SDFix Changelog: Press Enter or CTRL & F to Search with Firefox
v1.200 (02/07/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\Spool.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kgqfwelt***.dll O2 - BHO: Microsoft Shared Library Object Version - {0000AC13-3487-1583-C4BE-BE6A839DB000} - C:\WINDOWS\system32\mfc42dx1.dll O2 - BHO: Rmn plugin - {0de68a8a-8158-4bde-8f5f-849f00af31fb} - bsndcom.dll O2 - BHO: Rmn plugin - {0de68a8a-8158-4bde-8f5f-849f00af31fb} - sndcom.dll O2 - BHO: Rmn plugin - {096059fd-99ab-41eb-9e55-59aeb0a3b444} - roadmap16.dll O2 - BHO: 459849 helper - {2839B753-1D7A-4C28-8F8D-86CEFFE5F205} - C:\WINDOWS\system32\459849\459849.dll O2 - BHO: scriptproxy - {6D0386B3-FD72-488E-9740-90355AE21735} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WarningBHO Class - {9989F1F6-70DE-4244-AC9F-6672983681A0} - C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\Windows\system32\(Random Name).dll O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - C:\Program Files\Web Technologies\iebt.dll O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll O3 - Toolbar: nqgpedlr - {********-****-****-****-************} - C:\WINDOWS\nqgpedlr.dll O4 - HKLM\..\Run: [AntiSpyCheck 2.1] "C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe" O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe O4 - HKLM\..\Run: [Intranet] schost.exe O4 - HKLM\..\RunServices: [Intranet] schost.exe O4 - HKLM\..\Run: [java] system.exe O4 - HKLM\..\RunServices: [java] system.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] service.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] service.exe O4 - HKLM\..\Run: [Microsoft Update] rundll32.dll O4 - HKLM\..\RunServices: [Microsoft Update] rundll32.dll O4 - HKLM\..\Run: [Microsoft Update Machine] systemi.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemi.exe O4 - HKCU\..\Run: [Microsoft Update Machine] systemi.exe O4 - HKLM\..\Run: [Microsoft Windows Express] Microsoft Update O4 - HKLM\..\RunServices: [Microsoft Windows Express] Microsoft Update O4 - HKLM\..\Run: [Microsoft Windows Sound] svuhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svuhost.exe O4 - HKLM\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\RunServices: [Ms System Config] xplsass.exe O4 - HKCU\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsass32.exe O4 - HKLM\..\Run: [MSN Auto-Updater] msnupdates.exe O4 - HKLM\..\Run: [MSN CNF Manager] msncnfmgr.exe O4 - HKLM\..\Run: [MSN File & Folder Sharing App] msnfileshare.exe O4 - HKLM\..\Run: [MSN P2P Manager] msnp2pmgr.exe O4 - HKLM\..\Run: [MSN Rx Manager] msnrxmgr.exe O4 - HKLM\..\Run: [MSN Update Client] msnupdater.exe O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe O4 - HKLM\..\Run: [OS Boot Loader] bootloader.exe O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe O4 - HKLM\..\Run: [Registry System] Regsys.exe O4 - HKLM\..\RunServices: [Registry System] Regsys.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\System Doctor\dcmon.exe" dm=ht*p://systemdoctor.com ad=ht*p://systemdoctor.com sd=ht*p://log.systemdoctor.com/ O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min O4 - HKLM\..\Run: [System Doctor Free] C:\Program Files\System Doctor Free\systemdoc.exe -scan O4 - HKLM\..\Run: [Task managebrkb] taskmg.exe O4 - HKLM\..\RunServices: [Task managebrkb] taskmg.exe O4 - HKCU\..\Run: [Task managebrkb] taskmg.exe O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe O4 - HKLM\..\Run: [VistaUpgrade] C:\WINDOWS\System32\vistaupgrade.exe O4 - HKLM\..\Run: [Windows Messenger User Agent] msnmsrg.exe O4 - HKLM\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe O4 - HKCU\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe O4 - HKLM\..\Run: [Windows Services] avsrv32.exe O4 - HKLM\..\Run: [Windows TaskManager] tskmngr.exe O4 - HKLM\..\RunServices: [Windows TaskManager] tskmngr.exe O4 - HKLM\..\Run: [WPSVC Services] wpnsc.exe O18 - Filter hijack: text/html - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\twain_16.dll O18 - Filter hijack: text/html - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\xmlmimefilter.dll O21 - SSODL: axrfgvek - {********-****-****-****-************} - C:\WINDOWS\axrfgvek.dll O21 - SSODL: okmdepgb - {********-****-****-****-************} - C:\WINDOWS\okmdepgb.dll O23 - Service: Spool SubSystem App - Unknown owner - C:\WINDOWS\system\Spool.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {15CDF7EC-751B-46aa-AD69-4005FE080DE8} C:\Windows\system32\netservs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {88ABC5C0-4FCB-11BB-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe v1.199 (30/06/08) O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avrscan.exe clbdriver.sys v1.198 (28/06/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe, O2 - BHO: QuickTalk 2.1 - {A34FA88D-8437-4634-8A60-E913011EF2E5} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Abobe BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BHO toolbar - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BhoApp Class - {28F51CDA-3BD1-4F06-8F7B-2A881411983F} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: ProAct - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WinGold - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Xena toolbar - {2FF811E6-8925-4084-A649-C159955E67E8}} - C:\WINDOWS\system32\(Random Name).dll O4 - HKCU\..\Run: [InstallProgram] %Temp%\lprn32.exe O4 - HKCU\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avscan.exe O4 - HKLM\..\Run: [Windows Service Controller Agent] taksmgr.exe O4 - HKLM\..\Run: [Windows Services] w32services.exe v1.197 (26/06/08) O2 - BHO: 788877 helper - {7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B} - C:\WINDOWS\system32\788877\788877.dll O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - C:\WINDOWS\system32\931928\931928.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\gfetqaxs***.dll O3 - Toolbar: gxvpsafm - {********-****-****-****-************} - C:\WINDOWS\gxvpsafm.dll O3 - Toolbar: Internet Service - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - C:\Program Files\Web Technologies\iebr.dll O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKCU\..\Run: [Antivirus2008y] C:\Program Files\Antivirus2008y\antvrs.exe O4 - HKLM\..\Run: [MSN Client Manager] msnclimgr.exe O4 - HKLM\..\Run: [secdrive.exe] C:\WINDOWS\pchealth\helpctr\binaries\secdrive.exe O4 - HKLM\..\Run: [system.exe] C:\WINDOWS\pchealth\helpctr\binaries\system.exe O4 - HKLM\..\Run: [Windows Services] w32service.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\McAfee3.exe O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKLM\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\Run: [WinXProtector] C:\Program Files\WinXProtector\WinXProtector.exe O21 - SSODL: pntqkflv - {********-****-****-****-************} - C:\WINDOWS\pntqkflv.dll O21 - SSODL: qegbdmwf - {********-****-****-****-************} - C:\WINDOWS\qegbdmwf.dll O23 - Service: TCP/IP NetBIOS (NetBS) - Unknown owner - C:\WINDOWS\system32\netbios.exe v1.196 (23/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\MSVCRT.exe O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jkcom32.dll O2 - BHO: 441465 helper - {D311C486-7D5F-4D73-B791-EE56C47D3B2E} - C:\WINDOWS\system32\441465\441465.dll O4 - HKLM\..\Run: [GP Updater] gpupdater.exe O4 - HKLM\..\Run: [kiss] %ProgramFiles%\dfsdfsd\pingy.exe O4 - HKLM\..\Run: [Microsoft Manage Services] schost.exe O4 - HKLM\..\Run: [Microsoft SQL Services] scvhost.exe O4 - HKCU\..\Run: [MicrosoftUpdate] C:\WINDOWS\RBuilder.exe O4 - HKLM\..\Run: [Microsoft Update] SetPoints.exe O4 - HKLM\..\RunServices: [Microsoft Update] SetPoints.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svghost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svghost.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svrhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svrhost.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svshost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svshost.exe O4 - HKLM\..\Run: [MSN] C:\Windows\SexyMama.JPG.exe O4 - HKLM\..\Run: [Network maneger] C:\WINDOWS\system\svchost.exe O4 - HKCU\..\Run: [Network maneger] C:\WINDOWS\system\svchost.exe O4 - HKLM\..\Run: [Srv32Win] C:\Program Files\csrss.exe O4 - HKLM\..\Run: [Windows Anti Virus Control Center] winavscan.exe O4 - HKLM\..\Run: [Windows Update] livesrvs.exe O4 - HKLM\..\RunServices: [Windows Update] livesrvs.exe O4 - HKCU\..\Run: [Windows Update] livesrvs.exe O4 - HKCU\..\RunServices: [Windows Update] livesrvs.exe O23 - Service: Microsoft Visual Basic - Unknown owner - C:\WINDOWS\system\MSVCRT.exe v1.195 (20/06/08) O2 - BHO: 238044 helper - {C0F371D7-926D-4700-B65E-63BFF1197205} - C:\WINDOWS\system32\238044\238044.dll O2 - BHO: 349168 helper - {72B76B57-6F12-4931-9910-B04B5E8A8268} - C:\WINDOWS\system32\349168\349168.dll O2 - BHO: 371186 helper - {27D351C5-4044-4C42-B3FE-33C57B9459C0} - C:\WINDOWS\system32\371186\371186.dll O2 - BHO: 689371 helper - {9710AFD1-B321-4B6A-B2A7-E9001B5E894B} - C:\WINDOWS\system32\689371\689371.dll O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll O2 - BHO: Editor plugin - {3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C} - winbios1.dll O2 - BHO: H - {6A2432C9-F515-40c4-A5C7-402A0EC7A9C3} - s1df23e_.dll O2 - BHO: Gamburg provider - {937A3F9C-6D70-483f-804F-BB6C118FE760} - natkssn.dll O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\WINDOWS\system32\iebt.dll O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\Program Files\Web Technologies\iebt.dll O2 - BHO: H - {B1FBF2E1-C164-4ebe-AB04-B839655CC927} - sffer2222.dll O2 - BHO: Flash Module - {B7A4FE11-BF1A-467b-9E24-C4CF9CFC74AF} - stylem1.dll O2 - BHO: H - {CC9BC69C-F035-46bc-A67B-353B8BAE61CD} - fgwsqe_.dll O2 - BHO: H - {D3992FA1-7712-49ae-A6D5-927FE2F17632} - marasm.dll O2 - BHO: Editor plugin - {D8BF9488-4F5C-41f7-8EE5-358FA79C5092} - nuid1.dll O2 - BHO: Editor plugin - {E4B4FEAA-FC1B-488d-9AA4-EDD924EAA809} - flashm1.dll O2 - BHO: Gamburg provider - {FFFFFFFF-6D70-483f-804F-BB6C118FE760} - resnm16 O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:\Program Files\Web Technologies\iebr.dll O4 - HKLM\..\Run: [MSN] C:\Windows\wkssvrs.exe O4 - HKLM\..\Run: [mssysif] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\Run: [mssysif] C:\WINDOWS\system32\(Random Name).tmp O4 - HKCU\..\Run: [msvupdater] C:\WINDOWS\msvupdater.exe O4 - HKLM\..\Run: [Sys*.exe] C:\Sys*.exe O4 - HKCU\..\Run: [Sys*.exe] C:\Sys*.exe O4 - HKLM\..\Run: [Windows svchost] avserv.exe O4 - HKLM\..\Run: [Winsock2 driver] CFTMON.EXE O4 - HKCU\..\RunOnce: [Winsock2 driver] CFTMON.EXE pqasghjd.sys v1.194 (17/06/08) F2 - REG:system.ini: Shell=C:\WINDOWS\system32\drivers\services.exe Explorer.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googlecb.dll O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googleci.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\ksendlbt***.dll O2 - BHO: 214075 helper - {8E96D546-8096-42B2-8EBF-16AC5A119A59} - C:\WINDOWS\system32\214075\214075.dll O2 - BHO: 851174 helper - {CC021A21-6AC0-4BDA-A503-68F041A7EAD2} - C:\WINDOWS\system32\851174\851174.dll O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jzcom32.dll O3 - Toolbar: vrmdtneg - {********-****-****-****-************} - C:\WINDOWS\vrmdtneg.dll O4 - Startup: userinit.exe O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe O4 - HKLM\..\Run: [Image Remote Players] sysvn.exe O4 - HKLM\..\Run: [Windows Acer Service ] acersv.exe O4 - HKLM\..\Run: [Windows svchost] ctfmon32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgrs.exe O4 - HKLM\..\Run: [Windows svchost] servicean.exe O4 - HKLM\..\Run: [winlogon] %userprofile%\svchost.exe O4 - HKCU\..\Run: [winlogon] %userprofile%\svchost.exe O21 - SSODL: wpvmqosg - {********-****-****-****-************} - C:\WINDOWS\wpvmqosg.dll O21 - SSODL: xvorfwbd - {********-****-****-****-************} - C:\WINDOWS\xvorfwbd.dll O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe v1.193 (16/06/08) O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - C:\WINDOWS\system32\763444\763444.dll O4 - HKLM\..\Run: [] fada.exe O4 - HKLM\..\RunServices: [] fada.exe O4 - HKCU\..\Run: [] fada.exe O4 - HKLM\..\Run: [{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}] "C:\WINDOWS\sysqyzwud.exe" O4 - HKLM\..\Run: [{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}] "C:\WINDOWS\sysqkmwfedz.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\Windows\sysawpbkvnq.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\Windows\sxpgknrwva.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\WINDOWS\sysavxjgdu.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\sxjecknqhu.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\syssfzvakqg.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\syspyukrazv.exe" O4 - HKLM\..\Run: [{7DD4A7AC-A3F1-4495-884A-7947C5B89108}] "C:\WINDOWS\sysahbecjh.exe" O4 - HKLM\..\Run: [{9754B85A-3B34-4969-BE1F-CD03227E9470}] "C:\WINDOWS\sysatjsicj.exe" O4 - HKLM\..\Run: [{9754B85A-3B34-4969-BE1F-CD03227E9470}] "C:\WINDOWS\syszweuas.exe" O4 - HKLM\..\Run: [{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}] "C:\WINDOWS\sxnwhbvrzc.exe" O4 - HKLM\..\Run: [{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}] "C:\WINDOWS\sysqrnxstju.exe" O4 - HKLM\..\Run: [{B081DB1F-4EE6-4021-9DD4-8B300F0D636D}] "C:\WINDOWS\syssngbeh.exe" O4 - HKLM\..\Run: [{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}] "C:\WINDOWS\sysawechod.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysabmpmfr.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysnxcphmgy.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysutrnez.exe" O4 - HKLM\..\Run: [{E4785213-3EFE-4c26-A9B4-332440E31F6F}] "C:\WINDOWS\sysrxmfdksp.exe" O4 - HKLM\..\Run: [{F758F78B-0885-490e-AA3C-4A38D28B0240}] "C:\Windows\sxpjbwvahn.exe" O4 - HKLM\..\Run: [1234klsjdc uiar924c af] "C:\WINDOWS\sxgnsvuxct.exe" O4 - HKLM\..