOT MODIFY] recyclecl.exe
O4 - HKLM\..\Run: [ReminderPostBoot] dobo.exe
O4 - HKLM\..\RunServices: [ReminderPostBoot] dobo.exe
O4 - HKCU\..\Run: [ReminderPostBoot] dobo.exe
O4 - HKLM\..\Run: [Remote Access Adapter] rvasvc.exe
O4 - HKLM\..\Run: [Remote Access Domain] rswsvc.exe
O4 - HKLM\..\Run: [Remote Access Monitor] rpgsvc.exe
O4 - HKLM\..\Run: [Remote Access Monitor] rwpsvc.exe
O4 - HKLM\..\Run: [Remote Access Tool] rwosvc.exe
O4 - HKLM\..\Run: [Remote Desktop Help Session Manager] C:\WINDOWS\system32\WinRDH.exe
O4 - HKLM\..\RunServices: [Remote Desktop Help Session Manager] C:\WINDOWS\system32\WinRDH.exe
O4 - HKCU\..\Run: [Remote Desktop Help Session Manager] C:\WINDOWS\system32\WinRDH.exe
O4 - HKLM\..\Run: [Remote Event System] resmsvc.exe
O4 - HKLM\..\Run: [Remote Heacle Deamon Security Audit] rhdsa.exe
O4 - HKLM\..\Run: [Remote Services Manager] msrmsvc.exe
O4 - HKLM\..\Run: [Remote Storage Access] rmasvc.exe
O4 - HKLM\..\Run: [Remote Terminal Task] rtsbsvc.exe
O4 - HKLM\..\Run: [REMOVE ME] info.exe
O4 - HKLM\..\RunServices: [REMOVE ME] info.exe
O4 - HKLM\..\RunOnce: [REMOVE ME] info.exe
O4 - HKCU\..\Run: [REMOVE ME] info.exe
O4 - HKCU\..\RunOnce: [REMOVE ME] info.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [ResearchSpy] suspects.exe
O4 - HKLM\..\RunServices: [ResearchSpy] suspects.exe
O4 - HKCU\..\Run: [ResearchSpy] suspects.exe
O4 - HKLM\..\Run: [Restor] (Random 10 Letter).exe
O4 - HKLM\..\RunServices: [Restor] (Random 10 Letter).exe
O4 - HKLM\..\Run: [reszrv] (Random 8 Letter).exe
O4 - HKCU\..\Run: [reszrv] (Random 8 Letter).exe
O4 - HKLM\..\Run: [regvcs.exe] C:\WINDOWS\system32\drivers\regvcs.exe
O4 - HKLM\..\Run: [rfcsx] (Random 8 Letter).exe
O4 - HKCU\..\Run: [rfcsx] (Random 8 Letter).exe
O4 - HKLM\..\Run: [RIOTBOT] riotz.exe
O4 - HKLM\..\RunServices: [RIOTBOT] riotz.exe
O4 - HKCU\..\Run: [RIOTBOT] riotz.exe
O4 - HKLM\..\Run: [RisingMate] pacoba.exe
O4 - HKLM\..\RunServices: [RisingMate] pacoba.exe
O4 - HKCU\..\Run: [RisingMate] pacoba.exe
O4 - HKLM\..\Run: [Rout111] serv454.exe
O4 - HKLM\..\RunOnce: [Rout111] serv454.exe
O4 - HKLM\..\RunServices: [Rout111] serv454.exe
O4 - HKCU\..\Run: [Rout111] serv454.exe
O4 - HKCU\..\RunOnce: [Rout111] serv454.exe
O4 - HKLM\..\Run: [RPC Drivers] C:\WINDOWS\system32\inetsrv\rpcall.exe
O4 - HKLM\..\RunServices: [RPC Drivers] C:\WINDOWS\system32\inetsrv\rpcall.exe
O4 - HKCU\..\Run: [RPC Drivers] C:\WINDOWS\system32\inetsrv\rpcall.exe
O4 - HKLM\..\Run: [RPC Secured] lsass2.exe
O4 - HKLM\..\RunServices: [RPC Secured] lsass2.exe
O4 - HKCU\..\Run: [RPC Secured] lsass2.exe
O4 - HKLM\..\Run: [RPM Services] rpmserv.exe
O4 - HKLM\..\RunServices: [RPM Services] rpmserv.exe
O4 - HKCU\..\Run: [RPM Services] rpmserv.exe
O4 - HKCU\..\RunServices: [RPM Services] rpmserv.exe
O4 - HKLM\..\Run: [run32] run32dll.exe
O4 - HKLM\..\RunServices: [run32] run32dll.exe
O4 - HKLM\..\Run: [RunDLL Kernel File Core] C:\WINDOWS\system32\Com\rundll.exe
O4 - HKLM\..\RunServices: [RunDLL Kernel File Core] C:\WINDOWS\system32\Com\rundll.exe
O4 - HKCU\..\Run: [RunDLL Kernel File Core] C:\WINDOWS\system32\Com\rundll.exe
O4 - HKLM\..\Run: [RunDLL Kernel File Core System] C:\WINDOWS\system32\Com\rundll32.exe
O4 - HKLM\..\RunServices: [RunDLL Kernel File Core System] C:\WINDOWS\system32\Com\rundll32.exe
O4 - HKCU\..\Run: [RunDLL Kernel File Core System] C:\WINDOWS\system32\Com\rundll32.exe
O4 - HKLM\..\Run: [rundll32app] C:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [runsvc] runsvc.exe
O4 - HKLM\..\RunServices: [runsvc] runsvc.exe
O4 - HKLM\..\Run: [SANS Service] C:\WINDOWS\system32\sansv.exe
O4 - HKLM\..\Run: [ScanReg] NPFMONTR.exe
O4 - HKLM\..\RunServices: [ScanReg] NPFMONTR.exe
O4 - HKLM\..\Run: [Scan Register] C:\WINDOWS\System32\ssms.exe
O4 - HKLM\..\RunServices: [Scan Register] C:\WINDOWS\System32\ssms.exe
O4 - HKCU\..\Run: [Scan Register] C:\WINDOWS\System32\ssms.exe
O4 - HKLM\..\Run: [schedflds] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [scrss] scrss.exe
O4 - HKLM\..\RunServices: [scrss] scrss.exe
O4 - HKCU\..\Run: [scvvhost] C:\WINDOWS\system32\scvvhost.exe
O4 - HKLM\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunOnce: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunServices: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\RunOnce: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\Run: [secdrive.exe] C:\WINDOWS\pchealth\helpctr\binaries\secdrive.exe
O4 - HKLM\..\Run: [secure socket layer] wins32a.exe
O4 - HKLM\..\RunServices: [secure socket layer] wins32a.exe
O4 - HKLM\..\Run: [Secure Socket Layer Certification] C:\WINDOWS\system32\sslcert.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\Run: [secures23] mssecures.exe
O4 - HKLM\..\RunServices: [secures23] mssecures.exe
O4 - HKLM\..\Run: [Security Center Distribution] securesec.exe
O4 - HKLM\..\Run: [Security Host] solhost.exe
O4 - HKLM\..\RunServices: [Security Host] solhost.exe
O4 - HKLM\..\Run: [Security Monitor] securemon.exe
O4 - HKLM\..\Run: [Security Server DB] secserver.exe
O4 - HKLM\..\Run: [Security Service] C:\WINDOWS\System32\secsvc.exe
O4 - HKLM\..\Run: [Security Service DB] secservice.exe
O4 - HKLM\..\Run: [Security System] securesys.exe
O4 - HKLM\..\Run: [Serices Hostin] servicez.exe
O4 - HKLM\..\Run: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKLM\..\RunServices: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKCU\..\Run: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKLM\..\Run: [Server Runtime Error] C:\WINDOWS\system32\wbem\unsec.exe
O4 - HKLM\..\RunServices: [Server Runtime Error] C:\WINDOWS\system32\wbem\unsec.exe
O4 - HKLM\..\Run: [Server Runtime Process] C:\WINDOWS\system32\wbem\unsecapp32.exe
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\unsecapp32.exe
O4 - HKCU\..\Run: [Server Runtime Process] C:\WINDOWS\system32\wbem\unsecapp32.exe
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\unsecapp32.exe
O4 - HKLM\..\Run: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\drivers\service.exe
O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [Service Client] winsvcli.exe
O4 - HKLM\..\Run: [Service Defender] C:\WINDOWS\system32\,),)W))W))W*.exe
O4 - HKLM\..\Run: [Services DLL Loader] srvdll.exe
O4 - HKLM\..\Run: [Service Drivers] MSNMEssenger.exe
O4 - HKLM\..\RunServices: [Service Drivers] MSNMEssenger.exe
O4 - HKCU\..\Run: [Service Drivers] MSNMEssenger.exe
O4 - HKCU\..\RunServices: [Service Drivers] MSNMEssenger.exe
O4 - HKLM\..\Run: [Service Host] %Temp%\svc.exe
O4 - HKLM\..\Run: [Service Host] %Temp%\svchost.exe
O4 - HKLM\..\Run: [Service Management] C:\WINDOWS\system32\inetsrv\service.exe
O4 - HKLM\..\RunServices: [Service Management] C:\WINDOWS\system32\inetsrv\service.exe
O4 - HKCU\..\Run: [Service Management] C:\WINDOWS\system32\inetsrv\service.exe
O4 - HKLM\..\Run: [Service Monitor] csnss.exe
O4 - HKLM\..\RunServices: [Service Monitor] csnss.exe
O4 - HKLM\..\Run: [Service Monitor] fllnm.exe
O4 - HKLM\..\RunServices: [Service Monitor] fllnm.exe
O4 - HKLM\..\Run: [Service Monitor] msmisso.exe
O4 - HKLM\..\RunServices: [Service Monitor] msmisso.exe
O4 - HKLM\..\Run: [Service Monitor] svhda.exe
O4 - HKLM\..\RunServices: [Service Monitor] svhda.exe
O4 - HKLM\..\Run: [Service Monitor] svhhda.exe
O4 - HKLM\..\RunServices: [Service Monitor] svhhda.exe
O4 - HKLM\..\Run: [Service Monitor] WinOcx.exe
O4 - HKLM\..\RunServices: [Service Monitor] WinOcx.exe
O4 - HKCU\..\Run: [Service Monitor] WinOcx.exe
O4 - HKCU\..\RunServices: [Service Monitor] WinOcx.exe
O4 - HKLM\..\Run: [Service Monotor] mswins.exe
O4 - HKLM\..\RunServices: [Service Monotor] mswins.exe
O4 - HKLM\..\Run: [Service PAck 2] (Random 4 Letter).exe
O4 - HKLM\..\RunServices: [Service PAck 2] (Random 4 Letter).exe
O4 - HKCU\..\Run: [Service PAck 2] (Random 4 Letter).exe
O4 - HKLM\..\Run: [Service PAck hard] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Service PAck hard] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Service PAck hard] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Service PAck SFVP] (Random 4 Letter).exe
O4 - HKLM\..\RunServices: [Service PAck SFVP] (Random 4 Letter).exe
O4 - HKCU\..\Run: [Service PAck SFVP] (Random 4 Letter).exe
O4 - HKLM\..\Run: [Service Restore Panels] servpanel.exe
O4 - HKLM\..\Run: [Service Update Client] svcupdcli.exe
O4 - HKLM\..\Run: [servicestub.exe] C:\WINDOWS\servicestub.exe
O4 - HKLM\..\Run: [Service Update] C:\WINDOWS\system32\alggg.exe
O4 - HKCU\..\Run: [Service Update] C:\WINDOWS\system32\alggg.exe
O4 - HKLM\..\Run: [Servicee] %Temp%\services.exe
O4 - HKLM\..\Run: [Servicer] servcr.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\Services.exe
O4 - HKLM\..\RunServices: [Services] C:\WINDOWS\Services.exe
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [Services Control] iexplore.exe
O4 - HKLM\..\RunServices: [Services Control] iexplore.exe
O4 - HKLM\..\Policies\Explorer\Run: [Services Control] iexplore.exe
O4 - HKLM\..\Run: [Services Management] C:\WINDOWS\system32\inetsrv\services.exe
O4 - HKLM\..\RunServices: [Services Management] C:\WINDOWS\system32\inetsrv\services.exe
O4 - HKCU\..\Run: [Services Management] C:\WINDOWS\system32\inetsrv\services.exe
O4 - HKLM\..\Run: [Services Management Clients] C:\WINDOWS\system32\inetsrv\servc.exe
O4 - HKLM\..\RunServices: [Services Management Clients] C:\WINDOWS\system32\inetsrv\servc.exe
O4 - HKCU\..\Run: [Services Management Clients] C:\WINDOWS\system32\inetsrv\servc.exe
O4 - HKLM\..\Run: [Services Management Unclients] C:\WINDOWS\system32\inetsrv\servu.exe
O4 - HKLM\..\RunServices: [Services Management Unclients] C:\WINDOWS\system32\inetsrv\servu.exe
O4 - HKCU\..\Run: [Services Management Unclients] C:\WINDOWS\system32\inetsrv\servu.exe
O4 - HKLM\..\Run: [Services Managements] C:\WINDOWS\system32\inetsrv\servcs.exe
O4 - HKLM\..\RunServices: [Services Managements] C:\WINDOWS\system32\inetsrv\servcs.exe
O4 - HKCU\..\Run: [Services Managements] C:\WINDOWS\system32\inetsrv\servcs.exe
O4 - HKLM\..\Run: [Services Manager!] svmanager.exe
O4 - HKLM\..\Run: [Services Manager] svsmanager.exe
O4 - HKLM\..\Run: [Services Managers] svcmanager.exe
O4 - HKLM\..\Run: [SES Service] C:\WINDOWS\System32\sesvc.exe
O4 - HKLM\..\Run: [SetPoint.exe] C:\WINDOWS\SetPoint.exe
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Shelldaemon] C:\WINDOWS\Shelldaemon.exe
O4 - HKLM\..\Run: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe
O4 - HKLM\..\RunServices: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe
O4 - HKCU\..\Run: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe
O4 - HKLM\..\Run: [Shield Security] C:\WINDOWS\system32\Com\shield.exe
O4 - HKLM\..\RunServices: [Shield Security] C:\WINDOWS\system32\Com\shield.exe
O4 - HKCU\..\Run: [Shield Security] C:\WINDOWS\system32\Com\shield.exe
O4 - HKLM\..\Run: [Shield32 Security] C:\WINDOWS\system32\Com\shield32.exe
O4 - HKLM\..\RunServices: [Shield32 Security] C:\WINDOWS\system32\Com\shield32.exe
O4 - HKCU\..\Run: [Shield32 Security] C:\WINDOWS\system32\Com\shield32.exe
O4 - HKLM\..\Run: [Skype Startup] c:\windows\system32\skyp.exe
O4 - HKLM\..\Run: [Slave] %Temp%\ipconfig.exe
O4 - HKCU\..\Run: [small b0t] C:\WINDOWS\System32\syschk.exe
O4 - HKLM\..\Run: [smcss] C:\WINDOWS\smcss.exe
O4 - HKLM\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunServices: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\Run: [smsger] C:\WINDOWS\system32\Win.exe
O4 - HKLM\..\RunServices: [smsger] C:\WINDOWS\system32\Win.exe
O4 - HKLM\..\Run: [Smss Host] smhost.exe
O4 - HKLM\..\Run: [SMTP32 Mailing Protocol] smtp32.exe
O4 - HKLM\..\RunServices: [SMTP32 Mailing Protocol] smtp32.exe
O4 - HKCU\..\Run: [SMTP32 Mailing Protocol] smtp32.exe
O4 - HKLM\..\Run: [SND Volumes] sndvolumes.exe
O4 - HKLM\..\Run: [sndrec32.exe] C:\WINDOWS\sndrec32.exe
O4 - HKLM\..\Run: [socklibms] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Sound Driver] svdhost.exe
O4 - HKLM\..\RunServices: [Sound Driver] svdhost.exe
O4 - HKLM\..\Run: [Sound Driver for Windows] sdshost.exe
O4 - HKLM\..\RunServices: [Sound Driver for Windows] sdshost.exe
O4 - HKLM\..\Run: [Sound System] srmhost.exe
O4 - HKLM\..\RunServices: [Sound System] srmhost.exe
O4 - HKLM\..\Run: [Sound System Driver] svlhost.exe
O4 - HKLM\..\RunServices: [Sound System Driver] svlhost.exe
O4 - HKLM\..\Run: [SoundMax Audio Drivers] SndMAX.exe
O4 - HKLM\..\RunServices: [SoundMax Audio Drivers] SndMAX.exe
O4 - HKCU\..\Run: [SoundMax Audio Drivers] SndMAX.exe
O4 - HKCU\..\RunServices: [SoundMax Audio Drivers] SndMAX.exe
O4 - HKLM\..\Run: [Soundmax Audio Drivers] soundmax.exe
O4 - HKLM\..\RunServices: [Soundmax Audio Drivers] soundmax.exe
O4 - HKCU\..\Run: [Soundmax Audio Drivers] soundmax.exe
O4 - HKCU\..\RunServices: [Soundmax Audio Drivers] soundmax.exe
O4 - HKLM\..\Run: [Sound Volume] svchosI.exe
O4 - HKLM\..\RunServices: [Sound Volume] svchosI.exe
O4 - HKLM\..\Run: [sp2svc] sp2svc.exe
O4 - HKLM\..\RunServices: [sp2svc] sp2svc.exe
O4 - HKCU\..\Run: [sp2svc] sp2svc.exe
O4 - HKLM\..\Run: [SPHandler] wuauclt28.exe
O4 - HKLM\..\RunServices: [SPHandler] wuauclt28.exe
O4 - HKCU\..\Run: [SPHandler] wuauclt28.exe
O4 - HKLM\..\Run: [Spooler Host] smhost.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
O4 - HKLM\..\Run: [spoolsv] "C:\Windows\temp\spoolsv\spoolsv.exe"
O4 - HKLM\..\Run: [spoolsvs] C:\WINDOWS\wincfy.exe
O4 - HKLM\..\Run: [SQL Database] C:\WINDOWS\system32\inetsrv\sql.exe
O4 - HKLM\..\RunServices: [SQL Database] C:\WINDOWS\system32\inetsrv\sql.exe
O4 - HKCU\..\Run: [SQL Database] C:\WINDOWS\system32\inetsrv\sql.exe
O4 - HKLM\..\Run: [Srv Host] srvhost.exe
O4 - HKLM\..\Run: [ssms.exe] winn.exe
O4 - HKLM\..\RunServices: [ssms.exe] winn.exe
O4 - HKLM\..\Run: [SSL Manager] amsnmsgs.exe
O4 - HKLM\..\RunServices: [SSL Manager] amsnmsgs.exe
O4 - HKCU\..\Run: [SSL Manager] amsnmsgs.exe
O4 - HKCU\..\RunServices: [SSL Manager] amsnmsgs.exe
O4 - HKLM\..\Run: [start extracting] car.exe
O4 - HKLM\..\RunServices: [start extracting] car.exe
O4 - HKCU\..\Run: [start extracting] car.exe
O4 - HKCU\..\RunServices: [start extracting] car.exe
O4 - HKLM\..\Run: [start extracting] spoolvs.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvs.exe
O4 - HKCU\..\Run: [start extracting] spoolvs.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvs.exe
O4 - HKLM\..\Run: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
O4 - HKCU\..\Run: [start extracting] spoolvse.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
O4 - HKLM\..\Run: [start uploading] smsss.exe
O4 - HKLM\..\RunServices: [start uploading] smsss.exe
O4 - HKCU\..\Run: [start uploading] smsss.exe
O4 - HKCU\..\RunServices: [start uploading] smsss.exe
O4 - HKLM\..\Run: [Start Upping] spoolnt.exe
O4 - HKLM\..\RunServices: [Start Upping] spoolnt.exe
O4 - HKCU\..\Run: [Start Upping] spoolnt.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\Run: [StdAFX] C:\WINDOWS\system32\stdafx.exe
O4 - HKLM\..\Run: [stoner] C:\WINDOWS\system32\winsvcx.exe
O4 - HKLM\..\Run: [StreamAppliance] wuauclt14.exe
O4 - HKLM\..\RunServices: [StreamAppliance] wuauclt14.exe
O4 - HKCU\..\Run: [StreamAppliance] wuauclt14.exe
O4 - HKLM\..\Run: [StreamAppliance] wuauclt16.exe
O4 - HKLM\..\RunServices: [StreamAppliance] wuauclt16.exe
O4 - HKCU\..\Run: [StreamAppliance] wuauclt16.exe
O4 - HKLM\..\Run: [Streams Drivers] %Temp%\winlogon.exe
O4 - HKLM\..\Run: [strmsnnrs] msnmcgrs.exe
O4 - HKLM\..\RunServices: [strmsnnrs] msnmcgrs.exe
O4 - HKCU\..\Run: [strmsnnrs] msnmcgrs.exe
O4 - HKLM\..\Run: [stup1db0t] C:\WINDOWS\system32\_win.exe
O4 - HKCU\..\Run: [stup1db0t] C:\WINDOWS\system32\_win.exe
O4 - HKLM\..\Run: [STV] winscrne.exe
O4 - HKLM\..\RunServices: [STV] winscrne.exe
O4 - HKCU\..\Run: [STV] winscrne.exe
O4 - HKLM\..\Run: [Sun Java] cpu.exe
O4 - HKLM\..\RunServices: [Sun Java] cpu.exe
O4 - HKLM\..\Run: [Sun Java Console for Windows NT & XP] jconsole.exe
O4 - HKLM\..\RunServices: [Sun Java Console for Windows NT & XP] jconsole.exe
O4 - HKCU\..\Run: [Sun Java Console for Windows NT & XP] jconsole.exe
O4 - HKCU\..\RunServices: [Sun Java Console for Windows NT & XP] jconsole.exe
O4 - HKLM\..\Run: [svchos] C:\WINDOWS\svchos.exe
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\(RandomName)\svchost.exe
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\(RandomName)\svchost.exe
O4 - HKLM\..\Run: [svchost] msa.exe
O4 - HKLM\..\RunServices: [svchost] msa.exe
O4 - HKLM\..\Run: [SVCHOST] taskgmr.exe
O4 - HKLM\..\RunServices: [SVCHOST] taskgmr.exe
O4 - HKCU\..\Run: [SVCHOST] taskgmr.exe
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\pchealth\helpctr\binaries\svchost.exe
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [SVCHost2] svchost2.exe
O4 - HKLM\..\RunServices: [SVCHost2] svchost2.exe
O4 - HKLM\..\Run: [Svchost Connection Monitor] kernel.exe
O4 - HKLM\..\RunServices: [Svchost Connection Monitor] kernel.exe
O4 - HKLM\..\Run: [svchost connection monitor] svchost32.exe
O4 - HKLM\..\RunServices: [svchost connection monitor] svchost32.exe
O4 - HKLM\..\Run: [SVCHost Protocol32] scvhost32.exe
O4 - HKLM\..\RunServices: [SVCHost Protocol32] scvhost32.exe
O4 - HKLM\..\Run: [Svhost Service Server] svhostser.exe
O4 - HKLM\..\RunServices: [Svhost Service Server] svhostser.exe
O4 - HKCU\..\Run: [Svhost Service Server] svhostser.exe
O4 - HKCU\..\Run: [svhosts] C:\Windows\System32\svhosts.exe
O4 - HKLM\..\Run: [svshost] svshost.exe
O4 - HKLM\..\Run: [sy] s2.exe
O4 - HKLM\..\RunServices: [sy] s2.exe
O4 - HKLM\..\Run: [Sygaete Personal Firewall] SyGate.exe
O4 - HKLM\..\RunServices: [Sygaete Personal Firewall] SyGate.exe
O4 - HKLM\..\Run: [Sygate Personal Block] Studio.exe
O4 - HKLM\..\RunServices: [Sygate Personal Block] Studio.exe
O4 - HKLM\..\Run: [Sygate Personal Block] Studio.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] itla.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] itla.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] itla.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] un1x.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] un1x.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] un1x.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] win31243.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] win31243.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] win31243.exe
O4 - HKLM\..\Run: [Symantec Administration Service] symlasvc.exe
O4 - HKLM\..\Run: [Symantec Antivirus professional] dfrgfrat.exe
O4 - HKLM\..\RunOnce: [Symantec Antivirus professional] dfrgfrat.exe
O4 - HKLM\..\RunServices: [Symantec Antivirus professional] dfrgfrat.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] dfrgfrat.exe
O4 - HKCU\..\RunOnce: [Symantec Antivirus professional] dfrgfrat.exe
O4 - HKLM\..\Run: [Symantec Antivirus professional] dyndns.exe
O4 - HKLM\..\RunOnce: [Symantec Antivirus professional] dyndns.exe
O4 - HKLM\..\RunServices: [Symantec Antivirus professional] dyndns.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] dyndns.exe
O4 - HKCU\..\RunOnce: [Symantec Antivirus professional] dyndns.exe
O4 - HKLM\..\Run: [Symantec Antivirus professional] f0dns.exe
O4 - HKLM\..\RunOnce: [Symantec Antivirus professional] f0dns.exe
O4 - HKLM\..\RunServices: [Symantec Antivirus professional] f0dns.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] f0dns.exe
O4 - HKCU\..\RunOnce: [Symantec Antivirus professional] f0dns.exe
O4 - HKLM\..\Run: [Symantec Antivirus professional] flushdns.exe
O4 - HKLM\..\RunOnce: [Symantec Antivirus professional] flushdns.exe
O4 - HKLM\..\RunServices: [Symantec Antivirus professional] flushdns.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] flushdns.exe
O4 - HKCU\..\RunOnce: [Symantec Antivirus professional] flushdns.exe
O4 - HKLM\..\Run: [Symantec Antivirus professional] windows .exe
O4 - HKLM\..\RunServices: [Symantec Antivirus professional] windows .exe
O4 - HKLM\..\RunOnce: [Symantec Antivirus professional] windows .exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] windows .exe
O4 - HKCU\..\RunOnce: [Symantec Antivirus professional] windows .exe
O4 - HKLM\..\Run: [Symantec Client Security] symclient.exe
O4 - HKLM\..\Run: [Symantec Configuration Load] symloadcfg.exe
O4 - HKLM\..\Run: [Symantec Configuration Settings] symconfig.exe
O4 - HKLM\..\Run: [Symantec Control Client] symclisvc.exe
O4 - HKLM\..\Run: [Symantec Core LTD] symlsmd.exe
O4 - HKLM\..\Run: [Symantec DB Server] symdbsvr.exe
O4 - HKLM\..\Run: [Symantec Debug Client] symdebugs.exe
O4 - HKLM\..\Run: [Symantec Device Config] symldvc.exe
O4 - HKLM\..\Run: [Symantec Drive Maintenance] symldsm.exe
O4 - HKLM\..\Run: [Symantec Device Manager] symlsrd.exe
O4 - HKLM\..\Run: [Symantec Drive SecMon] symldsv.exe
O4 - HKLM\..\Run: [Symantec Drive Services] symlssdr.exe
O4 - HKLM\..\Run: [Symantec DVD Record] symldvd.exe
O4 - HKLM\..\Run: [Symantec Handler Service] symlsmc.exe
O4 - HKLM\..\Run: [Symantec License Server] symlcsrv.exe
O4 - HKLM\..\Run: [Symantec Licensing Server] symlserv.exe
O4 - HKLM\..\Run: [Symantec Licensing Source] symlsrc.exe
O4 - HKLM\..\Run: [Symantec Licensing Svc] symlsrv.exe
O4 - HKLM\..\Run: [Symantec Network AI] symlsmr.exe
O4 - HKLM\..\Run: [Symantec Registery Services] symlsnreg.exe
O4 - HKLM\..\Run: [Symantec Registry Server] symsnreg.exe
O4 - HKLM\..\Run: [Symantec Restore Services] symlsrw.exe
O4 - HKLM\..\Run: [Symantec RPC Call] symlsrp.exe
O4 - HKLM\..\Run: [Symantec Secure Server] svrhost.exe
O4 - HKLM\..\RunServices: [Symantec Secure Server] svrhost.exe
O4 - HKLM\..\Run: [Symantec Security License] symlsrx.exe
O4 - HKLM\..\Run: [Symantec Service Client] symlcserv.exe
O4 - HKLM\..\Run: [Symantec Spooler Application] symlsma.exe
O4 - HKLM\..\Run: [Symantec System DB] symlssdb.exe
O4 - HKLM\..\Run: [Symantec System Maintenance] symlssm.exe
O4 - HKLM\..\Run: [Symmetrical Network] C:\WINDOWS\system32\symmec.exe
O4 - HKLM\..\Run: [Syncronization Task] shrhost.exe
O4 - HKLM\..\RunServices: [Syncronization Task] shrhost.exe
O4 - HKLM\..\Run: [SysATW] C:\WINDOWS\System32\sysatw.exe
O4 - HKLM\..\Run: [Sysconf32] (Random 7 Letter).exe
O4 - HKCU\..\RunOnce: [Sysconf32] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Sysctrls] mscntrl.exe
O4 - HKLM\..\RunServices: [Sysctrls] mscntrl.exe
O4 - HKCU\..\Run: [Sysctrls] mscntrl.exe
O4 - HKLM\..\Run: [Sysctrls] Sysctrls.exe
O4 - HKLM\..\RunServices: [Sysctrls] Sysctrls.exe
O4 - HKCU\..\Run: [Sysctrls] Sysctrls.exe
O4 - HKLM\..\Run: [Sysctrls] win32dll.exe
O4 - HKLM\..\RunServices: [Sysctrls] win32dll.exe
O4 - HKCU\..\Run: [Sysctrls] win32dll.exe
O4 - HKLM\..\Run: [Sysctrls] winupdate.exe
O4 - HKCU\..\Run: [Sysctrls] winupdate.exe
O4 - HKLM\..\Run: [sysdaemon] sysdaemon.exe
O4 - HKLM\..\RunServices: [sysdaemon] sysdaemon.exe
O4 - HKLM\..\Run: [Sysgate Personal Firewall] syst3ms.exe
O4 - HKLM\..\RunServices: [Sysgate Personal Firewall] syst3ms.exe
O4 - HKCU\..\Run: [Sysgate Personal Firewall] syst3ms.exe
O4 - HKLM\..\Run: [sysinfo] C:\WINDOWS\system32\sysinfo.exe
O4 - HKLM\..\RunServices: [sysinfo] C:\WINDOWS\system32\sysinfo.exe
O4 - HKLM\..\Run: [sysmanager.exe] C:\WINDOWS\system32\sysmanager.exe.exe
O4 - HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\Run: [sysprep] wscntfx.exe
O4 - HKLM\..\RunServices: [sysprep] wscntfx.exe
O4 - HKLM\..\Run: [SySSL] sysl.exe
O4 - HKLM\..\RunServices: [SySSL] sysl.exe
O4 - HKLM\..\Run: [Systam13] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Systam13] (Random 9 Letter).exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\csrss.exe
O4 - HKCU\..\RunOnce: [System] c:\WINDOWS\system32\Drivers\lsass.exe
O4 - HKLM\..\Run: [System] nav32.exe
O4 - HKLM\..\RunServices: [System] nav32.exe
O4 - HKCU\..\Run: [System] nav32.exe
O4 - HKCU\..\RunServices: [System] nav32.exe
O4 - HKLM\..\Run: [System] REG1.exe
O4 - HKLM\..\RunServices: [System] REG1.exe
O4 - HKCU\..\Run: [System] REG1.exe
O4 - HKCU\..\RunServices: [System] REG1.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM32\system32.exe
O4 - HKLM\..\RunServices: [System] C:\WINDOWS\SYSTEM32\system32.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\SYSTEM32\system32.exe
O4 - HKCU\..\RunServices: [System] C:\WINDOWS\SYSTEM32\system32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\smss.exe
O4 - HKCU\..\Run: [SYSTEM] C:\WINDOWS\SystemFile.exe
O4 - HKLM\..\Run: [SYSTEM] windmupdr.exe
O4 - HKLM\..\RunServices: [SYSTEM] windmupdr.exe
O4 - HKCU\..\Run: [SYSTEM] windmupdr.exe
O4 - HKCU\..\RunServices: [SYSTEM] windmupdr.exe
O4 - HKLM\..\Run: [System] winupd.exe
O4 - HKLM\..\RunServices: [System] winupd.exe
O4 - HKCU\..\Run: [System] winupd.exe
O4 - HKCU\..\RunServices: [System] winupd.exe
O4 - HKLM\..\Run: [system.exe] C:\WINDOWS\pchealth\helpctr\binaries\system.exe
O4 - HKLM\..\Run: [system32] C:\system32.exe
O4 - HKLM\..\RunServices: [system32] C:\system32.exe
O4 - HKLM\..\Run: [system32] system32.exe
O4 - HKLM\..\RunServices: [system32] system32.exe
O4 - HKLM\..\Run: [System51616] msnmsgesser.exe
O4 - HKLM\..\Run: [SystemCleaner] %AllUsersProfile%\Clean2.exe
O4 - HKLM\..\Run: [SystemDevic] devic.exe
O4 - HKLM\..\Run: [SystemMigration] C:\WINDOWS\WinMedia.exe
O4 - HKLM\..\Run: [SystemOPsv] scrtvc32.exe
O4 - HKCU\..\RunOnce: [SystemOPsv] scrtvc32.exe
O4 - HKCU\..\RunOnce: [System Update] c:\WINDOWS\system32\Drivers\smss.exe
O4 - HKLM\..\Run: [Systems Service] drivex.exe
O4 - HKLM\..\RunServices: [Systems Service] drivex.exe
O4 - HKLM\..\Run: [systems usb driver] Windows2.exe
O4 - HKLM\..\RunServices: [systems usb driver] Windows2.exe
O4 - HKLM\..\Run: [systemscroot] systembin.exe
O4 - HKLM\..\RunServices: [systemscroot] systembin.exe
O4 - HKCU\..\Run: [systemscroot] systembin.exe
O4 - HKCU\..\RunServices: [systemscroot] systembin.exe
O4 - HKLM\..\Run: [SystemTray] file2.exe
O4 - HKLM\..\RunServices: [NotepadService] file2.exe
O4 - HKLM\..\Run: [SystemTray] filehelps.exe
O4 - HKLM\..\RunServices: [NotepadService] filehelps.exe
O4 - HKLM\..\Run: [SystemTray] lsvhostwinlk.exe
O4 - HKLM\..\RunServices: [NotepadService] lsvhostwinlk.exe
O4 - HKLM\..\Run: [SystemTray] mssgl2.exe
O4 - HKLM\..\RunServices: [NotepadService] mssgl2.exe
O4 - HKCU\..\Run: [SystemTray] mssgl2.exe
O4 - HKLM\..\Run: [SystemTray] wekls4.exe
O4 - HKLM\..\RunServices: [NotepadService] wekls4.exe
O4 - HKCU\..\Run: [SystemTray] wekls4.exe
O4 - HKLM\..\Run: [SystemTray] Windowsupd.exe
O4 - HKLM\..\RunServices: [NotepadService] Windowsupd.exe
O4 - HKCU\..\Run: [SystemTray] Windowsupd.exe
O4 - HKLM\..\Run: [SystemTray] C:\WINDOWS\System32\winligom.exe
O4 - HKLM\..\RunServices: [NotepadService] C:\WINDOWS\System32\winligom.exe
O4 - HKCU\..\Run: [SystemTray] C:\WINDOWS\System32\winligom.exe
O4 - HKLM\..\Run: [SystemTray] vnc.exe
O4 - HKLM\..\RunServices: [NotepadService] vnc.exe
O4 - HKLM\..\Run: [systemw32] systemw32.exe
O4 - HKLM\..\RunServices: [systemw32] systemw32.exe
O4 - HKLM\..\Run: [SystemX] nzm.exe
O4 - HKLM\..\RunServices: [SystemX] nzm.exe
O4 - HKCU\..\Run: [SystemX] nzm.exe
O4 - HKLM\..\Run: [SystemX] sthosts.exe
O4 - HKLM\..\RunServices: [SystemX] sthosts.exe
O4 - HKCU\..\Run: [SystemX] sthosts.exe
O4 - HKLM\..\Run: [systemx32] systemx32.exe
O4 - HKLM\..\RunServices: [systemx32] systemx32.exe
O4 - HKLM\..\Run: [System Auth] system52.exe
O4 - HKLM\..\RunServices: [System Auth] system52.exe
O4 - HKCU\..\Run: [System Auth] system52.exe
O4 - HKLM\..\Run: [System CGI Manager] syscgmgr.exe
O4 - HKLM\..\Run: [System Config] sysloadcnf.exe
O4 - HKLM\..\Run: [System Config Boot] syscgboot.exe
O4 - HKLM\..\Run: [System Control Information] sysinfo.exe
O4 - HKLM\..\RunServices: [System Control Information] sysinfo.exe
O4 - HKCU\..\Run: [System Control Information] sysinfo.exe
O4 - HKCU\..\RunServices: [System Control Information] sysinfo.exe
O4 - HKLM\..\Run: [System Core Memory] syscoremem.exe
O4 - HKLM\..\Run: [System DataBase Root] sysdbroot.exe
O4 - HKLM\..\Run: [System DB Manager] sysdbmg.exe
O4 - HKLM\..\Run: [System Debugger] SystemDebug.exe
O4 - HKLM\..\RunServices: [System Debugger] SystemDebug.exe
O4 - HKLM\..\Run: [System DirectX DLL Loader] C:\WINDOWS\system32\Com\sd32dll.exe
O4 - HKLM\..\RunServices: [System DirectX DLL Loader] C:\WINDOWS\system32\Com\sd32dll.exe
O4 - HKCU\..\Run: [System DirectX DLL Loader] C:\WINDOWS\system32\Com\sd32dll.exe
O4 - HKLM\..\Run: [System Device] devices.exe
O4 - HKLM\..\Run: [System Device Version] systemdv.exe
O4 - HKLM\..\RunServices: [System Device Version] systemdv.exe
O4 - HKCU\..\Run: [System Device Version] systemdv.exe
O4 - HKLM\..\Run: [System Download Manager] SysMgr.exe
O4 - HKLM\..\RunServices: [System Download Manager] SysMgr.exe
O4 - HKLM\..\Run: [System Driver] C:\windows\system\programas\two.bat
O4 - HKLM\..\Run: [System Efficiency Monitor] msedit32.exe
O4 - HKLM\..\RunServices: [System Efficiency Monitor] msedit32.exe
O4 - HKLM\..\Run: [System Fetch DLL Runtime] C:\WINDOWS\mscmtl32.exe
O4 - HKLM\..\Run: [System File] C:\WINDOWS\system32\inetsrv\system.exe
O4 - HKLM\..\RunServices: [System File] C:\WINDOWS\system32\inetsrv\system.exe
O4 - HKCU\..\Run: [System File] C:\WINDOWS\system32\inetsrv\system.exe
O4 - HKLM\..\Run: [System File Startup] C:\WINDOWS\system32\inetsrv\sys32.exe
O4 - HKLM\..\RunServices: [System File Startup] C:\WINDOWS\system32\inetsrv\sys32.exe
O4 - HKCU\..\Run: [System File Startup] C:\WINDOWS\system32\inetsrv\sys32.exe
O4 - HKLM\..\Run: [System Host] scvhost.exe
O4 - HKLM\..\RunServices: [System Host] scvhost.exe
O4 - HKCU\..\Run: [System Host] scvhost.exe
O4 - HKLM\..\Run: [System Hosts Virtual Process] C:\WINDOWS\system32\inetsrv\svhost.exe
O4 - HKLM\..\RunServices: [System Hosts Virtual Process] C:\WINDOWS\system32\inetsrv\svhost.exe
O4 - HKCU\..\Run: [System Hosts Virtual Process] C:\WINDOWS\system32\inetsrv\svhost.exe
O4 - HKLM\..\Run: [System Hosts Virtual Process Memory] C:\WINDOWS\system32\inetsrv\srhost.exe
O4 - HKLM\..\RunServices: [System Hosts Virtual Process Memory] C:\WINDOWS\system32\inetsrv\srhost.exe
O4 - HKCU\..\Run: [System Hosts Virtual Process Memory] C:\WINDOWS\system32\inetsrv\srhost.exe
O4 - HKLM\..\Run: [System Icon Tray] traysys.exe
O4 - HKLM\..\RunServices: [System Icon Tray] traysys.exe
O4 - HKLM\..\Run: [System Information Manager] iexplore.exe
O4 - HKLM\..\RunServices: [System Information Manager] iexplore.exe
O4 - HKCU\..\Run: [System Information Manager] iexplore.exe
O4 - HKLM\..\Run: [System Init] systeminit.exe
O4 - HKLM\..\Run: [System Installer Prep] sysprep.exe
O4 - HKLM\..\Run: [System IP] systemip.exe
O4 - HKCU\..\Run: [System Kernel] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [System Manager] ncvs32.exe
O4 - HKLM\..\RunServices: [System Manager] ncvs32.exe
O4 - HKCU\..\Run: [System Manager] ncvs32.exe
O4 - HKCU\..\RunServices: [System Manager] ncvs32.exe
O4 - HKLM\..\Run: [System Manager] sysmgr.exe
O4 - HKLM\..\Run: [System Manager] sysmngr.exe
O4 - HKLM\..\Run: [System Microsoft Core] C:\WINDOWS\system32\inetsrv\smc.exe
O4 - HKLM\..\RunServices: [System Microsoft Core] C:\WINDOWS\system32\inetsrv\smc.exe
O4 - HKCU\..\Run: [System Microsoft Core] C:\WINDOWS\system32\inetsrv\smc.exe
O4 - HKLM\..\Run: [System Microsoft Direct Sys] C:\WINDOWS\system32\inetsrv\smDS.exe
O4 - HKLM\..\RunServices: [System Microsoft Direct Sys] C:\WINDOWS\system32\inetsrv\smDS.exe
O4 - HKCU\..\Run: [System Microsoft Direct Sys] C:\WINDOWS\system32\inetsrv\smDS.exe
O4 - HKLM\..\Run: [System Microsoft Service] C:\WINDOWS\system32\inetsrv\ssms.exe
O4 - HKLM\..\RunServices: [System Microsoft Service] C:\WINDOWS\system32\inetsrv\ssms.exe
O4 - HKCU\..\Run: [System Microsoft Service] C:\WINDOWS\system32\inetsrv\ssms.exe
O4 - HKLM\..\Run: [System Microsoft SS] C:\WINDOWS\system32\inetsrv\smss.exe
O4 - HKLM\..\RunServices: [System Microsoft SS] C:\WINDOWS\system32\inetsrv\smss.exe
O4 - HKCU\..\Run: [System Microsoft SS] C:\WINDOWS\system32\inetsrv\smss.exe
O4 - HKLM\..\Run: [System Microsoft SSS] C:\WINDOWS\system32\inetsrv\smsss.exe
O4 - HKLM\..\RunServices: [System Microsoft SSS] C:\WINDOWS\system32\inetsrv\smsss.exe
O4 - HKCU\..\Run: [System Microsoft SSS] C:\WINDOWS\system32\inetsrv\smsss.exe
O4 - HKLM\..\Run: [System Presets] systempre.exe
O4 - HKLM\..\Run: [System Process Analization] C:\WINDOWS\system32\Com\sysproc.exe
O4 - HKLM\..\RunServices: [System Process Analization] C:\WINDOWS\system32\Com\sysproc.exe
O4 - HKCU\..\Run: [System Process Analization] C:\WINDOWS\system32\Com\sysproc.exe
O4 - HKLM\..\Run: [System Process Analization Thread] C:\WINDOWS\system32\Com\system.exe
O4 - HKLM\..\RunServices: [System Process Analization Thread] C:\WINDOWS\system32\Com\system.exe
O4 - HKCU\..\Run: [System Process Analization Thread] C:\WINDOWS\system32\Com\system.exe
O4 - HKLM\..\Run: [System Process Analization Thread Scan] C:\WINDOWS\system32\Com\svchost.exe
O4 - HKLM\..\RunServices: [System Process Analization Thread Scan] C:\WINDOWS\system32\Com\svchost.exe
O4 - HKCU\..\Run: [System Process Analization Thread Scan] C:\WINDOWS\system32\Com\svchost.exe
O4 - HKCU\..\Run: [System Registry Manager] sysrgmgr.exe
O4 - HKLM\..\Run: [System Security] C:\WINDOWS\System\syss.exe
O4 - HKLM\..\Run: [System Security Checker] C:\Program Files\Common Files\System\ssc.exe
O4 - HKLM\..\Run: [System Service] backup.exe
O4 - HKLM\..\RunServices: [System Service] backup.exe
O4 - HKLM\..\Run: [System Service] serious.exe
O4 - HKLM\..\RunServices: [System Service] serious.exe
O4 - HKLM\..\Run: [System Service] service.exe
O4 - HKLM\..\RunServices: [System Service] service.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [System Service] servicess.exe
O4 - HKLM\..\RunServices: [System Service] servicess.exe
O4 - HKLM\..\Run: [System Service] WinFx.exe
O4 - HKLM\..\RunServices: [System Service] WinFx.exe
O4 - HKLM\..\Run: [System Service Manager Device] svho.exe
O4 - HKLM\..\RunServices: [System Service Manager Device] svho.exe
O4 - HKLM\..\Run: [System Startup] C:\WINDOWS\system32\inetsrv\sys.exe
O4 - HKLM\..\RunServices: [System Startup] C:\WINDOWS\system32\inetsrv\sys.exe
O4 - HKCU\..\Run: [System Startup] C:\WINDOWS\system32\inetsrv\sys.exe
O4 - HKLM\..\Run: [System Support] torrent.exe
O4 - HKLM\..\RunServices: [System Support] torrent.exe
O4 - HKCU\..\Run: [System Support] torrent.exe
O4 - HKLM\..\Run: [System Task Manager] taskmrg.exe
O4 - HKLM\..\RunServices: [System Task Manager] taskmrg.exe
O4 - HKLM\..\Run: [System Tray Monitor] C:\WINDOWS\system32\inetsrv\tray.exe
O4 - HKLM\..\RunServices: [System Tray Monitor] C:\WINDOWS\system32\inetsrv\tray.exe
O4 - HKCU\..\Run: [System Tray Monitor] C:\WINDOWS\system32\inetsrv\tray.exe
O4 - HKLM\..\Run: [System Update] mssetupconf.exe
O4 - HKLM\..\RunServices: [System Update] mssetupconf.exe
O4 - HKCU\..\Run: [System Update] mssetupconf.exe
O4 - HKCU\..\RunServices: [System Update] mssetupconf.exe
O4 - HKLM\..\Run: [System Update] winamp.exe
O4 - HKLM\..\RunServices: [System Update] winamp.exe
O4 - HKCU\..\Run: [System Update] winamp.exe
O4 - HKCU\..\RunServices: [System Update] winamp.exe
O4 - HKLM\..\Run: [System Updated] svchoes.exe
O4 - HKLM\..\RunServices: [System Updated] svchoes.exe
O4 - HKCU\..\Run: [System Updated] svchoes.exe
O4 - HKCU\..\RunServices: [System Updated] svchoes.exe
O4 - HKLM\..\Run: [System Update Service] systemos.exe
O4 - HKLM\..\RunServices: [System Update Service] systemos.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKCU\..\Run: [System Update Service] update.pif
O4 - HKCU\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\Run: [System Updater Machine] system.exe
O4 - HKLM\..\RunServices: [System Updater Machine] system.exe
O4 - HKLM\..\Run: [System Updater Machine] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [System Updater Machine] (Random 6 Letter).exe
O4 - HKCU\..\Run: [System Updater Machine] (Random 6 Letter).exe
O4 - HKLM\..\Run: [System Updates] (Random 4 Letter).exe
O4 - HKLM\..\RunServices: [System Updates] (Random 4 Letter).exe
O4 - HKCU\..\Run: [System Updates] (Random 4 Letter).exe
O4 - HKCU\..\RunServices: [System Updates] (Random 4 Letter).exe
O4 - HKLM\..\Run: [System Virtual Host File] C:\WINDOWS\system32\inetsrv\scvhost.exe
O4 - HKLM\..\RunServices: [System Virtual Host File] C:\WINDOWS\system32\inetsrv\scvhost.exe
O4 - HKCU\..\Run: [System Virtual Host File] C:\WINDOWS\system32\inetsrv\scvhost.exe
O4 - HKLM\..\Run: [System Virtual Hosts File] C:\WINDOWS\system32\inetsrv\svchosts.exe
O4 - HKLM\..\RunServices: [System Virtual Hosts File] C:\WINDOWS\system32\inetsrv\svchosts.exe
O4 - HKCU\..\Run: [System Virtual Hosts File] C:\WINDOWS\system32\inetsrv\svchosts.exe
O4 - HKLM\..\Run: [syswin.txt] (Random 3 Letter).exe
O4 - HKLM\..\RunServices: [syswin.txt] (Random 3 Letter).exe
O4 - HKCU\..\Run: [syswin.txt] (Random 3 Letter).exe
O4 - HKLM\..\Run: [sysygm32] syscxd32.exe
O4 - HKLM\..\Run: [sysygm64] winrxd64.exe
O4 - HKLM\..\Run: [T4skM4n4g3r] Wink3sk9.exe
O4 - HKCU\..\RunOnce: [T4skM4n4g3r] Wink3sk9.exe
O4 - HKLM\..\Run: [Task Alert] C:\WINDOWS\system32\cmosvc.exe
O4 - HKLM\..\Run: [Task managebrkb] taskmg.exe
O4 - HKLM\..\RunServices: [Task managebrkb] taskmg.exe
O4 - HKCU\..\Run: [Task managebrkb] taskmg.exe
O4 - HKLM\..\Run: [Task manager] taskmangr.exe
O4 - HKLM\..\RunServices: [Task manager] taskmangr.exe
O4 - HKCU\..\Run: [Task manager] taskmangr.exe
O4 - HKLM\..\Run: [Task manager] taskmgr2.exe
O4 - HKLM\..\RunServices: [Task manager] taskmgr2.exe
O4 - HKCU\..\Run: [Task manager] taskmgr2.exe
O4 - HKLM\..\Run: [Task manager] taskmngr.exe
O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [Task manager] taskmngr.exe
