SDFix v1.201
Updated 4th July 8am
SDFix will only run on Windows 2000 and Windows XP in Safe Mode !
( Requires Administrator Account Privileges )
Press Enter or CTRL & F to Search with Firefox
View SDFix Instructions at BleepingComputer.com
View Changelog
Catchme W2K/XP/Vista - Rootkit/Stealth Malware Detector by Gmer - www.gmer.net
SDFix uses files by the following developers:
Thankyou to them. everyone at SpywareInfo and the MR team
Notes:
If this error message is displayed when running SDFix:
The command prompt has been disabled by your administrator.
Press any key to continue . . .
Please goto Start Menu > Run > then copy and paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press OK then run SDFix again
If the Command Prompt window flashes on then off again on XP or Windows2000
Goto Start Menu > Run > then copy and paste the following line:
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Click OK, then type Y and press Enter when prompted, Reboot and start SDFix again
If SDFix still doesnt run check the %comspec% variable
Goto Start Menu > Right click My Computer > click properties > click Advanced
Click Environment Variables and check that the ComSpec variable points to cmd.exe
%SystemRoot%\system32\cmd.exe
SDFix uses ERUNT to create a registry backup which can be restored using Start > Run:
%SystemRoot%\ERUNT\SDFix\ERDNT.EXE
The fixtool removes these Trojan Variants (Listed using Trend Micro's - HijackThis)
Backdoor (IRCBot) Trojans:
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\accwiz.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\astra32.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Avsynmgr.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\BTStack.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\BTTray.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\btwdin.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\clmcs.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ctfmon.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\cygwin.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\czsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\DivXsm.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\dsserv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\hkcmd.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ImgBurn.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\kasvc.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\lanbg.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\LBTSERV.EXE
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Manager.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Mctray.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Mrshield.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\MSASCu.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\mssq.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\MSTask.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\naPrdMgr.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\navapsvc.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\nbsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\netserv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ntlsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ntvdm.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\nzbd.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\pcsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\pdf.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Qtime.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\QuickTime.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\rstrui.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\rtvscan.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\schedhlp.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\slysom.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\srvrmgr.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\stisvc.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\MSVCRT.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\Spool.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\svchost.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\tcpip.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\tremapi.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\VTTray.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\VTTrayp.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\winlogon.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinMgmt.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\winsrv.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\wspl.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\wuauclt.exe
F2 - REG:system.ini: Shell=Explorer.exe asus.exe
F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\CRSVS.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\svcmgr32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\winlogon.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\WinConfSrv.exe
F2 - REG:system.ini: Shell=Explorer.exe chh.exe
F2 - REG:system.ini: Shell=Explorer.exe creative.exe
F2 - REG:system.ini: Shell=Explorer.exe esijavaupdt32.exe
F2 - REG:system.ini: Shell=Explorer.exe glossary.exe
F2 - REG:system.ini: Shell=Explorer.exe javaapplet.exe
F2 - REG:system.ini: Shell=Explorer.exe javaapplets.exe