\Run: [1234klsjdc uiar924c af] "C:\WINDOWS\sysvtypkbjx.exe" O4 - HKLM\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe O4 - HKCU\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe O4 - HKCU\..\Run: [GetModule*] "C:\Program Files\GetModule\GetModule*.exe" O4 - HKCU\..\Run: [GetPack*] "C:\Program Files\GetPack\GetPack*.exe" O4 - HKLM\..\Run: [icccomp] (Random 8 Letter).exe O4 - HKCU\..\Run: [icccomp] (Random 8 Letter).exe O4 - HKLM\..\Run: [idlesam] (Random 8 Letter).exe O4 - HKCU\..\Run: [idlesam] (Random 8 Letter).exe O4 - HKLM\..\Run: [kdmsx] (Random 8 Letter).exe O4 - HKCU\..\Run: [kdmsx] (Random 8 Letter).exe O4 - HKLM\..\Run: [mceipww] (Random 8 Letter).exe O4 - HKCU\..\Run: [mceipww] (Random 8 Letter).exe O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe O4 - HKLM\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\system32\wuaclt.exe O4 - HKCU\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\system32\wuaclt.exe O4 - HKLM\..\Run: [msdefender] C:\WINDOWS\system32\msdefender.exe O4 - HKCU\..\Run: [msmacro32] C:\WINDOWS\msmacro32.exe O4 - HKLM\..\Run: [reszrv] (Random 8 Letter).exe O4 - HKCU\..\Run: [reszrv] (Random 8 Letter).exe O4 - HKLM\..\Run: [rfcsx] (Random 8 Letter).exe O4 - HKCU\..\Run: [rfcsx] (Random 8 Letter).exe O4 - HKLM\..\Run: [runservices] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [spoolvs] C:\WINDOWS\system32\spoolvs.exe O4 - HKLM\..\Run: [System32] C:\WINDOWS\system32\winds32.exe O4 - HKLM\..\Run: [Winamp Media Player] winamap.exe O4 - HKLM\..\RunServices: [Winamp Media Player] winamap.exe O4 - HKCU\..\Run: [Winamp Media Player] winamap.exe O4 - HKLM\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Office Monitor] C:\WINDOWS\system32\emdm.exe O4 - HKCU\..\Run: [Windows Office Monitor] C:\WINDOWS\system32\emdm.exe O4 - HKLM\..\Run: [Windows Service alge] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Service alge] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Service alge] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Sound] svdhost.exe O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe O4 - HKLM\..\Run: [Windows USB Control Driver] iexplore.exe O4 - HKLM\..\Run: [xswdmse] (Random 8 Letter).exe O4 - HKCU\..\Run: [xswdmse] (Random 8 Letter).exe v1.192 (14/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\svchost.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\cftmon.exe O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googlech.dll O2 - BHO: (no name) - {BB604754-D031-4D2E-AB6C-BF3D367F6944} - %AppData%\redir.dll O4 - HKCU\..\Run: [biglow] C:\WINDOWS\biglow.exe O4 - HKCU\..\Run: [fastsmell] C:\WINDOWS\fastsmell.exe O4 - HKCU\..\Run: [grinders] C:\WINDOWS\grinders.exe O4 - HKCU\..\Run: [helloserv] C:\WINDOWS\helloserv.exe O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc.exe O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc32.exe O4 - HKLM\..\Run: [Microsoft NotePad] NOTEPAD.EXE O4 - HKLM\..\RunServices: [Microsoft NotePad] NOTEPAD.EXE O4 - HKLM\..\Run: [Microsoft Update] C:\windows\system32\msupdate.exe O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe O4 - HKLM\..\RunOnce: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe O4 - HKLM\..\Run: [MSN] C:\Windows\msscomd.exe O4 - HKCU\..\Run: [msupdater] C:\WINDOWS\msupdater.exe O4 - HKCU\..\Run: [SpyGuarder] %AppData%\spyguarder.exe O4 - HKLM\..\Run: [Winamp Media Player] winamp.exe O4 - HKLM\..\Run: [Wind32] C:\WINDOWS\System32\Wind32.exe O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogon.exe O4 - HKLM\..\Run: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 6 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 6 Letter).exe O20 - Winlogon Notify: WinNt64 - C:\WINDOWS\SYSTEM32\WinNt64.dll O20 - Winlogon Notify: upsctl - C:\WINDOWS\SYSTEM32\upsctl.dll O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe O23 - Service: Host Process for Win32 Services - Unknown owner - C:\WINDOWS\system\svchost.exe O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\shvhost.exe O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe O23 - Service: wksscvs - Unknown owner - C:\WINDOWS\system\wksscvs.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}] C:\WINDOWS\system32:winsock32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {15DA01DC-1327-AEEA-0003-020004040303} C:\WINDOWS\wlnlogon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {59BB1731-822C-95A7-55E2-A6A4CF791D97} C:\WINDOWS\System32\Wind32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} %ProgramFiles%\Services.exe narqwe.sys upscr.sys v1.191 (11/06/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kvsdpfea***.dll O2 - BHO: Std plugin - {096059FD-99AB-41eb-9E55-59AEB0A3B444} - haskel32.dll O2 - BHO: 514852 helper - {9420D9C5-E151-4D83-B9A6-27DE1A7A0E5F} - C:\WINDOWS\system32\514852\514852.dll O3 - Toolbar: rtsplgob - {********-****-****-****-************} - C:\WINDOWS\rtsplgob.dll O4 - HKLM\..\Run: [DRam prosessor] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [DRam prosessor] (Random 6 Letter).exe O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\wins.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\wins.exe O4 - HKLM\..\Run: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKLM\..\RunOnce: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKLM\..\RunServices: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKCU\..\Run: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKCU\..\RunOnce: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKLM\..\Run: [Microsoft Update] service.exe O4 - HKLM\..\RunServices: [Microsoft Update] service.exe O4 - HKCU\..\Run: [Mr] C:\WINDOWS\rundll32.exe O4 - HKLM\..\Run: [MS Agent Protection] ag1.exe O4 - HKLM\..\RunServices: [MS Agent Protection] ag1.exe O4 - HKLM\..\Run: [MSN Messager] msnmgr.exe O4 - HKLM\..\Run: [spoolsv] "C:\Windows\temp\spoolsv\spoolsv.exe" O4 - HKLM\..\Run: [Windowfdgfds DasdLL Verifier] winupdatr.exe O4 - HKLM\..\RunServices: [Windowfdgfds DasdLL Verifier] winupdatr.exe O4 - HKLM\..\Run: [Windows MSN Live Messanger] livemsngs.exe O4 - HKLM\..\Run: [Windows USB Printer] exe.exe O4 - HKLM\..\RunServices: [Windows USB Printer] exe.exe O4 - HKCU\..\Run: [Windows USB Printer] exe.exe O4 - HKLM\..\Run: [Windows Serviece Agents] (Random 9 Letter).exe O4 - HKLM\..\RunServices: [Windows Serviece Agents] (Random 9 Letter).exe O4 - HKCU\..\Run: [Windows Serviece Agents] (Random 9 Letter).exe O4 - HKLM\..\Run: [Windows Updates Agent] winupdate.exe O4 - HKLM\..\RunServices: [Windows Updates Agent] winupdate.exe O4 - HKLM\..\Run: [Windows USB Printer] unqgod.exe O4 - HKLM\..\RunServices: [Windows USB Printer] unqgod.exe O4 - HKCU\..\Run: [Windows USB Printer] unqgod.exe O4 - HKLM\..\Run: [Windows xp] Wins.exe O4 - HKLM\..\RunServices: [Windows xp] Wins.exe O21 - SSODL: rnopbfgt - {********-****-****-****-************} - C:\WINDOWS\rnopbfgt.dll O21 - SSODL: xkefqtgs - {********-****-****-****-************} - C:\WINDOWS\xkefqtgs.dll O23 - Service: Help and Support Service (hasvc) - Unknown owner - C:\WINDOWS\usnsvc.exe jwzpqng.sys v1.190 (09/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ImgBurn.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe, O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\googleed.dll O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntqkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64*.exe O4 - HKLM\..\Run: [{**-**-**-**-**}] c:\windows\system32\jpwnw64*.exe DWram O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\scntqkdm.exe DWram O4 - HKLM\..\Run: [Microsoft Corporation] nsvdec.exe O4 - HKLM\..\Run: [Win32 SubSystem] %Temp%\lsass.exe O4 - HKLM\..\Run: [Windows ARP Detectionc] winlogon.exe O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe O4 - HKLM\..\Run: [Windows Local Hosting Service] mscnfg.exe O4 - HKLM\..\Run: [Windows UDP Control Center] scvhost.exe O23 - Service: ImgBurn - Unknown owner - C:\WINDOWS\ImgBurn.exe v1.189 (07/06/08) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\winlogon.exe O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooeh.dll O2 - BHO: 247880 helper - {6B5CFD66-1F55-4FC2-B5AF-36B66E7CFE6A} - C:\WINDOWS\system32\247880\247880.dll O2 - BHO: 752300 helper - {F3033476-017B-44FA-8661-91A353BDF774} - C:\WINDOWS\system32\752300\752300.dll O2 - BHO: Std plugin - {ffffffff-dad2-4a4c-848d-2cbfc6f0fd21} - bsn32.dll O2 - BHO: Std plugin - {ffffffff-dad2-4a4c-848d-2cbfc6f0fd21} - sac32.dll O4 - HKLM\..\Run: [emre1] emre1.exe O4 - HKLM\..\RunServices: [emre1] emre1.exe O4 - HKCU\..\Run: [emre1] emre1.exe O4 - HKLM\..\Run: [gangsta] C:\WINDOWS\System32\gangsta.exe O4 - HKLM\..\Run: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe O4 - HKLM\..\RunServices: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe O4 - HKCU\..\Run: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe O4 - HKCU\..\RunServices: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe O4 - HKLM\..\Run: [Windows ARP Detectionc] nvudlsp.exe O4 - HKLM\..\Run: [Windows svchost] ups.exe O4 - HKLM\..\Run: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe O4 - HKLM\..\RunServices: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe O4 - HKCU\..\Run: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winlive32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winupmgr.exe O4 - HKLM\..\Run: [Windows USB Monitor] servupdate.exe O4 - HKLM\..\RunServices: [Windows USB Monitor] servupdate.exe bzsqlpa.sys v1.188 (05/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\cygwin.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nogxfvbl***.dll O2 - BHO: 905757 helper - {E28F671C-3D83-4149-BA2F-546A67702B49} - C:\WINDOWS\system32\905757\905757.dll O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll O3 - Toolbar: nmwegbsf - {********-****-****-****-************} - C:\WINDOWS\nmwegbsf.dll O4 - HKCU\..\Run: [abass] C:\WINDOWS\abass.exe O4 - HKLM\..\Run: [advap32] "%TEMP%\loader.exe" /r O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe O4 - HKCU\..\Run: [farkrish] C:\WINDOWS\farkrish.exe O4 - HKLM\..\Run: [ltoqhdmw] C:\WINDOWS\System32\wuvenr.exe O4 - HKCU\..\Run: [ltoqhdmw] C:\WINDOWS\System32\wuvenr.exe O4 - HKCU\..\Run: [mahmud] C:\WINDOWS\mahmud.exe O4 - HKLM\..\Run: [Microsoft] Explorer.exe O4 - HKLM\..\RunServices: [Microsoft] Explorer.exe O4 - HKLM\..\Run: [Microsoft] winampaa.exe O4 - HKLM\..\RunServices: [Microsoft] winampaa.exe O4 - HKLM\..\Run: [Microsoft Update] livemessenger.com O4 - HKLM\..\Run: [MSN] scvhost.exe O4 - HKLM\..\Run: [MSN Updating] msnupdate.exe O4 - HKLM\..\RunServices: [MSN Updating] msnupdate.exe O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe O4 - HKLM\..\Run: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe O4 - HKLM\..\RunServices: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe O4 - HKCU\..\Run: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe O4 - HKLM\..\Run: [NvGraphicsInterface] Winhost.exe O4 - HKLM\..\Run: [Office Desktops] C:\WINDOWS\System32\imag.exe O4 - HKCU\..\Run: [Office Desktops] C:\WINDOWS\System32\imag.exe O4 - HKLM\..\Run: [Office Monitor] C:\WINDOWS\System32\nvsvc86.exe O4 - HKCU\..\Run: [Office Monitor] C:\WINDOWS\System32\nvsvc86.exe O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [Topic cPanr] cPaner.com O4 - HKLM\..\RunServices: [Topic cPanr] cPaner.com O4 - HKLM\..\Run: [win32 security updates downloader] tskmngr.exe O4 - HKLM\..\RunServices: [win32 security updates downloader] tskmngr.exe O4 - HKLM\..\Run: [Windows Identify] C:\WINDOWS\System32\sysays.exe O4 - HKCU\..\Run: [Windows Identify] C:\WINDOWS\System32\sysays.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe O4 - HKLM\..\Run: [Windows svchost] service.exe O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe O4 - HKLM\..\Run: [Windows UDP Control Center] mswinudpmgr32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmg.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winuscn32.exe O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe O4 - HKLM\..\Run: [Winsock driver] win.exe O4 - HKCU\..\RunOnce: [Winsock driver] win.exe O21 - SSODL: adgpfoxs - {********-****-****-****-************} - C:\WINDOWS\adgpfoxs.dll O21 - SSODL: erpobmsw - {********-****-****-****-************} - C:\WINDOWS\erpobmsw.dll O23 - Service: cyg_win - Unknown owner - C:\WINDOWS\cygwin.exe hcnwg4u.sys v1.187 (01/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\btwdin.exe O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\luapvs.dll O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - %AppData%\sp1\luapvs.dll O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe O4 - HKLM\..\Run: [btmsre.exe] C:\WINDOWS\btmsre.exe O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe O4 - HKLM\..\Run: [Microsoft] install.exe O4 - HKLM\..\RunServices: [Microsoft] install.exe O4 - HKLM\..\Run: [Microsoft] internetdat.exe O4 - HKLM\..\RunServices: [Microsoft] internetdat.exe O4 - HKLM\..\Run: [Microsoft] soundvol32.exe O4 - HKLM\..\RunServices: [Microsoft] soundvol32.exe O4 - HKLM\..\Run: [Microsoft] sqlservice.exe O4 - HKLM\..\RunServices: [Microsoft] sqlservice.exe O4 - HKLM\..\Run: [Microsoft] winline.exe O4 - HKLM\..\RunServices: [Microsoft] winline.exe O4 - HKLM\..\Run: [Microsoft] wplayer.exe O4 - HKLM\..\RunServices: [Microsoft] wplayer.exe O4 - HKCU\..\Run: [run] regsvr32.exe /s C:\WINDOWS\system32\luapvs.dll O4 - HKCU\..\Run: [run] regsvr32.exe /s "%AppData%\sp1\luapvs.dll" O4 - HKCU\..\Run: [Systray] rundll32.exe sockins32.dll,RunMain O4 - HKCU\..\Run: [Systray] rundll32.exe sockots64.dll,RunMain O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe O4 - HKLM\..\Run: [Windows Executer] svchostie.exe O4 - HKLM\..\RunServices: [Windows Executer] svchostie.exe O4 - HKLM\..\Run: [Windows UDP Control Manager] winudpmgr.exe O4 - HKLM\..\Run: [Windows SYN Control Center] winmnon32.exe O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll O23 - Service: Bluetooth Connect Support Server - Unknown owner - C:\WINDOWS\btwdin.exe O23 - Service: Video Display - Unknown owner - C:\WINDOWS\system32\Video.