O4 - HKLM\..\Run: [Task Manager] tskmngr.exe
O4 - HKLM\..\RunServices: [Task Manager] tskmngr.exe
O4 - HKLM\..\Run: [Task managerkip] taskmgrkip.exe
O4 - HKLM\..\RunServices: [Task managerkip] taskmgrkip.exe
O4 - HKCU\..\Run: [Task managerkip] taskmgrkip.exe
O4 - HKLM\..\Run: [Taskmanager loader] taskldr.exe
O4 - HKLM\..\RunServices: [Taskmanager loader] taskldr.exe
O4 - HKCU\..\Run: [taskmgr] C:\WINDOWS\task.exe
O4 - HKLM\..\Run: [taskmgr] C:\WINNT\system32\explorer.exe
O4 - HKLM\..\Run: [Tasmgr Starup] tasmgr.exe
O4 - HKLM\..\RunServices: [Tasmgr Starup] tasmgr.exe
O4 - HKLM\..\Run: [TCPXP Update] tcpxp.exe
O4 - HKLM\..\RunServices: [TCPXP Update] tcpxp.exe
O4 - HKCU\..\Run: [TCPXP Update] tcpxp.exe
O4 - HKLM\..\Run: [Terminal Services] C:\WINDOWS\system32\mstscc.exe
O4 - HKLM\..\Run: [Terminates Servers Threads] C:\WINDOWS\system32\Com\termsvr.exe
O4 - HKLM\..\RunServices: [Terminates Servers Threads] C:\WINDOWS\system32\Com\termsvr.exe
O4 - HKCU\..\Run: [Terminates Servers Threads] C:\WINDOWS\system32\Com\termsvr.exe
O4 - HKLM\..\Run: [The Intranet] intranet.exe
O4 - HKLM\..\RunServices: [The Intranet] intranet.exe
O4 - HKCU\..\Run: [The Intranet] intranet.exe
O4 - HKCU\..\RunServices: [The Intranet] intranet.exe
O4 - HKLM\..\Run: [TileFree] Tilecomfree.com
O4 - HKLM\..\RunServices: [TileFree] Tilecomfree.com
O4 - HKLM\..\Run: [Tilerun] Tilecom32.com
O4 - HKLM\..\RunServices: [Tilerun] Tilecom32.com
O4 - HKLM\..\Run: [Tilewar] Tilecomwar.com
O4 - HKLM\..\RunServices: [Tilewar] Tilecomwar.com
O4 - HKLM\..\Run: [Tool Update Windows] spooslv.exe
O4 - HKLM\..\RunServices: [Tool Update Windows] spooslv.exe
O4 - HKCU\..\Run: [Tool Update Windows] spooslv.exe
O4 - HKLM\..\Run: [Top Tilecom] Tilecomtop.com
O4 - HKLM\..\RunServices: [Top Tilecom] Tilecomtop.com
O4 - HKLM\..\Run: [Top Tilecomten] Tilecomten.com
O4 - HKLM\..\RunServices: [Top Tilecomten] Tilecomten.com
O4 - HKLM\..\Run: [Topic 1nternet] 1nternet.exe
O4 - HKLM\..\RunServices: [Topic 1nternet] 1nternet.exe
O4 - HKLM\..\Run: [Topic cPanr] cPaner.com
O4 - HKLM\..\RunServices: [Topic cPanr] cPaner.com
O4 - HKLM\..\Run: [Topic lnternet] lnternet.exe
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKLM\..\Run: [Topic lnternet] lnternet32.exe
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet32.exe
O4 - HKLM\..\Run: [Topic MSNGR32] (Random 7 Letter).com
O4 - HKLM\..\RunServices: [Topic MSNGR32] (Random 7 Letter).com
O4 - HKLM\..\Run: [Topic MSNGR32] MSNGR32.com
O4 - HKLM\..\RunServices: [Topic MSNGR32] MSNGR32.com
O4 - HKLM\..\Run: [Topic Soft] Tilesoft.com
O4 - HKLM\..\RunServices: [Topic Soft] Tilesoft.com
O4 - HKLM\..\Run: [Topic Tilesys] Tilesys.com
O4 - HKLM\..\RunServices: [Topic Tilesys] Tilesys.com
O4 - HKLM\..\Run: [Torrent Management Service] TMANAGESVC.EXE
O4 - HKCU\..\RunOnce: [Torrent Management Service] TMANAGESVC.EXE
O4 - HKLM\..\Run: [torsion] C:\WINDOWS\system32\torsion23.exe
04 - HKLM\..\Run: [Transaction Tasker] stdhost.exe
O4 - HKLM\..\RunServices: [Transaction Tasker] stdhost.exe
O4 - HKLM\..\Run: [Tray manager system] C:\WINDOWS\system32\Com\traysys.exe
O4 - HKLM\..\RunServices: [Tray manager system] C:\WINDOWS\system32\Com\traysys.exe
O4 - HKCU\..\Run: [Tray manager system] C:\WINDOWS\system32\Com\traysys.exe
O4 - HKLM\..\Run: [TURXP Protocol] sps32.exe
O4 - HKLM\..\RunServices: [TURXP Protocol] sps32.exe
O4 - HKCU\..\Run: [TURXP Protocol] sps32.exe
O4 - HKLM\..\Run: [udzok] udzou.exe
O4 - HKLM\..\RunServices: [udzok] udzou.exe
O4 - HKCU\..\Run: [udzok] udzou.exe
O4 - HKLM\..\Run: [Universal Plug & Play devices] WinUPPD.exe
O4 - HKLM\..\RunServices: [Universal Plug & Play devices] WinUPPD.exe
O4 - HKCU\..\Run: [Universal Plug & Play devices] WinUPPD.exe
O4 - HKLM\..\Run: [Universal Plugin-n-play helper] C:\WINDOWS\system32\upnphelp.exe
O4 - HKLM\..\RunServices: [Universal Plugin-n-play helper] C:\WINDOWS\system32\upnphelp.exe
O4 - HKLM\..\Run: [Updade Windows] C:\WINDOWS\system32\winlogom.exe
O4 - HKLM\..\RunServices: [Updade Windows] C:\WINDOWS\system32\winlogom.exe
O4 - HKLM\..\Run: [Update] hanz.exe
O4 - HKLM\..\RunServices: [Update] hanz.exe
O4 - HKCU\..\Run: [Update] hanz.exe
O4 - HKLM\..\Run: [Update] winzip.exe
O4 - HKLM\..\RunServices: [Update] winzip.exe
O4 - HKLM\..\Run: [Update Explorer] iexploreupd.exe
O4 - HKLM\..\RunServices: [Update Explorer] iexploreupd.exe
O4 - HKLM\..\Run: [updatemanw] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [update mon sys] updaterar.exe
O4 - HKLM\..\RunServices: [update mon sys] updaterar.exe
O4 - HKLM\..\Run: [Update Service] updater.exe
O4 - HKLM\..\RunServices: [Update Service] updater.exe
O4 - HKLM\..\Run: [update SERVICES] sccpn.exe
O4 - HKLM\..\RunServices: [update SERVICES] sccpn.exe
O4 - HKLM\..\Run: [Update Windows] EXPLORE.EXE
O4 - HKLM\..\RunServices: [Update Windows] EXPLORE.EXE
O4 - HKLM\..\Run: [Update Windows] svch0st.exe
O4 - HKLM\..\RunServices: [Update Windows] svch0st.exe
O4 - HKLM\..\Run: [UpdateXpSp] MS045-XP2.exe
O4 - HKLM\..\RunServices: [UpdateXpSp] MS045-XP2.exe
O4 - HKCU\..\Run: [UpdateXpSp] MS045-XP2.exe
O4 - HKLM\..\Run: [UPD Client] updclient.exe
O4 - HKLM\..\Run: [upme] dllman.exe
O4 - HKLM\..\RunServices: [upme] dllman.exe
O4 - HKLM\..\Run: [USB Device Server!] usbserver.exe
O4 - HKLM\..\Run: [USB MS Update] USBS.exe
O4 - HKLM\..\RunServices: [USB MS Update] USBS.exe
O4 - HKLM\..\Run: [User Debug Manager] usndebug.exe
O4 - HKLM\..\Run: [User Host] usnhost.exe
O4 - HKLM\..\Run: [User Hosting Service] usnhost.exe
O4 - HKLM\..\Run: [User Messages] usrmsg.exe
O4 - HKLM\..\Run: [User Messages Manager] usnmsgs.exe
O4 - HKLM\..\Run: [User Messenger Manager] usnmsgr.exe
O4 - HKLM\..\Run: [User Serv] usnserv.exe
O4 - HKLM\..\Run: [User Servicer] usnsrvc.exe
O4 - HKLM\..\Run: [User Services] usnsvcs.exe
O4 - HKLM\..\Run: [User Sharing] usrshare.exe
O4 - HKLM\..\Run: [User Sharing Manager] usnsharen.exe
O4 - HKLM\..\Run: [User Sharing Server] usnsrv.exe
O4 - HKLM\..\Run: [User Sharing Services] usnsvc.exe
O4 - HKLM\..\Run: [User Sharing Wizard] usnshare.exe
O4 - HKLM\..\Run: [Userfile Sharing Serv] usnsrv.exe
O4 - HKLM\..\Run: [Userfile Sharing Server] usnserv.exe
O4 - HKLM\..\Run: [usnsvc.exe] C:\WINDOWS\usnsvc.exe
O4 - HKLM\..\Run: [value] .svchost.exe
O4 - HKLM\..\RunServices: [value] .svchost.exe
O4 - HKCU\..\Run: [value] .svchost.exe
O4 - HKLM\..\Run: [value] pgnmr.exe
O4 - HKLM\..\RunServices: [value] pgnmr.exe
O4 - HKCU\..\Run: [value] pgnmr.exe
O4 - HKLM\..\Run: [value] spykiller.exe
O4 - HKLM\..\RunServices: [value] spykiller.exe
O4 - HKCU\..\Run: [value] spykiller.exe
O4 - HKLM\..\Run: [valuename] r.exe
O4 - HKLM\..\RunServices: [valuename] r.exe
O4 - HKCU\..\Run: [valuename] r.exe
O4 - HKCU\..\RunServices: [valuename] r.exe
O4 - HKLM\..\Run: [valuename] svchosts.exe
O4 - HKLM\..\RunServices: [valuename] svchosts.exe
O4 - HKCU\..\Run: [valuename] svchosts.exe
O4 - HKCU\..\RunServices: [valuename] svchosts.exe
O4 - HKLM\..\Run: [ValueS0ft] ValueSoft.exe
O4 - HKCU\..\RunOnce: [ValueS0ft] ValueSoft.exe
O4 - HKLM\..\Run: [Value Softic] ValueSoft.exe
O4 - HKLM\..\RunServices: [Value Softic] ValueSoft.exe
O4 - HKLM\..\Run: [ValueWin] Wink2sk7.exe
O4 - HKCU\..\RunOnce: [ValueWin] Wink2sk7.exe
O4 - HKLM\..\Run: [ValueX] %Temp%\services.exe
O4 - HKLM\..\Run: [VbDLL] C:\WINDOWS\COMUSG.EXE
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKLM\..\Run: [VGA Driver] scmhost.exe
O4 - HKLM\..\RunServices: [VGA Driver] scmhost.exe
O4 - HKLM\..\RunServices: [video.com] c:\video.com
O4 - HKLM\..\Run: [VideoDriver] C:\WINDOWS\system32\gspotbot.exe
O4 - HKLM\..\Run: [Video Camera Frog] C:\WINDOWS\system32\wcamfrog.exe
O4 - HKLM\..\RunServices: [Video Camera Frog] C:\WINDOWS\system32\wcamfrog.exe
O4 - HKLM\..\Run: [Video Driver] svbhost.exe
O4 - HKLM\..\RunServices: [Video Driver] svbhost.exe
O4 - HKLM\..\Run: [Video driver] viddriver.exe
O4 - HKCU\..\RunOnce: [Video driver] viddriver.exe
O4 - HKLM\..\Run: [Video Process] MStli32s.exe
O4 - HKLM\..\RunServices: [Video Process] MStli32s.exe
O4 - HKCU\..\Run: [Video Process] MStli32s.exe
O4 - HKCU\..\RunServices: [Video Process] MStli32s.exe
O4 - HKLM\..\Run: [virtual] winprotect.exe
O4 - HKLM\..\RunServices: [virtual] winprotect.exe
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [Virtual CD v6] grplscd.exe
O4 - HKLM\..\RunServices: [Virtual CD v6] grplscd.exe
O4 - HKLM\..\Run: [Virtual Protocol] vr32.exe
O4 - HKLM\..\RunServices: [Virtual Protocol] vr32.exe
O4 - HKCU\..\Run: [Virtual Protocol] vr32.exe
O4 - HKLM\..\Run: [VistaUpgrade] C:\WINDOWS\System32\vistaupgrade.exe
O4 - HKLM\..\Run: [VCS Host] vcshost.exe
O4 - HKLM\..\RunServices: [VCS Host] vcshost.exe
O4 - HKCU\..\Run: [VCS Host] vcshost.exe
O4 - HKLM\..\Run: [Vhosts Protection] C:\WINDOWS\system32\Com\vhosts.exe
O4 - HKLM\..\RunServices: [Vhosts Protection] C:\WINDOWS\system32\Com\vhosts.exe
O4 - HKCU\..\Run: [Vhosts Protection] C:\WINDOWS\system32\Com\vhosts.exe
O4 - HKLM\..\Run: [VMount drive] C:\WINDOWS\system32\Com\vmount.exe
O4 - HKLM\..\RunServices: [VMount drive] C:\WINDOWS\system32\Com\vmount.exe
O4 - HKCU\..\Run: [VMount drive] C:\WINDOWS\system32\Com\vmount.exe
O4 - HKLM\..\Run: [Volume Shadow Configuration] vbdsvc.exe
O4 - HKLM\..\Run: [Volume Shadow Configuration] vbmsvc.exe
O4 - HKLM\..\Run: [Volume Shadow Installer] cvisvc.exe
O4 - HKLM\..\Run: [Volume Shadow Manager] vbcsvc.exe
O4 - HKLM\..\Run: [Volume Task] (Random 10 Letter).exe
O4 - HKCU\..\RunOnce: [Volume Task] (Random 10 Letter).exe
O4 - HKLM\..\Run: [vptray analyzing] C:\WINDOWS\system32\Com\vptray.exe
O4 - HKLM\..\RunServices: [vptray analyzing] C:\WINDOWS\system32\Com\vptray.exe
O4 - HKCU\..\Run: [vptray analyzing] C:\WINDOWS\system32\Com\vptray.exe
O4 - HKLM\..\Run: [vptraya analyzing] C:\WINDOWS\system32\Com\vptraya.exe
O4 - HKLM\..\RunServices: [vptraya analyzing] C:\WINDOWS\system32\Com\vptraya.exe
O4 - HKCU\..\Run: [vptraya analyzing] C:\WINDOWS\system32\Com\vptraya.exe
O4 - HKLM\..\Run: [VSP32 Controls] vsp32.exe
O4 - HKLM\..\RunServices: [VSP32 Controls] vsp32.exe
O4 - HKCU\..\Run: [VSP32 Controls] vsp32.exe
O4 - HKLM\..\Run: [VStudio Manager] C:\WINDOWS\system32\Com\vstudio.exe
O4 - HKLM\..\RunServices: [VStudio Manager] C:\WINDOWS\system32\Com\vstudio.exe
O4 - HKCU\..\Run: [VStudio Manager] C:\WINDOWS\system32\Com\vstudio.exe
O4 - HKLM\..\Run: [vtmesys] netcxcfm.exe
O4 - HKLM\..\Run: [vtmesys] netlprto.exe
O4 - HKLM\..\Run: [VTskMgr.exe] C:\WINDOWS\pchealth\helpctr\binaries\VTskMgr.exe
O4 - HKLM\..\Run: [VX Audio] C:\WINDOWS\system32\vxaudio.exe
O4 - HKLM\..\Run: [wab.exe] C:\WINDOWS\wab.exe
O4 - HKLM\..\Run: [wanman.exe] wanman.exe
O4 - HKLM\..\RunServices: [wanman.exe] wanman.exe
O4 - HKLM\..\Run: [waumgr] waumgr.exe
O4 - HKLM\..\RunServices: [waumgr] waumgr.exe
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [wdfmgr.exe] C:\WINDOWS\wdfmgr.exe
O4 - HKLM\..\Run: [wgeax] C:\WINDOWS\System32\wgeax.exe
O4 - HKLM\..\Run: [whxpin service] ssvsol.exe
O4 - HKLM\..\RunServices: [whxpin service] ssvsol.exe
O4 - HKLM\..\Run: [Wifi Boot] wifiboot.exe
O4 - HKLM\..\Run: [Wifi Booter] wifibooter.exe
O4 - HKLM\..\Run: [Wifi Configuration] wificonfig.exe
O4 - HKLM\..\Run: [Wifi Configuration!] wificonfigs.exe
O4 - HKLM\..\Run: [Wifi Connection] wificon.exe
O4 - HKLM\..\Run: [Wifi Connection!] wificonnect.exe
O4 - HKLM\..\Run: [Wifi Debug] wifidebug.exe
O4 - HKLM\..\Run: [Wifi Loader] wifiload.exe
O4 - HKLM\..\Run: [Wifi Loader!] wifiloader.exe
O4 - HKLM\..\Run: [Wifi Setup] wifisetup.exe
O4 - HKLM\..\Run: [Win] windata.exe
O4 - HKLM\..\RunServices: [Win] windata.exe
O4 - HKCU\..\Run: [Win] windata.exe
O4 - HKLM\..\Run: [Win Config] winconfig.exe
O4 - HKLM\..\Run: [Win Critical File] C:\WINDOWS\system32\inetsrv\win.exe
O4 - HKLM\..\RunServices: [Win Critical File] C:\WINDOWS\system32\inetsrv\win.exe
O4 - HKCU\..\Run: [Win Critical File] C:\WINDOWS\system32\inetsrv\win.exe
O4 - HKLM\..\Run: [Win Defrag] windfrag.exe
O4 - HKLM\..\Run: [Win Defrag!] windefrag.exe
O4 - HKLM\..\Run: [Win Defrags] defrag.exe
O4 - HKLM\..\Run: [Win INI 32] msrp32.exe
O4 - HKLM\..\RunServices: [Win INI 32] msrp32.exe
O4 - HKLM\..\Run: [win msdt service] mswindtc.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKLM\..\Run: [Win Net Wks32] netwks32.exe
O4 - HKLM\..\RunServices: [Win Net Wks32] netwks32.exe
O4 - HKCU\..\Run: [Win Net Wks32] netwks32.exe
O4 - HKCU\..\RunServices: [Win Net Wks32] netwks32.exe
O4 - HKLM\..\Run: [Win Security] winsecure.exe
O4 - HKLM\..\Run: [Win Sync montr] winsyncupx.exe
O4 - HKLM\..\RunServices: [Win Sync montr] winsyncupx.exe
O4 - HKLM\..\Run: [Win Tasks 32] wintasks32.exe
O4 - HKLM\..\RunServices: [Win Tasks 32] wintasks32.exe
O4 - HKCU\..\Run: [Win Tasks 32] wintasks32.exe
O4 - HKLM\..\Run: [Win Update] msnmger.exe
O4 - HKLM\..\RunServices: [Win Update] msnmger.exe
O4 - HKLM\..\Run: [Win Updates] winupdates.exe
O4 - HKLM\..\Run: [Win32] eim.exe
O4 - HKLM\..\RunServices: [Win32] eim.exe
O4 - HKCU\..\Run: [Win32] eim.exe
O4 - HKLM\..\Run: [Win32] msinnt.exe
O4 - HKLM\..\RunServices: [Win32] msinnt.exe
O4 - HKLM\..\Run: [Win32] msnsrv.exe
O4 - HKLM\..\RunServices: [Win32] msnsrv.exe
O4 - HKCU\..\Run: [Win32] msnsrv.exe
O4 - HKLM\..\Run: [Win32] winnnit.exe
O4 - HKLM\..\RunServices: [Win32] winnnit.exe
O4 - HKCU\..\Run: [Win32] winnnit.exe
O4 - HKLM\..\Run: [Win32] zaq.exe
O4 - HKLM\..\RunServices: [Win32] zaq.exe
O4 - HKCU\..\Run: [Win32] zaq.exe
O4 - HKLM\..\Run: [Win32 Critical File] C:\WINDOWS\system32\inetsrv\Win32.exe
O4 - HKLM\..\RunServices: [Win32 Critical File] C:\WINDOWS\system32\inetsrv\Win32.exe
O4 - HKCU\..\Run: [Win32 Critical File] C:\WINDOWS\system32\inetsrv\Win32.exe
O4 - HKLM\..\Run: [Win32 Debug Manager] microsoftupd.exe
O4 - HKLM\..\RunOnce: [Win32 Debug Manager] microsoftupd.exe
O4 - HKLM\..\RunServices: [Win32 Debug Manager] microsoftupd.exe
O4 - HKCU\..\Run: [Win32 Debug Manager] microsoftupd.exe
O4 - HKCU\..\RunOnce: [Win32 Debug Manager] microsoftupd.exe
O4 - HKLM\..\Run: [Win32 FireWire Driver] CTHELPER32.EXE
O4 - HKLM\..\RunServices: [Win32 FireWire Driver] CTHELPER32.EXE
O4 - HKLM\..\RunOnce: [Win32 FireWire Driver] CTHELPER32.EXE
O4 - HKCU\..\Run: [Win32 FireWire Driver] CTHELPER32.EXE
O4 - HKCU\..\RunOnce: [Win32 FireWire Driver] CTHELPER32.EXE
O4 - HKLM\..\Run: [Win32 Help32 Service] C:\WINDOWS\system32\win32help.exe
O4 - HKLM\..\Run: [Win32 Info] windowsnfo.exe
O4 - HKLM\..\RunServices: [Win32 Info] windowsnfo.exe
O4 - HKCU\..\Run: [Win32 Info] windowsnfo.exe
O4 - HKCU\..\RunServices: [Win32 Info] windowsnfo.exe
O4 - HKLM\..\Run: [Win32 Information Service] C:\WINDOWS\system32\crsrs.exe
O4 - HKLM\..\Run: [Win32 LSA Driver] lsa.exe
O4 - HKLM\..\RunOnce: [Win32 LSA Driver] lsa.exe
O4 - HKCU\..\Run: [Win32 LSA Driver] lsa.exe
O4 - HKCU\..\RunOnce: [Win32 LSA Driver] lsa.exe
O4 - HKLM\..\RunServices: [Win32 LSA Driver] lsa.exe
O4 - HKLM\..\Run: [Win32 Notepad Services] notepad32.exe
O4 - HKLM\..\RunServices: [Win32 Notepad Services] notepad32.exe
O4 - HKLM\..\Run: [Win32 NT Adv Services] taskmngr.exe
O4 - HKLM\..\RunServices: [Win32 NT Adv Services] taskmngr.exe
O4 - HKLM\..\Run: [Win32 Security Protocol] secure32.exe
O4 - HKLM\..\RunServices: [Win32 Security Protocol] secure32.exe
O4 - HKCU\..\Run: [Win32 Security Protocol] secure32.exe
O4 - HKLM\..\Run: [Win32 Security Service] C:\WINDOWS\system32\crsss.exe
O4 - HKLM\..\Run: [win32 security updates downloader] tskmngr.exe
O4 - HKLM\..\RunServices: [win32 security updates downloader] tskmngr.exe
O4 - HKLM\..\Run: [win32serv] devicer.exe
O4 - HKLM\..\Run: [win32serv] servicesetup.exe
O4 - HKLM\..\Run: [win32serv] systemdevices.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [Win32 Update] svchosts.exe
O4 - HKLM\..\RunOnce: [Win32 Update] svchosts.exe
O4 - HKLM\..\RunServices: [Win32 Update] svchosts.exe
O4 - HKCU\..\Run: [Win32 Update] svchosts.exe
O4 - HKCU\..\RunOnce: [Win32 Update] svchosts.exe
O4 - HKCU\..\Run: [Win32 Update] C:\WINDOWS\system32\dl32.exe
O4 - HKLM\..\Run: [win32 update service] svchostt.exe
O4 - HKLM\..\RunServices: [win32 update service] svchostt.exe
O4 - HKCU\..\Run: [win32 update service] svchostt.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] updatemgr.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] updatemgr.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] updatemgr.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] updatemgr.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] updatemgr.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\RunServices: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKCU\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKCU\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\Run: [Win322L4oader] C:\WINDOWS\system32\nodd.exe
O4 - HKLM\..\RunServices: [Win322L4oader] C:\WINDOWS\system32\nodd.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\system32\winamp.exe
O4 - HKLM\..\Run: [Winamp Media Player] winamap.exe
O4 - HKLM\..\RunServices: [Winamp Media Player] winamap.exe
O4 - HKCU\..\Run: [Winamp Media Player] winamap.exe
O4 - HKLM\..\Run: [Winamp Media Player] winamp.exe
O4 - HKLM\..\Run: [Winamp Media Player] winaamp.exe
O4 - HKLM\..\RunServices: [Winamp Media Player] winaamp.exe
O4 - HKLM\..\Run: [WinAmp Player] swphost.exe
O4 - HKLM\..\RunServices: [WinAmp Player] swphost.exe
O4 - HKLM\..\Run: [Winamp Player 6] Winamp6.exe
O4 - HKCU\..\RunOnce: [Winamp Player 6] Winamp6.exe
O4 - HKLM\..\Run: [WinampPlugin] winampa.exe
O4 - HKLM\..\RunServices: [WinampPlugin] winampa.exe
O4 - HKLM\..\Run: [winbin] swchost.exe
O4 - HKLM\..\RunServices: [winbin] swchost.exe
O4 - HKCU\..\Run: [winbin] swchost.exe
O4 - HKCU\..\RunServices: [winbin] swchost.exe
O4 - HKLM\..\Run: [winbo32] winbo32.exe
O4 - HKLM\..\RunServices: [winbo32] winbo32.exe
O4 - HKLM\..\Run: [winctl] winctl.exe
O4 - HKLM\..\RunServices: [winctl] winctl.exe
O4 - HKLM\..\Run: [Windir Working] wuaumqr1.exe
O4 - HKCU\..\RunOnce: [Windir Working] wuaumqr1.exe
O4 - HKLM\..\Run: [Windll] C:\WINDOWS\windll.exe
O4 - HKLM\..\Run: [WinDLL (algs.exe)] rundll32.exe C:\WINDOWS\System32\algs.exe,start
O4 - HKLM\..\Run: [WinDLL (aqls32.exe)] C:\WINDOWS\System32\aqls32.exe
O4 - HKLM\..\Run: [WinDLL (asdfsa.exe)] rundll32.exe C:\WINDOWS\System32\asdfsa.exe,start
O4 - HKLM\..\Run: [WinDLL (bix.exe)] rundll32.exe C:\WINDOWS\System32\bix.exe,start
O4 - HKLM\..\Run: [WinDLL (dasda.com)] rundll32.exe C:\WINDOWS\System32\dasda.com,start
O4 - HKLM\..\Run: [WinDLL (dlfksdld.exe)] rundll32.exe C:\WINDOWS\System32\dlfksdld.exe,start
O4 - HKLM\..\Run: [WinDLL (mysnlive.exe)] rundll32.exe C:\WINDOWS\System32\mysnlive.exe,start
O4 - HKLM\..\Run: [WinDLL (slsass.exe)] rundll32.exe C:\WINDOWS\System32\slsass.exe,start
O4 - HKLM\..\Run: [WinDLL (start0s.exe)] rundll32.exe C:\WINDOWS\System32\start0s.exe,start
O4 - HKLM\..\Run: [WinDLL (tmp.exe)] rundll32.exe C:\WINDOWS\system32\tmp.exe,start
O4 - HKLM\..\Run: [WinDLL (tqurity.exe)] rundll32.exe C:\WINDOWS\System32\tqurity.exe,start
O4 - HKLM\..\Run: [WinDLL (windns32.dll)] rundll32.exe C:\WINDOWS\System32\windns32.dll,start
O4 - HKLM\..\Run: [WinDLL (wintmp.exe)] rundll32.exe C:\WINDOWS\system32\wintmp.exe,start
O4 - HKLM\..\Run: [Wind0ws Ser7ice Agent] colwindos.exe
O4 - HKLM\..\RunServices: [Wind0ws Ser7ice Agent] colwindos.exe
O4 - HKCU\..\Run: [Wind0ws Ser7ice Agent] colwindos.exe
O4 - HKLM\..\Run: [Windo Servic Agen] alirexe
O4 - HKLM\..\RunServices: [Windo Servic Agen] alirexe
O4 - HKCU\..\Run: [Windo Servic Agen] alirexe
O4 - HKLM\..\Run: [Windo Servic Agent 32] xagw.exe
O4 - HKLM\..\RunServices: [Windo Servic Agent 32] xagw.exe
O4 - HKCU\..\Run: [Windo Servic Agent 32] xagw.exe
O4 - HKLM\..\Run: [Windos Seres Agnts] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windos Seres Agnts] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windos Seres Agnts] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Window] explore.exe
O4 - HKLM\..\RunServices: [Window] explore.exe
O4 - HKLM\..\Run: [Windowfdgfds DasdLL Verifier] winupdatr.exe
O4 - HKLM\..\RunServices: [Windowfdgfds DasdLL Verifier] winupdatr.exe
O4 - HKLM\..\Run: [Windowfdgfds DasdLL Verifiew] msnmsger.exe
O4 - HKLM\..\RunServices: [Windowfdgfds DasdLL Verifiew] msnmsger.exe
O4 - HKLM\..\Run: [Windowfdgfds DasdLL Verifier] WNTdll.exe
O4 - HKLM\..\RunServices: [Windowfdgfds DasdLL Verifier] WNTdll.exe
O4 - HKLM\..\Run: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O4 - HKLM\..\RunServices: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O4 - HKLM\..\Run: [WindowRegKey update] wins.exe
O4 - HKLM\..\RunServices: [WindowRegKey update] wins.exe
O4 - HKCU\..\Run: [WindowRegKey update] wins.exe
O4 - HKLM\..\Run: [Window upadate] pe2.exe
O4 - HKLM\..\RunServices: [Window upadate] pe2.exe
O4 - HKCU\..\Run: [Windows] c:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Windows] hs.exe
O4 - HKLM\..\RunServices: [Windows] hs.exe
O4 - HKCU\..\Run: [Windows] hs.exe
O4 - HKLM\..\Run: [Windows] rundll32.exe
O4 - HKLM\..\RunServices: [Windows] rundll32.exe
O4 - HKLM\..\Run: [Windows] taskmngr.exe
O4 - HKLM\..\RunServices: [Windows] taskmngr.exe
O4 - HKLM\..\Run: [Windows] toolbar.exe
O4 - HKLM\..\Run: [Windows] C:\WINDOWS\system32\spoovlss.exe
O4 - HKLM\..\Run: [Windows] C:\WINDOWS\System32\update32.exe
O4 - HKLM\..\RunServices: [Windows] C:\WINDOWS\System32\update32.exe
O4 - HKLM\..\Run: [Windows 32-bit DLL Integrity Verifier] dllrun.exe
O4 - HKLM\..\RunServices: [Windows 32-bit DLL Integrity Verifier] dllrun.exe
O4 - HKLM\..\Run: [Windows 32Bit Secure System] s3cure.exe
O4 - HKLM\..\RunServices: [Windows 32Bit Secure System] s3cure.exe
O4 - HKCU\..\Run: [Windows 32Bit Secure System] s3cure.exe
O4 - HKLM\..\Run: [Windows 32bit System Manager] win32sys.exe
O4 - HKLM\..\RunServices: [Windows 32bit System Manager] win32sys.exe
O4 - HKLM\..\Run: [Windows (ICS) Spooler] C:\WINDOWS\system32\crtss.exe
O4 - HKLM\..\RunServices: [Windows (ICS) Spooler] C:\WINDOWS\system32\crtss.exe
O4 - HKCU\..\Run: [Windows (ICS) Spooler] C:\WINDOWS\system32\crtss.exe
O4 - HKLM\..\Run: [WindowsBool] aimplg.exe
O4 - HKLM\..\RunServices: [WindowsBool] aimplg.exe
O4 - HKCU\..\Run: [WindowsBool] aimplg.exe
O4 - HKLM\..\Run: [WindowsFileSystem] winsfs32.exe
O4 - HKLM\..\RunServices: [WindowsFileSystem] winsfs32.exe
O4 - HKCU\..\Run: [WindowsFileSystem] winsfs32.exe
O4 - HKLM\..\Run: [Windows Account Alternation] wauclt.exe
O4 - HKLM\..\Run: [Windows Acer Service ] acersv.exe
O4 - HKLM\..\Run: [Windows ACPI Verifier] dhcpserv.exe
O4 - HKLM\..\RunServices: [Windows ACPI Verifier] dhcpserv.exe
O4 - HKLM\..\Run: [Windows Activate System] syssv.exe
O4 - HKCU\..\Run: [Windows Activate System] syssv.exe
O4 - HKLM\..\Run: [Windows Advance Firewall Protection Service] wafps.exe
O4 - HKLM\..\Run: [Windows Advanced GFX Devolping Software] wagfxds.exe
O4 - HKLM\..\Run: [Windows Anti Verifier] Windows-Anti.exe
O4 - HKLM\..\RunServices: [Windows Anti Verifier] Windows-Anti.exe
O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avrscan.exe
O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avscan.exe
O4 - HKLM\..\Run: [Windows Anti Virus Control Center] winavscan.exe
O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe
O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe
O4 - HKLM\..\Run: [Windows Application Security] winappp.exe
O4 - HKLM\..\RunServices: [Windows Application Security] winappp.exe
O4 - HKLM\..\Run: [Windows ARP Detectionc] nvudlsp.exe
O4 - HKLM\..\Run: [Windows ARP Detectionc] winlogon.exe
O4 - HKLM\..\Run: [Windows ARP Detectioncx] winlogon.exe
O4 - HKLM\..\Run: [Windows Audio Components] nncsvc.exe
O4 - HKLM\..\Run: [Windows Audio Control] ppnsvc.exe
O4 - HKLM\..\Run: [Windows Audio Layer] narsvc.exe
O4 - HKLM\..\Run: [Windows Audio Panel] nppsvc.exe
O4 - HKLM\..\Run: [Windows Audio Startup] nndsvc.exe
O4 - HKLM\..\Run: [Windows Audio System] nndsvc.exe
O4 - HKLM\..\Run: [Windows Automatic Updater] explore.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updater] explore.exe
O4 - HKLM\..\Run: [Windows Automatic Updater] ntapi.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updater] ntapi.exe
O4 - HKLM\..\Run: [Windows Automatic Updater] rundl32.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updater] rundl32.exe
O4 - HKLM\..\Run: [Windows Automatic Updater] shost.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updater] shost.exe
O4 - HKLM\..\Run: [Windows Automatic Updater] windrg.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updater] windrg.exe
O4 - HKLM\..\Run: [Windows Automatic32Updater] svchost32.exe
O4 - HKLM\..\RunServices: [Windows Automatic32Updater] svchost32.exe
O4 - HKLM\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKLM\..\RunServices: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKLM\..\Run: [Windows Boot] winboot.exe
O4 - HKLM\..\Run: [Windows Boot] windowsboot.exe
O4 - HKLM\..\Run: [Windows Booter] winboot.exe
O4 - HKLM\..\Run: [Windows Booter!] winbooter.exe
O4 - HKLM\..\Run: [Windows Browser Services] browser32.exe
O4 - HKLM\..\Run: [Windows Browser Services] browser64.exe
O4 - HKLM\..\Run: [Windows Browser Services] browser128.exe
O4 - HKLM\..\Run: [Windows Browser Services] Browsr32.exe
O4 - HKLM\..\Run: [Windows Browser Services] browsr64.exe
O4 - HKLM\..\Run: [Windows bypass security SMSS Service] SbiCvy.exe
O4 - HKLM\..\RunServices: [Windows bypass security SMSS Service] SbiCvy.exe
O4 - HKCU\..\Run: [Windows bypass security SMSS Service] SbiCvy.exe
O4 - HKLM\..\Run: [Windows Cleaner Service] winclean.exe
O4 - HKLM\..\Run: [Windows Client Login Identafacation System] wclis.exe
O4 - HKLM\..\Run: [Windows Communicator for NT/XP] osndyrn.exe
O4 - HKLM\..\RunServices: [Windows Communicator for NT/XP] osndyrn.exe
O4 - HKCU\..\Run: [Windows Communicator for NT/XP] osndyrn.exe
O4 - HKCU\..\RunServices: [Windows Communicator for NT/XP] osndyrn.exe
O4 - HKLM\..\Run: [Windows Computer Browser] bcwsvc.exe
O4 - HKLM\..\Run: [Windows Conf] windowsconf.exe
O4 - HKLM\..\Run: [Windows Config] winconfig.exe
O4 - HKLM\..\Run: [Windows Config] activeX.exe
O4 - HKCU\..\RunOnce: [Windows Config] activeX.exe
O4 - HKLM\..\Run: [Windows Config] he.exe
O4 - HKCU\..\RunOnce: [Windows Config] he.exe
O4 - HKLM\..\Run: [Windows Config] pvphost.exe
O4 - HKCU\..\RunOnce: [Windows Config] pvphost.exe
O4 - HKLM\..\Run: [Windows Config] winbot.exe
O4 - HKCU\..\RunOnce: [Windows Config] winbot.exe
O4 - HKLM\..\Run: [Windows Config] ZANBOR.EXE
O4 - HKLM\..\Run: [Windows Config Connection] msicll.exe
O4 - HKLM\..\RunServices: [Windows Config Connection] msicll.exe
O4 - HKLM\..\Run: [Windows Config System] config.exe
O4 - HKLM\..\RunServices: [Windows Config System] config.exe
O4 - HKLM\..\Run: [Windows Configurator] winconf.exe
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [Windows Console Component] wrasvc.exe
O4 - HKLM\..\Run: [Windows Console Norms] wnbsvc.exe
O4 - HKLM\..\Run: [Windows Console Source] wnbsvc.exe
O4 - HKLM\..\Run: [Windows Control Server] wksmgrtsgs.exe
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
O4 - HKLM\..\Run: [Windows Compliant] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Windows Compliant] (Random 6 Letter).exe
O4 - HKCU\..\Run: [Windows Compliant] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Windows Database] WinDat.exe
O4 - HKLM\..\RunServices: [Windows Database] WinDat.exe
O4 - HKCU\..\Run: [Windows Database] WinDat.exe
O4 - HKLM\..\Run: [Windows Debug Manager] DebugManager.exe
O4 - HKLM\..\Run: [Windows debug logging] winlogg.exe
O4 - HKLM\..\RunServices: [Windows debug logging] winlogg.exe
O4 - HKCU\..\Run: [Windows debug logging] winlogg.exe
04 - HKLM\..\Run: [Windows Defendar] C:\WINDOWS\system32\RatBot.exe
O4 - HKLM\..\Run: [Windows Default Server] wfdmgrsp.exe
O4 - HKLM\..\Run: [Windows Default Server] winampa.exe
O4 - HKLM\..\Run: [Windows Defender] windowsdefender.exe
O4 - HKLM\..\RunServices: [Windows Defender] windowsdefender.exe
O4 - HKLM\..\Run: [Windows Disk Manager] cmnvc.exe
O4 - HKLM\..\Run: [Windows Display Coupler] display.exe
O4 - HKLM\..\Run: [Windows DLL Injection] C:\WINDOWS\system32\re4s.exe
O4 - HKLM\..\RunServices: [Windows DLL Injection] C:\WINDOWS\system32\re4s.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DotFix live] msdotfix.exe
O4 - HKLM\..\Run: [Windows Driver Foundation] C:\WINDOWS\System32\drivers\MTVSCMXT.EXE
O4 - HKLM\..\RunServices: [Windows Driver Foundation] C:\WINDOWS\System32\drivers\MTVSCMXT.EXE
O4 - HKCU\..\Run: [Windows Driver Foundation] C:\WINDOWS\System32\drivers\MTVSCMXT.EXE
O4 - HKCU\..\RunServices: [Windows Driver Foundation] C:\WINDOWS\System32\drivers\MTVSCMXT.EXE
O4 - HKLM\..\Run: [Windows Driver] windrive.exe
O4 - HKLM\..\Run: [Windows Driver!] windriver.exe
O4 - HKLM\..\Run: [Windows Driver Sup] windvrhost.exe
O4 - HKLM\..\Run: [Windows Drivers] windrivers.exe
O4 - HKLM\..\Run: [Windows Drivers] ssms.exe
O4 - HKLM\..\RunServices: [Windows Drivers] ssms.exe
O4 - HKLM\..\Run: [Windows Essensials] mvnesc.exe
O4 - HKLM\..\Run: [Windows Event Detection] wecsvc.exe
O4 - HKLM\..\Run: [Windows Event Provider] wposvc.exe
O4 - HKLM\..\Run: [Windows Event Section] sntsvc.exe
O4 - HKLM\..\Run: [Windows Event Service] winserv.exe
O4 - HKLM\..\Run: [Windows Executable Dir] crsrs.exe
O4 - HKLM\..\RunServices: [Windows Executable Dir] crsrs.exe
O4 - HKLM\..\Run: [Windows Executer] svchostie.exe
O4 - HKLM\..\RunServices: [Windows Executer] svchostie.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explorer32.exe
O4 - HKLM\..\RunServices: [Windows Explorer] C:\WINDOWS\explorer32.exe
O4 - HKCU\..\Run: [Windows Explorer] C:\WINDOWS\explorer32.exe
O4 - HKLM\..\Run: [Windows Explorer] explore.exe
O4 - HKLM\..\Run: [Windows Explorer] EXPLORERZ.EXE
O4 - HKCU\..\RunOnce: [Windows Explorer] EXPLORERZ.EXE
O4 - HKLM\..\Run: [Windows Explorer Key] C:\WINDOWS\system\explorer.exe
O4 - HKLM\..\Run: [Windows Explorer Services] exploresys.exe
O4 - HKLM\..\Run: [Windows FileSharing Service] mcwsvc.exe
O4 - HKLM\..\Run: [Windows File System Frame] ntframe.exe
O4 - HKLM\..\RunServices: [Windows File System Frame] ntframe.exe
O4 - HKCU\..\Run: [Windows File System Frame] ntframe.exe
O4 - HKLM\..\Run: [Windows File XP Manager] wfdmgr.exe
O4 - HKLM\..\Policies\Explorer\Run: [WindowsFirewall] C:\WINDOWS\system32\svclcheck.exe
O4 - HKCU\..\Policies\Explorer\Run: [WindowsFirewall] C:\WINDOWS\system32\svclcheck.exe
O4 - HKLM\..\Run: [Windows Firewall] ipservice32.exe
O4 - HKLM\..\RunServices: [Windows Firewall] ipservice32.exe
O4 - HKLM\..\Run: [Windows Firewall] rundll32.exe
O4 - HKLM\..\RunServices: [Windows Firewall] rundll32.exe
O4 - HKLM\..\Run: [WindowsFirewallSvc] C:\WINDOWS\system32\winsvcup.exe
O4 - HKLM\..\Run: [Windows firewall manager] chh.exe
O4 - HKLM\..\RunServices: [Windows firewall manager] chh.exe
O4 - HKCU\..\Run: [Windows firewall manager] chh.exe
O4 - HKCU\..\RunServices: [Windows firewall manager] chh.exe
O4 - HKLM\..\Run: [Windows firewall manager] msguard.exe
O4 - HKLM\..\RunServices: [Windows firewall manager] msguard.exe
O4 - HKCU\..\Run: [Windows firewall manager] msguard.exe
O4 - HKCU\..\RunServices: [Windows firewall manager] msguard.exe
O4 - HKLM\..\Run: [Windows Firewall Service] wfsvc.exe
O4 - HKLM\..\Run: [Windows Firewall Updater] atixdrivesx.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] atixdrivesx.exe
O4 - HKLM\..\Run: [Windows Firewall Updater] directxxx32.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] directxxx32.exe
O4 - HKLM\..\Run: [Windows Firewall Updater] cronos.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] cronos.exe
O4 - HKLM\..\Run: [Windows Firewall Updater] ctfcom.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] ctfcom.exe
O4 - HKLM\..\Run: [Windows Firewall Updater] cftpn0ne.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] cftpn0ne.exe
O4 - HKLM\..\Run: [Windows Firewall Updater] updatees.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] updatees.exe
O4 - HKLM\..\Run: [Windows Generic Host Service] (Random 7 Letter).exe
O4 - HKCU\..\RunOnce: [Windows Generic Host Service] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Windows Genuine Check] Windows Genuine Check.exe
O4 - HKLM\..\RunServices: [Windows Genuine Check] Windows Genuine Check.exe
O4 - HKCU\..\Run: [Windows Genuine Check] Windows Genuine Check.exe
O4 - HKLM\..\Run: [Windows Global Init] ngpsvc.exe
O4 - HKLM\..\Run: [Windows Guardian] WinGuard.exe
O4 - HKLM\..\RunServices: [Windows Guardian] WinGuard.exe
O4 - HKLM\..\Run: [Windows has Layer] (Random 5 Letter).exe
O4 - HKLM\..\RunServices: [Windows has Layer] (Random 5 Letter).exe
O4 - HKLM\..\Run: [Windows has Layer] fixweb.exe
O4 - HKLM\..\RunServices: [Windows has Layer] fixweb.exe
O4 - HKLM\..\RunOnce: [Windows has Layer] fixweb.exe
O4 - HKCU\..\Run: [Windows has Layer] fixweb.exe
O4 - HKCU\..\RunOnce: [Windows has Layer] fixweb.exe
O4 - HKLM\..\Run: [Windows Helper] service.exe
O4 - HKLM\..\RunServices: [Windows Helper] service.exe
O4 - HKLM\..\Run: [Windows Helper] wsctnfy.exe
O4 - HKLM\..\RunServices: [Windows Helper] wsctnfy.exe
O4 - HKLM\..\Run: [Windows Hijack Protection] C:\WINDOWS\system32\Com\comngr.exe
O4 - HKLM\..\RunServices: [Windows Hijack Protection] C:\WINDOWS\system32\Com\comngr.exe
O4 - HKCU\..\Run: [Windows Hijack Protection] C:\WINDOWS\system32\Com\comngr.exe
O4 - HKLM\..\Run: [Windows Hijack Protection System] C:\WINDOWS\system32\Com\commngr.exe
O4 - HKLM\..\RunServices: [Windows Hijack Protection System] C:\WINDOWS\system32\Com\commngr.exe
O4 - HKCU\..\Run: [Windows Hijack Protection System] C:\WINDOWS\system32\Com\commngr.exe
O4 - HKLM\..\Run: [Windows Host] spoolsvc.exe
O4 - HKCU\..\RunOnce: [Windows Host] spoolsvc.exe
O4 - HKLM\..\Run: [Windows Host Booter] hostbooter.exe
O4 - HKLM\..\Run: [Windows Hosts] winhosts.exe
O4 - HKLM\..\Run: [Windows HTTP services] winhttps.exe
O4 - HKLM\..\RunServices: [Windows HTTP services] winhttps.exe
O4 - HKLM\..\Run: [Windows Identify] C:\WINDOWS\System32\sysays.exe
O4 - HKCU\..\Run: [Windows Identify] C:\WINDOWS\System32\sysays.exe
O4 - HKLM\..\Run: [Windows Image] C:\WINDOWS\wintimage.exe
O4 - HKLM\..\Run: [Windows Image Acquisition (WIASC)] C:\WINDOWS\system32\Com\WIAcs.exe
O4 - HKLM\..\RunServices: [Windows Image Acquisition (WIASC)] C:\WINDOWS\system32\Com\WIAcs.exe
O4 - HKCU\..\Run: [Windows Image Acquisition (WIASC)] C:\WINDOWS\system32\Com\WIAcs.exe
O4 - HKLM\..\Run: [Windows Image Acquisition (WIASSC)] C:\WINDOWS\system32\inetsrv\WIAcss.exe
O4 - HKLM\..\RunServices: [Windows Image Acquisition (WIASSC)] C:\WINDOWS\system32\inetsrv\WIAcss.exe
O4 - HKCU\..\Run: [Windows Image Acquisition (WIASSC)] C:\WINDOWS\system32\inetsrv\WIAcss.exe
O4 - HKLM\..\Run: [Windows Insecure] (Random 4 Letter).exe
O4 - HKLM\..\RunServices: [Windows Insecure] (Random 4 Letter).exe
O4 - HKCU\..\Run: [Windows Insecure] (Random 4 Letter).exe
O4 - HKLM\..\Run: [Windows Instruction Services] winstruct32.exe
O4 - HKLM\..\Run: [Windows Internet Browser Services] internet.exe
O4 - HKLM\..\Run: [Windows Internet Browser Services] internet32.exe
O4 - HKLM\..\Run: [Windows Internet Browser Services] internet64.exe
O4 - HKLM\..\Run: [Windows Internet Browser Services] internet128.exe
O4 - HKLM\..\Run: [Windows Internet Manager] svchost.exe
O4 - HKLM\..\Run: [WindowsIPRelay] winipsvc.exe
O4 - HKLM\..\Run: [Windows IP Security Service] ipsecs.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] ipsecs.exe
O4 - HKCU\..\Run: [Windows IP Security Service] ipsecs.exe
O4 - HKCU\..\RunServices: [Windows IP Security Service] ipsecs.exe
O4 - HKLM\..\Run: [Windows Kernel System Service] wkssvr.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - HKCU\..\Run: [Windows Kernel System Service] wkssvr.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] winsys.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] winsys.exe
O4 - HKLM\..\Run: [Windows Keyboard Services] winkeyboard.exe
O4 - HKLM\..\Run: [Windows Keyboard Services] winkeybrd.exe
O4 - HKLM\..\Run: [Windows Keyboard Services] winkeybrd32.exe
O4 - HKLM\..\Run: [Windows Layer] mrtmoons.exe
O4 - HKLM\..\RunServices: [Windows Layer] mrtmoons.exe
O4 - HKCU\..\Run: [Windows Layer] mrtmoons.exe
O4 - HKLM\..\Run: [Windows Live] msgnms.exe
O4 - HKLM\..\Run: [Windows Live Client] msnclient.exe
O4 - HKLM\..\Run: [Windows Live Manager] winlivemgr.exe
O4 - HKLM\..\Run: [Windows Live Messages] msgnlive.exe
O4 - HKLM\..\Run: [Windows Live Messenger!] livemsngr.exe
O4 - HKLM\..\Run: [Windows Live Messenger] msnmsgr.exe
O4 - HKLM\..\RunServices: [Windows Live Messenger] msnmsgr.exe
O4 - HKCU\..\Run: [Windows Live Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Windows Live Messenger!] msgrlive.exe
O4 - HKLM\..\Run: [Windows Live Messenger Addon] wllivemsngr.exe
O4 - HKLM\..\Run: [Windows Live Messenger Servicer] msmgslive.exe
O4 - HKLM\..\Run: [Windows Live Messenger Services] msgrlive.exe
O4 - HKLM\..\Run: [Windows Live Msgr] wllivemsgr.exe
O4 - HKLM\..\Run: [Windows Live Msgs] wlivemsg.exe
O4 - HKLM\..\Run: [Windows Live Msgs!] wlivemsgs.exe
O4 - HKLM\..\Run: [Windows Live Service] msnlive.exe
O4 - HKLM\..\Run: [Windows Live Servicer] usrserv.exe
O4 - HKLM\..\Run: [Windows live Support] wlmsngr.exe
O4 - HKLM\..\RunServices: [Windows live Support] wlmsngr.exe
O4 - HKLM\..\Run: [Windows Loader] SysUpdate.exe
O4 - HKCU\..\RunOnce: [Windows Loader] SysUpdate.exe
O4 - HKLM\..\Run: [Windows Local Hosting Service] mscgy.exe