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {66186F05-BBBB-4a39-864F-72D84615C679}] stubpath= rundll32 sockots64.dll,InitModule v1.186 (27/05/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\naPrdMgr.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\boqnrwdm***.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nldfmtap***.dll O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - C:\WINDOWS\system32\818646\818646.dll O2 - BHO: 959563 helper - {7C9E1967-FA81-47C2-B649-5E52A35D854F} - C:\WINDOWS\system32\959563\959563.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\AntivirusFiable\Tools\pblock.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirusEffaceur\Tools\pblock.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirusGarde\Tools\pblock.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\AntivirusFiable\Tools\sbiebho.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirusEffaceur\Tools\sbiebho.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirusGarde\Tools\sbiebho.dll O2 - BHO: Gamburg Provider - {FFFFFFFF-28F7-41a7-8D75-7E006D0C15B8} - html32.dll O3 - Toolbar: atfxqogp - {********-****-****-****-************} - C:\WINDOWS\atfxqogp.dll O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\XP Antivirus\xpa.exe O4 - HKLM\..\Run: [AntiMalwareGuard] C:\Program Files\AntiMalwareGuard\amg.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Run: [AntivirusFiable] C:\Program Files\AntivirusFiable\pgs.exe O4 - HKLM\..\Run: [BMN] "C:\Program Files\Fichiers communs\AntivirusFiable\bm.exe" dm=h**p://antivirusfiable.com ad=h**p://antivirusfiable.com sd=h**p://gregistre.antivirusfiable.com O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\VirusEffaceur\bm.exe" dm=h**p://viruseffaceur.com ad=h**p://viruseffaceur.com sd=h**p://gregistre.viruseffaceur.com O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\VirusGarde\bm.exe" dm=h**p://virusgarde.com ad=h**p://virusgarde.com sd=h**p://gregistre.virusgarde.com O4 - HKLM\..\Run: [DelayLoad] %Temp%\msprint.exe O4 - HKCU\..\Run: [OneMoreKey] C:\Program Files\XP Antivirus\xpa.exe O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\AntivirusFiable\pgs.exe" /empty O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\VirusEffaceur\pgs.exe" /empty O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\VirusGarde\pgs.exe" /empty O4 - HKLM\..\Run: [PrdMgr.exe] C:\WINDOWS\PrdMgr.exe O4 - HKLM\..\Run: [ptask] C:\Program Files\AntivirusFiable\ptask.exe O4 - HKLM\..\Run: [ptask] C:\Program Files\VirusEffaceur\ptask.exe O4 - HKLM\..\Run: [ptask] C:\Program Files\VirusGarde\ptask.exe O4 - HKCU\..\Run: [totacon] C:\WINDOWS\totacon.exe O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\ANTIVI~1\ugac.exe" -start O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\VIRUSE~1\ugac.exe" -start O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\VIRUSG~1\ugac.exe" -start O4 - HKLM\..\Run: [VirusEffaceur] C:\Program Files\VirusEffaceur\pgs.exe O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: vltdfabw - {********-****-****-****-************} - C:\WINDOWS\vltdfabw.dll O21 - SSODL: vregfwlx - {********-****-****-****-************} - C:\WINDOWS\vregfwlx.dll O23 - Service: naPrdMgr - Unknown owner - C:\WINDOWS\naPrdMgr.exe ksnhtr.sys v1.185 (23/05/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\slysom.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe, O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\WINDOWS\system32\566828\566828.dll O2 - BHO: 824223 helper - {34CF6660-9BD3-431A-BA32-6B511D4126DA} - C:\WINDOWS\system32\824223\824223.dll O2 - BHO: Std plugin - {FFFFFFFF-08DF-483c-BD3A-99CBCF44E4DC} - hnew32.dll O2 - BHO: Std plugin - {FFFFFFFF-08DF-483c-BD3A-99CBCF44E4DC} - knmld.dll O4 - HKLM\..\Run: [ivhost] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [ivhost] (Random 6 Letter).exe O4 - HKCU\..\Run: [ivhost] (Random 6 Letter).exe O4 - HKLM\..\Run: [Microsoft] livemessenger.exe O4 - HKLM\..\RunServices: [Microsoft] livemessenger.exe F2 - REG:system.ini: Shell=Explorer.exe msnmngr.exe O4 - HKLM\..\Run: [msnmgnr] C:\WINDOWS\system32\msnmgnr.exe O4 - HKLM\..\RunServices: [msnmgnr] C:\WINDOWS\system32\msnmgnr.exe O4 - HKLM\..\Run: [System Fetch DLL Runtime] C:\WINDOWS\mscmtl32.exe O4 - HKLM\..\Run: [Windows Defender] windowsdefender.exe O4 - HKLM\..\RunServices: [Windows Defender] windowsdefender.exe O4 - HKLM\..\Policies\Explorer\Run: [WindowsFirewall] C:\WINDOWS\system32\svclcheck.exe O4 - HKCU\..\Policies\Explorer\Run: [WindowsFirewall] C:\WINDOWS\system32\svclcheck.exe O4 - HKLM\..\Run: [Windows Protector] winprot32.exe O4 - HKLM\..\RunServices: [Windows Protector] winprot32.exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 5 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 5 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 5 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 7 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 7 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 7 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] SDSEWEW.EXE O4 - HKLM\..\RunServices: [Windows Service Agent] SDSEWEW.EXE O4 - HKCU\..\Run: [Windows Service Agent] SDSEWEW.EXE O4 - HKLM\..\Run: [Windows System Restart Sync] slrss.exe O4 - HKLM\..\RunServices: [Windows System Restart Sync] slrss.exe O4 - HKCU\..\Run: [Windows System Restart Sync] slrss.exe O23 - Service: Microsoft Newss - Unknown owner - C:\WINDOWS\system32\dllcache\newhost.exe O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe O23 - Service: slysom - Unknown owner - C:\WINDOWS\slysom.exe O23 - Service: Windows NetBalance Monitor - Unknown owner - C:\WINDOWS\system32\msnbm32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} "C:\WINDOWS\system32\msn\msn.exe" sywtdxaz.sys v1.184 (20/05/08) O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll O2 - BHO: 443059 helper - {C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF} - C:\WINDOWS\system32\443059\443059.dll O2 - BHO: 673351 helper - {570EE2A3-039B-4E5F-AE6A-D7949F9D356B} - C:\WINDOWS\system32\673351\673351.dll O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooah.dll O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooa1.dll O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooo2.dll O2 - BHO: QXK Rhythm - {********-****-****-****-************} - C:\WINDOWS\nldfmtap***.dll O3 - Toolbar: gktxaspm - {********-****-****-****-************} - C:\WINDOWS\gktxaspm.dll O4 - HKCU\..\Run: [herjek] C:\WINDOWS\herjek.exe O4 - HKLM\..\Run: [Windows Control Server] wksmgrtsgs.exe O21 - SSODL: gnowmebk - {********-****-****-****-************} - C:\WINDOWS\gnowmebk.dll O21 - SSODL: pxgdslro - {********-****-****-****-************} - C:\WINDOWS\pxgdslro.dll O23 - Service: syom - Unknown owner - C:\WINDOWS\syom.exe O23 - Service: Windows Host Services (ExplorerSvc) - Unknown owner - C:\WINDOWS\system\explorer.exe gsbgqpwwfw.sys v1.183 (17/05/08) O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooaa.dll O2 - BHO: 158117 helper - {427B1FD8-2123-4334-A7D8-7A497363914B} - C:\WINDOWS\system32\158117\158117.dll O2 - BHO: Explorer - {97182737-4655-64C7-8730-2921803F7A9D} - %Windir%\system\wmcstd32.dll O2 - BHO: 774563 helper - {FB13FFCC-F4D1-46DA-96B4-C5666E53344D} - C:\WINDOWS\system32\774563\774563.dll O2 - BHO: 916992 helper - {FE741E34-A693-4EEB-9A6A-C4B14DD2C727} - C:\WINDOWS\system32\916992\916992.dll O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - gwin32.dll O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - swin32.dll O4 - HKLM\..\Run: [autoload] %AppData%\spooll.exe O4 - HKCU\..\Run: [autoload] %AppData%\spooll.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmun.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmun.exe O20 - Winlogon Notify: droute - C:\WINDOWS\SYSTEM32\droute.dll O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\ctfmun.exe iuzqpaf.sys nzqtegh.sys rotr.sys v1.182 (12/05/08) O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - C:\WINDOWS\system32\834668\834668.dll O2 - BHO: BeSideit IE Helper - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll O2 - BHO: BndDrive BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndDrive2 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndShell3 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndShell3 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndBlock4 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndBlock5 BHO Class - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll O2 - BHO: BndVeano4 BHO Class - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll O2 - BHO: Internet Speed Monitor - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: QXK Rhythm - {********-****-****-****-************} - C:\WINDOWS\fvowketq***.dll O3 - Toolbar: pvnsmfor - {********-****-****-****-************} - C:\WINDOWS\pvnsmfor.dll O4 - HKLM\..\Run: [Boot Service] bootsv.exe O4 - HKLM\..\Run: [CHK NT] chkntf.exe O4 - HKCU\..\Run: [ISMModule*] "C:\Program Files\ISM\ISMModule*.exe" O4 - HKCU\..\Run: [ISMPack*] "C:\Program Files\ISM2\ISMPack*.exe" O4 - HKLM\..\Run: [Microsoft32] win32sys.exe O4 - HKLM\..\RunServices: [Microsoft32] win32sys.exe O4 - HKLM\..\Run: [Microsoft Client] msclient.exe O4 - HKLM\..\Run: [Microsoft Clients] msclients.exe O4 - HKLM\..\Run: [MSN Hostn] msnhostn.exe O4 - HKLM\..\Run: [NetBioy Client] netbioy.exe O4 - HKCU\..\Run: [QdrModule*] "C:\Program Files\QdrModule\QdrModule*.exe" O4 - HKCU\..\Run: [QdrPack*] "C:\Program Files\QdrPack\QdrPack*.exe" O4 - HKLM\..\Run: [spoolsrv.exe] C:\WINDOWS\system32\spoolsrv.exe O4 - HKLM\..\Run: [System Init] systeminit.exe O4 - HKCU\..\Run: [vipantispyware] C:\Program Files\vipantispyware\vipantispyware.exe O4 - HKCU\..\Run: [VnrPack*] "C:\Program Files\VnrPack\VnrPack*.exe" O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O21 - SSODL: mpfanvqg - {********-****-****-****-************} - C:\WINDOWS\mpfanvqg.dll O21 - SSODL: vbksrofa - {********-****-****-****-************} - C:\WINDOWS\vbksrofa.dll O23 - Service: svchost - Unknown owner - C:\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\svchost.exe O23 - Service: srvcm - Unknown owner - C:\WINDOWS\srvcm.exe wzghui.sys yzbgqap.sys v1.181 (09/05/08) O2 - BHO: BeSideit IE Helper - {89CBB8EA-FA02-4f61-B997-0247E69F002B} - C:\Program Files\QdrDrive\QdrDrive15.dll O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - sincim32.dll O4 - HKCU\..\Run: [VnrPack15] "C:\Program Files\VnrPack\VnrPack15.exe" O4 - HKCU\..\Run: [VnrPack16] "C:\Program Files\VnrPack\VnrPack16.exe" zwqcplsp.sys pjsapdg.sys v1.180 (07/05/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%userprofile%\(Random name).exe \s O2 - BHO: BSM - {141FDC3C-15FB-11DD-B723-9EF855D89593} - C:\WINDOWS\system32\bsm.dll O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spcron.dll O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mspoolg.dll O4 - HKLM\..\Run: [(Random name)] C:\WINDOWS\system32\(Random name).exe \u O4 - HKLM\..\Run: [DRam prosessor] msconfig.exe O4 - HKLM\..\RunServices: [DRam prosessor] msconfig.exe O4 - HKLM\..\Run: [MsConfigs] C:\Program Files\MsConfigs\MsConfigs.exe O4 - HKLM\..\Run: [MSN Applet] msnapplet.exe O4 - HKLM\..\Run: [MSN Connection] msncon.exe O4 - HKLM\..\Run: [MSN Setup] msnsetup.exe O4 - HKLM\..\Run: [MSN Starter] msnstarter.exe O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe O4 - HKLM\..\Run: [Windows] C:\Windows.exe O4 - HKLM\..\Run: [Windows Shutdown Service Launcher] wssl.exe O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll O23 - Service: user32 - Unknown owner - C:\WINDOWS\user32.exe O23 - Service: ws2_32 - Unknown owner - C:\WINDOWS\system32\ws2_32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {66186F05-BBBB-4a39-864F-72D84615C679} StubPath = rundll32 sockins32.dll,InitModule bqzpas.sys tcpsr.sys v1.179 (03/05/08) O2 - BHO: DVA First - {********-****-****-****-************} - C:\WINDOWS\qvlbodmn***.dll O2 - BHO: 639774 helper - {79594085-2E28-4CB7-BFD5-4C84916E5EAE} - C:\WINDOWS\system32\639774\639774.dll O2 - BHO: 795367 helper - {F99BF686-DE30-4D22-B176-135B0E1BDF00} - C:\WINDOWS\system32\795367\795367.dll O2 - BHO: Editor plugin - {2FF5010D-FBAB-4307-B5B2-039C79CB6CEB} - gruws.dll O2 - BHO: H - {4F862FBA-1E2B-4072-9EA8-1FD3FECB86A1} - muscira.dll O2 - BHO: Flash Module - {7B8F2526-F0FD-4971-9CC9-A0B2DFB83031} - systemc.dll O2 - BHO: Gamburg provider - {D8E11460-0D64-4a20-BED9-BA68BED58342} - rppcs.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockots64.dll O3 - Toolbar: mkrndofl - {********-****-****-****-************} - C:\WINDOWS\mkrndofl.dll O4 - HKLM\..\Run: [Host Process] %userprofile%\svchost.exe O4 - HKLM\..\Run: [iesetup7b] iesetup7b.exe O4 - HKLM\..\RunServices: [iesetup7b] iesetup7b.exe O4 - HKLM\..\Run: [KernelFailCheck] C:\WINDOWS\syscheck.exe O4 - HKCU\..\Run: [libor] C:\WINDOWS\libor.exe O4 - HKLM\..\Run: [Sysctrls] mscntrl.exe O4 - HKLM\..\RunServices: [Sysctrls] mscntrl.exe O4 - HKCU\..\Run: [Sysctrls] mscntrl.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\winsyser.exe O21 - SSODL: tdomgafw - {********-****-****-****-************} - C:\WINDOWS\tdomgafw.dll O21 - SSODL: wetkadmr - {********-****-****-****-************} - C:\WINDOWS\wetkadmr.dll O23 - Service: MSSysInterv (MSSysInterv1) - Unknown owner - C:\WINDOWS\winself.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2bf41072-b2b1-21c1-b5c1-0305f4155515} C:\WINDOWS\system32\winsyser.exe v1.178 (02/05/08) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\CRSVS.exe O2 - BHO: 146955 helper - {85F74211-7C2B-4CB8-B80D-4DE1AC85B685} - C:\WINDOWS\system32\146955\146955.dll O2 - BHO: 172135 helper - {3DAA1309-18C3-45F2-B619-2E4DA208263F} - C:\WINDOWS\system32\172135\172135.dll O2 - BHO: 251851 helper - {9B1FA77E-8FCC-4558-A9F1-70F750A75B13} - C:\WINDOWS\system32\251851\251851.dll O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\CRSVS.exe O4 - HKLM\..\Run: [Microsoft Exchange Server Resource] msese.exe O4 - HKLM\..\Run: [Microsoft Service Evaluator Engin] mssee.exe O4 - HKLM\..\Run: [MSN Application] msnapp.exe O4 - HKLM\..\Run: [MSN Clients] msnclients.exe O4 - HKLM\..\Run: [MSN Live Login Mgr] wlloginmsgs.exe O4 - HKLM\..\Run: [Remote Heacle Deamon Security Audit] rhdsa.exe O4 - HKLM\..\Run: [Windows Advance Firewall Protection Service] wafps.exe O4 - HKLM\..\Run: [Windows Advanced GFX Devolping Software] wagfxds.exe O4 - HKLM\..\Run: [Windows Client Login Identafacation System] wclis.exe kzq5re.sys v1.177 (29/04/08) O2 - BHO: Min stor proj. - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll O2 - BHO: Min stor proj. - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - sincim32.dll O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ieav.exe O4 - HKLM\..\Run: [DDE Sharer] ddesharer.exe O4 - HKLM\..\Run: [Defrag FAT32] dfrgfat32.exe O4 - HKLM\..\Run: [Logon Agent] logonagt.exe O4 - HKLM\..\Run: [MNM Srv] mnmsrv.exe O4 - HKLM\..\Run: [Modifiet Amateur] C:\WINDOWS\system32\msl.exe O4 - HKCU\..\Run: [Modifiet Amateur] C:\WINDOWS\system32\msl.exe O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Win Updates] winupdates.exe O4 - HKLM\..\Run: [Windows Updates] updates.exe O4 - HKLM\..\Run: [WinLiveMessanger] wlliveapp.exe O4 - HKCU\..\Run: [WintelUpdate] C:\(Random Location)\(Random Name).exe service.sys nexkaqf.sys v1.176 (27/04/08) O2 - BHO: DVA Gate - {********-****-****-****-************} - C:\WINDOWS\gndarmbl***.dll O3 - Toolbar: wxdbpfvo - {********-****-****-****-************} - C:\WINDOWS\wxdbpfvo.dll O4 - HKLM\..\Run: [DCOM CNF] dcomcnf.exe O4 - HKLM\..\Run: [Microsoft Live 8.5] (Random 7 Letters).exe O4 - HKLM\..\RunServices: [Microsoft Live 8.5] (Random 7 Letters).exe O4 - HKLM\..\Run: [Windows has Layer] fixweb.exe O4 - HKLM\..\RunServices: [Windows has Layer] fixweb.exe O4 - HKLM\..\RunOnce: [Windows has Layer] fixweb.exe O4 - HKCU\..\Run: [Windows has Layer] fixweb.exe O4 - HKCU\..\RunOnce: [Windows has Layer] fixweb.exe O4 - HKLM\..\Run: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe O4 - HKLM\..\RunServices: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe O4 - HKLM\..\Run: [x86 Kernel] krnlx86.exe O21 - SSODL: bdkpfxqw - {********-****-****-****-************} - C:\WINDOWS\bdkpfxqw.dll O21 - SSODL: qadovnel - {********-****-****-****-************} - C:\WINDOWS\qadovnel.dll hqiopa.sys v1.175 (26/04/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\winlogon.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\,),)W))W))*.exe O2 - BHO: 717305 helper - {963916CD-6311-485D-93DC-3BD1B9E2D2CB} - C:\WINDOWS\system32\717305\717305.dll O4 - HKLM\..\Run: [Service Defender] C:\WINDOWS\system32\,),)W))W)*.exe O4 - HKLM\..\Run: [CHK Disker] chkdsker.exe O4 - HKLM\..\Run: [Cli Confg] cliconfig.exe O4 - HKLM\..\Run: [Clip Srv] clipsv.exe O4 - HKLM\..\Run: [cScripts] cscripts.exe O4 - HKLM\..\Run: [iPSec7] ipsec7.exe O4 - HKLM\..\Run: [iPX Router] ipxrouter.exe O4 - HKLM\..\Run: [Live Messanger] wllmsngr.exe O4 - HKLM\..\Run: [MQT Svc] mqtsvc.exe O4 - HKLM\..\Run: [MS Initial] mstinitial.exe O4 - HKLM\..\Run: [MSN Popup Blocker] msnpopblck.exe O23 - Service: Messenger Sharing USN Journal Service - Unknown owner - C:\WINDOWS\usnsv.exe O23 - Service: ServiceHost32 - Unknown owner - C:\WINDOWS\System32\ServiceHost32.exe O23 - Service: Windows NT application - Unknown owner - C:\WINDOWS\winlogon.exe O23 - Service: Windows Security Center - Unknown owner - C:\WINDOWS\system32\winmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe" uazpiq.sys v1.174 (24/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\W,),),W,))),)W)W,,,WWWW))WWW),WW.exe O2 - BHO: DVA Gate - {********-****-****-****-************} - C:\WINDOWS\qnmargol***.dll O2 - BHO: 382077 helper - {F0A035EC-C865-4E47-BF73-B17741DD5232} - C:\WINDOWS\system32\382077\382077.dll O2 - BHO: 433424 helper - {CB3CB6CA-11C3-462B-BC97-FB3E34A34431} - C:\WINDOWS\system32\433424\433424.dll O2 - BHO: 565379 helper - {74031029-077F-4965-8ADD-48B783B00ABD} - C:\WINDOWS\system32\565379\565379.dll O2 - BHO: 609856 helper - {59B964D9-C9D7-4AA0-9F28-C49F8EC10B67} - C:\WINDOWS\system32\609856\609856.dll O2 - BHO: 736876 helper - {66295A43-B9CA-4BF9-BC8D-C3AEBE123C3C} - C:\WINDOWS\system32\736876\736876.dll O2 - BHO: 814810 helper - {DC59D6DA-7CDE-4874-9F97-41C82C177069} - C:\WINDOWS\system32\814810\814810.dll O4 - HKCU\..\Run: [AdobeManager] "%AppData%\Adobe\rundtl.exe" -sys O4 - HKLM\..\Run: [Ci Svr] cisvr.exe O4 - HKLM\..\Run: [Clean Mgr] cleanmg.exe O4 - HKLM\..\Run: [Ghost Relay] C:\WINDOWS\system32\W,),),W,))),)W)W,,,WWWW))WWW),WW.exe O4 - HKLM\..\Run: [iExplore Ini] ie4uini.exe O4 - HKLM\..\Run: [iExpresser] iexpresser.exe O4 - HKCU\..\Run: [mdp] rundll32.exe %AppData%\Adobe\mdp.dll,InitSys O4 - HKLM\..\Run: [Microsoft Windows Express] websploit.exe O4 - HKLM\..\RunServices: [Microsoft Windows Express] websploit.exe O4 - HKLM\..\Run: [MSN User Server!] msnservices.exe O4 - HKLM\..\Run: [Task manager] taskmngr.exe O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe O4 - HKCU\..\Run: [Task manager] taskmngr.exe O4 - HKLM\..\Run: [Windows Security Survy] svchosl.exe O4 - HKLM\..\RunServices: [Windows Security Survy] svchosl.exe O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\msconfig32.exe" O20 - Winlogon Notify: divxrs - C:\WINDOWS\system32\divxrs.dll O20 - Winlogon Notify: ibudu - C:\WINDOWS\system32\ibudu.dll O20 - Winlogon Notify: ibuntu - C:\WINDOWS\system32\ibuntu.dll O23 - Service: ActiveSMART Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Advanced Networking Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Amazon Unbox Video Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Ati HotKey (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Aventail VPN Client (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Axon Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: BlueSoleilCS (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: BT Modem Lock (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: CMG Shield (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Cognos ReportNet (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: CommServer (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Creative Labs Licensing (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: DeepSight Extractor Service for NP08 (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Dell Printer Status Watcher (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: DigiCtrl (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: DQLWinService (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Electronic Arts Licensing (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Electronic Arts Licensing Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: LXCCCustomerConnect (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Print Spooler Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: SolidWorks Licensing Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Wireless Adapter Configurator (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {196F6BD4-27EA-7FAF-F992-9342843C53B9} "C:\WINDOWS\system32\bt\Systemx.exe" dprot.sys fkjdfje.sys grande48.sys itcoe.sys kbd.sys krnllds.sys qandr.sys ydhqzop.sys zsqalpdt.sys v1.173 (20/04/08) F2 - REG:system.ini: UserInit=userinit.exe,%AppData%\ntos.exe, O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\qnmargol***.dll O2 - BHO: Pinch - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll O2 - BHO: PWS.LD.Pinch - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll O2 - BHO: Video - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll O2 - BHO: 432591 helper - {CD897D22-9C44-411E-808A-B79C7F90DC7E} - C:\WINDOWS\system32\432591\432591.dll O2 - BHO: CLinkerBHO Class - {A1FF3ECE-0EC3-4035-A67D-726A574748B8} - C:\WINDOWS\System32\AcroCLinker.dll O2 - BHO: iHelper - {A1FF3ECE-0EC3-4035-A67D-726A574748B8} - C:\WINDOWS\system32\iHelper.dll O2 - BHO: JavaClass - {C7BCFD25-5C30-4bcf-9483-6F151A54F7C9} - C:\WINDOWS\system32\iHelper.dll O3 - Toolbar: dpevflbg - {********-****-****-****-************} - C:\WINDOWS\dpevflbg.dll O4 - HKLM\..\Run: [BMonq] C:\WINDOWS\System32\bmonq.exe O4 - HKLM\..\Run: [Boot K] bootk.exe O4 - HKLM\..\Run: [Boot Verify] bootvfy.exe O4 - HKLM\..\Run: [DRM Upgrade] drmupgd.exe O4 - HKLM\..\Run: [DVD Upgrade] dvdupgd.exe O4 - HKLM\..\Run: [Font Viewer] fontviewer.exe O4 - HKLM\..\Run: [hotefix] msnmanegers.exe O4 - HKLM\..\RunServices: [hotefix] msnmanegers.exe O4 - HKLM\..\RunOnce: [hotefix] msnmanegers.exe O4 - HKCU\..\Run: [hotefix] msnmanegers.exe O4 - HKCU\..\RunOnce: [hotefix] msnmanegers.exe O4 - HKCU\..\Run: [liibr] C:\WINDOWS\liibr.exe O4 - HKLM\..\Run: [MS Paint] mspainter.exe O4 - HKLM\..\Run: [rsrvmon.exe] C:\WINDOWS\System32\drivers\rsrvmon.exe O4 - HKCU\..\Run: [SfKg6wIP] %AppData%\Microsoft\Windows\(RandomName).exe O4 - HKCU\..\Run: [SpeedRunner] %AppData%\SpeedRunner\SpeedRunner.exe O4 - HKLM\..\Run: [Sysctrls] win32dll.exe O4 - HKLM\..\RunServices: [Sysctrls] win32dll.exe O4 - HKCU\..\Run: [Sysctrls] win32dll.exe O4 - HKLM\..\Run: [system32WXBP Agent] C:\WINDOWS\system32WXBP.exe O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe O4 - HKCU\..\Run: [userinit] %AppData%\ntos.exe O4 - HKLM\..\Run: [Windows Services Aganters] (Random 10 Letter).exe O4 - HKLM\..\RunServices: [Windows Services Aganters] (Random 10 Letter).exe O4 - HKCU\..\Run: [Windows Services Aganters] (Random 10 Letter).exe O21 - SSODL: vadokmxt - {********-****-****-****-************} - C:\WINDOWS\vadokmxt.dll O21 - SSODL: wdpoefan - {********-****-****-****-************} - C:\WINDOWS\wdpoefan.dll njqzpir.sys widuxngq.sys v1.172 (18/04/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Mctray.exe O2 - BHO: PCTools - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll O2 - BHO: PCTools - {********-****-****-****-************} - C:\WINDOWS\pctools.dll O2 - BHO: 892267 helper - {25E0128D-AAFC-49FF-AB11-1F12C2FCC391} - C:\WINDOWS\system32\892267\892267.dll O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - %Windir%\system\wlcstp32.dll O2 - BHO: Codec pack - {C44Ad542-3B2E-ab42-32ba-a11651A36980} - C:\Program Files\Common Files\System\sys_vd4.dat O2 - BHO: 312191 helper - {E4E30C12-F249-43D5-ACE3-E0C380448648} - C:\WINDOWS\system32\312191\312191.dll O4 - HKLM\..\Run: [explorer] iexplore.exe O4 - HKLM\..\RunServices: [explorer] iexplore.exe O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\alm7tas.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\alm7tas.exe O4 - HKLM\..\Run: [Microsoft Manage Services] sychost.exe O4 - HKLM\..\Run: [Messenger Sharing Control] mnwsvc.exe O4 - HKLM\..\Run: [Remote Event System] resmsvc.exe O4 - HKLM\..\Run: [Remote Storage Access] rmasvc.exe O4 - HKLM\..\Run: [Remote Terminal Task] rtsbsvc.exe O4 - HKLM\..\Run: [System Config] sysloadcnf.exe O4 - HKLM\..\Run: [Windows debug logging] winlogg.exe O4 - HKLM\..\RunServices: [Windows debug logging] winlogg.exe O4 - HKCU\..\Run: [Windows debug logging] winlogg.exe O4 - HKLM\..\Run: [Windows live Messenger] msn.com O4 - HKLM\..\Run: [Windows Live Messenger Addon] wllivemsngr.exe O4 - HKLM\..\Run: [Windows logging] asgasg.exe O4 - HKLM\..\RunServices: [Windows logging] asgasg.exe O4 - HKCU\..\Run: [Windows logging] asgasg.exe O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\system32\mdm.exe O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\system32\mdm.exe O4 - HKLM\..\Run: [Windows Service Threads] svcthreading.exe O4 - HKLM\..\Run: [winlogon] c:\winlogon.exe O4 - HKCU\..\Run: [Wintl] %AppData%\Microsoft\Windows\msdred.exe O4 - HKLM\..\Run: [WPlayer] C:\windows\WPlayer.exe O21 - SSODL: SleepApp - {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\system32\sleep32.dll O23 - Service: (Random Name) - Unknown owner - C:\WINDOWS\system32\svshost.exe O23 - Service: (Random Name) - Unknown owner - C:\WINDOWS\system32\csrcs.exe O23 - Service: McAfee Security Agent Taskbar Extension. - Unknown owner - C:\WINDOWS\Mctray.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {56E511A3-51E1-A4CD-E2C1-A3A1214AA1AC} C:\WINDOWS\msdred.exe v1.171 (15/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\Client\svchost32.exe, O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\lgmxvpat***.dll O2 - BHO: WinSurf - {********-****-****-****-************} - %windir%\ps16sys.dll O2 - BHO: WinSurf - {********-****-****-****-************} - %windir%\winsurf.dll O2 - BHO: SearchHelper Class - {17C4A3BE-BFC0-4dea-A11C-77979ADBDB17} - C:\WINDOWS\system32\FeedMerge.dll O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - berg2.dll O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - tinox1.dll O2 - BHO: 729732 helper - {62CAE572-A9CC-4503-B338-20E06E5C9EDE} - C:\WINDOWS\system32\729732\729732.dll O2 - BHO: Gamburg provider - {937A3F9C-6D70-483f-804F-BB6C118FE760} - dsxmm.dll O2 - BHO: 403445 helper - {9E654A16-4765-4EAA-94EC-D5A6578053A4} - C:\WINDOWS\system32\403445\403445.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - %ProgramFiles%\Google\googletoolbar1.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - %UserProfile%\Google\googletoolbar1.dll O2 - BHO: Help - {CADB5E0F-0223-A58F-D6EF-326223BC90CA} - C:\WINDOWS\system\hnqtse32.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll O3 - Toolbar: qtvglped - {********-****-****-****-************} - C:\WINDOWS\qtvglped.dll O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll O4 - HKLM\..\Run: [VirusIsolator] C:\Program Files\VirusIsolator\VirusIsolator O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\(Random Name)v.exe O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe O21 - SSODL: omlbpkaw - {********-****-****-****-************} - C:\WINDOWS\omlbpkaw.dll O21 - SSODL: pmsoarbf - {********-****-****-****-************} - C:\WINDOWS\pmsoarbf.dll qaszpurn.sys v1.170 (12/04/08) O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\nslbvxpg***.dll O2 - BHO: Sofos - {********-****-****-****-************} - %Windir%\sofos16x.dll O2 - BHO: Sofos - {********-****-****-****-************} - %Windir%\sofos32x.dll O2 - BHO: 286858 helper - {63C02D81-F739-427C-907A-FA6B4FDB39A6} - C:\WINDOWS\system32\286858\286858.dll O3 - Toolbar: sgoblxtm - {********-****-****-****-************} - C:\WINDOWS\sgoblxtm.dll O4 - HKLM\..