O4 - HKLM\..\RunServices: [Windows Local Hosting Service] mscgy.exe
O4 - HKLM\..\Run: [Windows Local Hosting Service] mscnfg.exe
O4 - HKLM\..\Run: [Windows Local ISP] winthcr.exe
O4 - HKLM\..\Run: [Windows Log Event] C:\WINDOWS\system32\inetsrv\winlog.exe
O4 - HKLM\..\RunServices: [Windows Log Event] C:\WINDOWS\system32\inetsrv\winlog.exe
O4 - HKCU\..\Run: [Windows Log Event] C:\WINDOWS\system32\inetsrv\winlog.exe
O4 - HKLM\..\Run: [Windows logging] asgasg.exe
O4 - HKLM\..\RunServices: [Windows logging] asgasg.exe
O4 - HKCU\..\Run: [Windows logging] asgasg.exe
O4 - HKLM\..\Run: [Windows Logical Adapter] wsrsvc.exe
O4 - HKLM\..\Run: [Windows Logical Connection] wcnsvc.exe
O4 - HKLM\..\Run: [Windows Login] lmss.exe
O4 - HKLM\..\RunServices: [Windows Login] lmss.exe
O4 - HKLM\..\Run: [Windows Login Manager] winlogin.exe
O4 - HKLM\..\RunServices: [Windows Login Manager] winlogin.exe
O4 - HKCU\..\Run: [Windows Login Manager] winlogin.exe
O4 - HKLM\..\Run: [Windows Login Screen] C:\WINDOWS\system32\inetsrv\winlogin.exe
O4 - HKLM\..\RunServices: [Windows Login Screen] C:\WINDOWS\system32\inetsrv\winlogin.exe
O4 - HKCU\..\Run: [Windows Login Screen] C:\WINDOWS\system32\inetsrv\winlogin.exe
O4 - HKLM\..\Run: [Windows Login Security] winlogin.pif
O4 - HKLM\..\RunServices: [Windows Login Security] winlogin.pif
O4 - HKCU\..\Run: [Windows Login Security] winlogin.pif
O4 - HKCU\..\RunServices: [Windows Login Security] winlogin.pif
O4 - HKLM\..\Run: [Windows Logins Screen] C:\WINDOWS\system32\inetsrv\winlogins.exe
O4 - HKLM\..\RunServices: [Windows Logins Screen] C:\WINDOWS\system32\inetsrv\winlogins.exe
O4 - HKCU\..\Run: [Windows Logins Screen] C:\WINDOWS\system32\inetsrv\winlogins.exe
O4 - HKLM\..\Run: [Windows Logon] login.exe
O4 - HKLM\..\RunServices: [Windows Logon] login.exe
O4 - HKLM\..\Run: [Windows Logon] C:\WINDOWS\System32\winlogin.exe
O4 - HKCU\..\Run: [Windows Logon] C:\WINDOWS\System32\winlogin.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\win32help.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\logon.exe
O4 - HKLM\..\Run: [Windows Logon Procedure] svchosts.exe
O4 - HKCU\..\RunOnce: [Windows Logon Procedure] svchosts.exe
O4 - HKLM\..\Run: [Windows Logon Service] micropoft.exe
O4 - HKLM\..\RunServices: [Windows Logon Service] micropoft.exe
O4 - HKLM\..\Run: [Windows Logon Service] msnngerplus.exe
O4 - HKLM\..\RunServices: [Windows Logon Service] msnngerplus.exe
O4 - HKLM\..\Run: [Windows Logon Service] mssnger.exe
O4 - HKLM\..\RunServices: [Windows Logon Service] mssnger.exe
O4 - HKLM\..\Run: [Windows Logon Service] napi32.exe
O4 - HKLM\..\RunServices: [Windows Logon Service] napi32.exe
O4 - HKLM\..\Run: [Windows Logon Service] service.exe
O4 - HKLM\..\RunServices: [Windows Logon Service] service.exe
O4 - HKLM\..\Run: [Windows Logon Screen] C:\WINDOWS\system32\inetsrv\winlogon.exe
O4 - HKLM\..\RunServices: [Windows Logon Screen] C:\WINDOWS\system32\inetsrv\winlogon.exe
O4 - HKCU\..\Run: [Windows Logon Screen] C:\WINDOWS\system32\inetsrv\winlogon.exe
O4 - HKLM\..\Run: [Windows Logons Screen] C:\WINDOWS\system32\inetsrv\winlogons.exe
O4 - HKLM\..\RunServices: [Windows Logons Screen] C:\WINDOWS\system32\inetsrv\winlogons.exe
O4 - HKCU\..\Run: [Windows Logons Screen] C:\WINDOWS\system32\inetsrv\winlogons.exe
O4 - HKLM\..\Run: [Windows LoL Layer] setup.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] setup.exe
O4 - HKLM\..\Run: [Windows LoL Layer] win.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] win.exe
O4 - HKCU\..\Run: [Windows LoL Layer] win.exe
O4 - HKLM\..\Run: [Windows LoL Layer] winlolx.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] winlolx.exe
O4 - HKCU\..\Run: [Windows LoL Layer] winlolx.exe
O4 - HKLM\..\Run: [Windows LoL Layer] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Windows LoL Layer] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Windows LoL Layer1] wlolxx.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer1] wlolxx.exe
O4 - HKCU\..\Run: [Windows LoL Layer1] wlolxx.exe
O4 - HKLM\..\Run: [Windows Lsass Services] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [Windows Manager] winmngr.exe
O4 - HKLM\..\RunServices: [Windows Manager] winmngr.exe
O4 - HKLM\..\Run: [Windows Media Player] mcafeee.exe
O4 - HKLM\..\RunServices: [Windows Media Player] mcafeee.exe
O4 - HKCU\..\Run: [Windows Media Player] mcafeee.exe
O4 - HKLM\..\Run: [Windows Media Player] msams.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msams.exe
O4 - HKCU\..\Run: [Windows Media Player] msams.exe
O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe
O4 - HKLM\..\Run: [Windows Media Player Service] wmedia.exe
O4 - HKLM\..\RunServices: [Windows Media Player Service] wmedia.exe
O4 - HKCU\..\Run: [Windows Media Player Service] wmedia.exe
O4 - HKCU\..\RunServices: [Windows Media Player Service] wmedia.exe
O4 - HKLM\..\Run: [Windows Media Player Update] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Windows Media Player Update] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Windows Media Player Update] (Random 7 Letter).exe
O4 - HKCU\..\RunServices: [Windows Media Player Update] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Windows Media Server] wmserv.exe
O4 - HKLM\..\Run: [Windows Media Server!] wmserver.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Windows Media Upgrade] NeUpgrade.exe
O4 - HKLM\..\RunServices: [Windows Media Upgrade] NeUpgrade.exe
O4 - HKCU\..\Run: [Windows Media Upgrade] NeUpgrade.exe
O4 - HKLM\..\Run: [Windows Memory Drivers] memretain.exe
O4 - HKLM\..\Run: [Windows Memory Manager] windowsmem.exe
O4 - HKLM\..\Run: [Windows Memory Running Services] memrun.exe
O4 - HKLM\..\Run: [Windows Memory Sharing] memoryshr.exe
O4 - HKLM\..\Run: [Windows Memory Sharing] memshare.exe
O4 - HKLM\..\Run: [Windows Memory Sharing] memshr.exe
O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe
O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogin.exe
O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogon.exe
O4 - HKLM\..\Run: [Windows Messenger Connect] wmdsvc.exe
O4 - HKLM\..\Run: [Windows Messenger Fileshare] wivsvc.exe
O4 - HKLM\..\Run: [Windows Messenger Live MSN] winlivemsnmessenger.exe
O4 - HKLM\..\Run: [Windows Messenger Live Startup] windowslivemsn.exe
O4 - HKLM\..\Run: [Windows Messenger Panel] wbcsvc.exe
O4 - HKLM\..\Run: [Windows Messenger Share] wmssvc.exe
O4 - HKLM\..\Run: [Windows Messenger Starter] wmvsvc.exe
O4 - HKLM\..\Run: [Windows Messenger User Agent] msnmsrg.exe
O4 - HKLM\..\Run: [Windows Microsoft Service] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windows Microsoft Service] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Microsoft Service] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windows Microsoft Services] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Microsoft Update] wintask32.exe
O4 - HKLM\..\Run: [Windows Microsoft Update] wintask32.exe
O4 - HKLM\..\Run: [Windows Microsoft Verifier] winauth23.exe
O4 - HKLM\..\RunServices: [Windows Microsoft Verifier] winauth23.exe
O4 - HKLM\..\Run: [Windows Microsoft Verifier] winline32.exe
O4 - HKLM\..\RunServices: [Windows Microsoft Verifier] winline32.exe
O4 - HKLM\..\Run: [Windows mid Control Services] wuactll.exe
O4 - HKLM\..\Run: [Windows mod Verifier] Windows-mod.exe
O4 - HKLM\..\RunServices: [Windows mod Verifier] Windows-mod.exe
O4 - HKLM\..\Run: [Windows Mode Verifier] WindowsActivation.exe
O4 - HKLM\..\RunServices: [Windows Mode Verifier] WindowsActivation.exe
O4 - HKLM\..\Run: [Windows modz Verifier] Meseger.exe
O4 - HKLM\..\RunServices: [Windows modz Verifier] Meseger.exe
O4 - HKLM\..\Run: [Windows modez Verifier] ctfn0n3z.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] ctfn0n3z.exe
O4 - HKLM\..\Run: [Windows modez Verifier] msnplus.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] msnplus.exe
O4 - HKLM\..\Run: [Windows modez Verifier] taskmngr.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] taskmngr.exe
O4 - HKLM\..\Run: [Windows modez Verifier] tfn0ne.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] tfn0ne.exe
O4 - HKLM\..\Run: [Windows modez Verifier] Windows12.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] Windows12.exe
O4 - HKLM\..\Run: [Windows modez Verifier] Window2.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] Window2.exe
O4 - HKLM\..\Run: [Windows modez Verifier] Windows-.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] Windows-.exe
O4 - HKLM\..\Run: [Windows modez Verifier] winl0g0z.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] winl0g0z.exe
O4 - HKLM\..\Run: [Windows modez Verifier] winlogom.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] winlogom.exe
O4 - HKLM\..\Run: [Windows modez Verifier] wuamguard.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] wuamguard.exe
O4 - HKLM\..\Run: [Windows module] uient.exe
O4 - HKLM\..\RunServices: [Windows module] uient.exe
O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\Run: [Windows Mouse Services] winmouse.exe
O4 - HKLM\..\Run: [Windows Mouse Services] winmouse64.exe
O4 - HKLM\..\Run: [Windows mplayercodex Services] MSPF.EXE
O4 - HKLM\..\RunServices: [Windows mplayercodex Services] MSPF.EXE
O4 - HKCU\..\Run: [Windows mplayercodex Services] MSPF.EXE
O4 - HKCU\..\RunServices: [Windows mplayercodex Services] MSPF.EXE
O4 - HKLM\..\Run: [Windows MS Update 32] fhm.exe
O4 - HKLM\..\RunOnce: [Windows MS Update 32] fhm.exe
O4 - HKLM\..\RunServices: [Windows MS Update 32] fhm.exe
O4 - HKCU\..\Run: [Windows MS Update 32] fhm.exe
O4 - HKCU\..\RunOnce: [Windows MS Update 32] fhm.exe
O4 - HKLM\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunServices: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\Run: [Windows MSN Live 2.3] C:\WINDOWS\system32\svhvchost.exe
O4 - HKCU\..\Run: [Windows MSN Live 2.3] C:\WINDOWS\system32\svhvchost.exe
O4 - HKLM\..\Run: [Windows MSN Live Messanger] livemsngs.exe
O4 - HKLM\..\Run: [Windows MSN Updates] C:\WINDOWS\System32\wnd32.exe
O4 - HKCU\..\Run: [Windows MSN Updates] C:\WINDOWS\System32\wnd32.exe
O4 - HKLM\..\Run: [Windows msvc Control Centers] msvc32s.exe
O4 - HKLM\..\Run: [Windows msvc Control Host] msvs32s.exe
O4 - HKLM\..\Run: [Windows Net] (Random 11 Letter).exe
O4 - HKLM\..\RunServices: [Windows Net] (Random 11 Letter).exe
O4 - HKCU\..\Run: [Windows Net] (Random 11 Letter).exe
O4 - HKLM\..\Run: [Windows Net Cfg ] service.exe
O4 - HKLM\..\RunServices: [Windows Net Cfg ] service.exe
O4 - HKCU\..\Run: [Windows Net Cfg ] service.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\system32\firewall.exe
O4 - HKLM\..\Run: [Windows MSN Live Messenger] winlivemsn.exe
O4 - HKLM\..\Run: [Windows MSN Live Messenger] winmessengerlive.exe
O4 - HKLM\..\Run: [Windows Network Logon] npesvc.exe
O4 - HKLM\..\Run: [Windows Network Security] taskmngr.exe
O4 - HKLM\..\RunServices: [Windows Network Security] taskmngr.exe
O4 - HKLM\..\Run: [Windows Network Service] prcsvc.exe
O4 - HKLM\..\Run: [Windows Network Service] Realteks.exe
O4 - HKCU\..\Run: [Windows Network Service] Realteks.exe
O4 - HKLM\..\Run: [Windows Network Service] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Network Service] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Windows Network Services] winnetwork.exe
O4 - HKLM\..\Run: [Windows Network Services] winnetwork32.exe
O4 - HKLM\..\Run: [Windows Network Services] winnetwork64.exe
O4 - HKLM\..\Run: [Windows Network Session] nspsvc.exe
O4 - HKLM\..\Run: [Windows Networking Monitor] C:\WINDOWS\system32\mdm.exe
O4 - HKCU\..\Run: [Windows Networking Monitor] C:\WINDOWS\system32\mdm.exe
O4 - HKLM\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe
O4 - HKCU\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKLM\..\Run: [Windows Newresck] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windows Newresck] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Newresck] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Windows NT Local Machine Value] ssockcpl.exe
O4 - HKLM\..\RunServices: [Windows NT Local Machine Value] ssockcpl.exe
O4 - HKLM\..\Run: [Windows NT Session Manager] sess.exe
O4 - HKLM\..\RunServices: [Windows NT Session Manager] sess.exe
O4 - HKLM\..\Run: [Windows NTFS Volume Manage] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Windows NTFS Volume Manage] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 - HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 - HKCU\..\Run: [Windows Ocx Service] winocx.exe
O4 - HKCU\..\RunServices: [Windows Ocx Service] winocx.exe
O4 - HKLM\..\Run: [Windows Offical Netvvorks] mywriter32.exe
O4 - HKCU\..\Run: [Windows Offical Netvvorks] mywriter32.exe
O4 - HKLM\..\Run: [Windows Office Monitor] C:\WINDOWS\system32\emdm.exe
O4 - HKCU\..\Run: [Windows Office Monitor] C:\WINDOWS\system32\emdm.exe
O4 - HKLM\..\Run: [Windows Online Tech] scvhost.exe
O4 - HKLM\..\Run: [Windows Online Updater] dllman.exe
O4 - HKLM\..\RunServices: [Windows Online Updater] dllman.exe
O4 - HKLM\..\Run: [Windows Plugin] winmsn.exe
O4 - HKLM\..\Run: [Windows Pool Manager] poolsc.exe
O4 - HKLM\..\Run: [Windows Pool Setup] poolmc.exe
O4 - HKLM\..\Run: [Windows Population Logger] winpo32.exe
O4 - HKLM\..\Run: [Windows Portable Device Drivers] C:\WINDOWS\System32\drivers\MSKSVRVS.EXE
O4 - HKLM\..\RunServices: [Windows Portable Device Drivers] C:\WINDOWS\System32\drivers\MSKSVRVS.EXE
O4 - HKCU\..\Run: [Windows Portable Device Drivers] C:\WINDOWS\System32\drivers\MSKSVRVS.EXE
O4 - HKCU\..\RunServices: [Windows Portable Device Drivers] C:\WINDOWS\System32\drivers\MSKSVRVS.EXE
O4 - HKLM\..\Run: [Windows Portable Devices] C:\WINDOWS\System32\drivers\MSKSVRTSS.EXE
O4 - HKLM\..\RunServices: [Windows Portable Devices] C:\WINDOWS\System32\drivers\MSKSVRTSS.EXE
O4 - HKCU\..\Run: [Windows Portable Devices] C:\WINDOWS\System32\drivers\MSKSVRTSS.EXE
O4 - HKCU\..\RunServices: [Windows Portable Devices] C:\WINDOWS\System32\drivers\MSKSVRTSS.EXE
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKLM\..\Run: [Windows Process Dump] C:\WINDOWS\system32\windumper32.exe
O4 - HKLM\..\RunServices: [Windows Process Dump] C:\WINDOWS\system32\windumper32.exe
O4 - HKLM\..\Run: [Windows_Protect] taskmngr.exe
O4 - HKLM\..\RunServices: [Windows_Protect] taskmngr.exe
O4 - HKLM\..\Run: [Windows Protected Storage] npssvc.exe
O4 - HKLM\..\Run: [Windows Protector] winprot32.exe
O4 - HKLM\..\RunServices: [Windows Protector] winprot32.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKLM\..\Run: [WindowsRegKey update] avgenc.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] avgenc.exe
O4 - HKCU\..\Run: [WindowsRegKey update] avgenc.exe
O4 - HKLM\..\Run: [WindowsRegKey update] winhost.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] winhost.exe
O4 - HKLM\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\Run: [WindowsRegKey update] winupdte.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdte.exe
O4 - HKCU\..\Run: [WindowsRegKey update] winupdte.exe
O4 - HKLM\..\Run: [Windows Registers] winservicess.exe
O4 - HKLM\..\RunServices: [Windows Registers] winservicess.exe
O4 - HKCU\..\Run: [Windows Registers] winservicess.exe
O4 - HKLM\..\Run: [Windows Registery Center] svhchosts.exe
O4 - HKLM\..\Run: [Windows Registry] winhost.exe
O4 - HKLM\..\RunServices: [Windows Registry] winhost.exe
O4 - HKCU\..\Run: [Windows Registry] winhost.exe
O4 - HKLM\..\Run: [Windows Registry Control] winreg.exe
O4 - HKLM\..\Run: [Windows Registry DLL] winregdll.exe
O4 - HKLM\..\Run: [Windows Registry Name] Msn.exe
O4 - HKLM\..\RunServices: [Windows Registry Name] Msn.exe
O4 - HKLM\..\Run: [Windows Registry Name] winupdate_.exe
O4 - HKLM\..\RunServices: [Windows Registry Name] winupdate_.exe
O4 - HKLM\..\Run: [Windows Registry Name] WinUUpdate.exe
O4 - HKLM\..\RunServices: [Windows Registry Name] WinUUpdate.exe
O4 - HKLM\..\Run: [Windows Registry Services] regserv.exe
O4 - HKLM\..\Run: [Windows Relay Service] ipcbind.exe
O4 - HKLM\..\Run: [Windows Relay Service] irfnga.exe
O4 - HKLM\..\Run: [Windows Remote Addressing] wnpcgs.exe
O4 - HKLM\..\Run: [Windows Remote Launcher] wnpmcs.exe
O4 - HKLM\..\Run: [Windows Reserve] C:\WINDOWS\system32\winrvs.exe
O4 - HKLM\..\RunServices: [Windows Reserve] C:\WINDOWS\system32\winrvs.exe
O4 - HKLM\..\Run: [Windows Reverse Preperation] winrvp.exe
O4 - HKLM\..\Run: [Windows Reversed Virus Protection] winrsvp.exe
O4 - HKLM\..\Run: [Windows Running DLL Service] rundll64.exe
O4 - HKLM\..\Run: [Windows Running DLL Service] rundll128.exe
O4 - HKLM\..\Run: [Windows Scheduler] wmscheduler.exe
O4 - HKLM\..\Run: [Windows Scheduler!] scheduler.exe
O4 - HKLM\..\Run: [Windows Secure Fix] iPodFixer.exe
O4 - HKLM\..\RunOnce: [Windows Secure Fix] iPodFixer.exe
O4 - HKLM\..\RunServices: [Windows Secure Fix] iPodFixer.exe
O4 - HKCU\..\Run: [Windows Secure Fix] iPodFixer.exe
O4 - HKCU\..\RunOnce: [Windows Secure Fix] iPodFixer.exe
O4 - HKLM\..\Run: [Windows Secure Services] C:\WINDOWS\System32\ssms.exe
O4 - HKLM\..\RunServices: [Windows Secure Services] C:\WINDOWS\System32\ssms.exe
O4 - HKCU\..\Run: [Windows Secure Services] C:\WINDOWS\System32\ssms.exe
O4 - HKCU\..\RunServices: [Windows Secure Services] C:\WINDOWS\System32\ssms.exe
O4 - HKLM\..\Run: [Windows Secure talal32 ] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Windows Secure talal32 ] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Windows Secure talal32 ] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Windows Secure Update] load.exe
O4 - HKLM\..\RunOnce: [Windows Secure Update] load.exe
O4 - HKLM\..\RunServices: [Windows Secure Update] load.exe
O4 - HKCU\..\Run: [Windows Secure Update] load.exe
O4 - HKCU\..\RunOnce: [Windows Secure Update] load.exe
O4 - HKLM\..\Run: [Windows Secure Update] WinSecUp.exe
O4 - HKLM\..\RunServices: [Windows Secure Update] WinSecUp.exe
O4 - HKLM\..\Run: [Windows Secure Update] WinSecure.exe
O4 - HKLM\..\RunServices: [Windows Secure Update] WinSecure.exe
O4 - HKLM\..\Run: [Windows Secure Update] winupser.exe
O4 - HKLM\..\RunServices: [Windows Secure Update] winupser.exe
O4 - HKLM\..\Run: [Windows Secure Update] wupdate.exe
O4 - HKLM\..\RunServices: [Windows Secure Update] wupdate.exe
O4 - HKLM\..\Run: [Windows Security Center Notification App] C:\WINDOWS\system32\wscnfty.exe
O4 - HKLM\..\RunServices: [Windows Security Center Notification App] C:\WINDOWS\system32\wscnfty.exe
O4 - HKCU\..\Run: [Windows Security Center Notification App] C:\WINDOWS\system32\wscnfty.exe
O4 - HKLM\..\Run: [Windows Security Center Notification Appl] C:\WINDOWS\system32\wscnfty.exe
O4 - HKLM\..\RunServices: [Windows Security Center Notification Appl] C:\WINDOWS\system32\wscnfty.exe
O4 - HKCU\..\Run: [Windows Security Center Notification Appl] C:\WINDOWS\system32\wscnfty.exe
O4 - HKLM\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
O4 - HKCU\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
O4 - HKLM\..\Run: [Windows Security Center Notification Applse] C:\WINDOWS\system32\os.exe
O4 - HKCU\..\Run: [Windows Security Center Notification Applse] C:\WINDOWS\system32\os.exe
O4 - HKLM\..\Run: [Windows Security Center Notification Applse] C:\WINDOWS\System32\sxes.exe
O4 - HKCU\..\Run: [Windows Security Center Notification Applse] C:\WINDOWS\System32\sxes.exe
O4 - HKLM\..\Run: [Windows Security Center Notification Applsee] C:\WINDOWS\System32\sysecurex.exe
O4 - HKCU\..\Run: [Windows Security Center Notification Applsee] C:\WINDOWS\System32\sysecurex.exe
O4 - HKLM\..\Run: [Windows Security Service] windows.pif
O4 - HKLM\..\RunServices: [Windows Security Service] windows.pif
O4 - HKCU\..\Run: [Windows Security Service] windows.pif
O4 - HKCU\..\RunServices: [Windows Security Service] windows.pif
O4 - HKLM\..\Run: [Windows Security Survy] svchosl.exe
O4 - HKLM\..\RunServices: [Windows Security Survy] svchosl.exe
O4 - HKLM\..\Run: [Windows Security System] drivers.exe
O4 - HKLM\..\RunServices: [Windows Security System] drivers.exe
O4 - HKCU\..\Run: [Windows Security System] drivers.exe
O4 - HKLM\..\Run: [Windows Security Update] winupdat.exe
O4 - HKLM\..\RunServices: [Windows Security Update] winupdat.exe
O4 - HKCU\..\Run: [Windows Security Update] winupdat.exe
O4 - HKLM\..\Run: [Windows Serces Agnt] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Windows Serces Agnt] (Random 9 Letter).exe
O4 - HKCU\..\Run: [Windows Serces Agnt] (Random 9 Letter).exe
O4 - HKLM\..\Run: [Windows Servce Agent] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windows Servce Agent] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Servce Agent] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Windows Servces Agent] (Random 10 Letter).exe
O4 - HKLM\..\RunServices: [Windows Servces Agent] (Random 10 Letter).exe
O4 - HKCU\..\Run: [Windows Servces Agent] (Random 10 Letter).exe
O4 - HKLM\..\Run: [Windows Servcesc] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Windows Servcesc] (Random 9 Letter).exe
O4 - HKCU\..\Run: [Windows Servcesc] (Random 9 Letter).exe
O4 - HKLM\..\Run: [Windows Server] winserv.exe
O4 - HKLM\..\Run: [Windows Server!] winsvr.exe
O4 - HKLM\..\Run: [Windows Server Drivers] syssrv.exe
O4 - HKLM\..\Run: [Windows Service] (Random 11 letter).exe
O4 - HKCU\..\Run: [Windows Service] (Random 11 letter).exe
O4 - HKLM\..\Run: [Windows Service] %Temp%\service.exe
O4 - HKLM\..\Run: [Windows service] FILE.exe
O4 - HKLM\..\RunServices: [Windows service] FILE.exe
O4 - HKLM\..\Run: [Windows Service] windowz.exe
O4 - HKLM\..\RunServices: [Windows Service] windowz.exe
O4 - HKCU\..\Run: [Windows Service] windowz.exe
O4 - HKCU\..\RunServices: [Windows Service] windowz.exe
O4 - HKLM\..\Run: [Windows Service] WINSVC.EXE
O4 - HKCU\..\Run: [Windows Service] WINSVC.EXE
O4 - HKLM\..\Run: [Windows Service Ag3nt] (Random 4 Letter).exe
O4 - HKLM\..\RunServices: [Windows Service Ag3nt] (Random 4 Letter).exe
O4 - HKCU\..\Run: [Windows Service Ag3nt] (Random 4 Letter).exe
O4 - HKLM\..\Run: [Windows Service Agent] (Random 3 Letter).exe
O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 3 Letter).exe
O4 - HKCU\..\Run: [Windows Service Agent] (Random 3 Letter).exe
O4 - HKLM\..\Run: [Windows Service Agent] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 6 Letter).exe
O4 - HKCU\..\Run: [Windows Service Agent] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Windows Service Agent] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Windows Service Agent] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Windows Service Agent] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 9 Letter).exe
O4 - HKCU\..\Run: [Windows Service Agent] (Random 9 Letter).exe
O4 - HKLM\..\Run: [Windows Service Agent] agl23.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] agl23.exe
O4 - HKCU\..\Run: [Windows Service Agent] agl23.exe
O4 - HKLM\..\Run: [Windows Service Agent] alga32.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] alga32.exe
O4 - HKCU\..\Run: [Windows Service Agent] alga32.exe
O4 - HKLM\..\Run: [Windows Service Agent] annooa.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] annooa.exe
O4 - HKCU\..\Run: [Windows Service Agent] annooa.exe
O4 - HKLM\..\Run: [Windows Service Agent] co0l.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] co0l.exe
O4 - HKCU\..\Run: [Windows Service Agent] co0l.exe
O4 - HKLM\..\Run: [Windows Service Agent] czf.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] czf.exe
O4 - HKCU\..\Run: [Windows Service Agent] czf.exe
O4 - HKLM\..\Run: [Windows Service Agent] dsass.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] dsass.exe
O4 - HKCU\..\Run: [Windows Service Agent] dsass.exe
O4 - HKLM\..\Run: [Windows Service Agent] fixin.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] fixin.exe
O4 - HKCU\..\Run: [Windows Service Agent] fixin.exe
O4 - HKLM\..\Run: [Windows Service Agent] iesec.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] iesec.exe
O4 - HKCU\..\Run: [Windows Service Agent] iesec.exe
O4 - HKLM\..\Run: [Windows Service Agent] miBot.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] miBot.exe
O4 - HKCU\..\Run: [Windows Service Agent] miBot.exe
O4 - HKLM\..\Run: [Windows Service Agent] msnmagr.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] msnmagr.exe
O4 - HKCU\..\Run: [Windows Service Agent] msnmagr.exe
O4 - HKLM\..\Run: [Windows Service Agent] mssngear.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] mssngear.exe
O4 - HKCU\..\Run: [Windows Service Agent] mssngear.exe
O4 - HKLM\..\Run: [Windows Service Agent] muose.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] muose.exe
O4 - HKCU\..\Run: [Windows Service Agent] muose.exe
O4 - HKLM\..\Run: [Windows Service Agent] SDSEWEW.EXE
O4 - HKLM\..\RunServices: [Windows Service Agent] SDSEWEW.EXE
O4 - HKCU\..\Run: [Windows Service Agent] SDSEWEW.EXE
O4 - HKLM\..\Run: [Windows Service Agent] svchost2.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] svchost2.exe
O4 - HKCU\..\Run: [Windows Service Agent] svchost2.exe
O4 - HKLM\..\Run: [Windows Service Agent] taskmgr32.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] taskmgr32.exe
O4 - HKCU\..\Run: [Windows Service Agent] taskmgr32.exe
O4 - HKLM\..\Run: [Windows Service Agent] wgl23.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] wgl23.exe
O4 - HKCU\..\Run: [Windows Service Agent] wgl23.exe
O4 - HKLM\..\Run: [Windows Service Agent] win32wins.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] win32wins.exe
O4 - HKCU\..\Run: [Windows Service Agent] win32wins.exe
O4 - HKLM\..\Run: [Windows Service Agent] winserv.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] winserv.exe
O4 - HKCU\..\Run: [Windows Service Agent] winserv.exe
O4 - HKLM\..\Run: [Windows Service Agent] winup32.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] winup32.exe
O4 - HKCU\..\Run: [Windows Service Agent] winup32.exe
O4 - HKLM\..\Run: [Windows Service Agent] winupds32.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] winupds32.exe
O4 - HKCU\..\Run: [Windows Service Agent] winupds32.exe
O4 - HKLM\..\Run: [Windows Service Agent] wmscc.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] wmscc.exe
O4 - HKCU\..\Run: [Windows Service Agent] wmscc.exe
O4 - HKLM\..\Run: [Windows Service Agent] xag.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] xag.exe
O4 - HKCU\..\Run: [Windows Service Agent] xag.exe
O4 - HKLM\..\Run: [Windows Service Agent 32] (Random 5 letter).exe
O4 - HKLM\..\RunServices: [Windows Service Agent 32] (Random 5 letter).exe
O4 - HKCU\..\Run: [Windows Service Agent 32] (Random 5 letter).exe
O4 - HKLM\..\Run: [Windows Service Agents] alib.exe
O4 - HKLM\..\RunServices: [Windows Service Agents] alib.exe
O4 - HKCU\..\Run: [Windows Service Agents] alib.exe
O4 - HKLM\..\Run: [Windows Service Agnts] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windows Service Agnts] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Service Agnts] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Windows Service Ajav] java128.exe
O4 - HKLM\..\RunServices: [Windows Service Ajav] java128.exe
O4 - HKCU\..\Run: [Windows Service Ajav] java128.exe
O4 - HKLM\..\Run: [Windows Service alge] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windows Service alge] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Service alge] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Windows Service Com] agldoc32.com
O4 - HKLM\..\RunServices: [Windows Service Com] agldoc32.com
O4 - HKCU\..\Run: [Windows Service Com] agldoc32.com
O4 - HKLM\..\Run: [Windows Service Controller Agent] taksmgr.exe
O4 - HKLM\..\Run: [Windows Service CV] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Windows Service CV] (Random 6 Letter).exe
O4 - HKCU\..\Run: [Windows Service CV] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Windows Service Host] spools.exe
O4 - HKLM\..\RunServices: [Windows Service Host] spools.exe
O4 - HKLM\..\Run: [Windows Service Manager] svcmgr32.exe
O4 - HKLM\..\RunServices: [Windows Service Manager] svcmgr32.exe
O4 - HKLM\..\Run: [Windows Service Manager] winmgr32.exe
O4 - HKLM\..\RunServices: [Windows Service Manager] winmgr32.exe
O4 - HKLM\..\Run: [Windows Service Supply] winsupply.exe
O4 - HKLM\..\Run: [Windows Service SV] sv32.exe
O4 - HKLM\..\RunServices: [Windows Service SV] sv32.exe
O4 - HKCU\..\Run: [Windows Service SV] sv32.exe
O4 - HKLM\..\Run: [Windows Service Threads] svcthreading.exe
O4 - HKLM\..\Run: [Windows Service Threads] svcthreads.exe
O4 - HKLM\..\Run: [Windows Service Update] C:\WINDOWS\system32\crsss.exe
O4 - HKCU\..\Run: [Windows Service Update] C:\WINDOWS\system32\crsss.exe
O4 - HKLM\..\Run: [Windows Service Update] C:\WINDOWS\system32\livecal.exe
O4 - HKCU\..\Run: [Windows Service Update] C:\WINDOWS\system32\livecal.exe
O4 - HKLM\..\Run: [Windows Servicer] alibqaqc.exe
O4 - HKLM\..\RunServices: [Windows Servicer] alibqaqc.exe
O4 - HKCU\..\Run: [Windows Servicer] alibqaqc.exe
O4 - HKLM\..\Run: [Windows Services] spoolsvc.exe
O4 - HKLM\..\RunServices: [Windows Services] spoolsvc.exe
O4 - HKCU\..\Run: [Windows Services] spoolsvc.exe
O4 - HKCU\..\RunServices: [Windows Services] spoolsvc.exe
O4 - HKLM\..\Run: [Windows Services] avsrv32.exe
O4 - HKLM\..\Run: [Windows Services] dllhost.exe
O4 - HKLM\..\Run: [Windows Services] explrer.exe
O4 - HKLM\..\Run: [Windows Services] msnsmg.exe
O4 - HKLM\..\Run: [Windows Services] service.exe
O4 - HKLM\..\Run: [Windows Services] servicez.exe
O4 - HKLM\..\Run: [Windows Services] w32edus.exe
O4 - HKLM\..\Run: [Windows Services] w32service.exe
O4 - HKLM\..\Run: [Windows Services] w32services.exe
O4 - HKLM\..\Run: [Windows Services] weccom.exe
O4 - HKLM\..\Run: [Windows Services] windows.exe
O4 - HKLM\..\Run: [Windows Services] winsysdll.exe
O4 - HKLM\..\Run: [Windows Services] winsyssrv.exe
O4 - HKLM\..\Run: [Windows Services] winlogon.exe
O4 - HKLM\..\Run: [Windows Services] winudp.exe
O4 - HKLM\..\Run: [Windows Services Agant] regs32.exe
O4 - HKLM\..\RunServices: [Windows Services Agant] regs32.exe
O4 - HKCU\..\Run: [Windows Services Agant] regs32.exe
O4 - HKLM\..\Run: [Windows Services Aganters] (Random 10 Letter).exe
O4 - HKLM\..\RunServices: [Windows Services Aganters] (Random 10 Letter).exe
O4 - HKCU\..\Run: [Windows Services Aganters] (Random 10 Letter).exe
O4 - HKLM\..\Run: [Windows Services Agent] aggs.exe
O4 - HKLM\..\RunServices: [Windows Services Agent] aggs.exe
O4 - HKCU\..\Run: [Windows Services Agent] aggs.exe
O4 - HKLM\..\Run: [Windows Services alges2] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windows Services alges2] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Windows Services alges2] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Windows Services B-Runner] svcbrun.exe
O4 - HKLM\..\Run: [Windows Services B-Runner] svcbrunner.exe
O4 - HKLM\..\Run: [Windows Services Certification] svccert.exe
O4 - HKLM\..\Run: [Windows Services Guide] svcguide.exe
O4 - HKLM\..\Run: [Windows Services Guide] svcguides.exe
O4 - HKLM\..\Run: [Windows Services Jog] svcjog.exe
O4 - HKLM\..\Run: [Windows Services Jog] svcjogg.exe
O4 - HKLM\..\Run: [Windows Services Joger] svcjoger.exe
O4 - HKLM\..\Run: [Windows Services Jogging] svcjogging.exe
O4 - HKLM\..\Run: [Windows Services Joging] svcjoging.exe
O4 - HKLM\..\Run: [Windows Services Layer] C:\WINDOWS\System32\configure.exe
O4 - HKLM\..\RunServices: [WWindows Services Layer] C:\WINDOWS\System32\configure.exe
O4 - HKCU\..\Run: [Windows Services Layer] C:\WINDOWS\System32\configure.exe
O4 - HKLM\..\Run: [Windows Services Layer] C:\WINDOWS\System32\ctfnon.exe
O4 - HKLM\..\RunServices: [Windows Services Layer] C:\WINDOWS\System32\ctfnon.exe
O4 - HKCU\..\Run: [Windows Services Layer] C:\WINDOWS\System32\ctfnon.exe
O4 - HKLM\..\Run: [Windows Services Layer] C:\WINDOWS\System32\sslms.exe
O4 - HKLM\..\RunServices: [Windows Services Layer] C:\WINDOWS\System32\sslms.exe
O4 - HKCU\..\Run: [Windows Services Layer] C:\WINDOWS\System32\sslms.exe
O4 - HKLM\..\Run: [Windows Services Layer] winl0g0.exe
O4 - HKLM\..\RunServices: [Windows Services Layer] winl0g0.exe
O4 - HKCU\..\Run: [Windows Services Layer] winl0g0.exe
O4 - HKLM\..\Run: [Windows Services Layer] winlogz2.exe
O4 - HKLM\..\RunServices: [Windows Services Layer] winlogz2.exe
O4 - HKCU\..\Run: [Windows Services Layer] winlogz2.exe
O4 - HKLM\..\Run: [Windows Services M7] ctfmon32.exe
O4 - HKLM\..\Run: [Windows Services Managt] wpservice.exe
O4 - HKLM\..\Run: [Windows Services Registry] C:\WINDOWS\system\services.exe
O4 - HKLM\..\Run: [Windows Services Tower] svctowers.exe
O4 - HKLM\..\Run: [Windows Services Tower] svctowing.exe
O4 - HKLM\..\Run: [Windows Serviece Agents] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Windows Serviece Agents] (Random 9 Letter).exe
O4 - HKCU\..\Run: [Windows Serviece Agents] (Random 9 Letter).exe
O4 - HKLM\..\Run: [Windows Servser] serviser.exe
O4 - HKLM\..\Run: [Windows Shell] winshell.exe
O4 - HKLM\..\RunServices: [Windows Shell] winshell.exe
O4 - HKLM\..\Run: [Windows Shutdown Service Launcher] wssl.exe
O4 - HKLM\..\Run: [Windows Socket Procedure] WinSock32.exe
O4 - HKLM\..\RunServices: [Windows Socket Procedure] WinSock32.exe
O4 - HKLM\..\Run: [Windows Software] hbsppe.exe
O4 - HKLM\..\RunServices: [Windows Software] hbsppe.exe
O4 - HKCU\..\Run: [Windows Software] hbsppe.exe
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [Windows Sound Verifier] WinIp32.exe
O4 - HKLM\..\RunServices: [Windows Sound Verifier] WinIp32.exe
O4 - HKLM\..\Run: [Windows Spool] winspool.exe
O4 - HKLM\..\Run: [Windows Spooler] winsplr.exe
O4 - HKLM\..\Run: [Windows Spooler Service] spoolsrv.exe
O4 - HKLM\..\RunServices: [Windows Spooler Service] spoolsrv.exe
O4 - HKLM\..\Run: [Windows Spoolvvv Service] spoolvvv.exe
O4 - HKLM\..\RunOnce: [Windows Spoolvvv Service] spoolvvv.exe
O4 - HKLM\..\RunServices: [Windows Spoolvvv Service] spoolvvv.exe
O4 - HKCU\..\Run: [Windows Spoolvvv Service] spoolvvv.exe
O4 - HKCU\..\RunOnce: [Windows Spoolvvv Service] spoolvvv.exe
O4 - HKLM\..\Run: [Windows spyware remover] Windows-spyware.exe
O4 - HKLM\..\RunServices: [Windows spyware remover] Windows-spyware.exe
O4 - HKLM\..\Run: [Windows SQL management 1.33] scvhost.exe
O4 - HKCU\..\RunOnce: [Windows SQL management 1.33] scvhost.exe
O4 - HKLM\..\Run: [Windows SSH Client] winssh.exe
O4 - HKLM\..\RunServices: [Windows SSH Client] winssh.exe
O4 - HKCU\..\Run: [Windows SSH Client] winssh.exe
O4 - HKCU\..\RunServices: [Windows SSH Client] winssh.exe
O4 - HKLM\..\Run: [Windows Storm-Memory Drivers] memorystorm.exe
O4 - HKLM\..\Run: [Windows Sub-Classing Routine Manager] scvhost.exe
O4 - HKLM\..\RunServices: [Windows Sub-Classing Routine Manager] scvhost.exe
O4 - HKLM\..\Run: [Windows svchost] avserv.exe
O4 - HKLM\..\Run: [Windows svchost] ctfmon32.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [Windows svchost] servicean.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [Windows SYN Control Center] winmnon32.exe
O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\microsoft.exe
O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\svchosts.exe
O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\Winsec.exe
O4 - HKLM\..\Run: [WindowsSystem32] Winsec.exe
O4 - HKLM\..\Run: [Windows system] winsys.exe
O4 - HKLM\..\RunServices: [Windows system] winsys.exe
O4 - HKCU\..\Run: [Windows system] winsys.exe
O4 - HKLM\..\Run: [Windows System] winsystem.exe
O4 - HKLM\..\Run: [Windows System32] explorer.exe
O4 - HKLM\..\RunServices: [Windows System32] explorer.exe
O4 - HKCU\..\Run: [Windows System32] explorer.exe
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe
O4 - HKLM\..\Run: [Windows System 32] System32.exe
O4 - HKLM\..\RunServices: [Windows System 32] System32.exe
O4 - HKCU\..\Run: [Windows System 32] System32.exe
O4 - HKLM\..\Run: [Windows System32] windows32.exe
O4 - HKLM\..\RunServices: [Windows System32] windows32.exe
O4 - HKCU\..\Run: [Windows System32] windows32.exe
O4 - HKLM\..\Run: [Windows System32] wingrd32.exe
O4 - HKLM\..\RunServices: [Windows System32] wingrd32.exe
O4 - HKCU\..\Run: [Windows System32] wingrd32.exe
O4 - HKLM\..\Run: [Windows System 32] winsys_32.exe
O4 - HKLM\..\RunServices: [Windows System 32] winsys_32.exe
O4 - HKCU\..\Run: [Windows System 32] winsys_32.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows System-Control Drivers] syscontrl.exe
O4 - HKLM\..\Run: [Windows System-Control Drivers] systcontrl.exe
O4 - HKLM\..\Run: [Windows System Control Drivers] systcntl.exe
O4 - HKLM\..\Run: [Windows System Control Drivers] systemcntl.exe
O4 - HKLM\..\Run: [Windows System Drivers] sysretain.exe
O4 - HKLM\..\Run: [Windows System Maintain] builders.exe
O4 - HKCU\..\RunOnce: [Windows System Maintain] builders.exe
O4 - HKLM\..\Run: [Windows System Manager] winsysmgr.exe
O4 - HKLM\..\Run: [Windows System Manager] winsysmngr.exe
O4 - HKLM\..\Run: [Windows System Restart Sync] slrss.exe
O4 - HKLM\..\RunServices: [Windows System Restart Sync] slrss.exe
O4 - HKCU\..\Run: [Windows System Restart Sync] slrss.exe
O4 - HKLM\..\Run: [Windows System Service] svchost32.exe
O4 - HKLM\..\RunServices: [Windows System Service] svchost32.exe
O4 - HKLM\..\Run: [Windows System Service] wnuserv.exe
O4 - HKLM\..\RunServices: [Windows System Service] wnuserv.exe
O4 - HKLM\..\Run: [Windows System Update Tools] upds.exe
O4 - HKLM\..\RunServices: [Windows System Update Tools] upds.exe
O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKLM\..\Run: [Windows TaskManager] iexplorer.exe
O4 - HKLM\..\RunServices: [Windows TaskManager] iexplorer.exe
O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe
O4 - HKLM\..\Run: [Windows TaskManager] tskmngr.exe
O4 - HKLM\..\RunServices: [Windows TaskManager] tskmngr.exe
O4 - HKLM\..\Run: [Windows Taskmanager] taskmngr.exe
O4 - HKLM\..\RunServices: [Windows Taskmanager] taskmngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Taskmanager] taskmngr.exe
O4 - HKLM\..\Run: [Windows Taskmanager] taskngr.exe
O4 - HKLM\..\RunServices: [Windows Taskmanager] taskngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Taskmanager] taskngr.exe
O4 - HKLM\..\Run: [Windows Taskmanager] winpifviewer.exe
O4 - HKLM\..\Run: [Windows Task Mgr] mstasks.exe
O4 - HKLM\..\Run: [Windows Task Mgr!] mstasker.exe
O4 - HKLM\..\Run: [ Windows Task Scheduler] C:\WINDOWS\System32\Scheduler.exe
O4 - HKLM\..\RunServices: [ Windows Task Scheduler] C:\WINDOWS\System32\Scheduler.exe
O4 - HKLM\..\Run: [Windows Taskbar Manager] c:\windows\system32\wlmsn.exe
O4 - HKLM\..\Run: [Windows Temperate Services] wintmp.exe
O4 - HKLM\..\Run: [Windows Terminal Manager] rmbsvc.exe
O4 - HKLM\..\Run: [Windows Tilehome] Tilehome.com
O4 - HKLM\..\RunServices: [Windows Tilehome] Tilehome.com
O4 - HKLM\..\Run: [Windows Time Keeper] windowstime.exe
O4 - HKLM\..\Run: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe
O4 - HKLM\..\RunServices: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe
O4 - HKCU\..\Run: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe
O4 - HKLM\..\Run: [Windows Tracking Client] ctwsvc.exe
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] auth.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe
04 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] installer.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmngs.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] msnpd.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] mswinudpmgr32.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] scvhost.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] taksmrg.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] tmps.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winlive32.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winmsn.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winrofl32.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmg.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgrs.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmsgr.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winupmgr.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winuscn32.exe
O4 - HKLM\..\Run: [Windows UDP Control Manager] winudpmgr.exe
O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe
O4 - HKLM\..\Run: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe
O4 - HKLM\..\RunServices: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKLM\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKCU\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKCU\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKLM\..\Run: [WindowsUpdate.exe] "C:\WINDOWS\system32\WindowsUpdate.exe" start
O4 - HKLM\..\Run: [WindowsUpdateManager] C:\WINDOWS\system32\wupdmng.exe
O4 - HKCU\..\Run: [WindowsUpdateManager] C:\WINDOWS\system32\wupdmng.exe
O4 - HKLM\..\Run: [Windows update] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Windows update] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Windows Update] avkir.exe
O4 - HKLM\..\RunServices: [Windows Update] avkir.exe
O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\msconfig32.exe"
O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\sspool.exe"
O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\winserv.exe"
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\btorrent16.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\DBOT.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\easypwnt.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\hkcmd.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\McAfee.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\McAfee3.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\msdevs30.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\msnsa32.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\Nod32Av.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\steam.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\svchost.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\svchosts.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\SystemUpgrade.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\update.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\usnsvc.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\VNASC.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\win32update.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\winsc.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\SecretStub.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\msnmsgr.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\scrigz.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\winpatch.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\system32\winpatch.exe
O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\winsck.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\Msgrss.exe
O4 - HKLM\..\Run: [Windows Update] cutix.exe
O4 - HKLM\..\RunServices: [Windows Update] cutix.exe
O4 - HKCU\..\Run: [Windows Update] cutix.exe
O4 - HKCU\..\RunServices: [Windows Update] cutix.exe
O4 - HKLM\..\Run: [Windows Update] host.exe
O4 - HKLM\..\RunServices: [Windows Update] host.exe
O4 - HKLM\..\Run: [Windows Update] livesrvs.exe
O4 - HKLM\..\RunServices: [Windows Update] livesrvs.exe
O4 - HKCU\..\Run: [Windows Update] livesrvs.exe
O4 - HKCU\..\RunServices: [Windows Update] livesrvs.exe
O4 - HKLM\..\Run: [Windows Update] msnsupdate.exe
O4 - HKLM\..\RunServices: [Windows Update] msnsupdate.exe
O4 - HKCU\..\Run: [Windows Update] msnsupdate.exe
O4 - HKLM\..\Run: [Windows Update] msnupdates.exe
O4 - HKLM\..\RunServices: [Windows Update] msnupdates.exe
O4 - HKCU\..\Run: [Windows Update] msnupdates.exe
O4 - HKLM\..\Run: [Windows Update] msupd.exe
O4 - HKLM\..\RunServices: [Windows Update] msupd.exe
O4 - HKCU\..\Run: [Windows Update] msupd.exe
O4 - HKLM\..\Run: [Microsoft Update] rundll32.dll
O4 - HKLM\..\RunServices: [Microsoft Update] rundll32.dll
O4 - HKLM\..\Run: [Windows Update] ssms.exe
O4 - HKLM\..\RunServices: [Windows Update] ssms.exe
O4 - HKLM\..\Run: [Windows Update] update32.exe
O4 - HKLM\..\RunServices: [Windows Update] update32.exe
O4 - HKLM\..\Run: [Windows Update] WindowsUpdate.exe
O4 - HKLM\..\RunServices: [Windows Update] WindowsUpdate.exe
O4 - HKLM\..\Run: [Windows Update] Windows Update.exe
O4 - HKLM\..\RunServices: [Windows Update] Windows Update.exe
O4 - HKLM\..\Run: [Windows Update] windowsupdats.exe
O4 - HKLM\..\RunServices: [Windows Update] windowsupdats.exe
O4 - HKLM\..\Run: [Windows Update] winupd.exe
O4 - HKLM\..\RunServices: [Windows Update] winupd.exe
O4 - HKCU\..\Run: [Windows Update] winupd.exe
O4 - HKLM\..\Run: [Windows Update] wupdate.exe
O4 - HKLM\..\RunServices: [Windows Update] wupdate.exe
O4 - HKLM\..\Run: [Windows Update ] temps.exe
O4 - HKLM\..\Run: [Windows update 55] (Random 10 Letter).exe
O4 - HKLM\..\RunServices: [Windows update 55] (Random 10 Letter).exe
O4 - HKLM\..\Run: [Windows Update Automation] winupdate.exe
O4 - HKLM\..\RunServices: [Windows Update Automation] winupdate.exe
O4 - HKLM\..\Run: [Windows Update Automation] winuptdate.exe
O4 - HKLM\..\RunServices: [Windows Update Automation] winuptdate.exe
O4 - HKLM\..\Run: [Windows Update Automation] wndupdate.exe
O4 - HKLM\..\RunServices: [Windows Update Automation] wndupdate.exe
O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\system32\waucult.exe
O4 - HKLM\..\RunServices: [Windows Update AutoUpdate Client] C:\WINDOWS\system32\waucult.exe
O4 - HKCU\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\system32\waucult.exe
O4 - HKCU\..\RunServices: [Windows Update AutoUpdate Client] C:\WINDOWS\system32\waucult.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] ctfm0Unz.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] ctfm0Unz.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] ctfmom.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] ctfmom.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] ctfmoom.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] ctfmoom.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] spack2.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] spack2.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfw.exe
O4 - HKCU\..\Run: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfws.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfws.exe
O4 - HKLM\..\Run: [Windows Update GUI Executable x32x] wupdategux32.exe
O4 - HKLM\..\RunServices: [Windows Update GUI Executable x32x] wupdategux32.exe
O4 - HKLM\..\Run: [Windows Update Host] C:\WINDOWS\system32\winupsvc.exe
O4 - HKLM\..\Run: [Windows Update Draven] draven.exe
O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe
O4 - HKCU\..\Run: [Windows Update Draven] draven.exe
O4 - HKLM\..\Run: [Windows Update Drive] updrvs.exe
O4 - HKLM\..\RunServices: [Windows Update Drive] updrvs.exe
O4 - HKCU\..\Run: [Windows Update Drive] updrvs.exe
O4 - HKLM\..\Run: [Windows Update Manager] bootwiz.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] bootwiz.exe
O4 - HKLM\..\Run: [Windows Update Manager] C:\WINDOWS\system32\winup.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\system32\winup.exe
O4 - HKLM\..\Run: [Windows Update Manager] WindowsUpdateManager.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] WindowsUpdateManager.exe
O4 - HKCU\..\Run: [Windows Update Manager] WindowsUpdateManager.exe
O4 - HKCU\..\RunServices: [Windows Update Manager] WindowsUpdateManager.exe
O4 - HKLM\..\Run: [Windows Update Services] C:\RECYCLER\winupdate32.exe
O4 - HKLM\..\Run: [Windows Update Tool] C:\WINDOWS\System32\upds.exe
O4 - HKLM\..\RunServices: [Windows Update Tool] C:\WINDOWS\System32\upds.exe
O4 - HKLM\..\Run: [Windows Updated] spoolsac.exe
O4 - HKLM\..\RunServices: [Windows Updated] spoolsac.exe
O4 - HKCU\..\Run: [Windows Updated] spoolsac.exe
O4 - HKCU\..\RunServices: [Windows Updated] spoolsac.exe
O4 - HKLM\..\Run: [Windows Updated] spoolsae.exe
O4 - HKLM\..\RunServices: [Windows Updated] spoolsae.exe
O4 - HKCU\..\Run: [Windows Updated] spoolsae.exe
O4 - HKCU\..\RunServices: [Windows Updated] spoolsae.exe
O4 - HKLM\..\Run: [Windows Updater] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Windows Updater] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Windows Updater] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Windows Updater] updater.com
O4 - HKLM\..\RunOnce: [Windows Updater] updater.com
O4 - HKLM\..\Run: [Windows Updater] winupdate.exe
O4 - HKLM\..\RunServices: [Windows Updater] winupdate.exe
O4 - HKLM\..\Run: [Windows Updater] WinUpdater.exe
O4 - HKLM\..\RunServices: [Windows Updater] WinUpdater.exe
O4 - HKLM\..\Run: [Windows Updater Service Manager] winupdatr.exe
O4 - HKLM\..\Run: [Windows Updater Services] C:\RECYCLER\msnupdate.exe
O4 - HKLM\..\Run: [Windows Updater Services] C:\RECYCLER\winupdate.exe
O4 - HKLM\..\Run: [Windows Updates] msups.exe
O4 - HKLM\..\RunServices: [Windows Updates] msups.exe
O4 - HKCU\..\Run: [Windows Updates] msups.exe
O4 - HKLM\..\Run: [Windows Updates] updates.exe
O4 - HKLM\..\Run: [Windows Updates] winlogon32.exe
O4 - HKLM\..\RunServices: [Windows Updates] winlogon32.exe
O4 - HKLM\..\Run: [Windows Updates Agent] winupdate.exe
O4 - HKLM\..\RunServices: [Windows Updates Agent] winupdate.exe
O4 - HKLM\..\Run: [Windows Updt Maschi] sysmt.exe
O4 - HKLM\..\RunServices: [Windows Updt Maschi] sysmt.exe
O4 - HKCU\..\Run: [Windows Updt Maschi] sysmt.exe
O4 - HKLM\..\Run: [Windows Updt Maschishkha] Dnmee33.exe
O4 - HKLM\..\RunServices: [Windows Updt Maschishkha] Dnmee33.exe
O4 - HKCU\..\Run: [Windows Updt Maschishkha] Dnmee33.exe
O4 - HKLM\..\Run: [Windows USB 2.0 Driver] usb2ctrl.exe
O4 - HKLM\..\RunServices: [Windows USB 2.0 Driver] usb2ctrl.exe
O4 - HKCU\..\Run: [Windows USB 2.0 Driver] usb2ctrl.exe
O4 - HKLM\..\Run: [Windows USB Control Driver] iexplore.exe
O4 - HKLM\..\Run: [Windows USB Monitor] servupdate.exe
O4 - HKLM\..\RunServices: [Windows USB Monitor] servupdate.exe
O4 - HKLM\..\Run: [Windows USB Printer] exe.exe
O4 - HKLM\..\RunServices: [Windows USB Printer] exe.exe
O4 - HKCU\..\Run: [Windows USB Printer] exe.exe
O4 - HKLM\..\Run: [Windows USB Printer] unqgod.exe
O4 - HKLM\..\RunServices: [Windows USB Printer] unqgod.exe
O4 - HKCU\..\Run: [Windows USB Printer] unqgod.exe
O4 - HKLM\..\Run: [Windows USB v3] wsvc.exe
O4 - HKLM\..\RunServices: [Windows USB v3] wsvc.exe
O4 - HKCU\..\Run: [Windows USB v3] wsvc.exe
O4 - HKCU\..\RunServices: [Windows USB v3] wsvc.exe
O4 - HKLM\..\Run: [Windows USB v3.2] wsvc.exe
O4 - HKLM\..\RunServices: [Windows USB v3.2] wsvc.exe
O4 - HKCU\..\Run: [Windows USB v3.2] wsvc.exe
O4 - HKCU\..\RunServices: [Windows USB v3.2] wsvc.exe
O4 - HKLM\..\Run: [Windows Verification Help Tool]
O4 - HKLM\..\RunServices: [Windows Verification Help Tool] Svchst.exe
O4 - HKLM\..\Run: [Windows Version Service] sysvers.exe
O4 - HKLM\..\Run: [Windows Video Component] wvcsvc.exe
O4 - HKLM\..\Run: [Windows Video Input] viwsvc.exe
O4 - HKLM\..\Run: [Windows Virtual Services] winvirtual.exe
O4 - HKLM\..\Run: [Windows Virtual Services] winvirtual32.exe
O4 - HKLM\..\Run: [Windows Virus Scanner] winvsvc.exe
O4 - HKLM\..\Run: [Windows Vista Corparation Agent Services] C:\WINDOWS\system32\winxp_sp3.exe
O4 - HKCU\..\Run: [Windows Vista Corparation Agent Services] C:\WINDOWS\system32\winxp_sp3.exe
O4 - HKLM\..\Run: [Windows Volume Control] ongsvc.exe
O4 - HKLM\..\Run: [Windows WIFI Config Help Tool] wificonfig.exe
O4 - HKLM\..\RunServices: [Windows WIFI Config Help Tool] wificonfig.exe
O4 - HKLM\..\Run: [Windows Winhlp32 Stub Service] winhlp32.pif
O4 - HKLM\..\RunServices: [Windows Winhlp32 Stub Service] winhlp32.pif
O4 - HKCU\..\Run: [Windows Winhlp32 Stub Service] winhlp32.pif
O4 - HKCU\..\RunServices: [Windows Winhlp32 Stub Service] winhlp32.pif
O4 - HKLM\..\Run: [Windows WKS Services] wkssvr1.exe
O4 - HKLM\..\Run: [Windows WMF Fix] winfix.exe
O4 - HKLM\..\RunServices: [Windows WMF Fix] winfix.exe
O4 - HKCU\..\Run: [Windows WMF Fix] winfix.exe
O4 - HKLM\..\Run: [Windows Workstation Service] explore.exe
O4 - HKLM\..\RunServices: [Windows Workstation Service] explore.exe
O4 - HKLM\..\Run: [Windows Workstation Service] wor.exe
O4 - HKLM\..\RunServices: [Windows Workstation Service] wor.exe
O4 - HKLM\..\Run: [Windows-Xdate] wuauclt4.exe
O4 - HKLM\..\RunServices: [Windows-Xdate] wuauclt4.exe
O4 - HKCU\..\Run: [Windows-Xdate] wuauclt4.exe
O4 - HKLM\..\Run: [Windows xmutler] cftmon32.exe
O4 - HKLM\..\Run: [Windows-Xordate] sox7.exe
O4 - HKLM\..\RunServices: [Windows-Xordate] sox7.exe
O4 - HKCU\..\Run: [Windows-Xordate] sox7.exe
O4 - HKLM\..\Run: [Windows-Xordate] wuauclt9.exe
O4 - HKLM\..\RunServices: [Windows-Xordate] wuauclt9.exe
O4 - HKCU\..\Run: [Windows-Xordate] wuauclt9.exe
O4 - HKLM\..\Run: [Windows-Xordate] wuauclt6.exe
O4 - HKLM\..\RunServices: [Windows-Xordate] wuauclt6.exe
O4 - HKCU\..\Run: [Windows-Xordate] wuauclt6.exe
O4 - HKLM\..\Run: [WindowsXp Security] C:\WINDOWS\system32\spool.exe
O4 - HKCU\..\Run: [WindowsXp Security] C:\WINDOWS\system32\spool.exe
O4 - HKLM\..\Run: [Windows xp] Wins.exe
O4 - HKLM\..\RunServices: [Windows xp] Wins.exe
O4 - HKLM\..\Run: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKLM\..\RunServices: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKCU\..\Run: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKCU\..\RunServices: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKLM\..\Run: [Windows Zero Spooler] nmvcs.exe
O4 - HKLM\..\Run: [Winds Seersc Agts] (Random 10 Letter).exe
O4 - HKLM\..\RunServices: [Winds Seersc Agts] (Random 10 Letter).exe
O4 - HKCU\..\Run: [Winds Seersc Agts] (Random 10 Letter).exe
O4 - HKLM\..\Run: [Winds Sers Agts] (Random 5 Letter).exe
O4 - HKLM\..\RunServices: [Winds Sers Agts] (Random 5 Letter).exe
O4 - HKCU\..\Run: [Winds Sers Agts] (Random 5 Letter).exe
O4 - HKLM\..\Run: [Winds Sers Agts] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Winds Sers Agts] (Random 6 Letter).exe
O4 - HKCU\..\Run: [Winds Sers Agts] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Winds Sersc Agts] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Winds Sersc Agts] (Random 9 Letter).exe
O4 - HKCU\..\Run: [Winds Sersc Agts] (Random 9 Letter).exe
O4 - HKLM\..\Run: [winenv] winenv.exe
O4 - HKLM\..\RunServices: [winenv] winenv.exe
O4 - HKLM\..\Run: [Windxs mxzez Vexifier] winlogos.exe
O4 - HKLM\..\RunServices: [Windxs mxzez Vexifier] winlogos.exe
O4 - HKLM\..\Run: [winguard] wingrd32.exe
O4 - HKLM\..\RunServices: [winguard] wingrd32.exe
O4 - HKLM\..\Run: [Winhost psdriver] msnmsngr.exe
O4 - HKCU\..\RunOnce: [Winhost psdriver] msnmsngr.exe
O4 - HKLM\..\Run: [winis] C:\WINDOWS\system32\winis.exe
O4 - HKLM\..\Run: [Winjava xml] dirx9.exe
O4 - HKLM\..\Run: [winldr] winldr.exe
O4 - HKLM\..\RunServices: [winldr] winldr.exe
O4 - HKLM\..\Run: [Microsoft] winline.exe
O4 - HKLM\..\RunServices: [Microsoft] winline.exe
O4 - HKLM\..\Run: [WinLiveMessanger] wlliveapp.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\Run: [winlogin] winlogin.exe
O4 - HKLM\..\RunOnce: [winlogin] winlogin.exe
O4 - HKLM\..\RunServices: [winlogin] winlogin.exe
O4 - HKCU\..\Run: [winlogin] winlogin.exe
O4 - HKCU\..\RunOnce: [winlogin] winlogin.exe
O4 - HKCU\..\Run: [winlogon] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKLM\..\Run: [winlogon.exe] C:\WINDOWS\system32\drivers\winlogon.exe
O4 - HKLM\..\Run: [winlogon] winlogon32.exe
O4 - HKLM\..\RunServices: [winlogon] winlogon32.exe
O4 - HKLM\..\Run: [WinManage] C:\WINDOWS\system32\wmanage.exe
O4 - HKLM\..\Run: [WINMGR] taskgmgr.exe
O4 - HKLM\..\RunServices: [WINMGR] taskgmgr.exe
O4 - HKCU\..\Run: [WINMGR] taskgmgr.exe
O4 - HKLM\..\Run: [winnt DNS ident] svhost.exe
O4 - HKLM\..\RunServices: [winnt DNS ident] svhost.exe
O4 - HKLM\..\Run: [winnt DNS ident] wuamgrd32.exe
O4 - HKLM\..\RunServices: [winnt DNS ident] wuamgrd32.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [WinRAR Archive] winrar.exe
O4 - HKLM\..\Run: [WinRaR Service] WinrarCO.com
O4 - HKLM\..\RunServices: [WinRaR Service] WinrarCO.com
O4 - HKCU\..\Run: [WinRaR Service] WinrarCO.com
O4 - HKLM\..\Run: [WinReader] C:\WINDOWS\system32\read.exe
O4 - HKLM\..\Run: [WinReg] c:\windows\system\svchost.exe
O4 - HKLM\..\Run: [WINRUN] svchost32.exe
O4 - HKLM\..\RunServices: [WINRUN] svchost32.exe
O4 - HKCU\..\Run: [WINRUN] svchost32.exe
O4 - HKLM\..\Run: [Wins Loader5] Gadu-Gadu.exe
O4 - HKCU\..\RunOnce: [Wins Loader5] Gadu-Gadu.exe
O4 - HKLM\..\Run: [WinS0sk] Wink2sk3.exe
O4 - HKCU\..\RunOnce: [WinS0sk] Wink2sk3.exe
O4 - HKLM\..\Run: [WinService Host] scvhosts.exe
O4 - HKLM\..\RunServices: [WinService Host] scvhosts.exe
O4 - HKCU\..\Run: [WinService Host] scvhosts.exe
O4 - HKLM\..\Run: [WinServices] C:\WINDOWS\System32\WinServices.exe
O4 - HKLM\..\RunServices: [WinServices] C:\WINDOWS\System32\WinServices.exe
O4 - HKLM\..\Run: [Winsocgfhk driver] (Random 7 Letter).exe
O4 - HKCU\..\RunOnce: [Winsocgfhk driver] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Winsock driver] (Random 5 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock driver] (Random 5 Letter).exe
O4 - HKLM\..\Run: [Winsock driver] (Random 6 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock driver] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Winsock driver] (Random 7 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock driver] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Winsock driver] msprotect.exe
O4 - HKCU\..\RunOnce: [Winsock driver] msprotect.exe
O4 - HKLM\..\Run: [Winsock driver] win.exe
O4 - HKCU\..\RunOnce: [Winsock driver] win.exe
O4 - HKLM\..\Run: [Winsock driver] wuaumqr.exe
O4 - HKCU\..\RunOnce: [Winsock driver] wuaumqr.exe
O4 - HKLM\..\Run: [Winsock Startup] Main2.exe
O4 - HKLM\..\RunServices: [Winsock Startup] Main2.exe
O4 - HKCU\..\Run: [Winsock Startup] Main2.exe
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [Winsock2 driver] (Random 3 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 3 Letter).exe
O4 - HKLM\..\Run: [Winsock2 driver] (Random 4 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 4 Letter).exe
O4 - HKLM\..\Run: [Winsock2 driver] (Random 5 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 5 Letter).exe
O4 - HKLM\..\Run: [Winsock2 driver] (Random 6 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Winsock2 driver] (Random 7 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Winsock2 driver] (Random 8 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Winsock2 driver] (Random 9 Letter).exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 9 Letter).exe
O4 - HKLM\..\Run: [Winsock2 driver] 5ystem.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] 5ystem.exe
O4 - HKLM\..\Run: [Winsock2 driver] amsn.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] amsn.exe
O4 - HKLM\..\Run: [Winsock2 driver] amsnmgr.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] amsnmgr.exe
O4 - HKLM\..\Run: [Winsock2 driver] CFTMON.EXE
O4 - HKCU\..\RunOnce: [Winsock2 driver] CFTMON.EXE
O4 - HKLM\..\Run: [Winsock2 driver] crizak.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] crizak.exe
O4 - HKLM\..\Run: [Winsock2 driver] enrik.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] enrik.exe
O4 - HKLM\..\Run: [Winsock2 driver] EXPLORER.EXE
O4 - HKCU\..\RunOnce: [Winsock2 driver] EXPLORER.EXE
O4 - HKLM\..\Run: [Winsock2 driver] iexplorer32.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] iexplorer32.exe
O4 - HKLM\..\Run: [Winsock2 driver] MangmentMGR.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] MangmentMGR.exe
O4 - HKLM\..\Run: [Winsock2 driver] svhost.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] svhost.exe
O4 - HKLM\..\Run: [Winsock2 driver] sys32.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] sys32.exe
O4 - HKLM\..\Run: [Winsock2 driver] vc.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] vc.exe
O4 - HKLM\..\Run: [Winsock2 driver] vga32.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] vga32.exe
O4 - HKLM\..\Run: [Winsock2 driver] WFTPD32.EXE
O4 - HKCU\..\RunOnce: [Winsock2 driver] WFTPD32.EXE
O4 - HKLM\..\Run: [Winsock2 driver] win.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] win.exe
O4 - HKLM\..\Run: [Winsock2 driver] WINLOGO.EXE
O4 - HKCU\..\RunOnce: [Winsock2 driver] WINLOGO.EXE
O4 - HKLM\..\Run: [Winsock2 driver] winnt4.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] winnt4.exe
O4 - HKLM\..\Run: [Winsock2 driver] winsock3.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] winsock3.exe
O4 - HKLM\..\Run: [Winsock2 driver] wuaumqr.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] wuaumqr.exe
O4 - HKLM\..\Run: [Winsock2 driver] wuaumqr12.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] wuaumqr12.exe
O4 - HKLM\..\Run: [Winsock2 driver] wuaumqr3.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] wuaumqr3.exe
O4 - HKLM\..\Run: [Winsock2 wqr1s] scvvhost.exe
O4 - HKCU\..\RunOnce: [Winsock2 wqr1s] scvvhost.exe
O4 - HKLM\..\Run: [Winsock2 wqr1s] wuaumqr1.exe
O4 - HKCU\..\RunOnce: [Winsock2 wqr1s] wuaumqr1.exe
O4 - HKLM\..\Run: [Winsock32 driver] system32.exe
O4 - HKCU\..\RunOnce: [Winsock32 driver] system32.exe
O4 - HKLM\..\Run: [Winsock6 MIC driver] iecvsupdate.exe
O4 - HKCU\..\RunOnce: [Winsock6 MIC driver] iecvsupdate.exe
O4 - HKLM\..\Run: [Winsock6 MIC driver] IESERVICESUPD.EXE
O4 - HKCU\..\RunOnce: [Winsock6 MIC driver] IESERVICESUPD.EXE
O4 - HKLM\..\Run: [WinSocks] WinSocks.exe
O4 - HKLM\..\RunServices: [WinSocks] WinSocks.exe
O4 - HKLM\..\Run: [Winsocks2 driver] mznmgr.exe
O4 - HKCU\..\RunOnce: [Winsocks2 driver] mznmgr.exe
O4 - HKLM\..\Run: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\Run: [winudpt32.exe] winudpt32.exe
O4 - HKLM\..\RunServices: [winudpt32.exe] winudpt32.exe
O4 - HKLM\..\Run: [WinUpdate] svhost.exe
O4 - HKCU\..\RunOnce: [WinUpdate] svhost.exe
O4 - HKLM\..\Run: [WinUpdate] syiuv.exe
O4 - HKCU\..\Run: [WinUpdate] syiuv.exe
O4 - HKLM\..\Run: [winupdate] winupdate.exe
O4 - HKLM\..\RunServices: [winupdate] winupdate.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKLM\..\Run: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKLM\..\RunServices: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKLM\..\Run: [WinXPService] C:\windows\fonts\taksmgr.exe
O4 - HKLM\..\Run: [WinXpUpdate32] WinXpUpdate32.exe
O4 - HKLM\..\RunServices: [WinXpUpdate32] WinXpUpdate32.exe
O4 - HKLM\..\Run: [winystems25] winystems.exe
O4 - HKLM\..\RunServices: [winystems25] winystems.exe
O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
O4 - HKLM\..\Run: [winzSystam] xly.exe
O4 - HKLM\..\RunServices: [winzSystam] xly.exe
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\system32\wbem\scrcons32.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\system32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\system32\wbem\scrcons32.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\system32\wbem\scrcons32.exe
O4 - HKLM\..\Run: [wmisrv] C:\wmisrv.exe
O4 - HKLM\..\Run: [wmplayer] C:\WINDOWS\lsrvc.exe
O4 - HKLM\..\Run: [Wndws Sym Updt] securty22.exe
O4 - HKLM\..\RunServices: [Wndws Sym Updt] securty22.exe
O4 - HKCU\..\Run: [Wndws Sym Updt] securty22.exe
O4 - HKLM\..\Run: [WPSVC Services] wpnsc.exe
O4 - HKLM\..\Run: [wuaclt.exe] C:\WINDOWS\system32\drivers\wuaclt.exe
O4 - HKLM\..\Run: [wuact.exe] C:\WINDOWS\system32\drivers\wuact.exe
O4 - HKLM\..\Run: [wuosdial] wuosdial.exe
O4 - HKLM\..\RunServices: [wuosdial] wuosdial.exe
O4 - HKCU\..\Run: [wuosdial] wuosdial.exe
O4 - HKLM\..\Run: [x86 Kernel] krnlx86.exe
O4 - HKLM\..\Run: [xDRam rar procx] xwinupdaterarx.exe
O4 - HKLM\..\RunServices: [xDRam rar procx] xwinupdaterarx.exe
O4 - HKLM\..\Run: [Xfire32] xfire32.exe
O4 - HKLM\..\RunServices: [Xfire32] xfire32.exe
O4 - HKLM\..\Run: [Xordate] wuauclt10.exe
O4 - HKLM\..\RunServices: [Xordate] wuauclt10.exe
O4 - HKCU\..\Run: [Xordate] wuauclt10.exe
O4 - HKLM\..\Run: [Xordate] wuauclt11.exe
O4 - HKLM\..\RunServices: [Xordate] wuauclt11.exe
O4 - HKCU\..\Run: [Xordate] wuauclt11.exe
O4 - HKLM\..\Run: [Xordate] wuauclt12.exe
O4 - HKLM\..\RunServices: [Xordate] wuauclt12.exe
O4 - HKCU\..\Run: [Xordate] wuauclt12.exe
O4 - HKLM\..\Run: [Xordate] wuauclt13.exe
O4 - HKLM\..\RunServices: [Xordate] wuauclt13.exe
O4 - HKCU\..\Run: [Xordate] wuauclt13.exe
O4 - HKLM\..\Run: [xp] winis.exe
O4 - HKLM\..\RunServices: [xp] winis.exe
O4 - HKCU\..\Run: [xp] winis.exe
O4 - HKCU\..\RunServices: [xp] winis.exe
O4 - HKLM\..\Run: [XPCPHOST Settings] xpcphost.exe
O4 - HKLM\..\RunServices: [XPCPHOST Settings] xpcphost.exe
O4 - HKCU\..\Run: [XPCPHOST Settings] xpcphost.exe
O4 - HKLM\..\Run: [XP HOT FIS] KBX.exe
O4 - HKLM\..\RunServices: [XP HOT FIS] KBX.exe
O4 - HKLM\..\RunOnce: [XP HOT FIS] KBX.exe
O4 - HKCU\..\Run: [XP HOT FIS] KBX.exe
O4 - HKCU\..\RunOnce: [XP HOT FIS] KBX.exe
O4 - HKLM\..\Run: [XP HOT Ops] KB15oooo.exe
O4 - HKLM\..\RunServices: [XP HOT Ops] KB15oooo.exe
O4 - HKLM\..\RunOnce: [XP HOT Ops] KB15oooo.exe
O4 - HKCU\..\Run: [XP HOT Ops] KB15oooo.exe
O4 - HKCU\..\RunOnce: [XP HOT Ops] KB15oooo.exe
O4 - HKLM\..\Run: [XP HOT ReHard] b7r63.exe
O4 - HKLM\..\RunOnce: [XP HOT ReHard] b7r63.exe
O4 - HKLM\..\RunServices: [XP HOT ReHard] b7r63.exe
O4 - HKCU\..\Run: [XP HOT ReHard] b7r63.exe
O4 - HKCU\..\RunOnce: [XP HOT ReHard] b7r63.exe
O4 - HKLM\..\Run: [XP Loader] loaderxp.exe
O4 - HKLM\..\Run: [xpiupdate] xpiupdate.exe
O4 - HKLM\..\RunServices: [xpiupdate] xpiupdate.exe
O4 - HKCU\..\Run: [xpiupdate] xpiupdate.exe
O4 - HKLM\..\Run: [XPPrintSpool] %windir%\java\java.log\spoolsv.exe
O4 - HKLM\..\Run: [XP System] systemxp.exe
O4 - HKLM\..\Run: [xswdmse] (Random 8 Letter).exe
O4 - HKCU\..\Run: [xswdmse] (Random 8 Letter).exe
O4 - HKLM\..\Run: [yahoo inc.] ypages.exe
O4 - HKLM\..\RunServices: [yahoo inc.] ypages.exe
O4 - HKCU\..\Run: [yahoo inc.] ypages.exe
O4 - HKLM\..\Run: [yahoo Messenger] svshost.exe
O4 - HKLM\..\Run: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\RunServices: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\Run: [Z] C:\WINDOWS\system32\zmon.exe
O4 - HKLM\..\Run: [zfton.exe] zfton.exe
O4 - HKLM\..\RunServices: [zfton.exe] zfton.exe
O4 - HKCU\..\Run: [zfton.exe] zfton.exe
O4 - HKLM\..\Run: [ZNN] C:\WINDOWS\system32\znnsvc.exe
O4 - HKLM\..\Run: [Zone Alarm Security] C:\WINDOWS\system32\zlclint.exe
O4 - HKLM\..\Run: [Zonesoft Cleaner] C:\WINDOWS\system32\rnsys.exe
O4 - HKLM\..\Run: [Zonesoft Cleaner] C:\WINDOWS\system32\svmgr.exe
O4 - HKLM\..\Run: [zSecurity Service] C:\WINDOWS\system32\szsvc.exe
O21 - SSODL: antivirus - {********-****-****-****-************} - firewallav.dll
O21 - SSODL: Java - {********-****-****-****-************} - javasy.dll
O21 - SSODL: mjd - {********-****-****-****-************} - w32_mjd.dll
O21 - SSODL: modems - {********-****-****-****-************} - notice.dll
O21 - SSODL: printers - {********-****-****-****-************} - libcintle2.dll
O21 - SSODL: printers - {********-****-****-****-************} - libcintles3.dll
O21 - SSODL: printers - {********-****-****-****-************} - libmsns.dll
O21 - SSODL: printers - {********-****-****-****-************} - libwinets.dll
O21 - SSODL: printers - {********-****-****-****-************} - msn.dll
O21 - SSODL: printers - {********-****-****-****-************} - notiffy.dll
O21 - SSODL: ProcService - {********-****-****-****-************} - service32.dll
O21 - SSODL: prodigy1 - {********-****-****-****-************} - newsystem25.dll
O21 - SSODL: prodigy1 - {********-****-****-****-************} - prodigys323.dll
O21 - SSODL: prodigy323 - {********-****-****-****-************} - prodigy323.dll
O21 - SSODL: rdshost - {********-****-****-****-************} - cymdda.dll
O21 - SSODL: rdshost - {********-****-****-****-************} - rafba.dll
O21 - SSODL: rdshost - {********-****-****-****-************} - rdfhost.dll
O21 - SSODL: rdshost - {********-****-****-****-************} - rdihost.dll
O21 - SSODL: rdshost - {********-****-****-****-************} - rdshost.dll
O21 - SSODL: sb0t - {********-****-****-****-************} - service1.dll
O21 - SSODL: syshelps - {********-****-****-****-************} - syshelps.dll
O21 - SSODL: syshelps - {********-****-****-****-************} - sysrcvr246.dll
O21 - SSODL: syshelps - {********-****-****-****-************} - systesrt32.dll
O21 - SSODL: syshelps - {********-****-****-****-************} - wmhs32.dll
O21 - SSODL: syshosts - {********-****-****-****-************} - syshosts.dll
O21 - SSODL: system32 - {********-****-****-****-************} - sysprinters.dll
O21 - SSODL: Version1 - {********-****-****-****-************} - libweb.dll
O21 - SSODL: Version1 - {********-****-****-****-************} - syspoint.dll
O21 - SSODL: Version1 - {********-****-****-****-************} - syspoints.dll
O21 - SSODL: Version3 - {********-****-****-****-************} - direct3dx.dll
O21 - SSODL: Version3 - {********-****-****-****-************} - syslinks2.dll
O21 - SSODL: Version3 - {********-****-****-****-************} - sysviews.dll
O21 - SSODL: Version3 - {********-****-****-****-************} - winviews32.dll
O21 - SSODL: w32s - {********-****-****-****-************} - win442.dll
O21 - SSODL: xesf - {********-****-****-****-************} - xex1.dll
O23 - Service: (Random Name) - Unknown owner - C:\WINDOWS\system32\csrcs.exe
O23 - Service: (Random Name) - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: Advance Service Process - Unknown owner - C:\Program Files\Common Files\System\MSASP32.exe
O23 - Service: Alternative User Input Services (Ctfmon) - Unknown owner - C:\WINDOWS\ctfmon.exe
O23 - Service: Application Layer Gateway - Unknown owner - C:\WINDOWS\system\msrv32.exe
O23 - Service: Application Layer Gateway System (ALGS) - Unknown owner - C:\WINDOWS\system32\algsys.exe
O23 - Service: Application Layer Service - Unknown owner - C:\WINDOWS\weRecv.exe
O23 - Service: Application State Service (AppSvc) - Unknown owner - C:\WINDOWS\system32\apsvc.exe
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe
O23 - Service: Client Server Runtime Counter - Unknown owner - C:\WINDOWS\system32\crssc.exe
O23 - Service: Client Server Runtime Proces - Unknown owner - C:\WINDOWS\csrss.exe
O23 - Service: Client/Server Runtime Server Subsystem (CSRSS) - Unknown owner - C:\WINDOWS\csrss.exe
O23 - Service: Clients Server Runtime Process (Windows Internet) - Unknown owner - C:\WINDOWS\csrss.exe
O23 - Service: COM+ System Service (DLLHOST) - Unknown owner - C:\WINDOWS\system\dllhost.exe
O23 - Service: directx.exe - Unknown owner - C:\WINDOWS\directx.exe
O23 - Service: DirectX Service (DirectValk) - Unknown owner - C:\WINDOWS\system32\explorer.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe
O23 - Service: Generic Host Process For Win32 Services (Generic Host Process) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Generic Host Process for Win32 Service - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\spoolsv.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: host Service For Windows (mshost) - Unknown owner - C:\WINDOWS\mshost.exe
O23 - Service: Host Process for Win32 Services - Unknown owner - C:\WINDOWS\system\svchost.exe
O23 - Service: Java development Services - Unknown owner - C:\WINDOWS\logins32.exe
O23 - Service: Java development Services - Unknown owner - C:\WINDOWS\servstat32x.exe
O23 - Service: Java development Services - Unknown owner - C:\WINDOWS\windows.exe
O23 - Service: Java development Services - Unknown owner - C:\WINDOWS\winxp.exe
O23 - Service: Java Sun Scheduler (JUSCHED) - Unknown owner - C:\WINDOWS\jusched.exe
O23 - Service: Local Network Service (algs) - Unknown owner - C:\WINDOWS\gettfo.exe
O23 - Service: Local Network Service (algs) - Unknown owner - C:\WINDOWS\winss
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: Log Manager (Manager) - Unknown owner - C:\WINDOWS\winup.exe
O23 - Service: Logon Process (WinLogon) - Unknown owner - C:\WINDOWS\winlogon.exe
O23 - Service: M1crosoft Agant - Unknown owner - C:\WINDOWS\System32\dllcache\qhotsew.exe
O23 - Service: Micr0s0ft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\sxch0st.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\cvchost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\cychost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\domzost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\dvdhost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\ffchost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\hosmnot.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\knchost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\lkmhost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\lpohost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\msagent.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\nsch0st.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\ppchost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\qichost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\qxchost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\rschost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\rtsecas.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\shvhost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\snchost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\suchost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\svqhost.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\sxchost.exe
O23 - Service: Microsoft IE - Unknown owner - C:\WINDOWS\system32\IEXPLORE.EXE
O23 - Service: Microsoft Internet Explorer - Unknown owner - C:\WINDOWS\iexplore.exe
O23 - Service: Microsoft Media - Unknown owner - C:\WINDOWS\system32\dllcache\Rtsecar.exe
O23 - Service: Microsoft Media - Unknown owner - C:\WINDOWS\system32\dllcache\rtsecas.exe
O23 - Service: Microsoft Update - Unknown owner - C:\WINDOWS\SCVVC.exe
O23 - Service: Microsoft Windows Protection (Windows Protection Service) - Unknown owner - C:\WINDOWS\winlogon.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\windll32.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\winsysdir.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\winservs.exe
O23 - Service: Microsoft Windows Update - Unknown owner - C:\WINDOWS\system32\dllcache\wuautcl.exe
O23 - Service: Microsoft Windows Update 32 (Win32) - Unknown owner - C:\WINDOWS\system32\winupdate32.exe
O23 - Service: Microsoft Windows Video Driver - Unknown owner - C:\Program Files\Common Files\System\MSWVR32.exe
O23 - Service: Microsoft XP TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\winxptcp.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe
O23 - Service: msnmgs (Microsoft Message Service XP) - Ap - C:\WINDOWS\fuckit.exe
O23 - Service: msvrcs(msvrcs) (msvrcs) - Unknown owner - C:\WINDOWS\system32\msvrcs.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINDOWS\system32\Netmon.exe
O23 - Service: Network Station Task Manager (TSKIB) - Unknown owner - C:\WINDOWS\taskib.exe
O23 - Service: Network Station Task Manager (TASKSQ) - Unknown owner - C:\WINDOWS\tasksch.exe
O23 - Service: Network System Logon (NSLSVC) - Unknown owner - C:\WINDOWS\Cursors\netmsvc.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