\Run: [pronto] (Random 4 Letter).exe O4 - HKLM\..\RunServices: [pronto] (Random 4 Letter).exe O21 - SSODL: dsktbwfe - {********-****-****-****-************} - C:\WINDOWS\dsktbwfe.dll O21 - SSODL: ogxtsepr - {********-****-****-****-************} - C:\WINDOWS\ogxtsepr.dll O21 - SSODL: oledll - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {4E854318-1FFB-B264-1032-711E005C6AAA} C:\WINDOWS\system32\cdp.exe v1.169 (10/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe, O2 - BHO: sm_ie_monitor.ie_monitor - {1077480F-C8C5-41FB-A4CA-06EA44A3D318} - C:\Program Files\SpyMaxx\sm_ie_monitor.dll O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll O2 - BHO: as_ie_monitor.ie_monitor - {BD73EBF4-BA5A-4C41-B13F-84E8CA5F2599} - C:\Program Files\AntispyStorm\as_ie_monitor.dll O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\IEBHO.dll O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\IEBHO**.dll O4 - HKLM\..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe O4 - HKLM\..\Run: [autoload] %appdata%\windowsupdate.exe O4 - HKCU\..\Run: [autoload] %appdata%\windowsupdate.exe O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb.exe O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb*.exe O4 - HKCU\..\Run: [kavir] C:\WINDOWS\kavir.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKLM\..\Run: [SpyMaxx] C:\Program Files\SpyMaxx\SpyMaxx.exe O4 - HKCU\..\Run: [spywareisolator] C:\Program Files\SpywareIsolator\spywareisolator.exe O4 - HKLM\..\Run: [win23.exe] win23.exe O4 - HKCU\..\Run: [win23.exe] win23.exe O4 - HKLM\..\Run: [Windll] C:\WINDOWS\windll.exe O4 - HKLM\..\Run: [Windows Offical Netvvorks] mywriter32.exe O4 - HKCU\..\Run: [Windows Offical Netvvorks] mywriter32.exe O4 - HKCU\..\Run: [XMLmedia 10.0] "C:\WINDOWS\system32\wmsdkns.exe" O21 - SSODL: (Random Name) - {********-****-****-****-************} - C:\WINDOWS\Resources\(Random Name).dll O23 - Service: MSSysInterv - Unknown owner - C:\WINDOWS\winself.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} %Windir%\Bifrost\bifrost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {08B0E5C0-4FCB-11CF-AAX5-00401C608512} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\autorun.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {08B0E5C0-4FCB-11CF-AAX5-81C01C608512} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {08B0E5C0-4FCB-11CF-AAX5-90401C608512} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {18B0E5C2-99CB-11CF-AXX5-00401C648513} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe zeqbqwp.sys v1.168 (09/04/08) O2 - BHO: Explorer - {2782DD1A-7F56-CACD-B700-602A8436709B} - "%Windir%\system\wlcstd32.dll O2 - BHO: 209789 helper - {5C78E2DB-5AFC-4A3B-9B9F-6AF136562E6F} - C:\WINDOWS\system32\209789\209789.dll O2 - BHO: 215651 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - C:\WINDOWS\system32\215651\215651.dll O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\system32\375013\375013.dll O2 - BHO: 394559 helper - {3602D2F2-1511-47B3-BCF3-78329701F1B5} - C:\WINDOWS\system32\394559\394559.dll O2 - BHO: 624855 helper - {0E9A703A-D3D3-4663-9DDB-8558A4EB46AB} - C:\WINDOWS\system32\624855\624855.dll O4 - HKLM\..\Run: [Windows modez Verifier] wuamguard.exe O4 - HKLM\..\RunServices: [Windows modez Verifier] wuamguard.exe O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\system32\head2.exe O4 - HKLM\..\Run: [Remote Services Manager] msrmsvc.exe O4 - HKLM\..\Run: [Windows Live Msgr] wllivemsgr.exe O4 - HKLM\..\Run: [Windows Live Messenger!] livemsngr.exe O23 - Service: LPTRDC server (LPTRDCsrv) - Unknown owner - C:\WINDOWS\ctfmon.exe v1.167 (06/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe O2 - BHO: DVA Media - {********-****-****-****-************} - C:\WINDOWS\temlxopqblp.dll O2 - BHO: FLW Viewer - {********-****-****-****-************} - C:\WINDOWS\cndr32a.dll O3 - Toolbar: vnbptxlf - {********-****-****-****-************} - C:\WINDOWS\vnbptxlf.dll O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe O4 - HKLM\..\Run: [MSN Live Client] msnlvclient.exe O4 - HKLM\..\Run: [winlogon] c:\windows\winlogon.exe O21 - SSODL: mgsvflkw - {********-****-****-****-************} - C:\WINDOWS\mgsvflkw.dll O21 - SSODL: qdnkewfa - {********-****-****-****-************} - C:\WINDOWS\qdnkewfa.dll O23 - Service: Microsoft XP TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\winxptcp.exe serazavr.log zalpqbj.sys v1.166 (04/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^^.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%%%.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\svchost32.exe, O2 - BHO: Media Codec - {********-****-****-****-************} - C:\WINDOWS\kiasys.dll O2 - BHO: Web Protection Module - {03C59006-FF31-11DC-A920-7C3956D89593} - C:\WINDOWS\system32\kwpm.dll O2 - BHO: Explorer - {3348D07C-7C5C-D2C4-CFBA-A47F82347C8B} - C:\WINDOWS\system32\wjcstd32.dll O2 - BHO: Helper - {5348C01C-0CAC-DFC1-C2B5-A17C8F346C5B} - C:\WINDOWS\system32\wicstd32.dll O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - c:\autoex.dll O4 - HKCU\..\Run: [aromis] C:\WINDOWS\aromis.exe O4 - HKLM\..\Run: [autoload] %appdata%\spool.exe O4 - HKCU\..\Run: [autoload] %appdata%\spool.exe O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^^.exe O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%%%.exe O4 - HKLM\..\Run: [Internet Security Service] mysqlwin32.exe O4 - HKLM\..\RunServices: [Internet Security Service] mysqlwin32.exe O4 - HKCU\..\Run: [Internet Security Service] mysqlwin32.exe O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor O4 - HKLM\..\Run: [msdefender.exe] C:\WINDOWS\system32\msdefender.exe O4 - HKLM\..\Run: [MSN File Sharing] msnusr.exe O4 - HKLM\..\Run: [MSN Update Service] msnupdsv.exe O4 - HKLM\..\Run: [Msshield.exe] C:\WINDOWS\Msshield.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe O4 - HKLM\..\Run: [System Manager] sysmngr.exe O4 - HKLM\..\Run: [WinDLL (bix.exe)] rundll32.exe C:\WINDOWS\System32\bix.exe,start O4 - HKLM\..\Run: [WinDLL (slsass.exe)] rundll32.exe C:\WINDOWS\System32\slsass.exe,start O4 - HKLM\..\Run: [WinDLL (start0s.exe)] rundll32.exe C:\WINDOWS\System32\start0s.exe,start O4 - HKLM\..\Run: [WinDLL (tqurity.exe)] rundll32.exe C:\WINDOWS\System32\tqurity.exe,start O4 - HKLM\..\Run: [Windows MSN Updates] C:\WINDOWS\System32\wnd32.exe O4 - HKCU\..\Run: [Windows MSN Updates] C:\WINDOWS\System32\wnd32.exe O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL O23 - Service: Google Online Services - Unknown owner - %UserProfile%\ie_updates3r.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\ctfmon.exe v1.165 (31/03/08) F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe" F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe O2 - BHO: ****** helper - {********-****-****-****-************} - C:\WINDOWS\system32\******\******.dll O2 - BHO: Codec pack - {b448d946-3623-42ab-ba32-c08651e36980} - C:\Program Files\Common Files\System\sys_vd4.dat O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\(Random Name).dll O4 - HKCU\..\Run: [aromis] C:\WINDOWS\aromis.exe O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^.exe O4 - HKLM\..\Run: [MSN Booster] msnbooster.exe O4 - HKLM\..\Run: [MSN UPSP] msnupnp.exe O4 - Global Startup: update.exe O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll O22 - SharedTaskScheduler: (Random Name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\(Random Name).dll O23 - Service: Management System (XSML) - Unknown owner - C:\WINDOWS\system32\sxml.exe v1.164 (29/03/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\wspl.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsnpoema.exe, O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\WINDOWS\svpekgon***.dll O3 - Toolbar: stfngdvw - {********-****-****-****-************} - C:\WINDOWS\stfngdvw.dll O4 - HKCU\..\Run: [bigoris] C:\WINDOWS\bigoris.exe O4 - HKLM\..\Policies\Explorer\Run: [DvVideo32] dvvid32.exe O4 - HKLM\..\Run: [Msn Boot] msnbootcfg.exe O4 - HKLM\..\Run: [MSN Software] msnsoftware.exe O4 - HKLM\..\Run: [ToolHelp] hwpv.exe O21 - SSODL: fkdnrwsv - {********-****-****-****-************} - C:\WINDOWS\fkdnrwsv.dll O21 - SSODL: sxfnewqb - {********-****-****-****-************} - C:\WINDOWS\sxfnewqb.dll O23 - Service: CxEvtSvc - Unknown owner - C:\WINDOWS\System32\CxEvtSvc.exe v1.163 (28/03/08) O2 - BHO: Connection Optimizer - {20DB9EAE-C9AA-11DC-BD97-09A456D89593} - C:\WINDOWS\system32\ssa.dll O2 - BHO: DiginkBHO Class - {73fc67a7-bdd3-48d0-b358-3a11bab21720} - C:\WINDOWS\TinyBHO.dll O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - comd32.dll O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll O4 - HKLM\..\Run: [Microsoft Services] msmpserv.exe O4 - HKLM\..\Run: [MSN Manager] msnmgrsv.exe O4 - HKLM\..\Run: [MSN User Service!] msnserv.exe O4 - HKLM\..\Run: [MSN User Services] msnuserv.exe O4 - HKLM\..\Run: [Windows Booter] winboot.exe v1.162 (26/03/08) O2 - BHO: Media Player Codec - {********-****-****-****-************} - C:\WINDOWS\dsaip32b.dll O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll O2 - BHO: FeedBack 0.2 - {C0FF3949-2B75-4C1A-970E-BF98CC6A32C6} - C:\Windows\System32\dass.dll O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntnkwd.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe O4 - HKLM\..\Run: [{**-**-**-**-**}] C:\WINDOWS\system32\rwwnw64d.exe DWram O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntnkwd.exe DWram O4 - HKLM\..\Run: [MSN File Sharing!] msnuser.exe O4 - HKLM\..\Run: [MSN Serv] msmsnserv.exe O4 - HKLM\..\Run: [Msn Serv] msnserv.exe O4 - HKLM\..\Run: [MSN Server] msmsnserver.exe O4 - HKLM\..\Run: [MSN Settings] msnsettings.exe O4 - HKLM\..\Run: [MSN User] mymsnusr.exe O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart v1.161 (25/03/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe, O4 - HKLM\..\Run: [Msn Startup] msnstartup.exe O4 - HKLM\..\Run: [MSN User Server] msnserver.exe O4 - HKLM\..\Run: [Windows Boot] windowsboot.exe O4 - HKLM\..\Run: [Windows Conf] windowsconf.exe O4 - HKLM\..\Run: [Windows Driver!] windriver.exe v1.160 (24/03/08) O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\Windows\dwvdwnq***.dll O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\WINDOWS\kdftlboe***.dll O2 - BHO: Helper - {5145C41C-1CEC-DDCB-CAB9-A47C8B346251} - C:\WINDOWS\system32\whcstd32.dll O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Program Files\Helper\**********.dll O2 - BHO: Gamburg provider - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - %System%\msindc.dll O3 - Toolbar: ewrssvw - {********-****-****-****-************} - C:\WINDOWS\ewrssvw.dll O3 - Toolbar: qvdntlmw - {********-****-****-****-************} - C:\WINDOWS\qvdntlmw.dll O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\system32\bskl***.exe"/r O4 - HKLM\..\Run: [LSA Shellu] %UserProfile%\lsass.exe O4 - HKLM\..\Run: [Microsoft Update] rxbot2.exe O4 - HKLM\..\RunServices: [Microsoft Update] rxbot2.exe O4 - HKCU\..\Run: [Microsoft Update] rxbot2.exe O4 - HKLM\..\Run: [Msn Host] msnhost.exe O4 - HKLM\..\Run: [Msn Loader] msnloader.exe O4 - HKLM\..\Run: [Mss Serv] msssrv.exe O4 - HKLM\..\Run: [windll] windll.exe O4 - HKLM\..\Run: [Windows Configurator] winconf.exe O4 - HKLM\..\Run: [Windows System] winsystem.exe O4 - HKLM\..\Run: [Windows System Manager] winsysmgr.exe O21 - SSODL: aflqfkw - {********-****-****-****-************} - C:\Windows\aflqfkw.dll O21 - SSODL: btpqkmo - {********-****-****-****-************} - C:\Windows\btpqkmo.dll O21 - SSODL: dwnrpofk - {********-****-****-****-************} - C:\WINDOWS\dwnrpofk.dll O21 - SSODL: vbgtorfd - {********-****-****-****-************} - C:\WINDOWS\vbgtorfd.dll O23 - Service: Google Online Search Service - 2nd - Unknown owner - C:\WINDOWS\system32\winlast.exe v1.159 (20/03/08) O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - %Windir%\ausctv32a.dll O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\iesearch.dll O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\search.dll O2 - BHO: Gamburg provider - {CA462103-CC5D-4b2e-95D6-01636A838DCB} - hkcom32.dll O2 - BHO: Gamburg provider - {CA462103-CC5D-4b2e-95D6-01636A838DCB} - tkcom32.dll O2 - BHO: Gamburg provider - {FFFFFFFF-5FBA-43f9-B7DB-2FD61EB25275} - tkcom32.dll O2 - BHO: Gamburg provider - {FFFFFFFF-5FBA-43f9-B7DB-2FD61EB25275} - hkcom32.dll O4 - HKLM\..\Run: [Boot Conf] bootconf.exe O4 - HKLM\..\Run: [Boot Config] bootconfig.exe O4 - HKLM\..\Run: [DriveSystem] C:\WINDOWS\system32\maxpaynowti1.exe O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe O4 - HKLM\..\Run: [MSN Config Mgr] msnconfigs.exe O4 - HKLM\..\Run: [User Debug Manager] usndebug.exe O4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [SystemDrive] C:\WINDOWS\system32\maxpaynow1.exe O4 - HKLM\..\Run: [System Manager] sysmgr.exe O4 - HKLM\..\Run: [Wifi Boot] wifiboot.exe O4 - HKLM\..\Run: [Wifi Booter] wifibooter.exe O4 - HKLM\..\Run: [Wifi Configuration] wificonfig.exe O4 - HKLM\..\Run: [Wifi Configuration!] wificonfigs.exe O4 - HKLM\..\Run: [Wifi Connection] wificon.exe O4 - HKLM\..\Run: [Wifi Connection!] wificonnect.exe O4 - HKLM\..\Run: [Wifi Debug] wifidebug.exe O4 - HKLM\..\Run: [Wifi Loader] wifiload.exe O4 - HKLM\..\Run: [Wifi Loader!] wifiloader.exe O4 - HKLM\..\Run: [Wifi Setup] wifisetup.exe O4 - HKLM\..\Run: [Win Defrag] windfrag.exe O4 - HKLM\..\Run: [Win Defrag!] windefrag.exe O4 - HKLM\..\Run: [Win Defrags] defrag.exe O4 - HKLM\..\Run: [Windows 32-bit DLL Integrity Verifier] dllrun.exe O4 - HKLM\..\RunServices: [Windows 32-bit DLL Integrity Verifier] dllrun.exe O4 - HKLM\..\Run: [Windows Boot] winboot.exe O4 - HKLM\..\Run: [Windows Booter!] winbooter.exe O4 - HKLM\..\Run: [Windows Config] winconfig.exe O4 - HKLM\..\Run: [Windows Default Server] winampa.exe O4 - HKLM\..