O23 - Service: NVIDIA Display Service (NVIDIA Display Driver Service) - Unknown owner - C:\WINDOWS\Nvds.exe
O23 - Service: Nvidia Driver Help - Unknown owner - C:\WINDOWS\nvsvc32.exe
O23 - Service: Performance Monitor Command Line Shell (Performance Monitor) - Unknown owner - C:\WINDOWS\perfmon.exe
O23 - Service: Process Task Manager - Unknown owner - C:\WINDOWS\system32\svhost.exe
O23 - Service: QuickTime - Unknown owner - C:\WINDOWS\QuickTime.exe
O23 - Service: rundll32.exe - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\msn93.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\msngrsm.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\rundll.exe
O23 - Service: scvhost.exe - Unknown owner - C:\WINDOWS\system\scvhost.exe
O23 - Service: SERVICE (WINDOWS) - Unknown owner - C:\WINDOWS\spoolsvc.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\service.exe
O23 - Service: Service Controller (Services) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe
O23 - Service: Service Manager - Unknown owner - C:\WINDOWS\testing.exe
O23 - Service: services - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: SMSS - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: Spoolsv - Unknown owner - C:\WINDOWS\spoolsv.exe
O23 - Service: Spool SubSystem App - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Spool SubSystem App - Unknown owner - C:\WINDOWS\system\Spool.exe
O23 - Service: svchost - Unknown owner - C:\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\svchost.exe
O23 - Service: svchost - Unknown owner - C:\WINDOWS\config\install\services.exe
O23 - Service: svchosts.exe - Unknown owner - C:\WINDOWS\svchosts.exe
O23 - Service: System Event - Unknown owner - C:\WINDOWS\SVCH0ST.exe
O23 - Service: TaskManager - Unknown owner - C:\WINDOWS\system\taskmngr.exe
O23 - Service: TaskManager - Unknown owner - C:\WINDOWS\system32\taskmngr.exe
O23 - Service: TCP/IP NetBIOS (NetBS) - Unknown owner - C:\WINDOWS\system32\netbios.exe
O23 - Service: user32 - Unknown owner - C:\WINDOWS\user32.exe
O23 - Service: Virtual Machine Application Handler (Virtual Machine) - Unknown owner - C:\WINDOWS\ntvdm.exe
O23 - Service: Vista32 - Unknown owner - C:\WINDOWS\Vista32.exe
O23 - Service: Winamp Service - Unknown owner - C:\WINDOWS\winamp.exe
O23 - Service: winconfig.exe - Unknown owner - C:\WINDOWS\smsss.exe
O23 - Service: winconfig.exe - Unknown owner - C:\WINDOWS\SP2PATCH.EXE
O23 - Service: winconfig.exe - Unknown owner - C:\WINDOWS\svcss.exe
O23 - Service: winconfig.exe - Unknown owner - C:\WINDOWS\win32dll.exe
O23 - Service: windows32 - Unknown owner - C:\WINDOWS\windows32.exe
O23 - Service: WindowsFirewall - Unknown owner - C:\WINDOWS\system32.exe
O23 - Service: WindowsHelpService - Unknown owner - C:\WINDOWS\system32\service.exe
O23 - Service: Windows Control Service32 (SVHOST32) - Unknown owner - C:\WINDOWS\system32\svhost32.exe
O23 - Service: Windows Decrypt manager (wincrypt32.exe) - Unknown owner - C:\WINDOWS\wincrypt32.exe
O23 - Service: Windows DLL System - Unknown owner - C:\WINDOWS\system32\smsc.exe
O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe
O23 - Service: Windows Event Viewer (EventViewer) - Unknown owner - C:\WINDOWS\system32\spoolsmc.exe
O23 - Service: Windows explorer - Unknown owner - C:\WINDOWS\explore.exe
O23 - Service: windows explorer32 - Unknown owner - C:\WINDOWS\system32\explorer32.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINDOWS\System32\net32a.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\system32\wgareg.exe
O23 - Service: Windows Genuine Advantage Validation Monitor (wgavm) - Unknown owner - C:\WINDOWS\system32\wgavm.exe
O23 - Service: Windows Genuine Advantage Validation Notification (wgavn) - Unknown owner - C:\WINDOWS\system32\wgavn.exe
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe
O23 - Service: Windows Host Services (ExplorerSvc) - Unknown owner - C:\WINDOWS\system\explorer.exe
O23 - Service: Windows Internet Service - Unknown owner - C:\WINDOWS\iexplore.exe
O23 - Service: Windows Kernel Service - Unknown owner - C:\WINDOWS\kasvc.exe
O23 - Service: Windows Kernel Services - Unknown owner - C:\WINDOWS\winlogon.exe
O23 - Service: Windows Kernel System Service - Unknown owner - c:\windows\system32\dllcache\wkssvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
O23 - Service: windows logon - Unknown owner - C:\WINDOWS\winlogon.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: windows mail service - Unknown owner - C:\WINDOWS\install\mail.exe
O23 - Service: windows mail service - Tune - C:\WINDOWS\mail.exe
O23 - Service: Windows-Management Service - Unknown owner - C:\WINDOWS\WinMgmt.exe
O23 - Service: Windows Manager Service - Unknown owner - C:\WINDOWS\Manager.exe
O23 - Service: WindowsMessenger - Unknown owner - C:\WINDOWS\win32boot.exe
O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe
O23 - Service: Windows MSN - Unknown owner - C:\WINDOWS\wmsnlivexp.exe
O23 - Service: Windows Network Mapping Service (NetMap) - Unknown owner - C:\WINDOWS\system\svchost.exe
O23 - Service: Windows Network Services (SvcHost32) - Unknown owner - C:\WINDOWS\system\svchost32.exe
O23 - Service: Windows NT - Unknown owner - C:\WINDOWS\winlogon.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINDOWS\system\winlogon.exe
O23 - Service: Windows NT Logon Application (WINLOGON32) - Unknown owner - C:\WINDOWS\system\winlogon.exe
O23 - Service: Windows-NT Session Manager - Unknown owner - C:\WINDOWS\lanbg.exe
O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\system\smss.exe
O23 - Service: Windows NT Session Managers - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: Windows NT Session Manager (WINNTSMSS) - Unknown owner - C:\WINDOWS\system\smss.exe
O23 - Service: Windows Process Manager - Unknown owner - C:\WINDOWS\System32\spoolsc.exe
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe
O23 - Service: Windows Process Sevices - Unknown owner - C:\WINDOWS\System32\dllcache\prsc32.exe
O23 - Service: Windows Reg Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\encrits.exe
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\mshome.exe
O23 - Service: Windows Restore Service - Unknown owner - C:\WINDOWS\rstrui.exe
O23 - Service: Windows Restore Service - Unknown owner - C:\WINDOWS\system32\spoolcs.exe
O23 - Service: Windows Secure Update (WinSecUp) - Unknown owner - C:\Program Files\Common Files\System\WinSecUp.exe
O23 - Service: Windows Security Center - Unknown owner - C:\WINDOWS\system32\winmgr.exe
O23 - Service: Windows Server Management Service - Unknown owner - C:\WINDOWS\netsvc.exe
O23 - Service: Windows Server Management Services (svcname) - Unknown owner - C:\WINDOWS\updater32.exe
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\msngr.exe
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\navapsvc.exe
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\navsvc.exe
O23 - Service: Windows service - Unknown owner - C:\WINDOWS\winsrv.exe
O23 - Service: Windows Services - Unknown owner - C:\WINDOWS\winserv.exe
O23 - Service: Windows Services Configuration - Unknown owner - C:\WINDOWS\system32\lsvss.exe
O23 - Service: Windows System Controller - Unknown owner - C:\WINDOWS\chkdsk.exe
O23 - Service: Windows System Controller - Unknown owner - C:\WINDOWS\System.exe
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINDOWS\System\system.exe
O23 - Service: Windows System32 Management (SMSC32e) - Unknown owner - C:\WINDOWS\system\smsc32.exe
O23 - Service: Windows Task Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe
O23 - Service: Windows Task Scheduler process - Unknown owner - C:\WINDOWS\MSTask.exe
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolsc.exe
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\vcmon.exe
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINDOWS\system\csrrs.exe
O23 - Service: Windows Update Service - Unknown owner - C:\WINDOWS\cdfs.exe
O23 - Service: Windows Update Service (wuamgrd) - Unknown owner - C:\WINDOWS\System32\wuamgrd.exe
O23 - Service: Windows Updater - Unknown owner - C:\WINDOWS\Antivirus1
O23 - Service: Windows Updater (Windows Update) - Unknown owner - C:\WINDOWS\itunes.exe
O23 - Service: WINDOWS VISTA UPDATA DEFENDAR (Windows Defandur) - Unknown owner - C:\WINDOWS\system32\RatBot.exe
O23 - Service: Windows32 Host Service Manager (SMSC32) - Unknown owner - C:\WINDOWS\system\smsc.exe
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe
O23 - Service: wins spoolsv (winspool) - Unknown owner - C:\WINDOWS\winspool32.exe
O23 - Service: winupd - Unknown owner - C:\WINDOWS\winupd.exe
O23 - Service: wksvc - Unknown owner - C:\WINDOWS\system32\wksvc.exe
Trojan.Proxy Ranky/Ranck:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\config\svchost.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\etc\services.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\NT\nrcs.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\1.tmp
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\mbti.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\mpreg.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\nlc.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\nsms.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\sp2vc.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winsock\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\drivers\spool.exe C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\config\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\etc\services.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\1.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mbti.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mpreg.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\nlc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\nsms.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sp2vc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\wfvs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscvs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\wsivs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wspvs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\winsock\csrss.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\exo32.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] c:\prkc.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] c:\windows\rdrive\hblPk.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\sdrive\hblPk.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\sdrive\relpk.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\windows\system\nadlocop.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\sooo2.exe
O4 - HKLM\..\Run: [Anti-Virus] C:\WINDOWS\system32\vpms.exe
O4 - HKLM\..\Run: [audi32] C:\WINDOWS\system32\audi32.exe
O4 - HKLM\..\Run: [Beawver] saqevre.exe
O4 - HKLM\..\RunServices: [Beawver] saqevre.exe
O4 - HKCU\..\Run: [Beawver] saqevre.exe
O4 - HKLM\..\Run: [BF4P] C:\WINDOWS\system32\bf4p.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Client/Server Runtime Service] C:\WINDOWS\i386\csrss.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Configuration Backup Service] C:\WINDOWS\config\svchost.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Configuration Manager] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows DLL Loader] C:\WINDOWS\dll\rundll32.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] C:\WINDOWS\system32\mbti.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] C:\WINDOWS\system32\mpreg.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] C:\WINDOWS\system32\nlc.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] C:\WINDOWS\system32\sp2vc.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Protection Server] C:\WINDOWS\security\lsass.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Security Management Service] C:\WINDOWS\system32\nsms.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Security Service] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Protected Content Restoration Service] C:\WINDOWS\etc\services.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Protocol Deployment Manager] C:\WINDOWS\system32\(Random Name).tmp
O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\WINDOWS\update\updmgr.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Vista/NT Runtime Compatibility Service] C:\WINDOWS\NT\nrcs.exe
O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINDOWS\system32\system12.exe
O4 - HKLM\..\Run: [MS DLL Library Manager] C:\WINDOWS\system32\dllsys64.exe
O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\system32\mstskmgr.exe
O4 - HKLM\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" *
O4 - HKLM\..\Run: [Printer] c:\dipset.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\dipset.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\TEMP\dipset.exe
O4 - HKLM\..\Run: [Roflcopteur] C:\WINDOWS\SYSTEM32\seman.exe
O4 - HKLM\..\Run: [Services] c:\iexplorer.exe
O4 - HKLM\..\Run: [Services] C:\prosys32.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\iexploler.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\iexpolere.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\sysamp.exe
O4 - HKLM\..\Run: [Task Manager Win32] C:\WINDOWS\system32\taskmngr32.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [Windows Core Kernel Update] c:\iexplorer.exe
O4 - HKLM\..\Run: [Windows Core Kernel Update] C:\WINDOWS\system32\win32bootcfg.exe
O4 - HKLM\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" *
O4 - HKLM\..\Run: [Windows Server Client Verification Service] "C:\WINDOWS\system32\wscvs.exe" *
O4 - HKCU\..\Run: [Windows Server Client Verification Service] "C:\WINDOWS\system32\wscvs.exe" *
O4 - HKLM\..\Run: [Windows Server IP Verification Service] "C:\WINDOWS\System32\wsivs.exe" *
O4 - HKLM\..\Run: [Windows Server Peer Verification Service] "C:\WINDOWS\system32\wspvs.exe" *
O4 - HKCU\..\Run: [Windows Server Peer Verification Service] "C:\WINDOWS\system32\wspvs.exe" *
O23 - Service: Windows Client/Server Runtime Service (csrss) - Unknown owner - C:\WINDOWS\i386\csrss.exe
O23 - Service: Windows DLL Loader (RunDll32) - Unknown owner - C:\WINDOWS\dll\rundll32.exe
O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe
O23 - Service: Windows Server Client Verification Service (wscvs) - Unknown owner - C:\WINDOWS\system32\wscvs.exe
O23 - Service: Windows Server IP Verification Service (LSIVS) - Unknown owner - C:\WINDOWS\system32\lsivs.exe
O23 - Service: Windows Server IP Verification Service (WSIVS) - Unknown owner - C:\WINDOWS\System32\wsivs.exe
Misc' - Fraud/Fake Alert, Proxy, Backdoor, PWStealer Trojans:
F2 - REG:system.ini: Shell=C:\WINDOWS\system32\drivers\services.exe Explorer.exe
F2 - REG:system.ini: Shell=explorer.exe %Temp%\cryptfg.exe
F2 - REG:system.ini: Shell=Explorer.exe boot
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\alg32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe"
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\MSACCESS.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\csrss.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\explorer..exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\msdun.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\shchostv.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\spoolsrvc.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\svcvhost.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe
F2 - REG:system.ini: Shell=Explorer.exe msreged32.exe
F2 - REG:system.ini: Shell=Explorer.exe msvce.exe
F2 - REG:system.ini: Shell=Explorer.exe msvce32.exe
F2 - REG:system.ini: Shell=Explorer.exe RVHIOST.exe
F2 - REG:system.ini: Shell=Explorer.exe SCVHOST.exe
F2 - REG:system.ini: Shell=Explorer.exe SCVHSOT.exe
F2 - REG:system.ini: Shell=Explorer.exe scvshosts.exe
F2 - REG:system.ini: Shell=Explorer.exe SCVVHSOT.exe
F2 - REG:system.ini: Shell=explorer.exe Servicess.exe
F2 - REG:system.ini: Shell=Explorer.exe SSCVIHOST.exe
F2 - REG:system.ini: Shell=Explorer.exe SSCVIIHOST.exe
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
F2 - REG:system.ini: Shell=Explorer.exe SVCH0ST.exe
F2 - REG:system.ini: Shell=Explorer.exe SVICHHOST.exe
F2 - REG:system.ini: Shell=Explorer.exe SVICHOOST.exe
F2 - REG:system.ini: Shell=Explorer.exe winlog.exe
F2 - REG:system.ini: UserInit=userinit.exe,%AppData%\ntos.exe,
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%userprofile%\(Random Name).exe \s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msmsgs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ntsvc32.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32:hlpnod32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\actcontroller.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\Client\svchost32.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\idaw64.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ldr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mrcmgr.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msupdt.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ndetect.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\svchost32.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winsystem.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wsnpoem.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsnpoema.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
F3 - REG:win.ini: run="%AppData%\Adobe\Manager.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inetsponsor\services.exe
F3 - REG:win.ini: run=C:\WINDOWS\inetsponsor\winlogon.exe
F3 - REG:win.ini: run=C:\WINDOWS\mmall.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\services.exe
F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\winlogon.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\explorer..exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\(RandomName)\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\(RandomName)\winlogon.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\shchostv.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\wandrv.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\winlog.exe
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
F3 - REG:win.ini: run=C:\WINDOWS\t\services.exe
F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F3 - REG:win.ini: load=C:\WINDOWS\soundmgr.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\explorer..exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\(RandomName)\csrss.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\(RandomName)\winlogon.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\shchostv.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\svcvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\themeui.exe
F3 - REG:win.ini: load=C:\WINDOWS\themeupd.exe
O2 - BHO: PCTools - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll
O2 - BHO: Pinch - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll
O2 - BHO: PWS.LD.Pinch - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll
O2 - BHO: Video - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll
O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\(RandomName).dll
O2 - BHO: A.Video - {0603D38B-C4FF-458D-9E9A-C0FD113FAEC3} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Adom.To - {0F95467C-AB44-4274-BEEA-2A75AB01B77E} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: AFS plugin - {8EF40C36-293F-4749-8EA0-94FB3AD83FA1} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: AlpGld.Tb6 - {57BE2636-F271-4151-9D4A-40A2663E4FD7} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Anyway toolbar - {7F47CD2E-581E-4C07-9AD5-82451B604699} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Apaps - {EC748705-E0FD-4671-9AFF-890579E57450} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Abobe BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: AOL Toolbar - {FB0E529A-3D2C-473E-83FE-9E56AC6CC0EB} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\Windows\system32\(Random Name).dll
O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: BHO.tbl2 - {76086C05-4D0A-4B92-9219-2E3FE8C553F9} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: BHO5 - {9873E994-669E-4044-BA64-E5D9AD534A55} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: BHO toolbar - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: BhoApp Class - {28F51CDA-3BD1-4F06-8F7B-2A881411983F} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: CHNSVP - {0F95467C-AB44-4274-BEEA-2A75AB01B77E} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: CisoASpy - {98237227-8F14-46CA-B743-241103BEE8A6} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: CTR Video - {0CF8753B-DEB6-4266-BEFF-71F5E0312B0D} - C:\Windows\system32\(Random Name).dll
O2 - BHO: EasyPic - {62F96656-0788-4D00-8E32-D41C239E205B} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: EpsonToolBandKicker Class - {87FD33C2-7891-45D5-ACD1-7935F9AEA26B} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Game.OS - {3A303EF6-2598-4D2D-B4DA-DEFA7CD0DC51} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Genaps - {E402C66A-D5CB-441E-9F12-A5A864430AA2} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: GigaNet - {5D682D50-876E-454C-90BE-EFE6028FE389} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: GMX toolbar - {1EF7B347-DBAF-412F-879D-DC7A95BFCC94} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: GNS_tbl - {F7B20872-3B45-4F1D-A45E-A360E4102BDA} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Gold.Manager - {67956585-9B5C-4E2B-ABE1-A01BF3046EE1} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: gootbl2 - {435ADC46-DCAB-4593-92C8-25D2BEFCEAB7} - C:\WINDOWS\system32(Random Name).dll
O2 - BHO: Gordon tool - {4D8F81B2-80C9-45B1-9F03-67B2B0D2320B} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: GPI.ex - {D80C8DC6-A525-4AE5-AAF3-A4B13105A700} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: GTool - {53322B35-2C26-4FAC-A713-C31BBAA1C636} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: HACK.SPY - {D83E84DA-D187-4300-B5D7-727727352096} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE.Filter - {8B2AE9C0-1555-4C92-905A-531532F15698} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE.Filter - {F65E955E-26C0-42FF-8EE2-443A05EA286A} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: iebho surf - {341116E2-9CC4-4A6E-9303-4819C84846DE} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IEBlocker.Flt - {FFE59EC6-5491-4EF3-BA0D-77B0D895B4F7} - C:\WINDOWS\System32\(Random Name).dll
O2 - BHO: IESiteBlocker.NavFilter - {1AB6932F-92FE-42E6-870C-544AE458EA78} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE.SpamFilter - {DB055111-4F4F-4730-ADC5-C40EBBFF6E67} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE Optimizer - {BACA5B3B-DD57-4E62-B986-9A5677FBF001} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE Shop - {F73DBD9E-5F1B-4BCA-8604-A911DCE08B37} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE Storage - {3F1CEB16-3615-47ED-B153-3E98A4B9F3F5} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE Story - {A83359CE-23D4-4E1A-9D4E-C94AEDD1A67C} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IE VideoStream - {B5B77C65-5849-48E4-999A-FACA72F7B822} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: IXO.crash - {87A69B72-DAE6-4517-BD12-42F62CF395FB} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Jany.bho.module - {D80C8DC6-A525-4AE5-AAF3-A4B13105A700} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Kaspaz - {6ECB8E85-7A9E-4175-8113-1136D1A325DB} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Kioals - {DED2B61B-1A26-4566-BF2F-DE539D4468DD} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Lamsa - {DED2B61B-1A26-4566-BF2F-DE539D4468DD} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: library.edu - {8EF40C36-293F-4749-8EA0-94FB3AD83FA1} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Load-Spy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: LPN.df3 - {5B171109-DED1-4403-90E9-6F7778533B9A} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Megaupload Toolbar - {EEE17712-987E-4424-A00C-9DA0BC4E2078} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: Mimino2 - {A9D17DA6-022A-454A-AB26-E104C0F6D13A} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: NitroBomb - {D4BA1B98-9E26-454D-A42B-AA69E732383F} - C:\Windows\system32\(Random Name).dll
O2 - BHO: Osma - {6599A965-FA2D-41CD-95B1-13140F1CF8A3} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: Phonomia - {A2F253AD-1F23-4D87-A64B-D6987F38D981} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: ProAct - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: RupTool - {F32B24F1-25FA-4A91-9F97-5272B3CE8FCA} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Safe surf - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: scriptproxy - {6D0386B3-FD72-488E-9740-90355AE21735} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\Windows\system32\(Random Name).dll
O2 - BHO: search toolbar - {7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: Soplygui - {BCCCB3D5-17DC-43DD-9F46-A31AB28FECB2} - C:\WINDOWS\ system32\(Random Name).dll
O2 - BHO: SpyPsy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - C:\WINDOWS\system32\(Random Name).DLL
O2 - BHO: stx.tbl - {7E61BB38-A952-40BA-98F0-0AD229658CB7} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: svc - {BE17AE9C-3BD1-4BAD-936F-B77B63D5763F} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: svc.Apx - {7D6A0C8D-7C34-44FC-BED8-96528D13BEE9} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: toolbar.search - {19B8572F-894F-41E0-9309-00091B688905} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: WEP Viewer - {746CBA32-C671-44F6-BC73-C5351A316D03} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: WinGold - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Worm Radar - {07EF0649-D5BA-4139-B0A2-4D047F223B2D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Xena toolbar - {2FF811E6-8925-4084-A649-C159955E67E8}} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: XGame - {F3A486C3-6341-4BE6-B94D-D4172B69E430} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: XTTBPos00 - {E014A78F-34DC-4BE5-83BB-58CA12E384B6} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: BeSideit IE Helper - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll
O2 - BHO: BndDrive BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll
O2 - BHO: BndDrive2 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll
O2 - BHO: BndShell3 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll
O2 - BHO: BndBlock4 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll
O2 - BHO: BndBlock5 BHO Class - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll
O2 - BHO: BndVeano4 BHO Class - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll
O2 - BHO: DrFlex IE Helper - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll
O2 - BHO: Internet Speed Monitor - {********-****-****-****-************} - C:\Program Files\ISM\*.dll
O2 - BHO: addestination browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: ads_optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: adsonmedia browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: adssite - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: adzgalore - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: agadoo browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll
O2 - BHO: agadoo browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: bambanner browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: banneradsgalore browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: bannerstyle browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: bannerstyles browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: bannerstyles15 browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: browser optimizer superiorads - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: cpmsky browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll
O2 - BHO: cpmsky browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: dcads - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: giantads.biz browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: gooochi browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: gooochi browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: innbanner browser enhancer - {********-****-****-****-************} - C:\WINNT\system32\(Random Name).dll
O2 - BHO: milehighads browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll
O2 - BHO: mxlivemedia browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: mysidesearch browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: MySidesearch Search Assistant - {********-****-****-****-************} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: mysidesearch search enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: nextads browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: offersfortoday browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: radbanner browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: rightonadz browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\rgtndz.dll
O2 - BHO: rightonadz browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
O2 - BHO: superiorads browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: targettedbanner browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: CodecPlugin Class - {********-****-****-****-************} - C:\WINDOWS\system32\CodecBHO.dll
O2 - BHO: LPVideoPlugin - {********-****-****-****-************} - C:\WINDOWS\system32\LPVideo.dll
O2 - BHO: CodecPlugin Class - {********-****-****-****-************} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: ***libP - {********-****-****-****-************} - C:\WINDOWS\system32\***lib.dll
O2 - BHO: Adobe PDF Reader Link Helper - {********-****-****-****-************} - C:\WINDOWS\AcroIEHelper.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWSY\aetlsrkn***.dll
O2 - BHO: BhoApp Class - {********-****-****-****-************} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: Media Player Classic - {********-****-****-****-************} - %Windir%\ausctv32a.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\boqnrwdm***.dll
O2 - BHO: FLW Viewer - {********-****-****-****-************} - C:\WINDOWS\cndr32a.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\dfmlxbpk***.dll
O2 - BHO: RDL Rolex - {********-****-****-****-************} - C:\WINDOWS\dgtxrdf***.dll
O2 - BHO: RDL Rolex - {********-****-****-****-************} - C:\WINDOWS\dkxrstq***.dll
O2 - BHO: SXG Advisor - {********-****-****-****-************} - C:\WINDOWS\dmdqdrx***.dll
O2 - BHO: SXG Advisor - {********-****-****-****-************} - C:\WINDOWS\dmdvpn***.dll
O2 - BHO: SXG Advisor - {********-****-****-****-************} - C:\WINDOWS\dntpkwo***.dll
O2 - BHO: SXG Advisor - {********-****-****-****-************} - C:\WINDOWS\dpvtpor***.dll
O2 - BHO: RDL Rolex - {********-****-****-****-************} - C:\WINDOWS\drnpfdx***.dll
O2 - BHO: Media Player Codec - {********-****-****-****-************} - C:\WINDOWS\dsaip32b.dll
O2 - BHO: SXG Advisor - {********-****-****-****-************} - C:\WINDOWS\dwrmnts***.dll
O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\Windows\dwvdwnq***.dll
O2 - BHO: QXK Rhythm - {********-****-****-****-************} - C:\WINDOWS\fvowketq***.dll
O2 - BHO: getsn32.msiesn - {********-****-****-****-************} - C:\WINDOWS\system32\getsn32.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\gfetqaxs***.dll
O2 - BHO: DVA Gate - {********-****-****-****-************} - C:\WINDOWS\gndarmbl***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\grfxbano***.dll
O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\system32\ipv6monl.dll
O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\WINDOWS\kdftlboe***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kgqfwelt***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kgxmotap***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\ksendlbt***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kvsdpfea***.dll
O2 - BHO: Media Codec - {********-****-****-****-************} - C:\WINDOWS\kiasys.dll
O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\lgmxvpat***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\mesdxbrq***.dll
O2 - BHO: D - {********-****-****-****-************} - C:\WINDOWS\system32\mmx*****.dll
O2 - BHO: MS Video Control 1.0 - {********-****-****-****-************} - C:\WINDOWS\msvidc32.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nfavxwdb***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nkefbltd***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nldfmtap***.dll
O2 - BHO: QXK Rhythm - {********-****-****-****-************} - C:\WINDOWS\nldfmtap***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nogxfvbl***.dll
O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\nslbvxpg***.dll
O2 - BHO: - {********-****-****-****-************} - %Windir%\nydo32n.dll
O2 - BHO: Player - {********-****-****-****-************} - %windir%\orgnavi.dll
O2 - BHO: Video decompressor - {********-****-****-****-************} - %windir%\pandsf.dll
O2 - BHO: PCTools - {********-****-****-****-************} - C:\WINDOWS\pctools.dll
O2 - BHO: WinSurf - {********-****-****-****-************} - %windir%\ps16sys.dll
O2 - BHO: DVA Gate - {********-****-****-****-************} - C:\WINDOWS\qnmargol***.dll
O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\qnmargol***.dll
O2 - BHO: DVA First - {********-****-****-****-************} - C:\WINDOWS\qvlbodmn***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\rodqgpvl***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\rsdgbtkq***.dll
O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\shwol.dll
O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\socks_bot.dll
O2 - BHO: Sofos - {********-****-****-****-************} - %Windir%\sofos16x.dll
O2 - BHO: Sofos - {********-****-****-****-************} - %Windir%\sofos32x.dll
O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\WINDOWS\svpekgon***.dll
O2 - BHO: Office toolbar - {********-****-****-****-************} - %windir%\sysosa.dll
O2 - BHO: Sysem Player - {********-****-****-****-************} - %windir%\sysvol32.dll
O2 - BHO: DVA Media - {********-****-****-****-************} - C:\WINDOWS\temlxopqblp.dll
O2 - BHO: Rates - {********-****-****-****-************} - %windir%\toprates.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\twmxbsqr***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vanwxemg***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vmgspntb***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vortsgbq***.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\wbxdpgfe***.dll
O2 - BHO: WinSurf - {********-****-****-****-************} - %windir%\winsurf.dll
O2 - BHO: Windows Media Player - {********-****-****-****-************} - C:\WINDOWS\wmpdxm.dll
O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\wnlmdakq***.dll
O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googlecb.dll
O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googlech.dll
O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googleci.dll
O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\googleed.dll
O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooaa.dll
O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooeh.dll
O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooah.dll
O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooa1.dll
O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooo2.dll
O2 - BHO: 120237 helper - {176D799E-6C8C-4D1A-8024-044D96A035E2} - C:\WINDOWS\system32\120237\120237.dll
O2 - BHO: 124909 helper - {51FC8C8A-A290-44BB-9331-C2D3289976A6} - C:\WINDOWS\system32\124909\124909.dll
O2 - BHO: 146955 helper - {85F74211-7C2B-4CB8-B80D-4DE1AC85B685} - C:\WINDOWS\system32\146955\146955.dll
O2 - BHO: 158117 helper - {427B1FD8-2123-4334-A7D8-7A497363914B} - C:\WINDOWS\system32\158117\158117.dll
O2 - BHO: 172135 helper - {3DAA1309-18C3-45F2-B619-2E4DA208263F} - C:\WINDOWS\system32\172135\172135.dll
O2 - BHO: 209789 helper - {5C78E2DB-5AFC-4A3B-9B9F-6AF136562E6F} - C:\WINDOWS\system32\209789\209789.dll
O2 - BHO: 214075 helper - {8E96D546-8096-42B2-8EBF-16AC5A119A59} - C:\WINDOWS\system32\214075\214075.dll
O2 - BHO: 215651 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - C:\WINDOWS\system32\215651\215651.dll
O2 - BHO: 219725 helper - {6EA1DB25-2524-4DD6-B997-42E8F38C6E46} - C:\WINDOWS\system32\219725\219725.dll
O2 - BHO: 238044 helper - {C0F371D7-926D-4700-B65E-63BFF1197205} - C:\WINDOWS\system32\238044\238044.dll
O2 - BHO: 242112 helper - {4B05A613-988E-4FA1-B2D7-55A1145FD1EF} - C:\WINDOWS\system32\242112\242112.dll
O2 - BHO: 247880 helper - {6B5CFD66-1F55-4FC2-B5AF-36B66E7CFE6A} - C:\WINDOWS\system32\247880\247880.dll
O2 - BHO: 251851 helper - {9B1FA77E-8FCC-4558-A9F1-70F750A75B13} - C:\WINDOWS\system32\251851\251851.dll
O2 - BHO: 286858 helper - {63C02D81-F739-427C-907A-FA6B4FDB39A6} - C:\WINDOWS\system32\286858\286858.dll
O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll
O2 - BHO: 304434 helper - {7A2F3A2E-4B59-4932-B2C3-2E7F13B03207} - C:\WINDOWS\system32\304434\304434.dll
O2 - BHO: 311496 helper - {95325092-62FC-473B-B32A-AE613278855B} - C:\WINDOWS\System32\311496\311496.dll