\Run: [Windows Driver] windrive.exe O4 - HKLM\..\Run: [Windows Drivers] windrivers.exe O4 - HKLM\..\Run: [Windows Server] winserv.exe O4 - HKLM\..\Run: [Windows Server!] winsvr.exe O4 - HKLM\..\Run: [Windows Services Guide] svcguides.exe O4 - HKLM\..\Run: [Windows Spool] winspool.exe O21 - SSODL: WLogon - {C222CF11-145F-2FF2-31AC-F613D471C63D} - C:\WINDOWS\system32\wlogon32.dll O23 - Service: 1Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlegal.exe O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\system32\wnslogan.exe v1.158 (17/03/08) O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - C:\Program Files\Helper\**********.dll O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - berg2.dll O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll O2 - BHO: Gamburg provider - {FFFFFFFF-8F0D-4322-B01F-B42439E0B71C} - hkcom32.dll O4 - HKLM\..\Run: [Serices Hostin] servicez.exe O4 - HKLM\..\Run: [Services Manager!] svmanager.exe O4 - HKLM\..\Run: [Services Manager] svsmanager.exe O4 - HKLM\..\Run: [Services Managers] svcmanager.exe O4 - HKLM\..\Run: [SystemMigration] C:\WINDOWS\WinMedia.exe O4 - HKLM\..\Run: [Windows Hosts] winhosts.exe O4 - HKLM\..\Run: [Windows Services B-Runner] svcbrun.exe O4 - HKLM\..\Run: [Windows Services B-Runner] svcbrunner.exe O4 - HKLM\..\Run: [Windows Services Jog] svcjog.exe O4 - HKLM\..\Run: [Windows Services Jogging] svcjogging.exe O4 - HKLM\..\Run: [Windows Services Joging] svcjoging.exe O4 - HKLM\..\Run: [Windows Spooler] winsplr.exe v1.157 (14/03/08) O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\WinSecureAv\Tools\pblock.dll O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - sbmdl.dll O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\WinSecureAv\Tools\sbiebho.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - sbmdl.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: Gamburg provider - {FFFFFFFF-8F0D-4322-B01F-B42439E0B71C} - tkcom32.dll O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\WinSecureAv\bm.exe" * O4 - HKLM\..\Run: [MS Host] msthost.exe O4 - HKLM\..\Run: [MS Hosts] msthosts.exe O4 - HKLM\..\Run: [Mss VC] mssvc.exe O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\WinSecureAv\pgs.exe" /empty O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSecureAv\ptask.exe O4 - HKLM\..\Run: [Servicer] servcr.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [some] scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKLM\..\Policies\Explorer\Run: [start] sbmntr.exe O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\WINSEC~1\ugac.exe" -start O4 - HKLM\..\Run: [Windows Services Certification] svccert.exe O4 - HKLM\..\Run: [Windows Services Jog] svcjogg.exe O4 - HKLM\..\Run: [Windows Services Joger] svcjoger.exe O4 - HKLM\..\Run: [Windows Services Tower] svctowing.exe O4 - HKLM\..\Run: [WinSecureAv] C:\Program Files\WinSecureAv\pgs.exe O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.(site name).com/redirect.php O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.(site name).com/redirect.php v1.156 (12/03/08) F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe O2 - BHO: e404 helper - {D4FEDE82-C500-4AA4-BB99-A4DAE5A65A46} - C:\Program Files\Helper\**********.dll O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe O4 - HKLM\..\Run: [Application Layer Scheduler] agtsvc.exe O4 - HKLM\..\Run: [Windows Global Init] ngpsvc.exe O4 - HKLM\..\Run: [Windows Scheduler] wmscheduler.exe O4 - HKLM\..\Run: [Windows Scheduler!] scheduler.exe O4 - HKLM\..\Run: [Windows Services Guide] svcguide.exe O4 - HKLM\..\Run: [Microsoft Spool 11 Service] spool11.exe O4 - HKLM\..\Run: [Microsoft Spool 12 Service] spool12.exe O4 - HKLM\..\Run: [Microsoft Spool 13 Service] spool13.exe O4 - HKLM\..\Run: [Microsoft Spool 14 Service] spool14.exe O4 - HKLM\..\Run: [Microsoft Spool 15 Service] spool15.exe O4 - HKLM\..\Run: [Microsoft Spool 16 Service] spool16.exe O4 - HKLM\..\Run: [Microsoft Spool 17 Service] spool17.exe O4 - HKLM\..\Run: [Microsoft Spool 18 Service] spool18.exe O4 - HKLM\..\Run: [Microsoft Spool 19 Service] spool19.exe O4 - HKLM\..\Run: [Microsoft Spool 20 Service] spool20.exe O4 - HKLM\..\Run: [Microsoft Spool 21 Service] spool21.exe O4 - HKLM\..\Run: [Microsoft Spool 22 Service] spool22.exe O4 - HKLM\..\Run: [Microsoft Spool 23 Service] spool23.exe O4 - HKLM\..\Run: [Microsoft Spool 24 Service] spool24.exe O4 - HKLM\..\Run: [Microsoft Spool 25 Service] spool25.exe O4 - HKLM\..\Run: [Microsoft Spool 26 Service] spool26.exe O4 - HKLM\..\Run: [Microsoft Spool 27 Service] spool27.exe O4 - HKLM\..\Run: [Microsoft Spool 28 Service] spool28.exe O4 - HKLM\..\Run: [Microsoft Spool 29 Service] spool29.exe O4 - HKLM\..\Run: [Microsoft Spool 30 Service] spool30.exe O4 - HKLM\..\Run: [Microsoft Spool 87 Service] spool87.exe O4 - HKLM\..\Run: [Microsoft Spool Service] spool23.exe O4 - HKLM\..\Run: [Microsoft Urlmon] "C:\WINDOWS\system32\urlmon.exe" -r O4 - HKLM\..\Run: [Windows Explorer Services] exploresys.exe O4 - HKLM\..\Run: [Windows Service Threads] svcthreads.exe O4 - HKLM\..\Run: [Windows Services Tower] svctowers.exe O4 - HKLM\..\Run: [Windows Task Mgr] mstasks.exe O4 - HKLM\..\Run: [Windows Task Mgr!] mstasker.exe O4 - HKLM\..\Run: [Windows Media Server] wmserv.exe O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1sv.exe v1.155 (10/03/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\pdf.exe O2 - BHO: RDL Rolex - {********-****-****-****-************} - C:\WINDOWS\drnpfdx***.dll O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\shwol.dll O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\socks_bot.dll O2 - BHO: Gamburg provider - {FD29313B-391A-4691-AF33-5A29C4EC6339} - bnsock.dll O3 - Toolbar: etlrlws - {********-****-****-****-************} - C:\WINDOWS\etlrlws.dll O21 - SSODL: altvxvm - {********-****-****-****-************} - C:\WINDOWS\altvxvm.dll O21 - SSODL: bokpkov - {********-****-****-****-************} - C:\WINDOWS\bokpkov.dll O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe O23 - Service: Print2Email - Unknown owner - C:\WINDOWS\pdf.exe v1.154 (08/03/08) O2 - BHO: Simple Search Assistant - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - C:\WINDOWS\system32\ssa.dll O2 - BHO: RDL Rolex - {0CB4765E-BF84-461A-B820-E61D8CD7A9E2} - C:\WINDOWS\dkxrstqqlx.dll O2 - BHO: SWF Data - {35D2328C-B75A-81BF-081C-B1E9DC54F3EE} - C:\WINDOWS\system\wlcstd32.dll O2 - BHO: RDL Rolex - {3D775ACD-B37F-4341-B671-CB4DE6712EDF} - C:\WINDOWS\dkxrstqmnr.dll O2 - BHO: RDL Rolex - {5BDFEFB8-2E48-40AC-B22B-CC96DBA71FDF} - C:\WINDOWS\dkxrstqxqp.dll O2 - BHO: RDL Rolex - {6BF442E4-D165-46BD-B4B9-D6A69F1C20BA} - C:\WINDOWS\dkxrstqglq.dll O2 - BHO: RDL Rolex - {83BA32CB-81AD-44A3-A0BE-9924A258931C} - C:\WINDOWS\dkxrstqvql.dll O2 - BHO: e404 helper - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - C:\Program Files\Helper\*********.dll O2 - BHO: RDL Rolex - {9BD36596-E80E-47C6-A391-0AF979F2A24B} - C:\WINDOWS\dkxrstqgmp.dll O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\WINDOWS\system32\msram.dll O2 - BHO: RDL Rolex - {B52BAFD4-FD07-4445-A602-CCF49BC2D6E3} - C:\WINDOWS\dkxrstqqgr.dll O2 - BHO: Windows Media Player - {D480850D-85D1-4836-9AEA-86C185CDAE29} - C:\WINDOWS\wmpdxm.dll O2 - BHO: RDL Rolex - {DE875416-E26A-40B2-B3AA-1D2AF0EA09FE} - C:\WINDOWS\dkxrstqxdw.dll O2 - BHO: RDL Rolex - {EB2963E8-6425-4723-809D-7D8785740590} - C:\WINDOWS\dkxrstqlkd.dll O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll O2 - BHO: Windows Media Player - {F3167A8F-30FF-4BA1-9FF8-03568E53BC1A} - C:\WINDOWS\wmpdxm.dll O2 - BHO: Windows Media Player - {F757B0A0-E8CA-4CC3-BFF5-DECD70DFEEDA} - C:\WINDOWS\wmpdxm.dll O3 - Toolbar: enlfxgw - {039A1FE2-1C56-4FBD-B9B1-86BC650F1867} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {66C3B7DA-D037-41F3-A951-55D7B85DE097} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {6F935236-97C7-42A0-AD79-AD299EB60E83} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {959BA9FF-BE80-4A4A-8BB7-7650FD5155A2} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {A133882E-2F89-47A3-A01C-8FA1D04B8E57} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {A61C6CD7-49E2-4A57-B1BB-6F23DA1DBDF0} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {B01B1DB1-AEBB-4920-A353-88E1C97BCA2E} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {BB834DE7-ADD8-49ED-826A-3DE15ED23A44} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {BB99C038-EEE6-44F9-9F70-821824438961} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {D2F58A1B-3FF2-4789-824F-F6000B9E9A78} - C:\WINDOWS\enlfxgw.dll O4 - HKLM\..\Run: [advap32] "%userprofile%\~tmp1174.exe" /r O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\TEMP\loader.exe" /r O4 - HKLM\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe O4 - HKLM\..\Run: [Disk Panel Setup] npcsvc.exe O4 - HKLM\..\Run: [MalwareCrush] C:\Program Files\MalwareCrush\MalwareCrush.exe /h O4 - HKLM\..\Run: [Media Server] msdts.exe O4 - HKLM\..\Run: [Media Transfer Protocals] msstc.exe O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKLM\..\Run: [OS Boot Configuration] nspsvc.exe O4 - HKLM\..\Run: [Spooler Host] smhost.exe O4 - HKLM\..\Run: [Windows Instruction Services] winstruct32.exe O4 - HKLM\..\Run: [Windows Keyboard Services] winkeyboard.exe O4 - HKLM\..\Run: [Windows Media Server!] wmserver.exe O4 - HKLM\..\Run: [Windows Mouse Services] winmouse.exe O4 - HKLM\..\Run: [Windows Mouse Services] winmouse64.exe O4 - HKLM\..\Run: [Windows Network Session] nspsvc.exe O4 - HKLM\..\Run: [Windows Protected Storage] npssvc.exe O4 - HKLM\..\Run: [Windows Relay Service] ipcbind.exe O4 - HKLM\..\Run: [Windows Relay Service] irfnga.exe O4 - HKLM\..\Run: [Windows Virus Scanner] winvsvc.exe O4 - HKLM\..\Run: [WinMed] winmed.exe O23 - Service: 1Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlugan.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe v1.153 (05/03/08) O2 - BHO: RDL Rolex - {A3F21B85-2164-4C17-B5C8-A7E93540F8D6} - C:\WINDOWS\dkxrstqqxn.dll O2 - BHO: Windows Media Player - {E01D62BE-3C96-4165-A54F-1A51CD75D6F9} - C:\WINDOWS\wmpdxm.dll O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\windows\system\nadlocop.exe O4 - HKLM\..\Run: [Microsoft machine] blah.exe O4 - HKLM\..\RunServices: [Microsoft machine] blah.exe O4 - HKLM\..\Run: [Windows System32] explorer.exe O4 - HKLM\..\RunServices: [Windows System32] explorer.exe O4 - HKCU\..\Run: [Windows System32] explorer.exe O4 - HKCU\..\RunServices: [Windows System32] explorer.exe O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide O21 - SSODL: mtkle - {********-****-****-****-************} - C:\WINDOWS\System32\(Random Name)32.dll O23 - Service: Microsoft Logitech WLAN - Unknown owner - C:\WINDOWS\system32\dllcache\mslw.exe v1.152 (04/03/08) O2 - BHO: Windows Media Player - {7DB0A0E2-FD42-43AE-A12A-760DBBC3C876} - C:\WINDOWS\wmpdxm.dll O2 - BHO: RDL Rolex - {83BA32CB-81AD-44A3-A0BE-9924A258931C} - C:\WINDOWS\dkxrstqvql.dll O2 - BHO: Windows Media Player - {AFCB0C91-199F-4C49-9F62-09F8CBDAD17A} - C:\Windows\wmpdxm.dll O2 - BHO: RDL Rolex - {B8C5A2C9-639D-4A41-991C-005412790C99} - C:\WINDOWS\dkxrstqgxt.dll O2 - BHO: RDL Rolex - {BF108732-DF6A-4644-BC03-F04EB71763BF} - C:\WINDOWS\dkxrstqnog.dll O2 - BHO: RDL Rolex - {EC24DF10-9E45-4237-91A6-FEFA2237AF0C} - C:\WINDOWS\dkxrstqxwf.dll O3 - Toolbar: enlfxgw - {1E19EB78-46F9-43F8-93ED-BABF7B8CB2E7} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {41E5536C-D06D-4891-BF9B-BB511A803221} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {5CE71183-A2DF-4834-9D2F-8BA58000126A} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {C5C1C68B-79A3-461B-BF41-410CF67FABB4} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {DC1F4DE1-96E6-421E-888A-B7B2586D85CA} - C:\WINDOWS\enlfxgw.dll O4 - HKLM\..\Run: [Microsoft DLL Service] servicedll.exe O4 - HKLM\..\Run: [Microsoft Service 32] mssvc32.exe O4 - HKLM\..\RunServices: [Microsoft Service 32] mssvc32.exe O4 - HKLM\..\Run: [Microsoft Service 32] mssvc32.exe O4 - HKLM\..\RunOnce: [Microsoft Service 32] mssvc32.exe O4 - HKLM\..\Run: [MSN Configuration] msnconfig.exe O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe O4 - HKLM\..\Run: [User Sharing Wizard] usnshare.exe O4 - HKLM\..\Run: [Windows Default Server] wfdmgrsp.exe O4 - HKLM\..\Run: [Windows DotFix live] msdotfix.exe O4 - HKLM\..\Run: [Windows File XP Manager] wfdmgr.exe O4 - HKLM\..\Run: [Windows Logical Adapter] wsrsvc.exe O4 - HKLM\..\Run: [Windows Memory Running Services] memrun.exe O4 - HKLM\..\Run: [Windows Taskmanager] winpifviewer.exe v1.151 (03/03/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe, O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - bnsock.dll O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - klsock.dll O2 - BHO: RDL Rolex - {1F7CAFA7-9AB3-4198-A8B4-671DD6A73153} - C:\WINDOWS\dkxrstqdgn.dll O2 - BHO: mIRC Addon - {20222418-0727-4AD7-9B49-828A739CF858} - C:\WINDOWS\system32\msram.dll O2 - BHO: mIRC Addon - {20222418-0727-4AD7-9B49-828A739CF858} - C:\WINDOWS\system32\opa.dll O2 - BHO: RDL Rolex - {39E6E4A6-E6C3-48D7-8D25-7E964D8CD46F} - C:\WINDOWS\dkxrstqxrw.dll O2 - BHO: RDL Rolex - {527F343F-EED0-4B39-B7A7-F3FD23AB5095} - C:\WINDOWS\dkxrstqvrl.dll O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll O2 - BHO: RDL Rolex - {67BD0CC9-32AC-4F66-A5AF-E98D90ED556E} - C:\WINDOWS\dkxrstqqlv.dll O2 - BHO: RDL Rolex - {A817505E-AB08-40AB-AD4D-643831AE697A} - C:\WINDOWS\dkxrstqofr.dll O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - %Temp%\ieobj.dll O2 - BHO: RDL Rolex - {BA06C18F-C952-4BC7-BED6-00EEB2BA8C2A} - C:\WINDOWS\dgtxrdfrnq.dll O2 - BHO: RDL Rolex - {CA61B4B8-53F9-49A0-A712-6BD8B671E321} - C:\WINDOWS\dkxrstqrwx.dll O2 - BHO: RDL Rolex - {CD6E6FC0-7BED-4DE5-B37E-FB7CF0A567DF} - C:\WINDOWS\dkxrstqwkx.dll O3 - Toolbar: enlfxgw - {19548442-F344-4F08-A1D3-26C3B696F790} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {54FCE476-E78F-4405-951C-4163DBA7D286} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {9CF5CD0B-DED8-4AEC-9B00-80C9BCB9067D} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {C2448512-8C95-4034-8D0E-F1F3C4EC369B} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {C37757F5-7FB4-4273-B3BE-E81667449196} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: ekvgsnw - {D951325C-D0D2-4F21-BB7F-7D9B41193908} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: enlfxgw - {E4C0E700-8988-4D34-A531-CE8092750335} - C:\WINDOWS\enlfxgw.dll O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe O4 - HKLM\..