O2 - BHO: 312191 helper - {E4E30C12-F249-43D5-ACE3-E0C380448648} - C:\WINDOWS\system32\312191\312191.dll
O2 - BHO: 349168 helper - {72B76B57-6F12-4931-9910-B04B5E8A8268} - C:\WINDOWS\system32\349168\349168.dll
O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\system32\375013\375013.dll
O2 - BHO: 371186 helper - {27D351C5-4044-4C42-B3FE-33C57B9459C0} - C:\WINDOWS\system32\371186\371186.dll
O2 - BHO: 382077 helper - {F0A035EC-C865-4E47-BF73-B17741DD5232} - C:\WINDOWS\system32\382077\382077.dll
O2 - BHO: 394559 helper - {3602D2F2-1511-47B3-BCF3-78329701F1B5} - C:\WINDOWS\system32\394559\394559.dll
O2 - BHO: 403445 helper - {9E654A16-4765-4EAA-94EC-D5A6578053A4} - C:\WINDOWS\system32\403445\403445.dll
O2 - BHO: 432591 helper - {CD897D22-9C44-411E-808A-B79C7F90DC7E} - C:\WINDOWS\system32\432591\432591.dll
O2 - BHO: 433424 helper - {CB3CB6CA-11C3-462B-BC97-FB3E34A34431} - C:\WINDOWS\system32\433424\433424.dll
O2 - BHO: 441465 helper - {D311C486-7D5F-4D73-B791-EE56C47D3B2E} - C:\WINDOWS\system32\441465\441465.dll
O2 - BHO: 443059 helper - {C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF} - C:\WINDOWS\system32\443059\443059.dll
O2 - BHO: 459849 helper - {2839B753-1D7A-4C28-8F8D-86CEFFE5F205} - C:\WINDOWS\system32\459849\459849.dll
O2 - BHO: 461942 helper - {F75B6637-89E2-4EA0-8343-F8BF98103654} - C:\WINDOWS\system32\461942\461942.dll
O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\WINDOWS\system32\512686\512686.dll
O2 - BHO: 514852 helper - {9420D9C5-E151-4D83-B9A6-27DE1A7A0E5F} - C:\WINDOWS\system32\514852\514852.dll
O2 - BHO: 518963 helper - {7F764725-92AF-4164-9554-CFE075CE0263} - C:\WINDOWS\system32\518963\518963.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll
O2 - BHO: 565379 helper - {74031029-077F-4965-8ADD-48B783B00ABD} - C:\WINDOWS\system32\565379\565379.dll
O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\WINDOWS\system32\566828\566828.dll
O2 - BHO: 590075 helper - {AFC8A14F-B50A-4F0F-8FB7-77982092D81D} - C:\WINDOWS\system32\590075\590075.dll
O2 - BHO: 609856 helper - {59B964D9-C9D7-4AA0-9F28-C49F8EC10B67} - C:\WINDOWS\system32\609856\609856.dll
O2 - BHO: 624855 helper - {0E9A703A-D3D3-4663-9DDB-8558A4EB46AB} - C:\WINDOWS\system32\624855\624855.dll
O2 - BHO: 639774 helper - {79594085-2E28-4CB7-BFD5-4C84916E5EAE} - C:\WINDOWS\system32\639774\639774.dll
O2 - BHO: 673351 helper - {570EE2A3-039B-4E5F-AE6A-D7949F9D356B} - C:\WINDOWS\system32\673351\673351.dll
O2 - BHO: 675873 helper - {030A0F33-5B99-482E-83F5-2EEB8457878B} - C:\WINDOWS\system32\675873\675873.dll
O2 - BHO: 689371 helper - {9710AFD1-B321-4B6A-B2A7-E9001B5E894B} - C:\WINDOWS\system32\689371\689371.dll
O2 - BHO: 690974 helper - {3912DDE2-4295-4A5F-A8E4-A1B1C7EF7313} - C:\WINDOWS\system32\690974\690974.dll
O2 - BHO: 717305 helper - {963916CD-6311-485D-93DC-3BD1B9E2D2CB} - C:\WINDOWS\system32\717305\717305.dll
O2 - BHO: 729732 helper - {62CAE572-A9CC-4503-B338-20E06E5C9EDE} - C:\WINDOWS\system32\729732\729732.dll
O2 - BHO: 734914 helper - {0BD071A6-C989-49E8-9B8E-80F92A868E26} - C:\WINDOWS\system32\734914\734914.dll
O2 - BHO: 736876 helper - {66295A43-B9CA-4BF9-BC8D-C3AEBE123C3C} - C:\WINDOWS\system32\736876\736876.dll
O2 - BHO: 750623 helper - {3CCCCEF1-D6D1-4BD0-84D3-BA6E364E7DCD} - C:\WINDOWS\system32\750623\750623.dll
O2 - BHO: 752300 helper - {F3033476-017B-44FA-8661-91A353BDF774} - C:\WINDOWS\system32\752300\752300.dll
O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - C:\WINDOWS\system32\763444\763444.dll
O2 - BHO: 774563 helper - {FB13FFCC-F4D1-46DA-96B4-C5666E53344D} - C:\WINDOWS\system32\774563\774563.dll
O2 - BHO: 778670 helper - {1B12F639-CBA9-45DD-89FE-9FA7D4340716} - C:\WINDOWS\system32\778670\778670.dll
O2 - BHO: 784953 helper - {32E0E18C-7B9A-4A83-96D1-75DF1AFD98A3} - C:\WINDOWS\system32\784953\784953.dll
O2 - BHO: 788877 helper - {7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B} - C:\WINDOWS\system32\788877\788877.dll
O2 - BHO: 792536 helper - {54908269-5B54-430A-AE01-2B7DCBC44F88} - C:\WINDOWS\System32\792536\792536.dll
O2 - BHO: 795367 helper - {F99BF686-DE30-4D22-B176-135B0E1BDF00} - C:\WINDOWS\system32\795367\795367.dll
O2 - BHO: 804031 helper - {C82B3296-FC52-4CD7-876B-8147E28DA748} - C:\WINDOWS\system32\804031\804031.dll
O2 - BHO: 814810 helper - {DC59D6DA-7CDE-4874-9F97-41C82C177069} - C:\WINDOWS\system32\814810\814810.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - C:\WINDOWS\system32\818646\818646.dll
O2 - BHO: 824223 helper - {34CF6660-9BD3-431A-BA32-6B511D4126DA} - C:\WINDOWS\system32\824223\824223.dll
O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - C:\WINDOWS\system32\834668\834668.dll
O2 - BHO: 846888 helper - {10A07F79-70F2-4169-B872-55184904D41D} - C:\WINDOWS\system32\846888\846888.dll
O2 - BHO: 848700 helper - {0CC6DB27-243B-4450-96A7-7E868225858D} - C:\WINDOWS\system32\848700\848700.dll
O2 - BHO: 851174 helper - {CC021A21-6AC0-4BDA-A503-68F041A7EAD2} - C:\WINDOWS\system32\851174\851174.dll
O2 - BHO: 857060 helper - {6CCBAFC1-5285-494F-93F1-6894C87A9C43} - C:\WINDOWS\system32\857060\857060.dll
O2 - BHO: 892267 helper - {25E0128D-AAFC-49FF-AB11-1F12C2FCC391} - C:\WINDOWS\system32\892267\892267.dll
O2 - BHO: 905757 helper - {E28F671C-3D83-4149-BA2F-546A67702B49} - C:\WINDOWS\system32\905757\905757.dll
O2 - BHO: 907465 helper - {73D8D2C9-E615-4A23-8013-30FFF3C5BF8E} - C:\WINDOWS\system32\907465\907465.dll
O2 - BHO: 912525 helper - {0354731F-950C-4A53-BC2B-132B5EE6B0FA} - C:\WINDOWS\system32\912525\912525.dll
O2 - BHO: 916992 helper - {FE741E34-A693-4EEB-9A6A-C4B14DD2C727} - C:\WINDOWS\system32\916992\916992.dll
O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - C:\WINDOWS\system32\931928\931928.dll
O2 - BHO: 959563 helper - {7C9E1967-FA81-47C2-B649-5E52A35D854F} - C:\WINDOWS\system32\959563\959563.dll
O2 - BHO: 960932 helper - {36C38422-602D-48A3-8110-4174CBDDA12C} - C:\WINDOWS\system32\960932\960932.dll
O2 - BHO: 977751 helper - {399CF5DA-29AE-43C2-8F9D-786B803F1DC1} - C:\WINDOWS\system32\977751\977751.dll
O2 - BHO: 995937 helper - {1E1465F3-56CF-4FC4-8684-1BD6245AA30D} - C:\WINDOWS\system32\995937\995937.dll
O2 - BHO: IP - {000051AF-07E2-461B-BA37-A2AF7E652E7D} - %Allusersprofile%\Application Data\ipd\ipb.dll
O2 - BHO: Shell Doc Object and Control Helper Class - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - C:\WINDOWS\system32\shdocvs.dll
O2 - BHO: mscorews - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - C:\WINDOWS\system32\mscorews.dll
O2 - BHO: Microsoft Shared Library Object Version - {0000AC13-3487-1583-C4BE-BE6A839DB000} - C:\WINDOWS\system32\mfc42dx1.dll
O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\cscentfy.dll
O2 - BHO: MSVPS System - {00A00BA9-9D58-4B56-8FC6-C280650A8BD7} - C:\WINDOWS\vipextpnk.dll
O2 - BHO: Helper Class - {00D13CE9-1879-41bd-B8A3-EA3CB1BD01BC} - C:\WINDOWS\system32\helper.dll
O2 - BHO: Helper Class - {00D13CE9-1879-41bd-B8A3-EA3CB1BD01BC} - C:\WINDOWS\system32\helper1.dll
O2 - BHO: Rmn plugin - {00EBB3B3-DEAD-4440-B1F8-B09DDDB89EF3} - lbbd32.dll
O2 - BHO: Editor plugin - {0106864A-D223-4caa-9FCC-3C9EE9564133} - cupid1.dll
O2 - BHO: Editor plugin - {0106864A-D223-4caa-9FCC-3C9EE9564133} - nuid1.dll
O2 - BHO: OFK System - {014F04C1-4440-4901-9A39-D08B116C1BA0} - C:\WINDOWS\vipextgpk.dll
O2 - BHO: H - {024342A8-D22C-4c7c-962E-77F843DAF5B9} - namesver.dll
O2 - BHO: Flash Module - {0245D364-5F52-44ac-B6EB-7BAD6E3D7EF2} - btasv.dll
O2 - BHO: Flash Module - {0245D364-5F52-44ac-B6EB-7BAD6E3D7EF2} - ktasr.dll
O2 - BHO: H - {0267808B-5C04-4914-8E28-5C1E40DE635A} - gontas.dll
O2 - BHO: H - {0267808B-5C04-4914-8E28-5C1E40DE635A} - pontas.dll
O2 - BHO: H - {037648E4-AEAE-4ac1-9DFF-29099FE0DDB1} - sofork.dll
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: Simple Search Assistant - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - C:\WINDOWS\system32\ssa.dll
O2 - BHO: Hook Class - {03A1FBB3-A2D1-4a6f-960E-D29C7FDF12BA} - C:\WINDOWS\System32\e1.dll
O2 - BHO: (no name) - {03A7DBB1-E900-470F-A0CF-B8B9A1F404D7} - C:\WINDOWS\system32\ipv6monj.dll
O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Program Files\Helper\**********.dll
O2 - BHO: Web Protection Module - {03C59006-FF31-11DC-A920-7C3956D89593} - C:\WINDOWS\system32\kwpm.dll
O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - C:\WINDOWS\system32\comi.dll
O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - C:\WINDOWS\system32\comi2.dll
O2 - BHO: H - {041A41D1-8100-454e-86F2-6BB713EF5F71} - skiedx1.dll
O2 - BHO: H - {050AF846-BB1C-4841-881E-272610EC87E9} - C:\WINDOWS\system32\ra21s1.dll
O2 - BHO: Editor plugin - {05509205-90C7-4bb5-8422-56701259683C} - restorem.dll
O2 - BHO: BDEX System - {059947A2-838E-4773-9EE2-8AB8F53C2EDE} - C:\WINDOWS\dxpvqlmgtv.dll
O2 - BHO: MSVPS System - {05D77B1C-2E50-4C37-B094-3D5695D688F8} - C:\WINDOWS\popnetnmo.dll
O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll
O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrvqw.dll
O2 - BHO: FLV Helper - {060BC2B0-B40E-B0FC-BE02-3B0A9B0350B6} - C:\WINDOWS\system\bzmtcs32.dll
O2 - BHO: Acrobat Helper - {06846E6F-C8D7-4D56-B87D-784B7D6BE083} - C:\WINDOWS\system\ctlsdlg.dll
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O2 - BHO: FLV Helper - {06EBC2B0-B41E-B0FC-BED2-3B2A9BC350B6} - C:\WINDOWS\system\bvmtcs32.dll
O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll
O2 - BHO: Std plugin - {096059FD-99AB-41eb-9E55-59AEB0A3B444} - haskel32.dll
O2 - BHO: Rmn plugin - {096059fd-99ab-41eb-9e55-59aeb0a3b444} - roadmap16.dll
O2 - BHO: Editor plugin - {0A8CBF36-653D-48a4-B26F-559D81521FC0} - barty.dll
O2 - BHO: H - {0A145003-CCA1-48e2-BADF-18331C76FC5F} - aswwer.dll
O2 - BHO: VBA Object - {0A421735-763D-2C51-953F-8FC802E4D138} - C:\WINDOWS\system\brmdlg32.dll
O2 - BHO: BDEX System - {0B1B0622-6874-4751-B866-87C5CA1B93B9} - C:\WINDOWS\blopenvwsd.dll
O2 - BHO: BDEX System - {0B241FD4-1EA1-4238-B505-07A484C49D1A} - C:\WINDOWS\ttvbonsmf.dll
O2 - BHO: XTN Monitor - {0BB25A64-41B8-4051-A627-A8B9F2DA6FD2} - C:\WINDOWS\ddwlxtqowd.dll
O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll
O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - bnsock.dll
O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - klsock.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\system32\bho.dll
O2 - BHO: SmartPics Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\Policies.dll
O2 - BHO: VBA Object - {0D0917D5-C9B5-2E51-253F-7FCB08E4DF38} - C:\WINDOWS\system\mpsctl32.dll
O2 - BHO: MSVPS System - {0D5227BF-0C5B-4EA8-833C-FE09F1496F39} - C:\Windows\div32.dll
O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - C:\Program Files\Helper\**********.dll
O2 - BHO: OFK System - {0D85F906-6990-48A7-9C6F-E7DE92CB60E6} - C:\WINDOWS\vipextrlw.dll
O2 - BHO: Rmn plugin - {0de68a8a-8158-4bde-8f5f-849f00af31fb} - bsndcom.dll
O2 - BHO: Rmn plugin - {0de68a8a-8158-4bde-8f5f-849f00af31fb} - sndcom.dll
O2 - BHO: H - {0DF9B1BA-08DE-4718-AF73-63CFFAF5EA36} - C:\WINDOWS\system32\crim.dll
O2 - BHO: Microsoft copyright - {0DDD155F-B89C-4f34-90F0-53D7BD21A37C} - mscont32.dll
O2 - BHO: Editor plugin - {0EEDB1E5-5765-4a2a-9D72-CB5213D756C0} - fertbuk.dll
O2 - BHO: BDEX System - {0EF38B85-63BB-4A3C-B96D-43D8D6C42DBD} - C:\WINDOWS\ttvbonqld.dll
O2 - BHO: SXG Advisor - {0F4A1F53-7A29-4D90-A9CD-8BDACB87CFCA} - C:\WINDOWS\dmdvpnnds.dll
O2 - BHO: MSVPS System - {100B21CD-3B97-44FB-B1C0-EA6249E482E8} - C:\WINDOWS\ddesupport.dll
O2 - BHO: Editor plugin - {1039C9F1-C5E0-47ae-AA9B-337B6FFBB691} - fowlr.dll
O2 - BHO: MS Explorer - {105E9401-3AB1-7145-22AD-8F95813F4901} - C:\WINDOWS\system\ldpctl32.dll
O2 - BHO: sm_ie_monitor.ie_monitor - {1077480F-C8C5-41FB-A4CA-06EA44A3D318} - C:\Program Files\SpyMaxx\sm_ie_monitor.dll
O2 - BHO: Editor plugin - {108F534D-DF89-453b-83E3-B12EBD5F0191} - cupid1.dll
O2 - BHO: Editor plugin - {108F534D-DF89-453b-83E3-B12EBD5F0191} - nuid1.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\*.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B85} - c:\Program Files\Sotfone\*.dll
O2 - BHO: (no name) - {113AFEFB-2652-46DB-8555-48C97B78065A} - C:\WINDOWS\system32\ipv6monk.dll
O2 - BHO: MS Explorer - {115E9481-8AB1-7845-28AD-8F98813F4981} - C:\WINDOWS\system\logctl32.dll
O2 - BHO: Editor plugin - {116A55BB-FC8F-4f88-AF60-3929C0330EB7} - fisheg.dll
O2 - BHO: Editor plugin - {116A55BB-FC8F-4f88-AF60-3929C0330EB7} - gruws.dll
O2 - BHO: Flash Module - {11FD0BA3-B972-427f-A079-3D6D2361CE6E} - fopdn.dll
O2 - BHO: MS Explorer - {12549461-8DB1-7345-281D-8F98813F4F81} - C:\WINDOWS\system\lomctl32.dll
O2 - BHO: Flash Module - {130EB893-7E70-4b8f-B39B-7BCB9F423B86} - btaskv.dll
O2 - BHO: Flash Module - {130EB893-7E70-4b8f-B39B-7BCB9F423B86} - ktaskr.dll
O2 - BHO: Editor plugin - {13A0C85D-14B0-4193-9756-71D221B17240} - mountr.dll
O2 - BHO: H - {13D4B7D5-0EF4-4cde-BB99-28B24DE85829} - s1231sewe_.dll
O2 - BHO: H - {13D4B7D5-0EF4-4cde-BB99-28B24DE85829} - w332er2tm.dll
02 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINDOWS\inet20***\(RandomNumber).dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINDOWS\inetsponsor\(RandomNumber).dll
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrfst.dll
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrkfq.dll
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrmnf.dll
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrpfn.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spcron.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: IE Microsoft extension - {161B953B-95F9-4af3-B071-D5FF5EA132EF} - C:\WINDOWS\system32\mshpc.dll
O2 - BHO: Flash Module - {166A1C1B-7963-4d4f-B9B5-05F9AEE31B1A} - btasv.dll
O2 - BHO: Flash Module - {166A1C1B-7963-4d4f-B9B5-05F9AEE31B1A} - ktasr.dll
O2 - BHO: MSVPS System - {16789285-C094-4aa6-88B9-2BB9DC13A485} - C:\WINDOWS\ievpnctrl.dll
O2 - BHO: MSVPS System - {16789285-C094-4aa6-88B9-2BB9DC13A485} - C:\WINDOWS\pssms.dll
O2 - BHO: (no name) - {168D0269-471F-4A54-A67C-2644D4076D7D} - C:\WINDOWS\system32\ipv6monk.dll
O2 - BHO: Editor plugin - {16B7CC90-058C-4e94-A697-609BE6EEEC9A} - madjaro.dll
O2 - BHO: H - {16FCA318-4922-4af2-B2B3-D579ADBA1210} - susioe.dll
O2 - BHO: Microsoft Internet Explorer - {175F900C-97CD-864C-B3A1-4735810F4101} - C:\WINDOWS\system\ctmctl32.dll
O2 - BHO: H - {1771787B-3522-48c2-8AB1-7A574646833E} - fghjjd_.dll
O2 - BHO: H - {1771787B-3522-48c2-8AB1-7A574646833E} - qwert1.dll
O2 - BHO: SearchHelper Class - {17C4A3BE-BFC0-4dea-A11C-77979ADBDB17} - C:\WINDOWS\system32\FeedMerge.dll
O2 - BHO: Flash Module - {17D8505B-D9FD-465d-9B26-7696BE35D182} - sockver1.dll
O2 - BHO: Flash Module - {17D8505B-D9FD-465d-9B26-7696BE35D182} - sockver2.dll
O2 - BHO: LabelCommand module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - %allusersprofile%\Application Data\services\services.dll
O2 - BHO: H - {18F72CA9-DD9E-4741-9B3B-F4896F888266} - ferfeww1.dll
O2 - BHO: Explorer Helper - {194A85AF-3A38-5A36-A3CA-32A59D63A163} - C:\WINDOWS\system\brfmct32.dll
O2 - BHO: MddApp Class - {1A4F919F-4334-4abf-BF47-0836A8B5A54B} - C:\WINDOWS\System32\ddr7xm.dll
O2 - BHO: H - {1A6A262F-D7F6-4e2b-8542-7B577976E666} - lkjhgfds.dll
O2 - BHO: BDEX System - {1AC7107A-938F-4347-864C-C51E49EC586E} - C:\WINDOWS\dxpvqlmtqn.dll
O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll
O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - wsots32.dll
O2 - BHO: MSVPS System - {1BD6031F-BD9B-4DDF-A164-1D3A6701F374} - C:\WINDOWS\ipwypwpk.dll
O2 - BHO: Flash Module - {1D497B1B-F4A1-4891-A919-C4AA219B1DF9} - btask.dll
O2 - BHO: Flash Module - {1D497B1B-F4A1-4891-A919-C4AA219B1DF9} - ktask.dll
O2 - BHO: log - {1D8AFAD1-DA78-4EB7-9EFE-58077402B328} - klog.dll
O2 - BHO: H - {1DFD004F-D854-447f-9EA1-A67622543647} - murtex.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\system32\bpkwb.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\system32\scvvhostwb.dll
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\System32\ib3.dll
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\System32\ib4.dll
O2 - BHO: newhttpsibdll5screener.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib5.dll
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\windows\system32\ib6.dll
O2 - BHO: ib.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\System32\ib7.dll
O2 - BHO: ib.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib8.dll
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\windows\System32\ib10.dll
O2 - BHO: ib4.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib14.dll
O2 - BHO: ib15_27.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib15.dll
O2 - BHO: XTN Monitor - {1E953093-9067-451D-B2D1-FD198D121BB9} - C:\WINDOWS\dnqdlpmoxw.dll
O2 - BHO: XTN Monitor - {1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87} - C:\WINDOWS\ddwlxtqqwt.dll
O2 - BHO: Microsoft Explorer - {2006900C-451D-4745-8CBA-C735680FA104} - C:\WINDOWS\system\wincrt32.dll
O2 - BHO: mIRC Addon - {20222418-0727-4AD7-9B49-828A739CF858} - C:\WINDOWS\system32\msram.dll
O2 - BHO: BDEX System - {202EBB90-ABD4-46CC-BB5A-4F0ECC67B331} - C:\WINDOWS\ttvbonvgl.dll
O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\duocore.dll
O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll
O2 - BHO: Connection Optimizer - {20DB9EAE-C9AA-11DC-BD97-09A456D89593} - C:\WINDOWS\system32\ssa.dll
O2 - BHO: Macromedia Object - {2144353C-6558-87BB-09B9-BAECDC74FFEE} - C:\WINDOWS\system\wicstd32.dll
O2 - BHO: MSVPS System - {218B7D50-BC37-4FA8-A57F-6E8DE692BD79} - C:\WINDOWS\vpsnetwork.dll
O2 - BHO: Rmn plugin - {21D7135F-AEE9-45e7-A0C1-791A4654BFF1} - hst32.dll
O2 - BHO: Rmn plugin - {21D7135F-AEE9-45e7-A0C1-791A4654BFF1} - svc32.dll
O2 - BHO: H - {21F6EE00-FEC3-4a0e-BA2E-F919CF11D87E} - rsssewe_.dll
O2 - BHO: H - {21F6EE00-FEC3-4a0e-BA2E-F919CF11D87E} - rtywem.dll
O2 - BHO: Google Module - {221BBF54-3327-4548-9006-84385B1A5840} - rtypiclor.dll
O2 - BHO: Google Module - {221BBF54-3327-4548-9006-84385B1A5840} - ssymman.dll
O2 - BHO: H Class - {2265EED7-6022-4d6c-ADF2-E932FEFD433C} - C:\WINDOWS\System32\mn.dll
O2 - BHO: SXG Advisor - {22E4849D-E499-4701-BB1C-8E8ABAB2EE21} - C:\WINDOWS\dopfwrlqox.dll
O2 - BHO: H - {22EE9F86-AAF0-4f11-80C8-859D8F53C3A0} - asddffrr.dll
O2 - BHO: H - {22EE9F86-AAF0-4f11-80C8-859D8F53C3A0} - C:\Windows\system32\feeeww1.dll
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - %programfiles%\Google\googletoolbar1.dll
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - %userprofile%\Google\googletoolbar1.dll
O2 - BHO: FLV Media - {2542358C-6758-89BC-0AB9-BAECDC14F78E} - C:\Windows\system\wkcstd32.dll
O2 - BHO: MSVPS System - {23649336-4FC4-411C-84EE-6A2B51CE5E23} - C:\WINDOWS\iesup.dll
O2 - BHO: MSVPS System - {23649336-4FC4-411C-84EE-6A2B51CE5E23} - C:\WINDOWS\pssmart.dll
O2 - BHO: MSVPS System - {24038BE3-4EF2-41E2-A603-4CE3BDD9E874} - C:\WINDOWS\movctrlqtn.dll
O2 - BHO: (no name) - {2433B127-7236-443C-A482-69B27494A4C1} - C:\WINDOWS\system32\ipv6monj.dll
O2 - BHO: Editor plugin - {2475915F-2B9E-4c8d-B433-57AABE1404A8} - commert.dll
O2 - BHO: MSN Search - {24A1E1CC-4393-941E-B765-2264A695D4E3} - C:\WINDOWS\system32\browsearch.dll
O2 - BHO: Microsoft Explorer - {2546900C-451D-8645-8CBA-C735910FA104} - C:\WINDOWS\system\wndcrt32.dll
O2 - BHO: MSVPS System - {2724E072-19D0-486d-A819-9D914191AE92} - C:\WINDOWS\ietools.dll
O2 - BHO: MSVPS System - {2724E072-19D0-486d-A819-9D914191AE92} - C:\WINDOWS\wowsupport.dll
O2 - BHO: msvbcr40 module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll
O2 - BHO: Windows module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll
O2 - BHO: Explorer - {2782DD1A-7F56-CACD-B700-602A8436709B} - "%Windir%\system\wlcstd32.dll
O2 - BHO: MSVPS System - {27A5292F-0C87-4E81-A34E-3131DBFCE994} - C:\WINDOWS\oprevxlw.dll
O2 - BHO: MSDNS System - {27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF} - C:\WINDOWS\tlhelper.dll
O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
O2 - BHO: VideoCodec Class - {284AAAD9-FDF9-49A3-93ED-9CAE4AA26805} - C:\WINDOWS\system32\AswBHO.dll
O2 - BHO: Google Module - {28C703D0-B4A9-4b2f-9123-CE8294761861} - halifax1.dll
O2 - BHO: Google Module - {28C703D0-B4A9-4b2f-9123-CE8294761861} - halifax2.dll
O2 - BHO: Editor plugin - {28FE5CF8-11DB-447c-9120-23508DA295F4} - masterc.dll
O2 - BHO: Editor plugin - {28FE5CF8-11DB-447c-9120-23508DA295F4} - winbios1.dll
O2 - BHO: OFK System - {29B1EDC5-5BF3-468F-B8E5-6B27090CEF0A} - C:\WINDOWS\blopenvtlv.dll
O2 - BHO: Flash Module - {2A068A54-DD9C-49dc-8D04-3B8A174B1B9D} - btaskv.dll
O2 - BHO: Flash Module - {2A068A54-DD9C-49dc-8D04-3B8A174B1B9D} - ktaskr.dll
O2 - BHO: SXG Advisor - {2A694270-A5B8-49D5-980B-26A31981285A} - C:\WINDOWS\dopfwrlkdn.dll
O2 - BHO: Her - {2A7102DE-1F71-4146-86FD-A722E8AB3489} - C:\WINDOWS\system32\lorinhib.dll
O2 - BHO: Her - {2A7102DE-1F71-4146-86FD-A722E8AB3489} - C:\WINDOWS\system32\procins.dll
O2 - BHO: MSVPS System - {2A82CA08-45C7-4D20-997D-35AEED4B130F} - C:\WINDOWS\blopenvtrk.dll
O2 - BHO: OFK System - {2A82CA08-45C7-4D20-997D-35AEED4B130F} - C:\WINDOWS\blopenvtrk.dll
O2 - BHO: OFK System - {2B159383-78BB-4D21-A799-95AABC81ACED} - C:\WINDOWS\vipextmst.dll
O2 - BHO: IE Image Helper - {2B2C445C-6C7C-879B-8AC9-B4ACCBD8E4DF} - C:\WINDOWS\system\wmcctv32.dll
O2 - BHO: Editor plugin - {2B59A30B-E773-4c5f-BD26-080B7D3AB3F8} - ramtask.dll
O2 - BHO: MSVPS System - {2C014816-5BD4-4166-85EA-62FE05E517C3} - C:\WINDOWS\sconf32.dll
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\**********.dll
O2 - BHO: Editor plugin - {2C91577A-5253-492c-89A6-DA08849A3298} - reccon.dll
O2 - BHO: Editor plugin - {2CBC114E-C060-4610-99BB-0FC090D1FF36} - matorm.dll
O2 - BHO: Editor plugin - {2CC4AA87-7887-4e81-8285-3BFAD0806B1B} - lockstock.dll
O2 - BHO: Editor plugin - {2CC4AA87-7887-4e81-8285-3BFAD0806B1B} - worldso.dll
O2 - BHO: BDEX System - {2CD50EED-0440-4D62-BAA2-03E8795A4BB9} - C:\WINDOWS\domnftwqlv.dll
O2 - BHO: MSVPS System - {2CD50EED-0440-4D62-BAA2-03E8795A4BB9} - C:\WINDOWS\domnftwqlv.dll
O2 - BHO: MSVPS System - {2D42D689-4B94-4734-92C2-606FC5F4C15D} - C:\WINDOWS\oprevtdp.dll
O2 - BHO: Language Tools - {2DA9A619-D5A2-434A-12B2-ACD8B55744D2} - C:\WINDOWS\system32\msogl.dll
O2 - BHO: SXG Advisor - {2EB3CE30-CF0E-4394-91B5-052EA0E52DF9} - C:\WINDOWS\dopfwrlmgf.dll
O2 - BHO: OFK System - {2F0D1D4D-3B73-4426-8155-4494A3543703} - C:\WINDOWS\blopenvdol.dll
O2 - BHO: H - {2F1890C8-8727-4d35-9312-AFDB3A403E83} - mcacr.dll
O2 - BHO: Rmn plugin - {2FDA60DF-6D94-4f16-A48C-3C4EC57FEF58} - nokia32.dll
O2 - BHO: Rmn plugin - {2FDA60DF-6D94-4f16-A48C-3C4EC57FEF58} - symdb32.dll
O2 - BHO: XTN Monitor - {2FDC8E29-E942-4307-97C5-69FFA934B331} - C:\WINDOWS\ddwlxtqgmq.dll
O2 - BHO: Editor plugin - {2FF5010D-FBAB-4307-B5B2-039C79CB6CEB} - fisheg.dll
O2 - BHO: Editor plugin - {2FF5010D-FBAB-4307-B5B2-039C79CB6CEB} - gruws.dll
O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll
O2 - BHO: Flash Module - {3039C679-F399-4c5a-B465-47385038D0EC} - btaskv.dll
O2 - BHO: Flash Module - {3039C679-F399-4c5a-B465-47385038D0EC} - ktaskr.dll
O2 - BHO: Microsoft Explorer - {30569401-8721-8345-2CA1-873581CF4101} - C:\WINDOWS\system\dswctl32.dll
O2 - BHO: H - {30EDD4CB-8BC1-4f9f-99A6-A6938E9AACE0} - C:\WINDOWS\system32\coq.dll
O2 - BHO: H - {30EDD4CB-8BC1-4f9f-99A6-A6938E9AACE0} - C:\WINDOWS\system32\down.dll
O2 - BHO: H - {30EDD4CB-8BC1-4f9f-99A6-A6938E9AACE0} - C:\WINDOWS\system32\down1.dll
O2 - BHO: Still Image - {31656AAF-7229-BA16-E97D-31557D631863} - C:\WINDOWS\system\mstctw32.dll
O2 - BHO: Image Helper - {31677ADF-17D9-5516-E17D-3E459D631863} - C:\WINDOWS\system\bplctw32.dll
O2 - BHO: Flash Module - {31A03B50-A17C-408d-A6E5-6541FD654B50} - tconn1.dll
O2 - BHO: MSVPS System - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - C:\WINDOWS\mscore.dll
O2 - BHO: MSVPS System - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - C:\WINDOWS\nsduo.dll
O2 - BHO: MSVPS System - {31DE3194-C748-48BB-B620-2D0156B5E1AD} - C:\WINDOWS\werbetgxd.dll
O2 - BHO: Image Helper - {32031715-0682-3851-A63F-56C30BE4BF3B} - C:\WINDOWS\system\bspctl32.dll
O2 - BHO: H - {327C3AF0-4EF6-4f8a-9A8D-685A4815D9F8} - C:\WINDOWS\system32\coman.dll
O2 - BHO: H - {327C3AF0-4EF6-4f8a-9A8D-685A4815D9F8} - C:\WINDOWS\System32\coman2.dll
O2 - BHO: Editor plugin - {3298487F-5064-48e9-B5E4-4BF50F4F9006} - mountr.dll
O2 - BHO: Microsoft copyright - {32C620D6-CC10-4e6a-9715-BACACD5B0E61} - sxmg4.dll
O2 - BHO: IExplore Helper - {3301A7C2-0ABD-11D4-914D-00C04F610D24} - C:\WINDOWS\system\comcrt32.dll
O2 - BHO: Helper Class - {33161E98-0A6C-4d3c-BD62-3A7D56137F52} - C:\WINDOWS\System32\mac.dll
O2 - BHO: Helper Class - {33161E98-0A6C-4d3c-BD62-3A7D56137F52} - C:\WINDOWS\System32\mac1.dll
O2 - BHO: Helper Class - {33161E98-0A6C-4d3c-BD62-3A7D56137F52} - C:\WINDOWS\system32\mcac.dll
O2 - BHO: Explorer - {3348D07C-7C5C-D2C4-CFBA-A47F82347C8B} - C:\WINDOWS\system32\wjcstd32.dll
O2 - BHO: MSVPS System - {335C00B1-DB93-4EEA-8A75-C9EA3B67E895} - C:\WINDOWS\qnxplugin.dll
O2 - BHO: IE Helper - {336D7A4F-873E-E526-367D-2E4595639863} - C:\WINDOWS\system\remdlg32.dll
O2 - BHO: Flash Module - {33C5B1FA-7EB1-4419-8752-AD936F5E7DF5} - ktaskr.dll
O2 - BHO: Flash Module - {3495FCBF-8E0F-4338-B476-3025B6EF68D4} - hyperconn.dll
O2 - BHO: Flash Module - {3495FCBF-8E0F-4338-B476-3025B6EF68D4} - hyperser.dll
O2 - BHO: IE Helper - {356D724F-8731-C5C6-317D-2E6575639863} - C:\WINDOWS\system\rmzdlg32.dll
O2 - BHO: H - {356EEB0A-861D-4822-9D25-7DA21182DC8B} - q24m.dll
O2 - BHO: SWF Data - {35D2328C-B75A-81BF-081C-B1E9DC54F3EE} - C:\WINDOWS\system\wlcstd32.dll
O2 - BHO: (no name) - {36345442-9475-2563-166A-467739208346} - C:\WINDOWS\System32\ipv6mons.dll
O2 - BHO: (no name) - {36345442-9475-2563-166A-467739208346} - C:\WINDOWS\System32\ipv6mopz.dll
O2 - BHO: BDEX System - {363A1C9A-2606-4E5A-8C35-2DA970B9B2C6} - C:\WINDOWS\dxpvqlmwxm.dll
O2 - BHO: H - {3644117A-821A-4cc4-ADD5-226A6694F722} - C:\WINDOWS\system32\cimm.dll
O2 - BHO: H - {3644117A-821A-4cc4-ADD5-226A6694F722} - C:\WINDOWS\system32\co.dll
O2 - BHO: Microsoft Explorer - {3657900C-451D-8645-8CBA-C735910FA104} - C:\WINDOWS\system\brwctl32.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mopk.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mops.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\System32\ipv6mote.dll
O2 - BHO: VPNS System - {366B2151-E1C7-44a3-86A3-E5686C2A3D2F} - C:\WINDOWS\iedrives.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\(Random Name).dll
O2 - BHO: Microsoft Explorer - {3756900C-91CD-8645-BCA1-A735810F4101} - C:\WINDOWS\system\swtctl32.dll
O2 - BHO: H - {395AFD48-29EF-4dd4-B00B-70BA74BD1B7A} - soierw.dll
O2 - BHO: Microsoft Explorer - {39D7900C-461D-86A5-81BA-CF35914FAC04} - C:\WINDOWS\system32\msvctl32.dll
O2 - BHO: NETWORK SERVICE - {3A4E6FF3-BF59-446E-9DC8-731BCE2F349A} - C:\WINDOWS\system32\msupdate.dll
O2 - BHO: Flash Module - {3A75439D-E608-4095-BF8B-A65F5FCAB8B9} - bortaj32.dll
O2 - BHO: Flash Module - {3A75439D-E608-4095-BF8B-A65F5FCAB8B9} - nonmar32.dll
O2 - BHO: Flash Module - {3AAB6591-87DD-424b-AFF2-4685EBF6A5EF} - alivefor.dll
O2 - BHO: Flash Module - {3AAB6591-87DD-424b-AFF2-4685EBF6A5EF} - bodrowis.dll
O2 - BHO: (no name) - {3AB3C1E1-DEA7-43A7-836A-1674BAB5058D} - C:\WINDOWS\system32\ipv6monj.dll
O2 - BHO: (no name) - {3AC804FF-EBE2-417B-92A4-55F358195F63} - C:\WINDOWS\system32\ipv6monk.dll
O2 - BHO: Editor plugin - {3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C} - rastyu.dll
O2 - BHO: Editor plugin - {3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C} - winbios1.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrdkq.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrgxt.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrkwm.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsronw.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrsqo.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrtvd.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrvnl.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrvqt.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrwlq.dll
O2 - BHO: SXG Advisor - {3B052632-AF24-41A1-B518-448E9E8D0D99} - C:\WINDOWS\dopfwrlrdp.dll
O2 - BHO: Flash Module - {3B3F8962-EF26-49e6-8863-B5675E477EA8} - btasv.dll
O2 - BHO: Flash Module - {3B3F8962-EF26-49e6-8863-B5675E477EA8} - ktasr.dll
O2 - BHO: Editor plugin - {3B4A553C-052B-4855-A883-CF70B01F8731} - milis.dll
O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll
O2 - BHO: MSVPS System - {3C33240D-D292-4E3C-BB5C-3EC6541B0480} - C:\WINDOWS\ipwyptfg.dll
O2 - BHO: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll
O2 - BHO: Still Image - {3C657AAF-22D9-5A16-E17D-31457D631863} - C:\WINDOWS\system\tlctw32.dll
O2 - BHO: H - {3C6FE25B-66E7-43ce-9EF0-4B25F4F44C64} - C:\WINDOWS\system32\c5q1.dll
O2 - BHO: H - {3C6FE25B-66E7-43ce-9EF0-4B25F4F44C64} - C:\WINDOWS\system32\cr3m.dll
O2 - BHO: MSVPS System - {3C778520-106E-438B-9417-3D86B7108978} - C:\WINDOWS\ipwyprkg.dll
O2 - BHO: MSVPS System - {3CB70CC2-303F-4A6C-824D-013AE8CFDB6B} - C:\WINDOWS\nsduo.dll
O2 - BHO: MSVPS System - {3CE12841-9438-48A0-9DA9-D3D2D3D562CC} - C:\WINDOWS\oprevpfm.dll
O2 - BHO: Editor plugin - {3D5504AC-D827-433e-8F26-D0025AE57350} - matorm.dll
O2 - BHO: BDEX System - {3DAF1739-AB9E-493E-8DD7-F65CDF363BCB} - C:\WINDOWS\domnftwqpd.dll
O2 - BHO: pl - {3DC8CA1D-D31A-474b-979A-A3823FA34ED8} - C:\WINDOWS\system32\dccplus.dll
O2 - BHO: H - {3E94C28B-76C9-456f-9A7D-E80C6B2A4380} - matahsw.dll
O2 - BHO: Hook Class - {3F08996E-0A3D-456c-BEEC-9F51B6F614BC} - c:\windows\system32\wetde1.dll
O2 - BHO: H - {3F6D54BB-34EE-4469-B094-86B09E53BCF8} - C:\WINDOWS\system32\down.dll
O2 - BHO: ASP.NET Helper - {40031115-09D2-3B51-A13F-569308E48038} - C:\WINDOWS\system\ctlcrt32.dll
O2 - BHO: Editor plugin - {403CAC94-FF4F-447d-92EC-3E01195E0C41} - smuhdd.dll
O2 - BHO: MSVPS System - {409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} - C:\WINDOWS\soundplugin.dll
O2 - BHO: ASP.NET Helper - {42031715-09B2-3B51-A93F-56C308E48F38} - C:\WINDOWS\system\ctlvxd32.dll
O2 - BHO: MSVPS System - {4118A625-1B64-4ED1-A2E9-76DEC529D2D2} - C:\WINDOWS\qnxplugin.dll
O2 - BHO: IE FLV Helper - {41234527-492A-B7CB-4D29-E4ACFBC4C2DE} - C:\WINDOWS\system\wjccts32.dll
O2 - BHO: Editor plugin - {41F0460B-6B45-45de-8717-B27BC18360A6} - restorem.dll
O2 - BHO: Editor plugin - {41F0460B-6B45-45de-8717-B27BC18360A6} - somelot.dll
O2 - BHO: Microsoft copyright - {426BE7AF-BE14-4210-B65B-97D39F07F28A} - burre.dll
O2 - BHO: Microsoft copyright - {426BE7AF-BE14-4210-B65B-97D39F07F28A} - soem.dll
O2 - BHO: MSVPS System - {428FA4A4-C8EC-427C-85DE-11C80F67893A} - C:\WINDOWS\div32.dll
O2 - BHO: MSVPS System - {428FA4A4-C8EC-427C-85DE-11C80F67893A} - C:\WINDOWS\mscore.dll
O2 - BHO: H - {43000075-124D-4697-A2A5-AF8FE8AF1376} - r223e.dll
O2 - BHO: H - {43000075-124D-4697-A2A5-AF8FE8AF1376} - c3224m.dll
O2 - BHO: Flash Module - {43621FA4-9E25-4bcf-A5F4-5934E3838EC1} - btasv.dll
O2 - BHO: Flash Module - {43621FA4-9E25-4bcf-A5F4-5934E3838EC1} - ktasr.dll
O2 - BHO: Google Module - {44902F9A-0747-460b-9577-E6F0F7EB417E} - strike12.dll
O2 - BHO: SXG Advisor - {451692E8-E49F-471E-B230-D36C4A3C7374} - C:\WINDOWS\dmdvpngsd.dll
O2 - BHO: H - {45FF7873-05FF-4527-8F57-77DDF1EBC5AC} - grim1.dll
O2 - BHO: H - {45FF7873-05FF-4527-8F57-77DDF1EBC5AC} - sores2.dll
O2 - BHO: MSVPS System- {47443DF5-EB4D-4509-8B2E-BCCC37B5939E} - C:\WINDOWS\dopfwrldql.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - jetaccss.dll
O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - siemens32.dll
O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - skrb32.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfnd.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspklqs.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkmxl.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspknlg.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspksgp.dll
O2 - BHO: H - {488DB4F4-9B4A-49ef-A25D-9F84BDB07B27} - q24m.dll
O2 - BHO: AboutBlank Class - {489C5DDD-AB4C-48EC-B397-505BABF9B4BD} - %Temp%\ieobj.dll
O2 - BHO: H - {48CFD3C5-C8EB-4611-8102-E5DC81A5F70B} - q2d23we4m.dll
O2 - BHO: MSVPS System - {48F763FA-3001-4C76-90E5-61FD87440AC8} - C:\WINDOWS\popnetnfv.dll
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll
O2 - BHO: Editor plugin - {49F3A26F-CC23-4112-A5E1-38FDE8D40F9E} - smuhdd.dll
O2 - BHO: H - {4AB9D472-989D-4c7b-B6F1-503206D33AAE} - we4454rer.dll
O2 - BHO: XTN Monitor - {4AF1F021-A9E8-4465-AE1D-D9BBFF43B961} - C:\WINDOWS\ddwlxtqfls.dll
O2 - BHO: Editor plugin - {4B1B81E5-74B0-45b9-BA83-E036A510C6DA} - drive01.dll
O2 - BHO: Editor plugin - {4B1B81E5-74B0-45b9-BA83-E036A510C6DA} - flashm1.dll
O2 - BHO: Internet Explorer Helper - {4B2C442C-4C2C-472B-4129-24AC2BC4C2DE} - C:\WINDOWS\system\wkccts32.dll
O2 - BHO: SXG Advisor - {4BF7B3BF-B8B5-439D-A9EB-9272CB92186F} - C:\WINDOWS\dmdvpnsop.dll
O2 - BHO: Editor plugin - {4BF9AA59-7EDC-42ae-8A01-711552C80D38} - tvumbal.dll
O2 - BHO: Editor plugin - {4C2E4926-8A35-424c-9256-EA3CFD0CA089} - matorm.dll
O2 - BHO: Google Module - {4C579E8B-92F1-44d1-9444-66A4355E9386} - bagetionwll.dll
O2 - BHO: Google Module - {4C579E8B-92F1-44d1-9444-66A4355E9386} - rozmchild.dll
O2 - BHO: H - {4D2678C8-8E52-4349-B688-38EA3C785E60} - namesver.dll
O2 - BHO: H - {4D2678C8-8E52-4349-B688-38EA3C785E60} - razeorc.dll
O2 - BHO: Editor plugin - {4DA6E907-A554-4ee6-A154-A50386E25E15} - muslki.dll
O2 - BHO: BDEX System - {4DD1180E-8EEE-4801-AB5D-05CC3DFE3AF0} - C:\WINDOWS\ttvbonkog.dll
O2 - BHO: Editor plugin - {4E82568D-484A-4341-8318-358F0813FA45} - bannerm.dll
O2 - BHO: VBA Object - {4F0817D5-D9B2-BE51-293F-76CB08E48F38} - C:\WINDOWS\system\sctwnd32.dll
O2 - BHO: (no name) - {4F45C552-9688-4af2-AA57-15089900E144} - C:\WINDOWS\system32\crypt32rt.dll
O2 - BHO: H - {4F862FBA-1E2B-4072-9EA8-1FD3FECB86A1} - muscira.dll
O2 - BHO: H - {4F862FBA-1E2B-4072-9EA8-1FD3FECB86A1} - somato.dll
O2 - BHO: Flash Module - {4F9AB7F3-DE3D-4bce-B932-A5F4E94F4E6D} - btasv.dll
O2 - BHO: Flash Module - {4F9AB7F3-DE3D-4bce-B932-A5F4E94F4E6D} - ktasr.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: GRN Monitor - {503A367C-3944-4CE4-A031-25FAF6167119} - C:\WINDOWS\dnqdlpmlox.dll
O2 - BHO: BDEX System - {5085333B-FD15-4754-A571-852F7077C5F2} - C:\WINDOWS\dxpvqlmqng.dll
O2 - BHO: Editor plugin - {50D06461-04D0-4e73-A978-B83380560FD7} - cortals.dll
O2 - BHO: Helper Class - {5142FE17-20E6-4121-A925-A4C6385CDDAA} - C:\WINDOWS\system32\rem.dll
O2 - BHO: Macromedia Extension - {5143353C-6C58-DABB-C7B9-A4EC8B74F05E} - C:\WINDOWS\system\whcstd32.dll
O2 - BHO: Helper - {5145C41C-1CEC-DDCB-CAB9-A47C8B346251} - C:\WINDOWS\system32\whcstd32.dll
O2 - BHO: Macromedia Extension - {52434536-6758-D8BB-C799-AAEC8C74FD5E} - C:\WINDOWS\system\wecsnd32.dll
O2 - BHO: SXG Advisor - {5257F0D5-2868-4758-94D3-E268EB6D43C5} - C:\WINDOWS\dopfwrlvtq.dll
O2 - BHO: CIEBHO Object - {528A3CF7-AAF9-42FE-A5D0-2A8EDA9E299E} - %UserProfile%\My Documents\SpyDevastator\SDBHO.dll
O2 - BHO: Google Module - {531BE052-76FC-4b05-9CCD-AF6AA265113C} - strike12.dll
O2 - BHO: Google Module - {531BE052-76FC-4b05-9CCD-AF6AA265113C} - strike45.dll
O2 - BHO: Helper - {5348C01C-0CAC-DFC1-C2B5-A17C8F346C5B} - C:\WINDOWS\system32\wicstd32.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Het - {53D58A07-E5FE-4128-B5B3-4E4D7281034B} - C:\WINDOWS\System32\radiek1.dll
O2 - BHO: SXG Advisor - {5415A533-17B1-4A38-B3CA-70AEEF8C41AC} - C:\WINDOWS\dopfwrlgwx.dll
O2 - BHO: H - {543698AD-43C8-477b-B7D3-5FA13EC3ADBD} - C:\WINDOWS\System32\c3224m.dll
O2 - BHO: H - {543698AD-43C8-477b-B7D3-5FA13EC3ADBD} - C:\WINDOWS\System32\r223e.dll
O2 - BHO: H - {5469F1DE-62BF-44d7-826A-05E8E9856C85} - c34m.dll
O2 - BHO: Editor plugin - {54900915-99E3-4245-A97D-0637BF966F46} - cortals.dll
O2 - BHO: Yahoo ToolBar - {54C7D1DD-4296-451e-B756-1E94F665B4FF} - C:\WINDOWS\system32\yatool.dll
O2 - BHO: Yahoo ToolBar - {54C7D1DD-4296-451e-B756-1E94F665B4FF} - C:\WINDOWS\System32\winnet.dll
O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll
O2 - BHO: MSDNS System - {5574E139-F59C-4bee-9A61-150B0D3A16C7} - C:\WINDOWS\service.dll
O2 - BHO: Flash Module - {5597409F-8C79-4367-951E-1BC8BD6672B5} - btasv.dll
O2 - BHO: Flash Module - {5597409F-8C79-4367-951E-1BC8BD6672B5} - ktasr.dll
O2 - BHO: H - {5615C916-D079-4d48-8D34-8FBFE272F6FF} - wem.dll
O2 - BHO: MSVPS System - {566C8302-993E-4455-80EA-004F01B8192F} - C:\WINDOWS\vipextqgp.dll
O2 - BHO: OFK - {566C8302-993E-4455-80EA-004F01B8192F} - C:\WINDOWS\vipextqgp.dll
O2 - BHO: BDEX System - {56F043F0-CD47-47AE-B459-416A07545CA1} - C:\WINDOWS\ttvbonsgr.dll
O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - C:\Program Files\ASC 2.1\ASCWarning32.dll
O2 - BHO: Editor plugin - {58599502-305E-4e3f-B35A-14EB0EC26DA0} - commert.dll
O2 - BHO: Editor plugin - {58599502-305E-4e3f-B35A-14EB0EC26DA0} - paradise.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - (Random Number).dll
O2 - BHO: CInternetExplorerAssistant - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - C:\PROGRA~1\INTERN~2\INTERN~1.DLL
O2 - BHO: Gamburg provider - {59D94AAD-0A67-417e-969B-8311296E8364} - contrld.dll
O2 - BHO: Gamburg provider - {59D94AAD-0A67-417e-969B-8311296E8364} - condw32.dll
O2 - BHO: Macromedia Extension - {5A4C343C-BC5C-D7BB-C7B9-A47C8B74605E} - C:\WINDOWS\system\wicstd32.dll
O2 - BHO: SXG Advisor - {5A5817AC-C117-4FF6-A3DA-13142F6F6C5C} - C:\WINDOWS\dmdvpnqfv.dll
O2 - BHO: (no name) - {5A5D6692-0D14-4019-9846-DEAEB10C523C} - C:\WINDOWS\system32\ipv6monk.dll
O2 - BHO: FLV Extension - {5B4C341C-FCEC-D7BB-C1B9-A49C8B74625E} - C:\WINDOWS\system\wjcstd32.dll
O2 - BHO: OFK System - {5B516241-0559-4F05-AF41-F1789925762F} - C:\WINDOWS\blopenvwvf.dll
O2 - BHO: Rmn plugin - {5BEEFD1C-446F-48a7-A7C7-C8E5986A9760} - rbsgam.dll
O2 - BHO: Rmn plugin - {5BEEFD1C-446F-48a7-A7C7-C8E5986A9760} - rbsgem.dll
O2 - BHO: Flash Module - {5C157D5F-8199-43f5-B2D1-C58A4E9D4758} - btaskv.dll
O2 - BHO: Flash Module - {5C157D5F-8199-43f5-B2D1-C58A4E9D4758} - ktaskr.dll
O2 - BHO: H - {5C2290D4-C3F1-4bb5-91E6-D0B806A8663A} - parety.dll
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\AntivirusFiable\Tools\pblock.dll
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\PCTotalDefender\Tools\pblock.dll
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirusEffaceur\Tools\pblock.dll
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirusGarde\Tools\pblock.dll
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\WinSecureAv\Tools\pblock.dll
O2 - BHO: XTN Monitor - {5C57A186-DD05-4E74-BEFE-A104E8B21227} - C:\WINDOWS\ddwlxtqdgx.dll
O2 - BHO: Editor plugin - {5C6D29BE-AFF8-4cb9-B9F9-EA3289051E73} - drive01.dll
O2 - BHO: Editor plugin - {5C6D29BE-AFF8-4cb9-B9F9-EA3289051E73} - flashm1.dll
O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - berg2.dll
O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - tinox1.dll
O2 - BHO: (no name) - {5DCD5823-A374-4647-A549-042B132CA3E2} - C:\WINDOWS\system32\ipv6moni.dll
O2 - BHO: H - {5E30F697-D03E-40be-B382-1AE1C00D2C3D} - maibak.dll
O2 - BHO: H - {5E30F697-D03E-40be-B382-1AE1C00D2C3D} - sorryfo1.dll
O2 - BHO: H - {5E66C4A5-70BE-48a1-A1FB-6D430A539969} - mioed.dll
O2 - BHO: MSVPS System - {5EF40AC5-1BBE-4436-A9E3-F129C0D605D8} - C:\WINDOWS\vipextoxn.dll
O2 - BHO: MSVPS System - {5F1F01A9-4013-4C28-90E9-8C50F03B5E37} - C:\WINDOWS\blopenvkgq.dll
O2 - BHO: OFK System - {5F1F01A9-4013-4C28-90E9-8C50F03B5E37} - C:\WINDOWS\blopenvkgq.dll
O2 - BHO: SXG Advisor - {5FD4193C-551E-43A1-BC8A-D4C6B6C3B947} - C:\WINDOWS\dopfwrloxf.dll
O2 - BHO: Editor plugin - {609133AE-C65D-43cf-8F8E-4DE2684F427F} - balset.dll
O2 - BHO: Editor plugin - {609133AE-C65D-43cf-8F8E-4DE2684F427F} - fowlr.dll
O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll
O2 - BHO: MSVPS System - {60D3EC53-56A8-46A8-9D01-1AB64410665C} - C:\WINDOWS\nsduo.dll
O2 - BHO: Helper Class - {60FD4F58-4748-48f6-B661-5FCE71B0D907} - C:\WINDOWS\system32\torm.dll
O2 - BHO: Helper Class - {60FD4F58-4748-48f6-B661-5FCE71B0D907} - C:\WINDOWS\System32\torm1.dll
O2 - BHO: MSVPS System - {6162F78D-ACF0-424F-BDF2-F73484EE91EC} - C:\WINDOWS\werbetknp.dll
O2 - BHO: Explorer Object - {616A12A1-3A18-5116-A11A-32159A13A813} - C:\WINDOWS\system\csdact32.dll
O2 - BHO: Explorer Object - {626324A5-6A78-8296-A1BA-C2D59E34F813} - C:\WINDOWS\system\cvdact32.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - C:\WINDOWS\system\btlmct32.dll
O2 - BHO: Explorer Object - {626A22A2-3A28-5216-A12A-32359A34A813} - C:\WINDOWS\system\cwdact32.dll
O2 - BHO: BDEX System - {62EA9201-8CC7-4199-AC30-7744F836322E} - C:\WINDOWS\ttvbontvm.dll
O2 - BHO: H - {63170A8C-B4A4-4242-810A-1F3ABE7797DA} - C:\WINDOWS\system32\ra1.dll
O2 - BHO: Editor plugin - {63DFEE28-0ED6-48be-832B-BB6B064EB7CC} - masterc.dll
O2 - BHO: H - {643CA6C7-8187-4cd7-84D3-6B40603C9155} - putin1.dll
O2 - BHO: H - {643CA6C7-8187-4cd7-84D3-6B40603C9155} - ramsfeld1.dll
O2 - BHO: Image Helper - {646782DF-07D9-5816-C17D-32459D631863} - C:\WINDOWS\system\bpmdm32.dll
O2 - BHO: H - {6492B269-7FDA-45d5-8EEB-7409176A8764} - C:\WINDOWS\system32\wwwe1r32tm.dll
O2 - BHO: Image Helper - {64D712D1-84D9-281C-CE7D-32439D631863} - C:\WINDOWS\system\bpmtcs32.dll
O2 - BHO: QXK Olive - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - %Temp%\msfont32.dll
O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll
O2 - BHO: Editor plugin - {65303C85-8DFA-4804-A796-6D4A194494A3} - cariba.dll
O2 - BHO: Editor plugin - {65303C85-8DFA-4804-A796-6D4A194494A3} - surina.dll
O2 - BHO: SXG Advisor - {65990097-F699-4216-9270-80572B89D23F} - C:\WINDOWS\dopfwrlgfm.dll
O2 - BHO: H - {65ED39E0-A35F-4d3c-9DF0-74AD57FE2690} - cunamei.dll
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll
O2 - BHO: Editor plugin - {6637D2DF-E158-41d9-BA81-CA3E4CEEF01A} - cukert.dll
O2 - BHO: Editor plugin - {6637D2DF-E158-41d9-BA81-CA3E4CEEF01A} - masyan.dll
O2 - BHO: Editor plugin - {668D4B72-CD82-4b82-95D3-1B4546E0859F} - callps.dll
O2 - BHO: Flash Module - {669CFA6D-450B-4d88-A9D7-D2371E845370} - btaskv.dll
O2 - BHO: Flash Module - {669CFA6D-450B-4d88-A9D7-D2371E845370} - ktaskr.dll
O2 - BHO: Flash Module - {66ADC876-890F-44d2-BBD6-390C52599B94} - btask.dll
O2 - BHO: Flash Module - {66ADC876-890F-44d2-BBD6-390C52599B94} - ktask.dll
O2 - BHO: Editor plugin - {66CEAA7E-6FBD-4e0f-BDD2-190D5A354C99} - micropr.dll
O2 - BHO: Editor plugin - {66FFC701-4491-460e-87C4-E24AB0BB020A} - smuhdd.dll
O2 - BHO: Editor plugin - {66FFC701-4491-460e-87C4-E24AB0BB020A} - windsw.dll
O2 - BHO: BDEX System - {670ADC7B-89DC-4F88-98CC-2E3BCF85F140} - C:\WINDOWS\ttvbonldf.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - sbmdl.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Flash Module - {68D5BBF9-EED5-4125-B227-55F81540BF4D} - ppret2.dll
O2 - BHO: Flash Module - {68D5BBF9-EED5-4125-B227-55F81540BF4D} - simcard1.dll
O2 - BHO: H - {68EBD240-34BC-4503-8432-D2AB5168F4EB} - ramsfeld1.dll
O2 - BHO: Editor plugin - {695A3FD5-BEC8-461f-8E73-AE1EC0DBC17A} - plugor.dll
O2 - BHO: Editor plugin - {695A3FD5-BEC8-461f-8E73-AE1EC0DBC17A} - titos.dll
O2 - BHO: MSVPS System - {695A94FD-15D0-4ED7-8F40-D2B3BDC42C15} - C:\WINDOWS\nsduo.dll
O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINDOWS\system\bremct32.dll
O2 - BHO: SXG Advisor - {696EE2DD-9008-44D5-BA5F-286D59F77F2E} - C:\WINDOWS\dopfwrldxw.dll
O2 - BHO: H - {6A2432C9-F515-40c4-A5C7-402A0EC7A9C3} - s1df23e_.dll
O2 - BHO: H - {6A2432C9-F515-40c4-A5C7-402A0EC7A9C3} - we1r32tm.dll
O2 - BHO: MSVPS System - {6A78E352-B1FA-4C18-9C48-96DD03979770} - C:\WINDOWS\popnetmtq.dll
O2 - BHO: Editor plugin - {6AED2AF9-6221-449c-BB9F-362F479322D4} - eurodol.dll
O2 - BHO: Flash Module - {6B1A0BFB-3B26-49c5-B699-F5692C673597} - ktaskr.dll
O2 - BHO: Flash Module - {6B1A0BFB-3B26-49c5-B699-F5692C673597} - btaskv.dll
O2 - BHO: MSVPS System - {6BE306E6-555D-41B1-98FF-6453622F4F4B} - C:\WINDOWS\advrepkon.dll
O2 - BHO: BDEX System - {6C65156C-BD92-41F7-BA26-0CA21B846D2A} - C:\WINDOWS\ttvbonmwo.dll
O2 - BHO: HTGTUP System - {6C7A1C43-D86E-49D4-A66E-8EF0DCFCBB71} - C:\WINDOWS\oprevmqp.dll
O2 - BHO: Editor plugin - {6C8DE14D-EF92-492f-BBF7-B61F1405F328} - smuhdd.dll
O2 - BHO: Editor plugin - {6C8DE14D-EF92-492f-BBF7-B61F1405F328} - windsw.dll
O2 - BHO: Hook Class - {6E3D2E1D-7B23-41c8-8A6C-13012A889F99} - c:\windows\system32\(RandomName).dll
O2 - BHO: MSVPS System - {6EB10F79-5E53-4F76-B146-409EFCDCB957} - C:\WINDOWS\movctrlfqd.dll
O2 - BHO: MSVPS System - {6F4DB301-0698-4AF4-A8A2-473996DF425A} - C:\WINDOWS\qnxplugin.dll
O2 - Explorer Object - {6F6E22C2-DAB8-A296-A82A-72369A54A423} - C:\WINDOWS\system\cudact32.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\AntivirusFiable\Tools\sbiebho.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\PCTotalDefender\Tools\sbiebho.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirusEffaceur\Tools\sbiebho.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirusGarde\Tools\sbiebho.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\WinSecureAv\Tools\sbiebho.dll
O2 - BHO: SXG Advisor - {6FFDE480-14C1-43FC-BEC1-CA97A2541FFD} - C:\WINDOWS\dmdvpnslp.dll
O2 - BHO: MS Explorer - {705D9401-8A21-8145-25A1-8F35813F4101} - C:\WINDOWS\system\lsdctl32.dll
O2 - BHO: MS Explorer - {705E9481-27B1-7C41-28BD-8E93811F4081} - C:\WINDOWS\system\rswctl32.dll
O2 - BHO: Hook Class - {70B7D714-53BE-433f-97B4-04D7C6FE8D58} - C:\windows\system32\repl.dll
O2 - BHO: H - {70C872E5-69F5-456f-B809-484106881B7B} - q24m.dll
O2 - BHO: H - {70C872E5-69F5-456f-B809-484106881B7B} - re_.dll
O2 - BHO: Editor plugin - {726D1BA0-16B1-4b5e-96D3-0162BAEB9E20} - trident.dll
O2 - BHO: Editor plugin - {72B2F3C0-E640-432b-AA0C-5796C6BED160} - ramtask.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ips6mon.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipsec6mon.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv4mons.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6moni.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6monj.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6monk.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monl.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monm.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monn.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6mono.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monp.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monq.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monr.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\msnscps.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\System32\ipv6motq.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6monr.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - %Windir%\system\wlcstp32.dll
O2 - BHO: Microsoft copyright - {734F63ED-89AD-4c1a-A499-1688D26D780A} - soinc.dll
O2 - BHO: Flash Module - {7398A15E-13CC-4a6f-B16C-C6E2232E7F4A} - btasv.dll
O2 - BHO: Flash Module - {7398A15E-13CC-4a6f-B16C-C6E2232E7F4A} - ktasr.dll
O2 - BHO: DiginkBHO Class - {73fc67a7-bdd3-48d0-b358-3a11bab21720} - C:\WINDOWS\TinyBHO.dll
O2 - BHO: MSVPS System - {74C44274-2A2D-4A99-B00B-CCA3912349F3} - C:\WINDOWS\vipextpxm.dll
O2 - BHO: Flash Module - {7540CF81-934C-44e6-B9FF-70F874F55D79} - btasv.dll
O2 - BHO: Flash Module - {7540CF81-934C-44e6-B9FF-70F874F55D79} - ktasr.dll
O2 - BHO: MSVPS System - {757E5FA2-42E6-4702-998C-D0B673BDE396} - C:\WINDOWS\werbetprt.dll
O2 - BHO: H - {75CBC5CA-AEDD-4280-A514-5CB78796D3C7} - geroez1.dll
O2 - BHO: Editor plugin - {7728276A-4CBB-4ffa-982D-0CA20547BB49} - coreduo.dll
O2 - BHO: Flash Module - {775B738B-4540-4b16-A1DA-932C402FD8F7} - btasv.dll
O2 - BHO: Flash Module - {775B738B-4540-4b16-A1DA-932C402FD8F7} - ktasr.dll
O2 - BHO: H - {783550EA-6F83-4ddc-AC5E-14D06154B942} - aswwer.dll
O2 - BHO: (no name) - {784CE1EA-4109-4D9E-BAD0-6E022808EEAE} - C:\Program Files\SpyGuarder\redir.dll
O2 - BHO: MS Explorer - {785C9484-2198-7C61-21B1-859481184087} - C:\WINDOWS\system\wmdcfg32.dll
O2 - BHO: BDEX System - {7875DBFF-6B8A-4B74-B8A2-E2DBF657CA03} - C:\WINDOWS\ttvbonfvm.dll
O2 - BHO: H - {78AFE66E-6F83-4ba3-B670-CE104A9733A2} - rossix.dll
O2 - BHO: MSVPS System - {7A22D62B-562F-4D55-8B1E-3AAA6C2BA688} - C:\WINDOWS\advreprwd.dll
O2 - BHO: Internet Explorer - {7A4794A7-4A4A-347A-4174-24A7A478B47E} - C:\WINDOWS\system\wasctn32.dll
O2 - BHO: Flash Module - {7A70C9D8-99E3-4049-ABC6-219EC2DAFC04} - btaskv.dll
O2 - BHO: Flash Module - {7A70C9D8-99E3-4049-ABC6-219EC2DAFC04} - ktaskr.dll
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\TrustedAntivirus\Tools\pg.dll
O2 - BHO: H - {7AD924F3-6353-4f92-B034-A900434ECCAF} - qwesddddd.dll
O2 - BHO: H - {7AD924F3-6353-4f92-B034-A900434ECCAF} - xcvbbnnm.dll
O2 - BHO: MSVPS System - {7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B} - C:\WINDOWS\duocore.dll
O2 - BHO: Editor plugin - {7B01902F-169F-44ee-BFCB-E17935E13839} - titos.dll
O2 - BHO: Internet Explorer Helper - {7B4794F7-4747-347B-4174-2497A478A47E} - C:\WINDOWS\system\wpccts32.dll
O2 - BHO: Flash Module - {7B8F2526-F0FD-4971-9CC9-A0B2DFB83031} - systemc.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Editor plugin - {7CAF95AD-D876-489b-9B17-2E9F09909BA5} - commert.dll
O2 - BHO: Editor plugin - {7CAF95AD-D876-489b-9B17-2E9F09909BA5} - paradise.dll
O2 - BHO: (no name) - {7CD53FCE-FCD2-4634-AD17-9BF99892BA6C} - C:\WINDOWS\System32\ipv6monj.dll
O2 - BHO: H - {7D699C05-99F4-4f95-A6D0-F2FD7D9714F2} - cunamei.dll
O2 - BHO: XTN Monitor - {7DC3167A-D0FD-401C-A1B3-C58448F0CCCA} - C:\WINDOWS\ddwlxtqfvg.dll
O2 - BHO: MSVPS System - {7E1C6E3E-FD4E-42C8-B60B-5EC7D23728D2} - C:\WINDOWS\ipwypkmg.dll
O2 - BHO: MSVPS System - {7E745F86-6B67-45D3-922A-878167A9D258} - C:\WINDOWS\werbetnor.dll
O2 - BHO: MSVPS System - {7EB8B2AC-28EE-45F1-9834-418FC9D72DDF} - C:\Windows\werbetpwg.dll
O2 - BHO: BDEX System - {7F719D62-623C-4F70-9244-8CAEC58B041B} - C:\WINDOWS\ttvbonfwt.dll
O2 - BHO: Editor plugin - {7F954E4B-8C0F-4262-B05F-E928DAF0ADEB} - hatle.dll
O2 - BHO: Rmn plugin - {7FED228E-A6F7-49aa-A0BC-76E0A67C53BB} - drweb32.dll
O2 - BHO: Rmn plugin - {7FED228E-A6F7-49aa-A0BC-76E0A67C53BB} - nod32.dll
O2 - BHO: Editor plugin - {810C7383-C49D-40a8-AB80-59DBA271DAFA} - milis.dll
O2 - BHO: Editor plugin - {810C7383-C49D-40a8-AB80-59DBA271DAFA} - stani.dll
O2 - BHO: Microsoft Office Helper - {814194F1-4148-3871-4118-2417A488A878} - C:\WINDOWS\system\wycctd32.dll
O2 - BHO: H - {81DC60A4-A666-481a-BA00-D6EDA15335E0} - fkeqwex.dll
O2 - BHO: SXG Advisor - {81F4697D-617D-40B4-85BA-C7684D9BC543} - C:\WINDOWS\dmdvpnvmq.dll
O2 - BHO: BDEX System - {821386B0-9AB4-484F-B543-D3AA1A1A5589} - C:\WINDOWS\ttvbonpwx.dll
O2 - BHO: Editor plugin - {828EBB32-BEB8-41fe-AD5C-272293870371} - drive01.dll
O2 - BHO: SXG Advisor - {82A8A280-F026-413E-88EA-BD2A951E6FD5} - C:\WINDOWS\dmdvpndto.dll
O2 - BHO: 222 - {8336C2A1-1A8F-470d-B499-D7C663790521} - C:\WINDOWS\system32\r222fer34da2.dll
O2 - BHO: 222 - {8336C2A1-1A8F-470d-B499-D7C663790521} - C:\WINDOWS\system32\we33tde1.dll
O2 - BHO: (no name) - {83798BB2-00CD-4CF4-84CC-D814DC7A510F} - C:\Program Files\SpyGuarder\redir.dll
O2 - BHO: BDEX System - {83CDEF6B-98D2-4C60-84FC-00C44606A4F8} - C:\WINDOWS\domnftwpto.dll
O2 - BHO: C:\WINDOWS\system32\(RandomName).dll - {855875B5-93F3-429D-FF34-660B206D897C} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: Flash Module - {85911752-BC96-4fff-9121-6EB9D8F438E1} - hyperconn.dll
O2 - BHO: Flash Module - {85911752-BC96-4fff-9121-6EB9D8F438E1} - hyperser.dll
O2 - BHO: MSVPS System - {85E659D3-E110-4CE7-9D99-416FD61A1720} - C:\WINDOWS\soundplugin.dll
O2 - BHO: (no name) - {860C9311-4D68-4708-B3F0-4C9EA4407D3E} - C:\WINDOWS\system32\ipv6mond.dll
O2 - BHO: Editor plugin - {86722163-84A7-4bb0-A860-D6CCE0943315} - loadplg.dll
O2 - BHO: H - {86D85363-633A-4ecc-A18B-3007D5885945} - feeeww1.dll
O2 - BHO: H - {875DFA42-0F20-449b-B8AE-4795E5A30B98} - rsewwssewe_.dll
O2 - BHO: H - {875DFA42-0F20-449b-B8AE-4795E5A30B98} - rtreywem.dll
O2 - BHO: Flash Module - {87C0BA52-F363-4419-8AC1-D7270A668687} - btask.dll
O2 - BHO: Flash Module - {87C0BA52-F363-4419-8AC1-D7270A668687} - ktask.dll
O2 - BHO: Editor plugin - {87D3FC39-31BA-415e-9F4E-3F5737DE9A1B} - smuhdd.dll
O2 - BHO: BDEX System - {87EF7048-8905-4E82-862E-65004D4DFA80} - C:\WINDOWS\domnftwwrn.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\wnsp.dll
O2 - BHO: (no name) - {887DC58E-B36F-456B-9BE4-EBC11AC26B4F} - C:\Windows\system32\clbcat.dll
O2 - BHO: Hgni_BHO - {888826A1-3C63-4687-8696-482FDBB129DF} - C:\WINDOWS\system32\hgni_ecol.dll
O2 - BHO: H - {89155686-8863-471a-A58D-85C6258A1A82} - C:\WINDOWS\system32\c34m.dll
O2 - BHO: BeSideit IE Helper - {89CBB8EA-FA02-4f61-B997-0247E69F002B} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: H - {8AF036B0-E4F1-4fa0-98D3-7F0887C51940} - rtreywem.dll
O2 - BHO: Microsoft Office Helper - {8B4190F8-4828-387B-4164-2487A188A878} - C:\WINDOWS\system\wfcctd32.dll
O2 - BHO: Microsoft Office Helper - {8B4894F8-4848-387B-4184-2487A488A878} - C:\WINDOWS\system\wxccts32.dll
O2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\**********.dll
O2 - BHO: Macromedia Flash - {8C4250BF-C182-DE71-A89F-99C80AF4F53B} - C:\WINDOWS\system\dtsimg32.dll
O2 - BHO: H - {8C43BF11-5F7E-41fb-A44E-4F460FEB1F3E} - aswwer.dll
O2 - BHO: H - {8C43BF11-5F7E-41fb-A44E-4F460FEB1F3E} - mar132.dll
O2 - BHO: OFK System - {8CD31C2B-8F97-4938-ACBA-8C28D0099AFD} - C:\WINDOWS\blopenvsto.dll
O2 - BHO: Macromedia Flash - {8D0257BF-C682-DE51-A19F-94C80AF4B53B} - C:\WINDOWS\system\dtsmsc32.dll
O2 - BHO: Editor plugin - {8D488899-6888-4e00-9266-C7987A7E2484} - appleo.dll
O2 - BHO: Editor plugin - {8D488899-6888-4e00-9266-C7987A7E2484} - rotoon.dll
O2 - BHO: C:\WINDOWS\system32\(RandomName).dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: C:\WINDOWS\system32\(RandomName).dll - {8D5849C4-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\(RandomName).dll
O2 - BHO: SXG Advisor - {8D93C595-DA51-48D5-AB81-BD26953427A4} - C:\WINDOWS\dopfwrllwr.dll
O2 - BHO: BDEX System - {8DA38A17-6C0F-4253-AA1B-D356F49976F0} - C:\WINDOWS\ttvbonmlk.dll
O2 - BHO: Mirar - {8DD6F82D-A947-414B-ABD0-72CEF07FB544} - C:\WINDOWS\system32\(RandomName).dllO2 - BHO: MSVPS System - {8E6CFDFE-79A8-421C-B854-04081690CE6B} - C:\WINDOWS\ddesupport.dll
O2 - BHO: BDEX System - {8E7FF808-43C3-4D5F-AF01-29FD866BBA58} - C:\WINDOWS\domnftwtwl.dll
O2 - BHO: H - {8EF45F60-7FD5-4724-90BB-BB72335007B3} - C:\WINDOWS\system32\q24m.dll
O2 - BHO: H - {8EF45F60-7FD5-4724-90BB-BB72335007B3} - re_.dll
O2 - BHO: e404 helper - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - C:\Program Files\Helper\*********.dll
O2 - BHO: Microsoft copyright - {8F583FA4-8588-4866-AC5D-7BA8A176A6D6} - ariert.dll
O2 - BHO: Microsoft copyright - {8F583FA4-8588-4866-AC5D-7BA8A176A6D6} - workertc.dll
O2 - BHO: Editor plugin - {8F6808FA-AB0D-403a-811F-A787DEBAD31B} - magnum.dll
O2 - BHO: XTN Monitor - {8F8292B7-353C-427D-A52F-8EA4120E3A6F} - C:\WINDOWS\ddwlxtqnow.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
O2 - BHO: H - {8FB29334-4C02-47f0-9CA3-4DC307398F9C} - dffvvvvvv.dll
O2 - BHO: H - {8FB29334-4C02-47f0-9CA3-4DC307398F9C} - rreesssvv.dll
O2 - BHO: Editor plugin - {90548C33-F034-4150-BE0C-B2EAD10DC04E} - cortals.dll
O2 - BHO: Editor plugin - {90548C33-F034-4150-BE0C-B2EAD10DC04E} - knifelot.dll
O2 - BHO: Flash Module - {90CDA4BB-9CCC-4724-96E2-3A33557B512B} - btaskv.dll
O2 - BHO: Flash Module - {90CDA4BB-9CCC-4724-96E2-3A33557B512B} - ktaskr.dll
O2 - BHO: MSVPS System - {90CF5384-7C70-4CD6-A30D-B2F14537B5C3} - C:\WINDOWS\movctrlwxq.dll
O2 - BHO: Flash Module - {90D60A4E-7F80-4c3f-9965-3B5647A38B9B} - btaskv.dll
O2 - BHO: Flash Module - {90D60A4E-7F80-4c3f-9965-3B5647A38B9B} - ktaskr.dll
O2 - BHO: Editor plugin - {919629F0-1663-42e9-8158-8C2BE790B2EB} - appleo.dll
O2 - BHO: Editor plugin - {923BE9A3-6693-4a72-84C0-0CFAE5B8AC40} - eurodol.dll
O2 - BHO: Rmn plugin - {930247B4-16BE-48d2-87DD-86D7FB314639} - ritz8.dll
O2 - BHO: Editor plugin - {9309F35E-FBC8-4914-A3B1-7A06ABC310AA} - bulgan.dll
O2 - BHO: Editor plugin - {9309F35E-FBC8-4914-A3B1-7A06ABC310AA} - raboic.dll
O2 - BHO: MSVPS System - {93205C3F-1221-43F4-847F-007C6A4CE9A5} - C:\WINDOWS\advrepgpd.dll
O2 - BHO: BDEX System - {93289CD1-5615-4994-9FD4-FD11A9F6A66D} - C:\WINDOWS\dxpvqlmnsr.dll
O2 - BHO: CUNta - {933ED98E-57E9-11DD-BF82-A36255D89593} - C:\WINDOWS\system32\cunta.dll
O2 - BHO: MSVPS System - {9352055D-879B-4876-92E3-6DF8D5210B54} - C:\WINDOWS\werbetorq.dll
O2 - BHO: Gamburg provider - {937A3F9C-6D70-483f-804F-BB6C118FE760} - dsxmm.dll
O2 - BHO: Gamburg provider - {937A3F9C-6D70-483f-804F-BB6C118FE760} - natkssn.dll
O2 - BHO: Editor plugin - {93A0DF75-9A1D-49c0-A850-B2AA6B17E686} - gories.dll
O2 - BHO: Editor plugin - {93A0DF75-9A1D-49c0-A850-B2AA6B17E686} - rmsex.dll
O2 - BHO: H - {943CBD6C-F4DE-40e4-AA43-7B964FAE81F1} - C:\WINDOWS\system32\comi.dll
O2 - BHO: H - {943CBD6C-F4DE-40e4-AA43-7B964FAE81F1} - C:\WINDOWS\system32\comi2.dll
O2 - BHO: C:\WINDOWS\System32\(RandomName).dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - C:\WINDOWS\System32\(RandomName).dll
O2 - BHO: Flash Module - {9480164D-B3AC-45e3-B6D3-B1E53C487320} - nortn32.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\system32\xsfer.dll
O2 - BHO: Explorer - {97182737-4655-64C7-8730-2921803F7A9D} - %Windir%\system\wmcstd32.dll
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - C:\WINDOWS\system32\sipov.dll
O2 - BHO: Microsoft copyright - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - sipov.dll
O2 - BHO: Microsoft copyright - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - tcprp.dll
O2 - BHO: Editor plugin - {9755C866-ED4B-421c-BD27-E602AB086E83} - fowlr.dll
O2 - BHO: BDEX System - {986F4076-F780-4FD2-93C7-6A8C9DAFD7B0} - C:\WINDOWS\domnftwqkt.dll
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: Macromedia utility - {98CC82BB-6094-4852-B34C-55856B6EF489} - C:\WINDOWS\system32\hard1.dll
O2 - BHO: Macromedia utility - {98CC82BB-6094-4852-B34C-55856B6EF489} - C:\WINDOWS\system32\soft1.dll
O2 - BHO: Flash Module - {98D87377-7467-4d66-9B17-363B1964958A} - macdav1.dll
O2 - BHO: Flash Module - {98D87377-7467-4d66-9B17-363B1964958A} - moishar.dll
O2 - BHO: Editor plugin - {9916AF04-5F23-4ae8-A2B1-1C4FF50B2A51} - bulgan.dll
O2 - BHO: Rmn plugin - {9988775D-4368-4857-871A-D01D66CA3A71} - ritz8.dll
O2 - BHO: WarningBHO Class - {9989F1F6-70DE-4244-AC9F-6672983681A0} - C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll
O2 - BHO: Editor plugin - {99955C7E-0EA2-4723-BBD1-C18144FBDF30} - cogniti.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: MS Explorer - {9A5C9584-DE98-310B-21A1-899F87184987} - C:\WINDOWS\system\wmdcst32.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB??.dll
O2 - BHO: Editor plugin - {9AEE9C0D-FD38-45fc-B09A-BA9B6B614780} - barka.dll
O2 - BHO: MS Explorer - {9B5A95FA-DFAF-31AB-A1AF-8A9FA7F8A98E} - C:\WINDOWS\system\wmecst32.dll
O2 - BHO: H - {9BBF4D32-FF94-4342-83E7-1E7793602DFA} - codif123.dll
O2 - BHO: H - {9BBF4D32-FF94-4342-83E7-1E7793602DFA} - tehyrd12.dll
O2 - BHO: MSVPS System - {9C985AC6-A138-4EAB-B10A-DC522F755146} - C:\WINDOWS\popnetdpt.dll
O2 - BHO: SXG Advisor - {9E40777E-C901-4623-88FA-7D0DF61B0E0F} - C:\WINDOWS\dmdvpnwrf.dll
O2 - BHO: ReadFile Class - {9E4F45DB-2EC3-4b09-91F9-31C702B3285D} - C:\WINDOWS\System32\tgs.dll
O2 - BHO: MS Explorer - {9E5E95F4-DF9F-31EB-D1AF-8F9F87F8D98E} - C:\WINDOWS\system\wmhcst32.dll
O2 - BHO: Editor plugin - {9F1D47EA-80B7-4f21-A9D3-3738F20596EE} - diskdr.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: Editor plugin - {9F4BC278-AA12-4716-A1EC-F1888B200F89} - loadplg.dll
O2 - BHO: VPNS System - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - C:\WINDOWS\dxdiag.dll
O2 - BHO: VPNS System - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - C:\WINDOWS\iesettings.dll
O2 - BHO: H - {9FF1F987-4767-4986-99CB-425E55CC946D} - C:\WINDOWS\system32\gooels.dll
O2 - BHO: OFK System - {A04EE79B-B894-4CE9-AD27-CAEBA40709A4} - C:\WINDOWS\blopenvtdq.dll
O2 - BHO: H - {A07B13C3-EBC8-49da-A4E3-08F9275FF68B} - sores2.dll
O2 - BHO: (no name) - {A0D5BF8B-93CC-4D2B-A47C-E3803C2EBCE6} - C:\WINDOWS\system32\ATIDD.dll
O2 - BHO: MSVPS System - {A1770FD6-A7CB-44DA-AD2C-692D2A2B521B} - C:\WINDOWS\vpsnetwork.dll
O2 - BHO: CLinkerBHO Class - {A1FF3ECE-0EC3-4035-A67D-726A574748B8} - C:\WINDOWS\System32\AcroCLinker.dll
O2 - BHO: iHelper - {A1FF3ECE-0EC3-4035-A67D-726A574748B8} - C:\WINDOWS\system32\iHelper.dll
O2 - BHO: AVLWarningBHO Class - {A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6} - C:\Program Files\AntiVirusLab2009\AVLWarning.dll
O2 - BHO: AVLWarningBHO Class - {A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6} - C:\Program Files\VirusResponseLab2009\AVLWarning.dll
O2 - BHO: Google Module - {A2487E9B-AAE5-4d21-ADDE-1F342354974A} - supstar1.dll
O2 - BHO: SXG Advisor - {A2F12137-1918-4F31-B179-94C21A1E2BC2} - C:\WINDOWS\dmdvpnvnp.dll
O2 - BHO: QuickTalk 2.1 - {A34FA88D-8437-4634-8A60-E913011EF2E5} - %AppData%\sp2\qaccess.dll
O2 - BHO: QuickTalk 2.1 - {A34FA88D-8437-4634-8A60-E913011EF2E5} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Flash Module - {A3D58EFF-4C5C-41ba-8A80-9380851D5B50} - fandorin.dll
O2 - BHO: e404 helper - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - C:\Program Files\Helper\**********.dll
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll
O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\WINDOWS\system32\iebt.dll
O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\Program Files\Web Technologies\iebt.dll
O2 - BHO: Editor plugin - {A4A84253-2524-4d4c-9F40-8845EC6F2EEA} - magnum.dll
O2 - BHO: MSVPS System - {A4D00A75-F69A-49FD-9058-AB925712CCFF} - C:\WINDOWS\popnetkqw.dll
O2 - BHO: BHO.toolbar3 - {A4D16645-4149-41FB-B670-E06072E540C1} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: H - {A4DF4368-6574-4c12-AD03-50C0786F50B2} - evaddeode.dll
O2 - BHO: H - {A4DF4368-6574-4c12-AD03-50C0786F50B2} - tochss.dll
O2 - BHO: Editor plugin - {A4E37073-20A4-468a-BBFF-9A97A3EA2FEB} - commert.dll
O2 - BHO: Editor plugin - {A4E37073-20A4-468a-BBFF-9A97A3EA2FEB} - paradise.dll
O2 - BHO: VPNS System - {A5845A98-EBDA-4670-9DE6-5201C506E741} - C:\WINDOWS\iedrives.dll
O2 - BHO: VPNS System - {A5845A98-EBDA-4670-9DE6-5201C506E741} - C:\WINDOWS\iexploree.dll
O2 - BHO: MSVPS System - {A5CBE954-5DEA-4073-A404-382B3F3AD6FA} - C:\WINDOWS\__bho_dll__.dll
O2 - BHO: H - {A5D506DF-EF88-44db-917C-E56FF9E2A4FD} - C:\WINDOWS\System32\gorem2.dll
O2 - BHO: H - {A5D506DF-EF88-44db-917C-E56FF9E2A4FD} - C:\WINDOWS\System32\sours.dll
O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
O2 - BHO: H - {A68AE31E-C5A6-41aeca1.dll
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: MSVPS System - {A716011B-4637-44D0-922B-F1E88CC7CC73} - C:\WINDOWS\werbetpql.dll
O2 - BHO: TKTS System - {A717DBE3-D78D-4aa7-BDCF-2CC06B36371B} - C:\WINDOWS\Policies.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\AutoUpdateWin31.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\Win31SecurityUpdates.dll
O2 - BHO: VirRLWarningBHO Class - {A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} - C:\Program Files\VirRL2009\VirRLWarning.dll
O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl
O2 - BHO: BDEX System - {A8565FBC-8D53-4D4F-9BB0-CBC68A22B126} - C:\WINDOWS\blopenvxdt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - %ProgramFiles%\Google\googletoolbar1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - %UserProfile%\Google\googletoolbar1.dll
O2 - BHO: H - {AA7F2000-EA05-489d-900C-3C7C0A5497A3} - C:\WINDOWS\system32\aewwwa2.dll
O2 - BHO: H - {AA7F2000-EA05-489d-900C-3C7C0A5497A3} - C:\WINDOWS\system32\rwera21s1.dll
O2 - BHO: MS Explorer - {AB4A94FA-4F4F-34AB-41A4-849FA4F8A48E} - C:\WINDOWS\system\wmzcts32.dll
O2 - BHO: (no name) - {AB516C2C-7BC0-41DD-A0C6-301127177528} - C:\WINDOWS\system32\ipv6mond.dll
O2 - BHO: H - {AB800DA0-CFC9-4bcc-BC3E-DBA1E07002E5} - ferma12.dll
O2 - BHO: H - {AB800DA0-CFC9-4bcc-BC3E-DBA1E07002E5} - fertili.dll
O2 - BHO: Editor plugin - {ABA24A5E-155B-433a-9D0A-4835754D3915} - eishci.dll
O2 - BHO: Editor plugin - {ABA24A5E-155B-433a-9D0A-4835754D3915} - pecker.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
O2 - BHO: Image Helper - {ABD7C2DD-84DE-28FC-1E72-323394635866} - C:\WINDOWS\system\bqmtcs32.dll
O2 - BHO: Image Helper - {ABDAC2AD-A4DE-A8FC-AE72-3A3A94635866} - C:\WINDOWS\system\bomtcs32.dll
O2 - BHO: H - {AC1266E4-D472-4557-9A5C-F43E5C485453} - ferma12.dll
O2 - BHO: MSVPS System - {AC546B33-036A-41DA-B1CC-C1D15659520E} - C:\WINDOWS\movctrlflm.dll
O2 - BHO: MSVPS System - {AC546B33-036A-41DA-B1CC-C1D15659520E} - C:\WINDOWS\movctrlknq.dll
O2 - BHO: MSVPS System - {ACB1497A-9869-44DE-8EBF-7CA6FAC1C2A5} - C:\WINDOWS\popnetksd.dll
O2 - BHO: e404 helper - {ACD587E9-0E47-4CBE-ABCD-7DD20B86F310} - C:\Program Files\s300\s300_**********.dll
O2 - BHO: MSVPS System - {ACD85107-9CF9-4C9E-B0B7-39940A0017C0} - C:\WINDOWS\nsduo.dll
O2 - BHO: Macromedia Flash - {AD03571F-C182-D851-A69F-96C80BF4B23B} - C:\WINDOWS\system\dlgctl32.dll
O2 - BHO: H - {AD5C390A-B02A-48fa-9A37-3BEC9724BBF0} - C:\WINDOWS\system32\c5q1.dll
O2 - BHO: H - {AD5C390A-B02A-48fa-9A37-3BEC9724BBF0} - C:\WINDOWS\system32\cr3m.dll
O2 - BHO: Editor plugin - {ADB6F7BF-8CE0-4900-A35E-A643B82BE587} - cocon.dll
O2 - BHO: Editor plugin - {ADB6F7BF-8CE0-4900-A35E-A643B82BE587} - matorm.dll
O2 - BHO: Editor plugin - {ADBC0CB9-CCC5-495f-B578-4B9BB82B03DF} - woodtype.dll
O2 - BHO: (no name) - {AE18FD68-18B1-4789-8D45-F4E1512FE733} - C:\WINDOWS\system32\ipv6moni.dll
O2 - BHO: MSVPS System - {AEAAD087-D66D-4FA3-A366-8F47C32E9E5F} - C:\WINDOWS\popnetnlf.dll
O2 - BHO: Adobe Flash Media - {AEAB3281-9D99-A88C-376F-356243B55031} - C:\WINDOWS\system\hqttse32.dll
O2 - BHO: Macromedia Movie - {AECB328C-AD19-A18C-386F-35A24BB56081} - C:\WINDOWS\system\bfdtsc32.dll
O2 - BHO: MSVPS System - {AF12CF13-DC3B-461C-B5CE-894806C15303} - C:\WINDOWS\sconf32.dll
O2 - BHO: Data Tracker - {AF3A4E11-2F63-35EF-D6BC-F3646308105D} - %Windir%\system\gowtae32.dll
O2 - BHO: Flash Module - {AFFF013B-EA0C-4218-8CA5-71629CEC51AF} - btaskv.dll
O2 - BHO: Flash Module - {AFFF013B-EA0C-4218-8CA5-71629CEC51AF} - ktaskr.dll
O2 - BHO: SXG Advisor - {B0F2B740-1E56-450F-93FE-C23419DEC7C6} - C:\WINDOWS\dopfwrltfx.dll
O2 - BHO: H - {B1FBF2E1-C164-4ebe-AB04-B839655CC927} - gyrpsy23.dll
O2 - BHO: H - {B1FBF2E1-C164-4ebe-AB04-B839655CC927} - sffer2222.dll
O2 - BHO: pl - {B200799F-9538-403d-9A6E-36F5942EC540} - C:\WINDOWS\system32\kjsoft64.dll
O2 - BHO: pl - {B200799F-9538-403d-9A6E-36F5942EC540} - C:\WINDOWS\system32\rcsoft32.dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {B2AC49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: H - {B3056695-CE91-404e-BD3B-62A4A3E6ADFD} - w1m.dll
O2 - BHO: MSVPS System - {B35BBAFB-6C86-4EC4-919C-C3FFF30A6CA2} - C:\WINDOWS\popnetgdv.dll
O2 - BHO: H - {B394B625-AFFF-409f-B704-8251C818102A} - markoov123.dll
O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\WINDOWS\system32\msram.dll
O2 - BHO: HelloWorldBHO - {B3A05538-8F91-49C1-8EE3-6EB142B41E2A} - C:\Program Files\Microsoft Help\Microsoft.System.Help.dll
O2 - BHO: HelloWorldBHO - {B3A05538-8F91-49C1-8EE3-6EB142B41E2A} - C:\Program Files\Microsoft Help\Microsoft.System.Help.Library.dll
O2 - BHO: HelloWorldBHO - {B3A05538-8F91-49C1-8EE3-6EB142B41E2A} - C:\Program Files\Microsoft Help\Microsoft.System.Help.Object.dll
O2 - BHO: Editor plugin - {B3A4CC65-CCEE-4de3-A63B-BF05CF5DE33E} - masterc.dll
O2 - BHO: Editor plugin - {B3A4CC65-CCEE-4de3-A63B-BF05CF5DE33E} - winbios1.dll
O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - %TEMP%\ieobj.dll
O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - C:\WINDOWS\TEMP\ieobj.dll
O2 - BHO: Codec pack - {b448d946-3623-42ab-ba32-c08651e36980} - C:\Program Files\Common Files\System\sys_vd4.dat
O2 - BHO: OFK System - {B46BB2AD-089A-43B6-988F-C92C7C9AA206} - C:\WINDOWS\vipextndl.dll
O2 - BHO: MSVPS System - {B46BB2AD-089A-43B6-988F-C92C7C9AA206} - C:\WINDOWS\vipextndl.dll
O2 - BHO: VResLabWarningBHO Class - {B494E7BB-1E33-4922-A947-F74EFF4E714F} - C:\Program Files\VResLab\VResLabWarning.dll
O2 - BHO: H - {B4E4851C-1EAA-481a-8A94-D66A7141505E} - hoexk.dll
O2 - BHO: Helper Class - {B4FAF6E4-77D0-46c7-8656-7F7B45056451} - C:\WINDOWS\system32\helper.dll
O2 - BHO: Helper Class - {B4FAF6E4-77D0-46c7-8656-7F7B45056451} - C:\WINDOWS\system32\helper1.dll
O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - C:\Program Files\IE Extensions\cj.v5.dll
O2 - BHO: (no name) - {B58BF1FF-4311-427C-8332-BE17DD9873CF} - C:\WINDOWS\System32\ipv6monk.dll
O2 - BHO: H - {B58CDA2A-F42B-4622-951F-C68381DA7708} - wer2tm.dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {B5AC49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {B5AF0562-94F3-42BD-F434-2604812C297D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Editor plugin - {B5DB5206-2EB0-49cb-8C9E-7417007B65D7} - smuhdd.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - soros11.dll
O2 - BHO: FLV Helper - {B6DBC2BD-B4DE-B8FC-BE72-3B3A9B6358B6} - C:\WINDOWS\system\bimtcs32.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\autoexcs.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\autoexec.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\system.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\systems.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll
O2 - BHO: TMSN Class - {B72549CE-5644-4116-B8A4-A2B042321EC4} - C:\WINDOWS\Policies.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Flash Module - {B7A4FE11-BF1A-467b-9E24-C4CF9CFC74AF} - korkyst.dll
O2 - BHO: Flash Module - {B7A4FE11-BF1A-467b-9E24-C4CF9CFC74AF} - stylem1.dll
O2 - BHO: Flash Module - {B7DBC368-1D6A-4311-A138-FCBC251F1BBD} - btask.dll
O2 - BHO: Flash Module - {B7DBC368-1D6A-4311-A138-FCBC251F1BBD} - ktask.dll
O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - C:\Program Files\Web Technologies\iebt.dll
O2 - BHO: Flash Module - {B8754114-53BA-4b82-9B87-AB07B3AC07BB} - btasv.dll
O2 - BHO: Flash Module - {B8754114-53BA-4b82-9B87-AB07B3AC07BB} - ktasr.dll
O2 - BHO: Google Module - {B87D203B-B43D-4af9-9E1B-9C20478CBB74} - strike12.dll
O2 - BHO: Google Module - {B87D203B-B43D-4af9-9E1B-9C20478CBB74} - strike45.dll
O2 - BHO: Google Module - {B87D203B-B43D-4af9-9E1B-9C20478CBB74} - tardeme2.dll
O2 - BHO: Google Module - {B87D203B-B43D-4af9-9E1B-9C20478CBB74} - tardm2.dll
O2 - BHO: Flash Module - {B9249083-6055-476c-A69D-13E110BFEA91} - tconn1.dll
O2 - BHO: Flash Module - {B9249083-6055-476c-A69D-13E110BFEA91} - tlove2.dll
O2 - BHO: H - {B9DD8DEA-7F71-4490-A2D1-8897BDD166BA} - eseesss.dll
O2 - BHO: (no name) - {BB604754-D031-4D2E-AB6C-BF3D367F6944} - %AppData%\redir.dll
O2 - BHO: MSVPS System - {BC305684-8946-4d65-AB1D-10AE276D87ED} - C:\WINDOWS\msdn.dll
O2 - BHO: as_ie_monitor.ie_monitor - {BD73EBF4-BA5A-4C41-B13F-84E8CA5F2599} - C:\Program Files\AntispyStorm\as_ie_monitor.dll
O2 - BHO: H - {BD995DE5-2A73-4b82-A161-327DD0ECB3A3} - C:\WINDOWS\system32\coq.dll
O2 - BHO: H - {BD995DE5-2A73-4b82-A161-327DD0ECB3A3} - C:\WINDOWS\system32\crim.dll
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll
O2 - BHO: H - {BE639B7E-59E1-4e6f-9E1F-5F9D7DF29176} - qwe123434.dll
O2 - BHO: H - {BE7C1A37-6907-4bc5-A80A-B8C0CC6F7E6A} - hjkkddwv.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\**********.dll
O2 - BHO: H - {C0625C1D-3079-44f9-B649-63B9836DB3CB} - C:\WINDOWS\system32\cr3m.dll
O2 - BHO: H - {C0625C1D-3079-44f9-B649-63B9836DB3CB} - C:\WINDOWS\System32\c5q1.dll
O2 - BHO: Editor plugin - {C06B53BC-6E09-42af-B166-8D0BD6D1A152} - diskdr.dll
O2 - BHO: Editor plugin - {C06B53BC-6E09-42af-B166-8D0BD6D1A152} - mountr.dll
O2 - BHO: FeedBack 0.2 - {C0FF3949-2B75-4C1A-970E-BF98CC6A32C6} - C:\Windows\System32\dass.dll
O2 - BHO: FeedBack 0.2 - {C0FF3949-2B75-4C1A-970E-BF98CC6A32C6} - C:\Windows\System32\fi_opa.dll
O2 - BHO: H - {C1315DAE-F973-401c-94B0-C99BA8F1701E} - soirrd.dll
O2 - BHO: Editor plugin - {C1867AC5-8518-4933-B1C6-B424F7652E99} - sbufke.dll
O2 - BHO: H - {C1C1C7C9-1987-47d1-9A55-20E1B1EB5FF2} - markew.dll
O2 - BHO: Media Soft - {C222CF63-722F-4561-94AC-E683D962C63C} - C:\WINDOWS\Media\mplay32.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - sbmdl.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: BDEX System - {C2DE4340-CB68-450F-90CD-9BE1A26739D7} - C:\WINDOWS\domnftwlvq.dll
O2 - BHO: (no name) - {C40624B4-CCDB-4F00-8888-7896032D234A} - %AppData%\redir.dll
O2 - BHO: BDEX System - {C4248759-304D-477D-A1B3-F706CF99756D} - C:\WINDOWS\domnftwlsd.dll
O2 - BHO: Codec pack - {C44Ad542-3B2E-ab42-32ba-a11651A36980} - C:\Program Files\Common Files\System\sys_vd4.dat
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\windows\system32\ramtmb.dll
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\windows\system32\romtmb.dll
O2 - BHO: MSVPS System - {C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901} - C:\WINDOWS\bndsrsqo.dll
O2 - BHO: MSVPS System - {C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901} - C:\WINDOWS\bndsrwgo.dll
O2 - BHO: OFK System - {C5994F58-9261-4D5A-B80F-2708472E774E} - C:\WINDOWS\vipextnog.dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5AF42A3-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5AF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {c5af42a3-94f3-42bd-f434-3604832c897d} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll
O2 - BHO: Editor plugin - {C61F8DB6-1565-4850-BBCB-9F82B3FB6062} - drive01.dll
O2 - BHO: H - {C63BADC7-0FA2-4358-807D-9777FC021E60} - isdd.dll
O2 - BHO: H - {C63BADC7-0FA2-4358-807D-9777FC021E60} - soert1.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
O2 - BHO: MSVPS System - {C6C7C348-C2F9-4465-9B41-121C467CC4E5} - C:\WINDOWS\popnetgqt.dll
O2 - BHO: (no name) - {C6E99D22-2ADE-4D81-A3CF-D2ECF5730CB2} - C:\WINDOWS\system32\ipv6monk.dll
O2 - BHO: JavaClass - {C7BCFD25-5C30-4bcf-9483-6F151A54F7C9} - C:\WINDOWS\system32\iHelper.dll
O2 - BHO: H - {C80FA185-0C28-4806-BA80-3467E02E587F} - so1.dll
O2 - BHO: MSVPS System - {C87D64B5-DF92-4703-90CB-B465B6982941} - C:\WINDOWS\qnxplugin.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - akun54.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll
O2 - BHO: Flash Module - {C8A3B994-E27A-42f5-A053-C63799E621FB} - paruisd.dll
O2 - BHO: Flash Module - {C8A3B994-E27A-42f5-A053-C63799E621FB} - pidfenon.dll
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll
O2 - BHO: H - {C9905EF0-610F-4404-9030-A3F345D069F5} - C:\WINDOWS\system32\comi.dll
O2 - BHO: H - {C9905EF0-610F-4404-9030-A3F345D069F5} - C:\WINDOWS\system32\comi2.dll
O2 - BHO: Gamburg provider - {CA462103-CC5D-4b2e-95D6-01636A838DCB} - tkcom32.dll
O2 - BHO: Gamburg provider - {CA462103-CC5D-4b2e-95D6-01636A838DCB} - hkcom32.dll
O2 - BHO: Hook Class - {CA652F87-82FE-4474-996C-FBDA75AD21AC} - sysw.dll
O2 - BHO: Hook Class - {CA652F87-82FE-4474-996C-FBDA75AD21AC} - sysw1.dll
O2 - BHO: H - {CAAC18B7-DF9E-4d5a-B033-0ED816EF4509} - azery1.dll
O2 - BHO: Help - {CADB5E0F-0223-A58F-D6EF-326223BC90CA} - C:\WINDOWS\system\hnqtse32.dll
O2 - BHO: Internet Explorer Helper - {CB4C94FC-4C4C-34CB-41C4-249CA4C8A4CE} - C:\WINDOWS\system\wmccts32.dll