\Run: [Disk Essensial Tools] detsvc.exe O4 - HKLM\..\Run: [Disk Panel Configuration] dpcsvc.exe O4 - HKLM\..\Run: [Flash Media] %Temp%\services.exe O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe O4 - HKLM\..\Run: [Microsoft Calculator] calc.exe O4 - HKLM\..\Run: [Microsoft Information Check] microsoft.exe O4 - HKLM\..\Run: [Microsoft Internet Antivirus Protection] antivirus.exe O4 - HKLM\..\Run: [Microsoft Internet Explorer Update] ieupdate.exe O4 - HKLM\..\Run: [Microsoft Internet Firewall] firewall.exe O4 - HKLM\..\Run: [Microsoft Internet Firewall Update] updater.exe O4 - HKLM\..\Run: [Microsoft Norton Antivirus] norton.exe O4 - HKLM\..\Run: [Microsoft System Monitor] system.exe O4 - HKLM\..\Run: [Microsoft Viewer Monitor Manager] viewmon.exe O21 - SSODL: apdqnxp - {********-****-****-****-************} - C:\WINDOWS\apdqnxp.dll O21 - SSODL: btrklfr - {********-****-****-****-************} - C:\WINDOWS\btrklfr.dll O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - %Temp%\~~install.dll v1.150 (01/03/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\schedhlp.exe O2 - BHO: RDL Rolex - {0E1A3F96-7459-46B7-848F-6E3A39B2398D} - C:\WINDOWS\dgtxrdfoqs.dll O2 - BHO: RDL Rolex - {6027FDCA-AE2C-438B-8535-3A96C154F97C} - C:\WINDOWS\dgtxrdfqnt.dll O2 - BHO: Flash Module - {6B1A0BFB-3B26-49c5-B699-F5692C673597} - ktaskr.dll O2 - BHO: Flash Module - {6B1A0BFB-3B26-49c5-B699-F5692C673597} - btaskv.dll O2 - BHO: RDL Rolex - {7B6C5DCC-59DE-407C-933D-DEBC2CEFC394} - C:\WINDOWS\dgtxrdfmng.dll O2 - BHO: Windows Media Player - {7CF52009-F408-49AE-BBCB-6279CB53BB42} - C:\WINDOWS\wmpdxm.dll O2 - BHO: e404 helper - {ACD587E9-0E47-4CBE-ABCD-7DD20B86F310} - C:\Program Files\s300\s300_**********.dll O2 - BHO: RDL Rolex - {C2A24021-8E30-4C40-8266-844A2746CA3B} - C:\WINDOWS\dgtxrdfmdl.dll O2 - BHO: RDL Rolex - {D63D92ED-3213-4E4E-B1BB-F612BC8B0068} - C:\WINDOWS\dgtxrdfqgk.dll O2 - BHO: RDL Rolex - {F2D6DA3F-061A-42FB-83E8-80FBDE005898} - C:\WINDOWS\dgtxrdfnfq.dll O3 - Toolbar: ekvgsnw - {27E82F45-2A53-4909-8462-206A43EC5359} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {4B438719-5135-42C8-B47F-83E93572FD1E} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {C04BC04E-1F31-4C85-801C-ACE5B1E84251} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {C8241E4D-67AB-4AFB-AA37-A65D5930E1EE} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {D7869ECF-6683-40A2-AEC2-3870FD2BCB22} - C:\WINDOWS\ekvgsnw.dll O4 - HKLM\..\Run: [Disk Defragmentation Loader] pmsvcr.exe O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKLM\..\Run: [Program Access Service] (Random 10 Letter).exe O4 - HKLM\..\RunServices: [Program Access Service] (Random 10 Letter).exe O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\s300\s300_1204076086.dll" O4 - HKLM\..\Run: [Windows Disk Manager] cmnvc.exe O4 - HKLM\..\Run: [Windows Essensials] mvnesc.exe O4 - HKLM\..\Run: [Windows Zero Spooler] nmvcs.exe O23 - Service: Acronis Scheduler_Helper - Unknown owner - C:\WINDOWS\schedhlp.exe O23 - Service: Program Learning Management System (PLMS) - Unknown owner - C:\WINDOWS\system32\plms.exe v1.149 (28/02/08) O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Program Files\Helper\**********.dll O2 - BHO: SXG Advisor - {0F240256-9E39-4E57-AD5C-55700B7A2388} - C:\WINDOWS\dgtxrdfwrv.dll O2 - BHO: MS Video Control 1.0 - {38E0A84D-A691-406F-93B2-7DC709C2D0F9} - C:\WINDOWS\msvidc32.dll O2 - BHO: MS Video Control 1.0 - {708F8B95-4012-4A3A-9494-5EEE5F8CC89E} - C:\Windows\msvidc32.dll O2 - BHO: MS Video Control 1.0 - {AD50B648-6165-46EE-9FA9-81F73D8F84DA} - C:\WINDOWS\msvidc32.dll O2 - BHO: SXG Advisor - {D5A6B004-5BF1-4FAC-AE21-4DF4BA75FC1C} - C:\WINDOWS\dgtxrdflko.dll O3 - Toolbar: ekvgsnw - {474928DE-BC0F-4637-ADC1-C6DD2D1161D7} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {E3DCF32C-D76E-494F-92FF-3CF77E5D3A2A} - C:\WINDOWS\ekvgsnw.dll O4 - HKLM\..\Run: [cftmon] C:\Program Files\Common Files\System\sfcmonit.exe O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w F3 - REG:win.ini: run=C:\WINDOWS\mmall.exe O4 - HKLM\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe O4 - HKCU\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com O4 - HKCU\..\Run: [mssdbsrv] C:\WINDOWS\system32\msupdtck.exe O4 - HKCU\..\Run: [NoDNS] C:\Program Files\NoDNS\NoDNS.exe O4 - HKLM\..\Run: [Streams Drivers] %Temp%\winlogon.exe O4 - HKLM\..\Run: [System Updater Machine] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [System Updater Machine] (Random 6 Letter).exe O4 - HKCU\..\Run: [System Updater Machine] (Random 6 Letter).exe O4 - HKLM\..\Run: [ws2_64.exe] C:\WINDOWS\system32\ws2_64.exe v1.148 (27/02/08) O2 - BHO: SXG Advisor - {4C0C8119-1DF3-43EB-9551-B58AF1E04CA9} - C:\WINDOWS\dgtxrdfknf.dll O2 - BHO: SXG Advisor - {5C29455E-B755-4543-B8FF-D53CFF8E3E80} - C:\WINDOWS\dgtxrdfqvt.dll O2 - BHO: SXG Advisor - {606C68BF-D3B8-49DC-9CEE-135B19698E93} - C:\WINDOWS\dgtxrdfrmw.dll O2 - BHO: SXG Advisor - {7C75EBBF-94AC-4411-805D-03D9974B8561} - C:\WINDOWS\dgtxrdfxwk.dll O2 - BHO: MS Video Control 1.0 - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - C:\WINDOWS\msvidc32.dll O3 - Toolbar: ekvgsnw - {22174732-668F-494A-853B-4D10662DD7D8} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {9BE98113-1C1E-4259-8376-5F9B66B6BC0E} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {CBBF7BAC-D39B-4FC2-930E-8C2F6C73B45F} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {FDACA365-AC49-4205-ADB4-489C5A221D24} - C:\WINDOWS\ekvgsnw.dll O4 - HKLM\..\Run: [Generic Host Process for WinXP Services] mshelp.exe O4 - HKLM\..\RunServices: [Generic Host Process for WinXP Services] mshelp.exe O4 - HKLM\..\Run: [Windows Secure talal32 ] (Random 7 Letter).exe O4 - HKLM\..\RunServices: [Windows Secure talal32 ] (Random 7 Letter).exe O4 - HKCU\..\Run: [Windows Secure talal32 ] (Random 7 Letter).exe O20 - Winlogon Notify: MSWSC2 - C:\WINDOWS\SYSTEM32\auto???.dll O20 - Winlogon Notify: MSWSC2 - C:\WINDOWS\SYSTEM32\msxm???.dll O20 - Winlogon Notify: MSWSC2 - C:\WINDOWS\SYSTEM32\win32???.dll O21 - SSODL: WinApp - {C285CF22-115F-3252-41AC-F686D912C63D} - C:\WINDOWS\system32\clipuser32.dll v1.147 (25/02/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%Temp%\winlogon.exe O2 - BHO: SXG Advisor - {46DD1D4D-3DB0-4A9B-A989-AA6978C03E50} - C:\WINDOWS\dgtxrdfvwr.dll O2 - BHO: MS Video Control 1.0 - {54629298-47B2-4F79-BC62-7B3648D70020} - C:\WINDOWS\msvidc32.dll O2 - BHO: SXG Advisor - {858D0A33-C1E1-48BE-AF1D-7FC2088651FD} - C:\WINDOWS\dgtxrdfntw.dll O2 - BHO: SXG Advisor - {9C0CE02F-81A9-4F38-9BF9-986909DC8E98} - C:\WINDOWS\dgtxrdfqwl.dll O2 - BHO: MS Video Control 1.0 - {B8DE8F32-8900-4F89-BFD5-CB4D49FEBE47} - C:\Windows\msvidc32.dll O2 - BHO: Gamburg provider - {D8E11460-0D64-4a20-BED9-BA68BED58342} - wirpc.dll O2 - BHO: SXG Advisor - {E3FB9237-4475-437B-8C10-299097A8C0A8} - C:\WINDOWS\dgtxrdfxlw.dll O3 - Toolbar: ekvgsnw - {55E1C95D-92E4-449B-A302-E4BF4F891256} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {602D6156-C5E2-40D6-B1A2-9EE432DF156A} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {60570909-486A-4609-B7AE-CBCAA3831168} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {BA3FAEA0-987D-4921-BD8D-847EBAE453D0} - C:\WINDOWS\ekvgsnw.dll O4 - HKLM\..\Run: [Flash Driver] %Temp%\winlogon.exe O4 - HKLM\..\Run: [iesetupi.exe] iesetupi.exe O4 - HKLM\..\RunServices: [iesetupi.exe] iesetupi.exe O4 - HKLM\..\Run: [Microsoft Internet Explorer Manager] ie.exe O4 - HKLM\..\Run: [Microsoft CP Web Manager] webcp.exe O4 - HKLM\..\Run: [Microsoft CRT Monitor Manager] crtmon.exe O4 - HKLM\..\Run: [Microsoft Lsass Manager] lsass.exe O4 - HKLM\..\Run: [Microsoft Safe Mode Manager] safemode.exe O4 - HKLM\..\Run: [Microsoft Update Machine] winmgr.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] winmgr.exe O4 - HKCU\..\Run: [Microsoft Update Machine] winmgr.exe O4 - HKLM\..\Run: [Microsoft Web CP Manager] webcp32.exe O4 - HKLM\..\Run: [WinDLL (dlfksdld.exe)] rundll32.exe C:\WINDOWS\System32\dlfksdld.exe,start O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe v1.146 (24/02/08) O2 - BHO: Gamburg provider - {59D94AAD-0A67-417e-969B-8311296E8364} - condw32.dll O2 - BHO: SXG Advisor - {7C3BA9FF-4736-4131-A827-8020825E5070} - C:\WINDOWS\dgtxrdfrmw.dll O2 - BHO: SXG Advisor - {878CA87E-BD03-4991-A1A8-A1EBEB50578F} - C:\WINDOWS\dgtxrdfsnw.dll O2 - BHO: MS Video Control 1.0 - {96074552-3830-40E3-8274-FB9E092F04EC} - C:\Windows\msvidc32.dll O2 - BHO: SXG Advisor - {9E40777E-C901-4623-88FA-7D0DF61B0E0F} - C:\WINDOWS\dmdvpnwrf.dll O2 - BHO: e404 helper - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - C:\Program Files\Helper\*.dll O2 - BHO: MS Video Control 1.0 - {CAD36397-AF2B-4F5D-9172-1D3874222A23} - C:\Windows\msvidc32.dll O2 - BHO: MS Video Control 1.0 - {CBC3486E-92D1-419D-BEBF-D3D972B87902} - C:\Windows\msvidc32.dll O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\System32\cygwn32.dll O3 - Toolbar: ekvgsnw - {13671A38-6AA3-49A1-BDBA-D6FD939FB331} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {292547EC-9C38-4398-B336-6219B91A1634} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: emotigt - {80162732-ED0F-4C86-9C4D-3B46986E81E3} - C:\WINDOWS\emotigt.dll O3 - Toolbar: emotigt - {CF66F9AB-DC55-4AB6-A73A-985BC0F7CCFB} - C:\WINDOWS\emotigt.dll O4 - HKLM\..\Run: [syswin.txt] (Random 3 Letter).exe O4 - HKLM\..\RunServices: [syswin.txt] (Random 3 Letter).exe O4 - HKCU\..\Run: [syswin.txt] (Random 3 Letter).exe v1.145 (23/02/08) O2 - BHO: SXG Advisor - {15D27C28-1731-48F5-8A45-D027D9DF05CA} - C:\WINDOWS\dgtxrdfrqm.dll O2 - BHO: MS Video Control 1.0 - {4E21495F-0004-4614-9DC9-6B8F7E5024F5} - C:\Windows\msvidc32.dll O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\TrustedAntivirus\Tools\pg.dll O2 - BHO: SXG Advisor - {81F4697D-617D-40B4-85BA-C7684D9BC543} - C:\WINDOWS\dmdvpnvmq.dll O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\TrustedAntivirus\Tools\IEFWBHO.dll O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll O3 - Toolbar: emotigt - {B2F479AD-17DE-4F73-B844-7CF69003B916} - C:\WINDOWS\emotigt.dll O3 - Toolbar: ekvgsnw - {BBE2B433-33B2-4953-BC77-0669D2E9B748} - C:\WINDOWS\ekvgsnw.dll O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe O4 - HKLM\..\RunOnce: [freinst] "C:\Program Files\TrustedAntivirus\pgs.exe" /empty O4 - HKLM\..\Run: [Microsoft Notepad Manager] notepad.exe O4 - HKLM\..\Run: [Microsoft Regestry Manager] registry32.exe O4 - HKLM\..\Run: [Microsoft Virtual Service Manager] vservice32.exe O4 - HKLM\..\Run: [SBI] %Temporary Internet Files%\install_sbd_en[1].exe O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe O4 - HKLM\..\Run: [TrustedAntivirus] C:\Program Files\TrustedAntivirus\pgs.exe O4 - HKLM\..\Run: [UADC_*] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\TRUSTE~1\ugcw.exe" -start O21 - SSODL: alofkmn - {********-****-****-****-************} - C:\WINDOWS\alofkmn.dll O21 - SSODL: bxlrvps - {********-****-****-****-************} - C:\WINDOWS\bxlrvps.dll v1.144 (21/02/08) O2 - BHO: SXG Advisor - {0F4A1F53-7A29-4D90-A9CD-8BDACB87CFCA} - C:\WINDOWS\dmdvpnnds.dll O2 - BHO: MS Video Control 1.0 - {2A4601BC-8376-422D-A2FC-DDF0A40570BD} - msvidc32.dll O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\*.dll O2 - BHO: SXG Advisor - {451692E8-E49F-471E-B230-D36C4A3C7374} - C:\WINDOWS\dmdvpngsd.dll O2 - BHO: Adobe PDF Reader Link Helper - {463F66BC-3B6F-4FDE-969C-94F594FECE07} - C:\WINDOWS\AcroIEHelper.dll O2 - BHO: Gamburg provider - {59D94AAD-0A67-417e-969B-8311296E8364} - contrld.dll O2 - BHO: SXG Advisor - {5A5817AC-C117-4FF6-A3DA-13142F6F6C5C} - C:\WINDOWS\dmdvpnqfv.dll O2 - BHO: SXG Advisor - {6FFDE480-14C1-43FC-BEC1-CA97A2541FFD} - C:\WINDOWS\dmdvpnslp.dll O2 - BHO: MS Video Control 1.0 - {853D915E-40FF-4125-996E-89DD934B2060} - C:\Windows\msvidc32.dll O2 - BHO: SXG Advisor - {A2F12137-1918-4F31-B179-94C21A1E2BC2} - C:\WINDOWS\dmdvpnvnp.dll O2 - BHO: MS Video Control 1.0 - {C3253D15-672D-46D5-8FE1-3FAB8E291E4F} - C:\WINDOWS\msvidc32.dll O2 - BHO: MS Video Control 1.0 - {E76AA4DA-7388-4D1E-B7E4-CC809F4E8F1B} - C:\WINDOWS\msvidc32.dll O2 - BHO: SXG Advisor - {D7C622D9-8999-4FDF-81EB-E6B0A547FA61} - C:\WINDOWS\dmdvpnwgp.dll O2 - BHO: MS Video Control 1.0 - {EEBA7DF1-A821-469A-BD31-206AD73CFA9B} - C:\Windows\msvidc32.dll O2 - BHO: MS Video Control 1.0 - {F7B62E04-C4AF-4814-88EE-D5EBDBAD6387} - C:\Windows\msvidc32.dll O3 - Toolbar: emotigt - {2E758911-64CB-45F8-A661-E70B8D19DE93} - C:\WINDOWS\emotigt.dll O3 - Toolbar: emotigt - {54BECB1C-D4EA-47B2-9B56-C6768144FDD5} - C:\WINDOWS\emotigt.dll O3 - Toolbar: emotigt - {5D8B2464-E896-4C7A-970F-1C44BF30B3E9} - C:\WINDOWS\emotigt.dll O3 - Toolbar: emotigt - {72B445FA-2456-4718-8580-3D963E4CCB5A} - C:\WINDOWS\emotigt.dll O3 - Toolbar: emotigt - {AA8B47FF-72C3-45C3-A7F1-8E86D1C65E67} - C:\WINDOWS\emotigt.dll O3 - Toolbar: emotigt - {EA0C36E2-104C-454E-8736-DA47E4FA0956} - C:\WINDOWS\emotigt.dll O4 - HKCU\..\Run: [(Random Name)] %Temp%\csrssc.exe O4 - HKCU\..\Run: [(Random Name)] C:\WINDOWS\Temp\csrssc.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drv???.dll,startup O4 - HKLM\..\Run: [Memory Allocation Services] cisrv.exe O4 - HKLM\..\Run: [Microsoft Regestry Edit Manager] regedit.exe O4 - HKLM\..\Run: [Microsoft Service Manager] service32.exe O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drv???.dll,startup O4 - HKCU\..\Run: [msiconf.exe] msiconf.exe O4 - HKLM\..\Run: [MSN] wdlrss.exe O4 - HKLM\..\Run: [User Hosting Service] usnhost.exe O4 - HKLM\..