O2 - BHO: XTN Monitor - {CB6BCBE2-79B4-4B72-BD1F-185FD5A651EB} - C:\WINDOWS\ddwlxtqlmr.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O2 - BHO: H - {CC9BC69C-F035-46bc-A67B-353B8BAE61CD} - fgwsqe_.dll
O2 - BHO: H - {CC9BC69C-F035-46bc-A67B-353B8BAE61CD} - qwww1m.dll
O2 - BHO: H - {CCEBFDB7-5E7D-4149-9BBF-81294AC234D1} - fert12.dll
O2 - BHO: Flash Module - {CD2F34B8-D2A1-4573-855A-464E276BA89D} - sockver1.dll
O2 - BHO: Flash Module - {CD2F34B8-D2A1-4573-855A-464E276BA89D} - sockver2.dll
O2 - BHO: OFK System - {CD592DBF-7138-4805-A93B-B9491B6E53FC} - C:\WINDOWS\vipextmdx.dll
O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\iesearch.dll
O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\msram.dll
O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\search.dll
O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\luapvs.dll
O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - %AppData%\sp1\luapvs.dll
O2 - BHO: MSVPS System - {CF368FC4-3241-409B-B1D6-0EA4FE33A555} - C:\WINDOWS\advrepdow.dll
O2 - BHO: Editor plugin - {CF571BCD-AD39-402b-BADA-BFC15A21D9A8} - woodtype.dll
O2 - BHO: Editor plugin - {CF85A1FF-44B5-4845-ADE0-398286BB389C} - drive01.dll
O2 - BHO: MSVPS System - {CFF8726A-9262-441C-8163-C6371E9EDE47} - C:\WINDOWS\advrepnok.dll
O2 - BHO: MSVPS System - {D030D021-9183-4732-833A-AFBC9D51CD98} - C:\WINDOWS\werbetlvm.dll
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\ieguard.dll
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\IEBHO.dll
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\IEBHO**.dll
O2 - BHO: H - {D0367266-A0E9-4644-A039-0A0CF65FD09A} - ertw1.dll
O2 - BHO: BDEX System - {D10CD11A-4CA6-453A-ABE5-71EA37E1BC45} - C:\WINDOWS\domnftwvmd.dll
O2 - BHO: H - {D11FCCFD-479A-417a-9633-CBDD600E2C6C} - C:\WINDOWS\system32\geyrr.dll
O2 - BHO: OFK System - {D1BA579A-D4E3-4B66-9FDC-0CD11600729F} - C:\WINDOWS\vipextqtr.dll
O2 - BHO: Editor plugin - {D20B45A4-612A-4b1b-ADCA-7DED2B642068} - crubat.dll
O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - pns32.dll
O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - smb32.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\msxml9r.dll
O2 - BHO: XTN Monitor - {D32E29E8-7D5E-422D-A7A2-9005BC915E6C} - C:\WINDOWS\ddwlxtqtno.dll
O2 - BHO: BDEX System - {D3464F94-A3FE-4675-8D96-49B008E12CD3} - C:\WINDOWS\dnqdlpmsom.dll
O2 - BHO: MSVPS System - {D3936AE2-494C-4D80-A4A3-702B63C30104} - C:\WINDOWS\qnxplugin.dll
O2 - BHO: H - {D3992FA1-7712-49ae-A6D5-927FE2F17632} - kotiss.dll
O2 - BHO: H - {D3992FA1-7712-49ae-A6D5-927FE2F17632} - marasm.dll
O2 - BHO: MSVPS System - {D3A3BB03-15BF-4C5B-A01A-4F376C62CBF3} - C:\WINDOWS\popnetxog.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program FileS\Web Technologies\iebt.dll
O2 - BHO: Flash Module - {D471CEA2-EDEC-4184-BE2E-574DD655DD2D} - btaskv.dll
O2 - BHO: Flash Module - {D471CEA2-EDEC-4184-BE2E-574DD655DD2D} - ktaskr.dll
O2 - BHO: H - {D4E2516F-A030-49a7-9500-3EDA3891793D} - qwdsfref.dll
O2 - BHO: Editor plugin - {D4E33493-CFAD-46a7-922B-53BE560FD6F1} - mountr.dll
O2 - BHO: e404 helper - {D4FEDE82-C500-4AA4-BB99-A4DAE5A65A46} - C:\Program Files\Helper\**********.dll
O2 - BHO: MSVPS System - {D5375315-6567-4DCA-8344-C78AA4B89C11} - C:\WINDOWS\oprevfqv.dll
O2 - BHO: Rmn plugin - {D619AF-6D3D-4E50-8B1B-C6DDE13DC7E5} - gcomd32.dll
O2 - BHO: MSVPS System - {D76F06D4-1659-482d-BCB2-3F731BFE0941} - C:\WINDOWS\msdn.dll
O2 - BHO: SXG Advisor - {D79A1DFF-DF93-4AE0-851C-A1F8CA9C78F5} - C:\WINDOWS\dmdvpnkgn.dll
O2 - BHO: XTN Monitor - {D7A1D78A-8423-4660-AE43-01F15E11AD7E} - C:\WINDOWS\dnqdlpmmwv.dll
O2 - BHO: Editor plugin - {D7C5460A-5F36-4af2-B9D3-60B49931156A} - diskdr.dll
O2 - BHO: SXG Advisor - {D7C622D9-8999-4FDF-81EB-E6B0A547FA61} - C:\WINDOWS\dmdvpnwgp.dll
O2 - BHO: H - {D7E59452-E14F-4128-9DAE-93459CA96CAD} - esxplos.dll
O2 - BHO: H - {D7E59452-E14F-4128-9DAE-93459CA96CAD} - silesence.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: Editor plugin - {D8BF9488-4F5C-41f7-8EE5-358FA79C5092} - cupid1.dll
O2 - BHO: Editor plugin - {D8BF9488-4F5C-41f7-8EE5-358FA79C5092} - nuid1.dll
O2 - BHO: Gamburg provider - {D8E11460-0D64-4a20-BED9-BA68BED58342} - rppcs.dll
O2 - BHO: Gamburg provider - {D8E11460-0D64-4a20-BED9-BA68BED58342} - wirpc.dll
O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jkcom32.dll
O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jzcom32.dll
O2 - BHO: H - {DA42BBFB-8F4D-4e94-8B0C-D7E0211BF116} - eddd11.dll
O2 - BHO: (no name) - {DA72027A-ADBE-4D82-B8FA-A252B41AB187} - C:\WINDOWS\system32\ipv6monh.dll
O2 - BHO: H - {DAAD7A7D-A85C-4407-A336-5AB5354A6869} - q333wrm.dll
O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mskvtns.dll
O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mspoolg.dll
O2 - BHO: Hook Class - {DBA0F35F-BCD6-4602-863A-96893E4DE018} - C:\WINDOWS\system32\repl.dll
O2 - BHO: Editor plugin - {DC1CCBD3-F6B7-458f-8412-3687E06FB393} - netmonit.dll
O2 - BHO: Editor plugin - {DC1CCBD3-F6B7-458f-8412-3687E06FB393} - plugor.dll
O2 - BHO: rmd - {DE5F80FD-8A16-4E53-A670-25EDD1152274} - C:\WINDOWS\system32\rmd.dll
O2 - BHO: Flash Module - {DE61A348-1AA9-4742-B50B-6299A25598FD} - sockver1.dll
O2 - BHO: Flash Module - {DE61A348-1AA9-4742-B50B-6299A25598FD} - sockver2.dll
O2 - BHO: Macromedia Movie - {DEFBC2DC-A419-A88C-7866-35824BC53021} - C:\WINDOWS\system\bedtsc32.dll
O2 - BHO: H - {DF306879-DC73-494d-8579-FF2E61B968F9} - C:\WINDOWS\System32\c5q1.dll
O2 - BHO: H - {DF306879-DC73-494d-8579-FF2E61B968F9} - C:\WINDOWS\System32\cr3m.dll
O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Program Files\Helper\**********.dll
O2 - BHO: Flash Module - {DF50F976-592A-47a4-81C7-AD34D5A3A947} - btasv.dll
O2 - BHO: Flash Module - {DF50F976-592A-47a4-81C7-AD34D5A3A947} - ktasr.dll
O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll
O2 - BHO: H - {E0DA2537-462B-4fed-8B41-F494C06ED2F6} - C:\WINDOWS\system32\rceewesdca1.dll
O2 - BHO: H - {E0E37093-DF7C-4c82-A0BD-9FD8EF7A009B} - borrow11.dll
O2 - BHO: H - {E0E37093-DF7C-4c82-A0BD-9FD8EF7A009B} - soing1.dll
O2 - BHO: H - {E10BA102-6EB1-4bb4-AACF-5CC6D1110E21} - weq24m.dll
O2 - BHO: Flash Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - btask.dll
O2 - BHO: Flash Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - ktask.dll
O2 - BHO: N.Cs4 - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - C:\WINDOWS\system32\wsock32.sys
O2 - BHO: Microsoft Explorer - {E1D720DC-3612-8AA5-41B1-FF359B4FAC04} - C:\WINDOWS\system32\msrctlg.dll
O2 - BHO: ThreatWarningBHO Class - {E1FAB6BD-4A34-47ce-82AF-50B16A6BE77E} - C:\Program Files\aspch\ThreatWarning.dll
O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll
O2 - BHO: H - {E212B4E1-BA10-49c1-ADB1-6456D704CA6E} - q24m.dll
O2 - BHO: Microsoft Explorer - {E2E831ED-4612-8AA5-41B1-FA15914FAC04} - C:\WINDOWS\system32\mslctlg.dll
O2 - BHO: (no name) - {E37D4210-1D22-437A-96B6-977EC202869E} - %AppData%\redir.dll
O2 - BHO: Microsoft Explorer - {E3D12CDB-16F2-7A25-4EB1-9F3B9B44AC84} - C:\WINDOWS\system32\mmsctl32.dll
O2 - BHO: Editor plugin - {E4B4FEAA-FC1B-488d-9AA4-EDD924EAA809} - drive01.dll
O2 - BHO: Editor plugin - {E4B4FEAA-FC1B-488d-9AA4-EDD924EAA809} - flashm1.dll
O2 - BHO: MSVPS System - {E4BAF378-7320-4A48-91DD-D9CCDDF6458E} - C:\WINDOWS\__bho_dll__.dll
O2 - BHO: MSVPS System - {E4BAF378-7320-4A48-91DD-D9CCDDF6458E} - C:\WINDOWS\vpsnetwork.dll
O2 - BHO: XTN Monitor - {E587DEAB-947E-4BF0-8439-BDC82913A9AE} - C:\WINDOWS\ddwlxtqdpn.dll
O2 - BHO: Editor plugin - {E5927A15-756E-40c3-957E-C020262D53B7} - eurodol.dll
O2 - BHO: H - {E59A19A8-C8F3-4370-A588-858767E8F450} - cim5654m.dll
O2 - BHO: Microsoft Explorer - {E5D8224B-1773-7231-4880-99309543AC84} - C:\WINDOWS\system32\mmsdb32.dll
O2 - BHO: MSVPS System - {E6E59F48-7BF8-4BEE-B906-273526C25DA4} - C:\WINDOWS\advrepvto.dll
O2 - BHO: H - {E75F62A0-8043-40ce-9342-1BD5DEA28D5D} - ffer2222.dll
O2 - BHO: Flash Module - {E7A4C0C8-2BFF-4241-9E8C-92E10245EC28} - ppret2.dll
O2 - BHO: Flash Module - {E7A4C0C8-2BFF-4241-9E8C-92E10245EC28} - simcard1.dll
O2 - BHO: Still Image - {E8656DAF-0229-BA16-E97D-31557D631863} - C:\WINDOWS\system\mtstct32.dll
O2 - BHO: Flash Module - {E8CD09B0-BA55-4157-9E84-6B4B1C89B9A0} - sockver1.dll
O2 - BHO: Flash Module - {E8CD09B0-BA55-4157-9E84-6B4B1C89B9A0} - sockver2.dll
O2 - BHO: ExpertHelper - {EB6EC5D7-7D19-A8C7-D607-F0993BF94A9F} - C:\Program Files\ExpertHelper\ExpertHelper-1.dll
O2 - BHO: Editor plugin - {ECBA18CA-FF22-464c-A963-70BEC79D2485} - cukert.dll
O2 - BHO: Editor plugin - {ECBA18CA-FF22-464c-A963-70BEC79D2485} - masyan.dll
O2 - BHO: MSVPS System - {ECBD04D1-1133-4480-8A8C-BC9FDD54D6C1} - C:\WINDOWS\afxp.dll
O2 - BHO: MSVPS System - {ECBD04D1-1133-4480-8A8C-BC9FDD54D6C1} - C:\WINDOWS\div32.dll
O2 - BHO: Flash Module - {EDA4EECA-6938-40ec-A076-3DEAEC1448D7} - btasv.dll
O2 - BHO: Flash Module - {EDA4EECA-6938-40ec-A076-3DEAEC1448D7} - ktasr.dll
O2 - BHO: Editor plugin - {EDF2650F-8C34-46a4-838B-61640A7688E1} - netmonit.dll
O2 - BHO: BDEX System - {EED340D3-CBD6-44FF-9864-78775393FA91} - C:\WINDOWS\dxpvqlmpdn.dll
O2 - BHO: H - {F0503F11-7C3E-4c2b-A382-06ED3B86C790} - matahsw.dll
O2 - BHO: H - {F0503F11-7C3E-4c2b-A382-06ED3B86C790} - moex.dll
O2 - BHO: MSVPS System - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - C:\WINDOWS\blopenvtok.dll
O2 - BHO: OFK System - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - C:\WINDOWS\blopenvtok.dll
O2 - BHO: Editor plugin - {F0A50A90-9621-486e-B7FB-4A5CA8A42C90} - banis.dll
O2 - BHO: Editor plugin - {F0A50A90-9621-486e-B7FB-4A5CA8A42C90} - militar.dll
O2 - BHO: Flash Module - {F0CBF6F9-4471-4257-ABC4-BCE4EF2ED5ED} - btasv.dll
O2 - BHO: Flash Module - {F0CBF6F9-4471-4257-ABC4-BCE4EF2ED5ED} - ktasr.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\**********.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\**********.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8633DD} - C:\Program Files\Helper\**********.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\*.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404DHelper\*.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\**********.dll
O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\**********.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\**********.dll
O2 - BHO: H - {F1ADD976-83D8-4087-98D5-6BDDFF945309} - C:\WINDOWS\system32\crm.dll
O2 - BHO: XTN Monitor - {F1F22D55-94CB-4433-9D58-B08C8C47DDF0} - C:\WINDOWS\ddwlxtqxdm.dll
O2 - BHO: H - {F24C07F4-CADB-4e63-B7B8-B5A31FC087CF} - gEEEyrpsy23.dll
O2 - BHO: Editor plugin - {F2756903-D04D-4afb-82E2-C5FFF15978B6} - bear1.dll
O2 - BHO: Editor plugin - {F2756903-D04D-4afb-82E2-C5FFF15978B6} - cotton1.dll
O2 - BHO: MSVPS System - {F2907788-4E00-494F-A401-8DFD63EE8FE4} - C:\WINDOWS\werbetlrw.dll
O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - c:\autoex.dll
O2 - BHO: (no name) - {F3642B57-3EA8-4EEA-A643-9DE138381A57} - C:\Program Files\WinX Security Center\redir.dll
O2 - BHO: Editor plugin - {F36BA0BE-4D3D-4fef-9CA2-080DD73BEFF1} - bulgan.dll
O2 - BHO: Editor plugin - {F36BA0BE-4D3D-4fef-9CA2-080DD73BEFF1} - raboic.dll
O2 - BHO: BDEX System - {F47B34BF-B7DE-4BEB-B6E5-0FE04F0C90E3} - C:\WINDOWS\domnftwost.dll
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O2 - BHO: Editor plugin - {F54F433C-2FEC-4875-9E1F-7DE78BCEAD08} - mountr.dll
O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll
O2 - BHO: H - {F609BBF8-20BC-41d1-A5B3-2C99F5BF0FD3} - bordsho.dll
O2 - BHO: H - {F609BBF8-20BC-41d1-A5B3-2C99F5BF0FD3} - coposes.dll
O2 - BHO: MSVPS System - {F675EED8-4A4B-4A11-801B-08297749B83D} - C:\WINDOWS\oprevnpx.dll
O2 - BHO: ISO Helper - {F6FB52D0-B4AE-ABFC-BED6-3B229BC55056} - C:\WINDOWS\system\bumtcs32.dll
O2 - BHO: MSVPS System - {F70331EF-E4B2-4DA1-87E2-9BF7C9BB632E} - C:\WINDOWS\dopfwrlnol.dll
O2 - BHO: MSVPS System - {F7CDF7FE-98B1-43FE-A694-E52E605AA60D} - C:\WINDOWS\werbetxdp.dll
O2 - BHO: FLV Helper - {F7F752D7-74AE-7BFC-BE76-7B2297C55076} - C:\WINDOWS\system\bvmtcs32.dll
O2 - BHO: ASP Helper - {F7FB51D0-79AE-A3FC-B6D6-0B221BC55056} - C:\WINDOWS\system\bpimts32.dll
O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - berg2.dll
O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll
O2 - BHO: Flash Module - {F86C29E1-DEED-41b1-956A-9C08B6D12399} - btasv.dll
O2 - BHO: Flash Module - {F86C29E1-DEED-41b1-956A-9C08B6D12399} - ktasr.dll
O2 - BHO: H - {F86F088F-291F-430a-BD81-3BE6450B0E64} - maccoffe.dll
O2 - BHO: TBBho Class - {F8EA6827-1B82-494a-ACAC-A582A714DCA8} - C:\WINDOWS\tBHO.dll
O2 - BHO: H - {F92B50DB-FEA3-4196-B955-537DB4D8268A} - e2rt1.dll
O2 - BHO: Editor plugin - {FA0CFF74-9D9E-4811-8270-FEE0D1023E6B} - borjomi.dll
O2 - BHO: Editor plugin - {FA0CFF74-9D9E-4811-8270-FEE0D1023E6B} - corosm.dll
O2 - BHO: Gamburg provider - {FD29313B-391A-4691-AF33-5A29C4EC6339} - bnsock.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\TrustedAntivirus\Tools\IEFWBHO.dll
O2 - BHO: Google Module - {FC3DDA79-D1D4-47e4-A38E-27C8C1FEAB5E} - bagetionwll.dll
O2 - BHO: Google Module - {FC3DDA79-D1D4-47e4-A38E-27C8C1FEAB5E} - rozmchild.dll
O2 - BHO: IEDefenderBHO - {FC8A493F-D236-4653-9A03-2BF4FD94F643} - C:\Windows\System32\IEDefender.dll
O2 - BHO: MSVPS System - {FC91E698-C4BA-4564-9B85-659E38FCE154} - C:\WINDOWS\advrepgds.dll
O2 - BHO: OFK System - {FDCD4D78-718F-4943-A6FB-478DD1AD406B} - C:\WINDOWS\vipextmnq.dll
O2 - BHO: Still Image Monitor - {FEFBD2DC-A4A9-AB8C-7E66-35224BC53021} - C:\WINDOWS\system\bamtsc32.dll
O2 - BHO: Flash Module - {FF37362D-4088-4c36-AEF1-C167F9CD3DAD} - macaaq.dll
O2 - BHO: Flash Module - {FF37362D-4088-4c36-AEF1-C167F9CD3DAD} - nortn32.dll
O2 - BHO: Std plugin - {FFFFFFFF-08DF-483c-BD3A-99CBCF44E4DC} - hnew32.dll
O2 - BHO: Std plugin - {FFFFFFFF-08DF-483c-BD3A-99CBCF44E4DC} - knmld.dll
O2 - BHO: Gamburg Provider - {FFFFFFFF-28F7-41a7-8D75-7E006D0C15B8} - html32.dll
O2 - BHO: Gamburg provider - {FFFFFFFF-6D70-483f-804F-BB6C118FE760} - resnm16
O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - gwin32.dll
O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - swin32.dll
O2 - BHO: Min stor proj. - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll
O2 - BHO: Min stor proj. - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - sincim32.dll
O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll
O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - sincim32.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockots64.dll
O2 - BHO: Gamburg provider - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll
O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - comd32.dll
O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll
O2 - BHO: Std plugin - {ffffffff-dad2-4a4c-848d-2cbfc6f0fd21} - bsn32.dll
O2 - BHO: Std plugin - {ffffffff-dad2-4a4c-848d-2cbfc6f0fd21} - sac32.dll
O2 - BHO: Gamburg provider - {FFFFFFFF-5FBA-43f9-B7DB-2FD61EB25275} - tkcom32.dll
O2 - BHO: Gamburg provider - {FFFFFFFF-5FBA-43f9-B7DB-2FD61EB25275} - hkcom32.dll
O2 - BHO: Gamburg provider - {FFFFFFFF-8F0D-4322-B01F-B42439E0B71C} - hkcom32.dll
O2 - BHO: Gamburg provider - {FFFFFFFF-8F0D-4322-B01F-B42439E0B71C} - tkcom32.dll
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\cygwn32.dll
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll
O3 - Toolbar: atfxqogp - {********-****-****-****-************} - C:\WINDOWS\atfxqogp.dll
O3 - Toolbar: bgrqfetx - {********-****-****-****-************} - C:\WINDOWS\bgrqfetx.dll
O3 - Toolbar: bkqxdons - {********-****-****-****-************} - C:\WINDOWSY\bkqxdons.dll
O3 - Toolbar: dkwqgnbe - {********-****-****-****-************} - C:\WINDOWS\dkwqgnbe.dll
O3 - Toolbar: dpevflbg - {********-****-****-****-************} - C:\WINDOWS\dpevflbg.dll
O3 - Toolbar: edfqvrw - {********-****-****-****-************} - C:\WINDOWS\edfqvrw.dll
O3 - Toolbar: ekvgsnw - {********-****-****-****-************} - C:\WINDOWS\ekvgsnw.dll
O3 - Toolbar: ekxdvft - {********-****-****-****-************} - C:\WINDOWS\ekxdvft.dll
O3 - Toolbar: The elfwgps - {********-****-****-****-************} - C:\WINDOWS\elfwgps.dll
O3 - Toolbar: emotigt - {********-****-****-****-************} - C:\WINDOWS\emotigt.dll
O3 - Toolbar: emotrlq - {********-****-****-****-************} - C:\Windows\emotrlq.dll
O3 - Toolbar: enlfxgw - {********-****-****-****-************} - C:\WINDOWS\enlfxgw.dll
O3 - Toolbar: etlrlws - {********-****-****-****-************} - C:\WINDOWS\etlrlws.dll
O3 - Toolbar: ewrssvw - {********-****-****-****-************} - C:\WINDOWS\ewrssvw.dll
O3 - Toolbar: fdkowvbp - {********-****-****-****-************} - C:\WINDOWS\fdkowvbp.dll
O3 - Toolbar: fqbewlna - {********-****-****-****-************} - C:\WINDOWS\fqbewlna.dll
O3 - Toolbar: gksraemq - {********-****-****-****-************} - C:\WINDOWS\gksraemq.dll
O3 - Toolbar: gktxaspm - {********-****-****-****-************} - C:\WINDOWS\gktxaspm.dll
O3 - Toolbar: gxvpsafm - {********-****-****-****-************} - C:\WINDOWS\gxvpsafm.dll
O3 - Toolbar: mkrndofl - {********-****-****-****-************} - C:\WINDOWS\mkrndofl.dll
O3 - Toolbar: nmwegbsf - {********-****-****-****-************} - C:\WINDOWS\nmwegbsf.dll
O3 - Toolbar: nqgpedlr - {********-****-****-****-************} - C:\WINDOWS\nqgpedlr.dll
O3 - Toolbar: olnmraew - {********-****-****-****-************} - C:\WINDOWS\olnmraew.dll
O3 - Toolbar: peltodgx - {********-****-****-****-************} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: pvnsmfor - {********-****-****-****-************} - C:\WINDOWS\pvnsmfor.dll
O3 - Toolbar: qalkfxor - {********-****-****-****-************} - C:\WINDOWS\qalkfxor.dll
O3 - Toolbar: qndsfmao - {********-****-****-****-************} - C:\WINDOWS\qndsfmao.dll
O3 - Toolbar: qtvglped - {********-****-****-****-************} - C:\WINDOWS\qtvglped.dll
O3 - Toolbar: qvdntlmw - {********-****-****-****-************} - C:\WINDOWS\qvdntlmw.dll
O3 - Toolbar: rafbsvnx - {********-****-****-****-************} - C:\WINDOWS\rafbsvnx.dll
O3 - Toolbar: rosqxvmn - {********-****-****-****-************} - C:\WINDOWS\rosqxvmn.dll
O3 - Toolbar: rtsplgob - {********-****-****-****-************} - C:\WINDOWS\rtsplgob.dll
O3 - Toolbar: sgoblxtm - {********-****-****-****-************} - C:\WINDOWS\sgoblxtm.dll
O3 - Toolbar: sqvgnrpx - {********-****-****-****-************} - C:\WINDOWS\sqvgnrpx.dll
O3 - Toolbar: stfngdvw - {********-****-****-****-************} - C:\WINDOWS\stfngdvw.dll
O3 - Toolbar: vnbptxlf - {********-****-****-****-************} - C:\WINDOWS\vnbptxlf.dll
O3 - Toolbar: vrmdtneg - {********-****-****-****-************} - C:\WINDOWS\vrmdtneg.dll
O3 - Toolbar: vwsrfton - {********-****-****-****-************} - C:\WINDOWS\vwsrfton.dll
O3 - Toolbar: wvfsrqab - {********-****-****-****-************} - C:\WINDOWS\wvfsrqab.dll
O3 - Toolbar: wxdbpfvo - {********-****-****-****-************} - C:\WINDOWS\wxdbpfvo.dll
O3 - Toolbar: The egodktf - {00C1B214-1408-4F51-90AE-7EDAC2FAC36E} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The egodktf - {00E1F032-D6AD-40E3-8AAF-ED8CAE5EC678} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The bonsws - {05E9894E-9C5F-454B-A6E1-7BEF518EC87E} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The egodktf - {0720868F-9F83-48AB-B1C2-284674202F72} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The voipwet - {0F54B96C-3482-407B-9C9C-A671E08271B5} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The emlkdvo - {114B82D9-FBBF-4CED-8DDC-B42DCF85E18E} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The bonrep - {1277B39C-708C-4A64-9763-B122C18949B0} - C:\WINDOWS\bonrep.dll
O3 - Toolbar: The enqvwkp - {12A25CE9-0A93-4074-9516-A5B1A83141C9} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The emlkdvo - {13EDA0D4-F00D-43B9-8EF2-6313909D3143} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The leosrv - {14E52265-CCA3-4F78-A21B-88F4EE6E78C1} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The voipwet - {167F6405-019D-4F32-8FBE-23B3C63CD8FD} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The hdtip - {17D69B84-065B-4F88-AFE8-3BA9B4907501} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: The ddxbox - {18D19587-63A8-4D24-B79D-267E8A3AB0BF} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: Internet Service - {1C56E97B-A95F-47B2-93C0-3FEED24479A7} - C:\Program Files\Web Technologies\iebr.dll
O3 - Toolbar: The jokwmp - {1C56ED66-9488-4D8F-B028-8BBABABB8361} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The nssfrch - {1699137C-B90E-4488-97BC-575C896C2B5C} - C:\WINDOWS\nssfrch.dll
O3 - Toolbar: The sdrmod - {16A0662E-AC21-4AD9-89E8-7495AC5ACE93} - C:\WINDOWS\sdrmod.dll
O3 - Toolbar: The bonrep - {17943327-95B1-4F8B-9534-8F82C2497211} - C:\WINDOWS\bonrep.dll
O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll
O3 - Toolbar: The sdrmod - {210F79EC-C4B8-4AD5-B5B7-2B228F4376E9} - C:\WINDOWS\sdrmod.dll
O3 - Toolbar: The bonsws - {2181E54F-274D-48B7-9E51-BC374933CD24} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: The voipwet - {224E1433-F086-4BB1-B791-AF87F7629D93} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The bonrep - {2357FC16-D8FC-4BF6-AFCA-573F9BD52644} - C:\WINDOWS\bonrep.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
O3 - Toolbar: The leosrv - {257F0149-3042-4F1E-97A1-7602460E97EE} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The jokwmp - {2623E5C5-B0C2-4300-8C63-9F51D133CA0A} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The voipwet - {28D203F3-4B8F-4BB4-A28D-6657BF1E3C2C} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The sdrmod - {30DACEEB-1BAE-4D12-966B-D4C35359B9A8} - C:\WINDOWS\sdrmod.dll
O3 - Toolbar: The enqvwkp - {31F68405-A7AE-4D05-917C-97C4CBFE05A0} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The retnsrp - {33421C60-E929-428C-8848-7D66E6056A3A} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - C:\WINDOWS\ensfolr.dll
O3 - Toolbar: The hdtip - {382C8A97-BFEF-47B5-9770-87C4DE651E37} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: The egodktf - {383E376E-D0DB-4355-8C21-F45A97C76344} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The retnsrp - {39623167-B4A7-42CA-A799-D03C5A103B36} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: The NetworkControl - {3B28B033-8C1B-47DE-803D-3CF3AAE2CD20} - C:\WINDOWS\sdrmod.dll
O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
O3 - Toolbar: The epxonwo - {3C364239-F7F0-4FAA-9974-BAAAB4101E9C} - C:\WINDOWS\epxonwo.dll
O3 - Toolbar: The hdtip - {3DE5D178-BD44-4709-A9CC-3211619A5B19} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: The jokwmp - {3E57AE0B-0AAB-4919-B74E-8C29579C6CA5} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O3 - Toolbar: The emlkdvo - {3FD92B49-9C06-4EBA-9580-056159561908} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The bbrsep - {422CA3AF-86F1-4607-88E2-BBBD4E9371EB} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: The egodktf - {4288B655-63B4-4817-BB1E-B6F3E242234F} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The jokwmp - {459C681F-AA94-49B7-A55B-110D924E5FCE} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The egodktf - {45E9CE94-2C67-4230-92D0-E64ACD6EBA7F} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The voipwet - {476B38B7-6E7C-46B4-8080-F61ED0E814F2} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The emlkdvo - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The voipwet - {4B2C9A94-47CC-48D5-AA0F-F9C385D95F7B} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O3 - Toolbar: The jokwmp - {51F0D2B7-06E2-40D0-B8B8-39E630888B30} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The sdrmod - {521A5897-9EA7-43B4-A51D-B4C11D67BEEF} - C:\WINDOWS\sdrmod.dll
O3 - Toolbar: The jokwmp - {54BA2889-CF6C-4D57-B2FB-B3FE1CA9EE8F} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The retnsrp - {573E45AC-F20E-4DAF-AF6C-0775714BA0C1} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: The ensfolr - {5B7BA694-E916-48E3-A3E2-CB5430800821} - C:\WINDOWS\ensfolr.dll
O3 - Toolbar: The voipwet - {5EAE7E5F-8F3A-44C0-9E54-A7B170A8CE09} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The retnsrp - {5FCD26F2-55C1-40F3-838A-FB4FD8833A53} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: edfqvrw - {5FF6FACA-CFF7-499D-AB5B-8EEA9CE80739} - C:\WINDOWS\edfqvrw.dll
O3 - Toolbar: The nssfrch - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - C:\WINDOWS\nssfrch.dll
O3 - Toolbar: The egodktf - {639A02E7-1E2F-4870-83E8-75FDA08620D6} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: Internet Service - {65742936-8079-408B-9F3C-874B78030A72} - C:\Program FileS\Web Technologies\iebr.dll
O3 - Toolbar: edfqvrw - {673E33A6-D87B-40DC-B0DC-C9C5B8F5A461} - C:\WINDOWS\edfqvrw.dll
O3 - Toolbar: The emlkdvo - {67BE5BEF-68C2-4E65-BB0A-531A94629783} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The jokwmp - {6BA27973-068D-4F85-BE84-1251E0B20FD3} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O3 - Toolbar: The hdtip - {70EC7CA3-2FFC-4E43-97DE-3C91B2F65D36} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: The leosrv - {73959F2B-EB03-41D1-8F69-694B7B80D699} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The retnsrp - {757EFAE3-B160-4A69-95D7-46761353800B} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: The epxonwo - {79293B31-D790-4B64-AAD7-8D47CED92E54} - C:\WINDOWS\epxonwo.dll
O3 - Toolbar: The enqvwkp - {79BAB47C-EA45-42FE-A91C-9325A6B4E3BF} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The bonsws - {7BF35567-E7C5-4646-8F65-41898BEF0637} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: The ensfolr - {7D1AD5EB-9902-4FF0-986F-CA498179A53B} - C:\WINDOWS\ensfolr.dll
O3 - Toolbar: The nssfrch - {7D61C1B5-86AF-439F-9ACF-D19FDB5F55CC} - C:\WINDOWS\nssfrch.dll
O3 - Toolbar: The leosrv - {7D787886-3B24-401C-A7BC-AF950A1C3CAC} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The hdtip - {7E259026-2CBD-4F42-AB62-230C0D4ABDAD} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: edfqvrw - {8202F040-3566-46E4-920F-92504E90E170} - C:\WINDOWS\edfqvrw.dll
O3 - Toolbar: The egodktf - {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: Internet Service - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - C:\Program Files\Web Technologies\iebr.dll
O3 - Toolbar: The leosrv - {8B6860DE-2CFA-4713-B42F-DC06D008DC54} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The egodktf - {8D911181-10AA-4B3E-BC7F-8D4AD359921B} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: Mirar - {8DD6F82C-A947-414B-ABD0-72CEF07FB544} - C:\WINDOWS\system32\(RandomName).dll
O3 - Toolbar: The emlkdvo - {8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The enqvwkp - {92162A1C-A9E3-4C0C-BCDC-2996E8406887} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The emlkdvo - {940EBD8D-A3B7-44F9-A850-F60E76BE3B22} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: Internet Service - {94A5C93F-BD18-4C46-B777-C94C145C3CAB} - C:\Program Files\Applications\iebr.dll
O3 - Toolbar: The ensfolr - {96AB91E2-7D18-4BF5-9930-2C213B9658A4} - C:\WINDOWS\ensfolr.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB??.dll
O3 - Toolbar: The bonrep - {9BA420D2-40A3-431D-A863-531B0FBA0569} - C:\WINDOWS\bonrep.dll
O3 - Toolbar: The hdtip - {9C2D86AA-4067-4270-8D51-E6DC5E805D62} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: The emlkdvo - {9E1833D1-423D-4485-950E-0A417C2C15CA} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The retnsrp - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: The ensfolr - {A037112F-183D-4E98-8CEA-1A0D93BA9F48} - C:\WINDOWS\ensfolr.dll
O3 - Toolbar: The leosrv - {A16D89EA-B695-4DDA-B31D-7FA01A57F1BD} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The bandserv - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\bandserv.dll
O3 - Toolbar: The browsers - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\browsers.dll
O3 - Toolbar: The msdn32 - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\msdn32.dll
O3 - Toolbar: The emlkdvo - {A972081B-E5FE-45E4-BE29-856D23403C4F} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll
O3 - Toolbar: The sdrmod - {89DA4F2C-91AE-44B2-84A9-A5D9F682E737} - C:\WINDOWS\sdrmod.dll
O3 - Toolbar: The enqvwkp - {A276B2DF-BC3A-4144-9902-58BA41D7203F} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The leosrv - {A3B1F7ED-8EDA-410F-8CB9-F6AFD8301B7C} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The egodktf - {A61CB172-B1D5-4D96-81BD-C2018E36191B} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The retnsrp - {AAA535B5-251D-4B8F-A8D0-0D3A29C7309E} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: edfqvrw - {AB41490A-2B8A-414F-BFFB-D3527364EE25} - C:\WINDOWS\edfqvrw.dll
O3 - Toolbar: The jokwmp - {AB9235F6-DB9F-4FDC-AAFB-A3BAF1849E34} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - C:\WINDOWS\netadv.dll
O3 - Toolbar: The nssfrch - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - C:\WINDOWS\nssfrch.dll
O3 - Toolbar: The htunistock - {B02534D7-8D91-49BE-A864-97DFB8E0BAB4} - C:\WINDOWS\optnet.dll
O3 - Toolbar: The optnet - {B02534D7-8D91-49BE-A864-97DFB8E0BAB4} - C:\WINDOWS\optnet.dll
O3 - Toolbar: The enqvwkp - {B1B10992-4C8F-4F54-85B2-CB3CA788E498} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The ensfolr - {B72A2C9D-0442-486D-B455-FEDB808887D8} - C:\WINDOWS\ensfolr.dll
O3 - Toolbar: The sdrmod - {BA79EE59-166F-4E9E-90A6-56489C45B48A} - C:\WINDOWS\sdrmod.dll
O3 - Toolbar: edfqvrw - {BB1966D0-076C-49FD-A0DE-E142EAE25C57} - C:\WINDOWS\edfqvrw.dll
O3 - Toolbar: The epxonwo - {BFAA078B-58E2-4E6C-BD54-BA2A5C6DA153} - C:\WINDOWS\epxonwo.dll
O3 - Toolbar: The leosrv - {C31D988D-A314-49BB-BA51-7F57DEE5EA34} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll
O3 - Toolbar: The leosrv - {C7A4712B-9331-4746-AD61-C675C11B89B9} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The egodktf - {C83F2709-EB72-4FB8-ADC9-320BF14F3D45} - C:\WINDOWS\egodktf.dll
O3 - Toolbar: The bonsws - {CBF19702-9D5B-44E7-8F8A-6750209B76F3} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: The hdtip - {CBF5124B-3294-4441-9B5C-30297F50E02C} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: The retnsrp - {CC304A4D-FC79-4CD3-9A67-46E3AF59319D} - C:\WINDOWS\retnsrp.dll
O3 - Toolbar: The enqvwkp - {CC4B2067-D903-427A-854B-632735A570D9} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The netadv - {D1413F77-5B69-4562-84E1-78F997794E9D} - C:\WINDOWS\netadv.dll
O3 - Toolbar: The leosrv - {D3ADD35B-48FC-4EB5-84BB-AF7ED2795035} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The voipwet - {D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: edfqvrw - {D573EDD4-5DEA-4DF1-9D5A-329D6861EDC8} - C:\WINDOWS\edfqvrw.dll
O3 - Toolbar: The jokwmp - {D71F3444-606D-46EB-9ABE-DF80E5E9BF67} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The epxonwo - {D94D49D7-31D6-42E1-A5FE-438C7BFD6498} - C:\WINDOWS\epxonwo.dll
O3 - Toolbar: Fileshredder Panel - {D99C619E-00DE-44bc-8870-D3030D4708B4} - C:\Program Files\SecureFileShredder\ExpBtn.dll
O3 - Toolbar: The leosrv - {DCBF721A-11E3-4FB8-93D6-9AE46178D5B6} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The emlkdvo - {DCDC837F-EC7C-4E37-A549-A719A08E06CF} - C:\WINDOWS\emlkdvo.dll
O3 - Toolbar: The voipwet - {DD7D207A-B829-4EDA-9CBD-6A3B6E7A893C} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The voipwet - {DE38D02F-5257-4CF6-A13F-B6B9FCFC1090} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The nssfrch - {DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70} - C:\WINDOWS\nssfrch.dll
O3 - Toolbar: The hdtip - {E3E087D3-CA1D-4ECA-9960-D85944C2554C} - C:\Windows\hdtip.dll
O3 - Toolbar: The bonsws - {E3ED01B7-EAF2-4A33-989C-B95E65DA0415} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: The jokwmp - {E75C0DB5-5DF7-4DF0-9761-8EFCD1783912} - C:\WINDOWS\jokwmp.dll
O3 - Toolbar: The advpn - {E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} - C:\WINDOWS\advpn.dll
O3 - Toolbar: The netadv - {E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} - C:\WINDOWS\netadv.dll
O3 - Toolbar: The wow - {E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} - C:\WINDOWS\wow.dll
O3 - Toolbar: The hdtip - {EA298426-9AD3-4979-AFB4-600A2104B701} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: The enqvwkp - {EDE7317E-985F-4F9E-B8BB-A6B244BFD457} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The enqvwkp - {F1348462-25DE-4F17-869F-BAAFE04DD599} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: The netadv - {F17B1418-2C0C-4295-BD55-BCDD3C730FBE} - C:\WINDOWS\netadv.dll
O3 - Toolbar: The voipwet - {F3F399B3-5330-4242-A600-094136899EE9} - C:\WINDOWS\voipwet.dll
O3 - Toolbar: The hdtip - {F4BEC60B-9CEE-4A91-91FB-8DA8DE3CA166} - C:\WINDOWS\hdtip.dll
O3 - Toolbar: The leosrv - {F7C394C7-BFBD-4A20-AD14-2AA94424C09C} - C:\WINDOWS\leosrv.dll
O3 - Toolbar: The enqvwkp - {F87BF6BA-93BE-407D-9A5C-7721CA72CD37} - C:\WINDOWS\enqvwkp.dll
O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:\Program Files\Web Technologies\iebr.dll
O3 - Toolbar: The enqvwkp - {FFB13247-794A-4E4F-8B97-937F906013D1} - C:\WINDOWS\enqvwkp.dll
O4 - Startup: .protected
O4 - Startup: .security
O4 - Startup: .lnk = C:\WINDOWS\system32\msmapiax32.exe
O4 - Startup: .lnk = C:\WINDOWS\system32\msmapibx32.exe
O4 - Startup: csrss.lnk =
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntmtdl.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntnkwd.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntqkdm.exe
O4 - Startup: doc.lnk = C:\WINNT\svchost.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64*.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: findfast.exe
O4 - Startup: microsoftupdater.exe
O4 - Startup: MS_update_06*_KB7*.exe
O4 - Startup: MSWin--*.exe
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe
O4 - Startup: TA_Start.lnk = C:\TIGEN00?.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TIELT00?.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY00?.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\nqdsregp.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\kwinrodv.exe
O4 - Startup: TA_Start.lnk = %programfiles%\poolsv\TICHD00?.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinmmdt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\pwinsndt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\TISKY00?.exe
O4 - Startup: userinit.exe
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: .protected
O4 - Global Startup: .security
O4 - Global Startup: autorun.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: icq.exe
O4 - Global Startup: icq agent.exe
O4 - Global Startup: imglog.exe
O4 - Global Startup: javaxmd.exe
O4 - Global Startup: jvms.exe
O4 - Global Startup: JVM0.exe
O4 - Global Startup: lsass.exe
O4 - Global Startup: MS_update_06*_KB7*.exe
O4 - Global Startup: MS_update_07*_KB7*.exe
O4 - Global Startup: msn_*_upd*.exe
O4 - Global Startup: mxjxde.exe
O4 - Global Startup: ntrmv.exe
O4 - Global Startup: rundll.exe.lnk = C:\Windows\System32\1033\rundll.exe
O4 - Global Startup: Start Shopper Link System Tray App.lnk = %Allusersprofile%\Application Data\ipd\tray.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Uninstall.exe
O4 - Global Startup: update.exe
O4 - Global Startup: winupdbc.exe
O4 - Global Startup: wmsncs.exe
O4 - Global Startup: wsass32.exe
O4 - HKCU\..\Run: [] "%AppData%\Adobe\Player.exe"
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] Kernel32.exe
O4 - HKLM\..\RunServices: [] Kernel32.exe
O4 - HKLM\..\Run: [] mstdmc.exe
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunOnce: [] winlog.exe
O4 - HKCU\..\Run: [..] C:\WINDOWS\system32\ABC2007.exe
O4 - HKLM\..\Run: [***] C:\WINDOWS\system32\****\svchost.exe
O4 - HKLM\..\Run: [\SUE?.exe] C:\Windows\SUE?.exe
O4 - HKCU\..\Run: [\SUE?.exe] C:\Windows\SUE?.exe
O4 - HKLM\..\Run: [\VIE?.exe] C:\Windows\system32\VIE?.exe
O4 - HKCU\..\Run: [\VIE?.exe] C:\Windows\system32\VIE?.exe
O4 - HKLM\..\Run: [\Win?.exe] C:\Windows\system32\Win?.exe
O4 - HKCU\..\Run: [\Win?.exe] C:\Windows\system32\Win?.exe
O4 - HKLM\..\Run: [\YUR?.exe] C:\Windows\system32\YUR?.exe
O4 - HKCU\..\Run: [\YUR?.exe] C:\Windows\system32\YUR?.exe
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [(Random Name)] %Temp%\csrssc.exe
O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogan.exe
O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogan.exe
O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogen.exe
O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogen.exe
O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogun.exe
O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogun.exe
O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\AV9\av2009.exe
O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\system32\head2.exe
O4 - HKCU\..\Run: [(Random Name)] C:\WINDOWS\Temp\csrssc.exe
O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\TEMP\winlogen.exe
O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\twain_32.exe
O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\system32\(Random Name).exe \u
O4 - HKLM\..\Run: [_] c:\windows\system32\drivers\mzqdd.exe
O4 - HKLM\..\Run: [_] c:\windows\system32\drivers\wmq.exe
O4 - HKLM\..\Run: [{**-**-**-**-**}] c:\windows\system32\dwdsregt.exe
O4 - HKLM\..\Run: [{**-**-**-**-**}] c:\windows\system32\dwwnw64r.exe DWAM01
O4 - HKLM\..\Run: [{**-**-**-**-**}] c:\windows\system32\jpwnw64*.exe DWram
O4 - HKLM\..\Run: [{**-**-**-**-**}] C:\WINDOWS\system32\lldsrego.exe
O4 - HKLM\..\Run: [{**-**-**-**-**}] c:\windows\system32\m