\Run: [Windows Messenger Fileshare] wivsvc.exe O4 - HKLM\..\Run: [Windows Network Logon] npesvc.exe O4 - HKLM\..\Run: [Windows Pool Manager] poolsc.exe O4 - HKLM\..\Run: [Windows Pool Setup] poolmc.exe O4 - HKLM\..\Run: [Windows Terminal Manager] rmbsvc.exe O23 - Service: Security Windows services (WinSecurServ05) - Unknown owner - C:\WINDOWS\system32\Microsoft\svchost.exe O23 - Service: Security Service (????) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe O23 - Service: Windows Update Manager Security Service (wumss) - Unknown owner - C:\WINDOWS\system32\wumss.exe v1.143 (16/02/08) F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - C:\WINDOWS\AcroIEHelper.dll O2 - BHO: SXG Advisor - {4BF7B3BF-B8B5-439D-A9EB-9272CB92186F} - C:\WINDOWS\dmdvpnsop.dll O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll O2 - BHO: Adobe PDF Reader Link Helper - {6FA2DDCA-DD68-4E58-9CF6-005B10D60F31} - C:\WINDOWS\AcroIEHelper.dll O2 - BHO: SXG Advisor - {82A8A280-F026-413E-88EA-BD2A951E6FD5} - C:\WINDOWS\dmdvpndto.dll O2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\*.dll O2 - BHO: Adobe PDF Reader Link Helper - {8CF21D67-EDE6-4BBC-A009-D2CF3AAA0AE2} - C:\WINDOWS\AcroIEHelper.dll O2 - BHO: SXG Advisor - {A07DAFB6-2697-4528-A41B-6D77C1D63396} - C:WINDOWS\dmdqdrxltr.dll O2 - BHO: SXG Advisor - {AE829A0E-DEC8-4146-9959-C054CBD4ECE6} - C:\WINDOWS\dmdqdrxlgf.dll O2 - BHO: Adobe PDF Reader Link Helper - {D79145D5-535E-4B27-BCD3-9AFBB326829C} - C:\WINDOWS\AcroIEHelper.dll O2 - BHO: SXG Advisor - {D79A1DFF-DF93-4AE0-851C-A1F8CA9C78F5} - C:\WINDOWS\dmdvpnkgn.dll O2 - BHO: Adobe PDF Reader Link Helper - {DA67288F-069B-449D-BA4C-0CE0C3C42265} - C:\WINDOWS\AcroIEHelper.dll O2 - BHO: SXG Advisor - {F4DE1459-9941-48DB-AEFF-88A903379276} - C:\WINDOWS\dmdqdrxqdv.dll O2 - BHO: SXG Advisor - {FDC5F6BF-F822-47EE-A03D-8158DF526AC9} - C:\WINDOWS\dmdqdrxnrp.dll O3 - Toolbar: emotrlq - {380F14D3-BD6F-4F5A-984A-70CC23EEA61D} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotigt - {5AE4E53D-BAF7-4049-89E6-1AB2BBC659CA} - C:\WINDOWS\emotigt.dll O3 - Toolbar: emotrlq - {741023D3-8067-4EBD-9D57-AD8C659DEBD5} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {7D304AC3-18E9-4836-A2AC-4D4F06D035E7} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {8D3E6E15-CA58-4534-B681-6962B23CD4B3} - C:WINDOWS\emotrlq.dll O3 - Toolbar: emotigt - {ACCD25A4-DF3F-47EC-9630-EB3A3142EEDD} - C:\WINDOWS\emotigt.dll O3 - Toolbar: emotigt - {F049A30C-9014-4F4D-B022-A666D8B4B3BB} - C:\WINDOWS\emotigt.dll O4 - HKLM\..\Run: [Audio Device Manager] WinNT.exe O4 - HKLM\..\Run: [drmsrv32] %Temp%\stmhosts.exe O4 - HKLM\..\Run: [Graphic Update] C:\WINDOWS\system32\openglx.exe O4 - HKLM\..\Run: [Internet Security Service] ssyst3m32.exe O4 - HKLM\..\RunServices: [Internet Security Service] ssyst3m32.exe O4 - HKCU\..\Run: [Internet Security Service] ssyst3m32.exe O4 - HKLM\..\Run: [Microsoft CPU Over Heat Manager] CPU.exe O4 - HKLM\..\Run: [Microsoft Dll Manager] microsoft32dll.exe O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe O4 - HKLM\..\Run: [Microsoft Process Manager] process32.exe O4 - HKLM\..\Run: [Microsoft Profile Manager] profile.exe O4 - HKLM\..\Run: [Microsoft Regestry Manager] regedit32.exe O4 - HKLM\..\Run: [Microsoft Router Manager] linksys.exe O4 - HKLM\..\Run: [Microsoft Router Manager] router.exe O4 - HKLM\..\Run: [Microsoft Service Access Manager] Access.exe O4 - HKLM\..\Run: [Microsoft Service Disk Cycle] disksave.exe O4 - HKLM\..\Run: [Microsoft Service Execution Manager] execute.exe O4 - HKLM\..\Run: [Microsoft Service firewall Manager] firewall.exe O4 - HKLM\..\Run: [Microsoft Service Host Manager] 32svchost.exe O4 - HKLM\..\Run: [Microsoft Service Login Manager] winlogin.exe O4 - HKLM\..\Run: [MSN Manager] usnmsn.exe O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe O4 - HKLM\..\Run: [sysrestore32.exe] C:\WINDOWS\system32\sysrestore32.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe O4 - HKLM\..\Run: [Windows FileSharing Service] mcwsvc.exe O4 - HKLM\..\Run: [Windows haz Layer] (Random 5 Letter).exe O4 - HKLM\..\RunServices: [Windows haz Layer] (Random 5 Letter).exe O4 - HKLM\..\Run: [Windows Live] msgnms.exe O4 - HKLM\..\Run: [Windows Messenger Panel] wbcsvc.exe O4 - HKLM\..\Run: [Windows Messenger Starter] wmvsvc.exe O4 - HKLM\..\Run: [Windows Storm-Memory Drivers] memorystorm.exe O4 - HKLM\..\Run: [Windows System Drivers] sysretain.exe O4 - HKLM\..\Run: [Windows Update] Windows Update.exe O4 - HKLM\..\RunServices: [Windows Update] Windows Update.exe O4 - HKLM\..\Run: [Windows Virtual Services] winvirtual32.exe O4 - HKCU\..\Run: [WintelUpdate] C:\exujd.exe O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll O21 - SSODL: admgcx - {********-****-****-****-************} - C:\WINDOWS\admgcx.dll O21 - SSODL: bdmanager - {********-****-****-****-************} - C:\WINDOWS\bdmanager.dll O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlagons.exe v1.142 (13/02/08) O2 - BHO: mscorews - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - C:\WINDOWS\system32\mscorews.dll O2 - BHO: SXG Advisor - {10243A31-4B07-4FB5-B37B-E6E59DC525E9} - C:\WINDOWS\dmdqdrxgrf.dll O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\*.dll O2 - BHO: Adobe PDF Reader Link Helper - {427DA36C-DC88-48D4-B090-1FD304BECAB2} - C:\Windows\AcroIEHelper.dll O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll O2 - BHO: CInternetExplorerAssistant - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - C:\PROGRA~1\INTERN~2\INTERN~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {5CF87193-FD1E-4400-863D-FD9AFC5F402F} - C:\Windows\AcroIEHelper.dll O2 - BHO: SXG Advisor - {A552CC0F-C77D-474C-BEEF-B2FF8F7C7979} - C:\WINDOWS\dmdqdrxdvm.dll O2 - BHO: Adobe PDF Reader Link Helper - {A8607BAF-0EB3-473C-84C9-F3A5B901A796} - C:\WINDOWS\AcroIEHelper.dll O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\*.dll O2 - BHO: SXG Advisor - {EE41D647-DB01-479C-82F7-0F36F6C184ED} - C:\WINDOWS\dmdqdrxvnr.dll O2 - BHO: SXG Advisor - {FC516858-0D83-408E-9A76-B16DD182ADAA} - C:\WINDOWS\dmdqdrxpsr.dll O3 - Toolbar: emotrlq - {49ACE7E9-3FAF-4085-947D-BFACABF9A109} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {6748B70C-6D33-4D5A-870F-4D43B0EFDE48} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {7C54D75A-5D72-48B0-BE95-50350CD87A38} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {AF3E8912-FEC2-48BE-BB02-0A450F9D06B5} - C:\WINDOWS\emotrlq.dll O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe O4 - HKLM\..\Run: [gdcw] C:\Program Files\SecurePCCleaner\data\GDCW.exe O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\(Random Name).exe O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\(Random Name).exe O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\Run: [Microsoft Update Machine] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] (Random 6 Letter).exe O4 - HKCU\..\Run: [Microsoft Update Machine] (Random 6 Letter).exe O4 - HKLM\..\Run: [PK Guard] C:\WINDOWS\system32\pkguard32.exe O4 - HKLM\..\RunServices: [PK Guard] C:\WINDOWS\system32\pkguard32.exe O4 - HKCU\..\Run: [PK Guard] C:\WINDOWS\system32\pkguard32 .exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SecurePCCleaner\stm.exe" * O4 - HKLM\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\Run: [Windows MSN2 XP] C:\WINDOWS\system32\swchost.exe O4 - HKCU\..\Run: [Windows MSN2 XP] C:\WINDOWS\system32\swchost.exe O4 - HKLM\..\Run: [Windows Cleaner Service] winclean.exe O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\Msgrss.exe O4 - HKLM\..\Run: [Windows Version Service] sysvers.exe O4 - HKLM\..\Run: [Windows Virtual Services] winvirtual.exe O20 - Winlogon Notify: LogCrypt - C:\WINDOWS\SYSTEM32\LogCrypt.dll O23 - Service: MS NET Service - Unknown owner - C:\WINDOWS\wiadss.exe v1.141 (11/02/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe, O2 - BHO: Adobe PDF Reader Link Helper - {445A3D12-EBA3-4054-AB54-587BF3FF40EA} - C:\Windows\AcroIEHelper.dll O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll O2 - BHO: SXG Advisor - {C609C2AA-1768-44CE-A272-C24780933E15} - C:\Windows\dmdqdrxnxt.dll O3 - Toolbar: emotrlq - {DEB69875-072C-4EEE-8585-1B6AA76F3E4E} - C:\Windows\emotrlq.dll O4 - HKLM\..\Run: [Microsoft Security Monitor Process] ofice.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] ofice.exe O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe" O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe" O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe" O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe" O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe O4 - HKLM\..\Run: [Windows Running DLL Service] rundll64.exe O4 - HKLM\..\Run: [Windows Running DLL Service] rundll128.exe v1.140 (10/02/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\clmcs.exe O2 - BHO: SXG Advisor - {18DC3D52-5000-45BE-A4B8-BB9910758EE9} - C:\WINDOWS\dmdqdrxfdr.dll O2 - BHO: SXG Advisor - {1A9F4365-E01D-4398-988C-B01F6E936B92} - C:\WINDOWS\dmdqdrxtmk.dll O2 - BHO: FLV Media - {2542358C-6758-89BC-0AB9-BAECDC14F78E} - C:\Windows\system\wkcstd32.dll O2 - BHO: SXG Advisor - {C609C2AA-1768-44CE-A272-C24780933E15} - C:\Windows\dmdqdrxnxt.dll O2 - BHO: Sysem Player - {D70E28A7-AA79-4D62-A59F-87024840BB62} - C:\WINDOWS\sysvol32.dll O2 - BHO: SXG Advisor - {E48B3E0C-2D23-4249-BE65-23A8719284E3} - C:\WINDOWS\dmdqdrxgxq.dll O2 - BHO: SXG Advisor - {EBD20EDB-0AE3-46F9-8E72-10F7F8F3D966} - C:\WINDOWS\dmdqdrxrdf.dll O2 - BHO: Sysem Player - {EDB33932-35A4-4566-9FBC-5750DCAF8F89} - C:\WINDOWS\sysvol32.dll O2 - BHO: SXG Advisor - {FD66D953-73D5-4A4B-8D97-A3E505C24121} - C:\WINDOWS\dmdqdrxglr.dll O3 - Toolbar: emotrlq - {6805E89A-2BD3-44B7-8B13-3278155F5D5E} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {71043D18-3FC1-46BD-B1AF-2342E18DBAE3} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {7B1E78A2-2FC8-4947-A9D1-5177D10B38E6} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {9799B5CB-F589-4132-B84C-E825714D2D29} - C:\WINDOWS\emotrlq.dll O3 - Toolbar: emotrlq - {DEB69875-072C-4EEE-8585-1B6AA76F3E4E} - C:\Windows\emotrlq.dll O3 - Toolbar: emotrlq - {F211D633-D5E0-433E-BEC1-2C2CB00226C3} - C:\WINDOWS\emotrlq.dll O4 - Startup: .protected O4 - Global Startup: .protected O4 - HKLM\..\Run: [JavaScriptMsxrs] C:\WINDOWS\Msxrs.exe O4 - HKLM\..\Run: [MicroSoft Getway Dire] (Random 9 Letter).exe O4 - HKLM\..\RunServices: [MicroSoft Getway Dire] (Random 9 Letter).exe O4 - HKLM\..\Run: [Microsoft Internet Dumping Protocol] inetdump.exe O4 - HKLM\..\Run: [Microsoft Internet Syncing] inetsync.exe O4 - HKLM\..\Run: [Microsoft Memory Dumping Protocol] memdump.exe O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycle.exe O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycles.exe O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr32.exe O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr64.exe O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide O4 - HKLM\..\Run: [Windows Memory Sharing] memoryshr.exe O4 - HKLM\..\Run: [Windows Memory Sharing] memshr.exe O4 - HKLM\..\Run: [Windows Messenger Connect] wmdsvc.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe O4 - HKLM\..\Run: [Windows Service Ag3nt] (Random 4 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Ag3nt] (Random 4 Letter).exe O4 - HKCU\..\Run: [Windows Service Ag3nt] (Random 4 Letter).exe O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe O4 - HKLM\..\Run: [WMedia32] wmedia32.exe O23 - Service: Management Consultants (CLMCs) - Unknown owner - C:\WINDOWS\clmcs.exe O23 - Service: svchost - Unknown owner - C:\WINDOWS\config\install\services.exe O23 - Service: Track Learning Management System (TTLMS) - Unknown owner - C:\WINDOWS\system32\ttlms.exe v1.139 (09/02/08) O2 - BHO: Sysem Player - {2AE4C401-AAC4-4F41-9665-1EC88C3BDD7D} - C:\WINDOWS\sysvol32.dll O2 - BHO: SXG Advisor - {84E7DD1B-A9B7-4495-85D6-A1C46159C3E9} - C:\WINDOWS\dmdqdrxgxf.dll O2 - BHO: Sysem Player - {861EA552-6309-490A-AC97-1F574E730CF1} - C:\WINDOWS\sysvol32.dll O3 - Toolbar: emotrlq - {7524DC01-729E-474B-B92C-B226B495403F} - C:\WINDOWS\emotrlq.dll O4 - Startup: .lnk = C:\WINDOWS\system32\msmapiax32.exe O4 - Startup: .lnk = C:\WINDOWS\system32\msmapibx32.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\sooo2.exe O4 - HKLM\..\Run: [Application Manager] acnsvc.exe O4 - HKLM\..\Run: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe O4 - HKLM\..\RunServices: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe O4 - HKCU\..\Run: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe O4 - HKLM\..\Run: [braviax] braviax.exe O4 - HKCU\..\Run: [braviax] braviax.exe O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe O4 - HKLM\..\Run: [Ethernet Linking] ethernet.exe O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr128.exe O4 - HKLM\..\Run: [MicrosoftROMDriverService] cdrss.exe O4 - HKLM\..\Run: [SystemDefender] "C:\Program Files\SystemDefender\SystemDefender.exe" hide O4 - HKLM\..\Run: [Windows Keyboard Services] winkeybrd32.exe O4 - HKLM\..\Run: [Windows Memory Sharing] memshare.exe O4 - HKLM\..\Run: [Windows Messenger Share] wmssvc.exe O4 - HKCU\..\Run: [Windows Recavery Adware] %Temp%\lsass.exe O4 - HKCU\..\Run: [Windows Recavery Adware] C:\WINDOWS\TEMP\lsass.exe O20 - AppInit_DLLs: cru629.dat O21 - SSODL: admggxp - {********-****-****-****-************} - C:\WINDOWS\admggxp.dll O21 - SSODL: bdmnopx - {********-****-****-****-************} - C:\WINDOWS\bdmnopx.dll O23 - Service: Microsoft Loading Service - Unknown owner - C:\WINDOWS\files.exe O23 - Service: Microsoft Loading Service - Unknown owner - C:\WINDOWS\loader.exe O23 - Service: Microsoft Loading Service - Unknown owner - C:\WINDOWS\msdates.exe O23 - Service: Microsoft PS Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe v1.138 (07/02/08) O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - wsots32.dll O2 - BHO: SXG Advisor - {1C28A9A9-8704-4F4A-93B9-7983115F6E10} - C:\WINDOWS\dwrmntslwx.dll O2 - BHO: Player - {22347AEE-A37A-45D3-8804-FDC7F9289CE1} - C:\WINDOWS\orgnavi.