F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: Shell=Explorer.exe jconsole.exe
F2 - REG:system.ini: Shell=Explorer.exe msclt.exe
F2 - REG:system.ini: Shell=Explorer.exe msdhcp.exe
F2 - REG:system.ini: Shell=Explorer.exe msdhcprs.exe
F2 - REG:system.ini: Shell=Explorer.exe msdn-nt.exe
F2 - REG:system.ini: Shell=Explorer.exe msdnxp.exe
F2 - REG:system.ini: Shell=Explorer.exe msguard.exe
F2 - REG:system.ini: Shell=Explorer.exe msi32info.exe
F2 - REG:system.ini: Shell=Explorer.exe msident.exe
F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
F2 - REG:system.ini: Shell=Explorer.exe msjava.exe
F2 - REG:system.ini: Shell=Explorer.exe msjavames.exe
F2 - REG:system.ini: Shell=Explorer.exe msjavaxps.exe
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
F2 - REG:system.ini: Shell=Explorer.exe mssqlsnt.exe
F2 - REG:system.ini: Shell=Explorer.exe osndyrn.exe
F2 - REG:system.ini: Shell=Explorer.exe SndMAX.exe
F2 - REG:system.ini: Shell=explorer.exe SNDVOLTASK.EXE
F2 - REG:system.ini: Shell=Explorer.exe update.exe
F2 - REG:system.ini: Shell=Explorer.exe wincomm.exe
F2 - REG:system.ini: Shell=Explorer.exe windfe.exe
F2 - REG:system.ini: Shell=Explorer.exe winser.exe
F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: Shell=Explorer.exe winskd.exe
F2 - REG:system.ini: Shell=Explorer.exe winsys.exe
F2 - REG:system.ini: Shell=Explorer.exe wintask32.exe
F2 - REG:system.ini: Shell=Explorer.exe wkssvr.exe
F2 - REG:system.ini: Shell=Explorer.exe wrapper.exe
F2 - REG:system.ini: Shell=Explorer.exe xpjavams.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%Temp%\winlogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,asus.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^^.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%%%.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\W,),),W,*.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\cftmon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,chh.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,creative.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,glossary.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplets.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jconsole.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdn-nt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdnxp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msguard.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msi32info.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msident.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjava.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavames.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavaxps.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mssqlsnt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,osndyrn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,update.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wincomm.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,windfe.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winser.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winskd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winsys.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wintask32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,wkssvr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,wrapper.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjavams.exe
F3 - REG:win.ini: run=c:\windows\system\programas\svchost.exe
F3 - REG:win.ini: run=c:\windows\system32\shellext\czvhost.exe
F3 - REG:win.ini: load=C:\DaNeT\RVHOST.exe
F3 - REG:win.ini: load=C:\Jaws\RVHOST.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\zura\RVHOST.exe
O4 - Startup: MY_C4D.jpg
O4 - Startup: rBot.exe
O4 - Startup: svchost.exe
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: msconfig.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: Wincbr.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: wupdmgr.exe
O4 - HKLM\..\Run: [] ajsha5.exe
O4 - HKLM\..\RunServices: [] ajsha5.exe
O4 - HKCU\..\Run: [] ajsha5.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] fada.exe
O4 - HKLM\..\RunServices: [] fada.exe
O4 - HKCU\..\Run: [] fada.exe
O4 - HKLM\..\Run: [] iexplorer.exe
O4 - HKLM\..\RunServices: [] iexplorer.exe
O4 - HKLM\..\Run: [] ifconfig.exe
O4 - HKLM\..\RunServices: [] ifconfig.exe
O4 - HKCU\..\Run: [] ifconfig.exe
O4 - HKLM\..\Run: [] lsvhostwinlk.exe
O4 - HKLM\..\RunServices: [] lsvhostwinlk.exe
O4 - HKLM\..\Run: [] ne.exe
O4 - HKLM\..\RunServices: [] ne.exe
O4 - HKCU\..\Run: [] ne.exe
O4 - HKLM\..\Run: [] win32sys.exe
O4 - HKLM\..\RunServices: [] win32sys.exe
O4 - HKLM\..\Run: [] winxp.exe
O4 - HKLM\..\RunServices: [] winxp.exe
O4 - HKCU\..\Run: [] winxp.exe
O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [:] C:\WINDOWS\rbot.exe
O4 - HKLM\..\Run: [1] system32.exe
O4 - HKLM\..\RunServices: [1] system32.exe
O4 - HKLM\..\Run: [388529725448] AutomaticUpdates.exe
O4 - HKLM\..\RunServices: [388529725448] AutomaticUpdates.exe
O4 - HKCU\..\Run: [388529725448] AutomaticUpdates.exe
O4 - HKLM\..\Run: [4684735485910] netdll32.exe
O4 - HKLM\..\RunServices: [4684735485910] netdll32.exe
O4 - HKCU\..\Run: [4684735485910] netdll32.exe
O4 - HKLM\..\Run: [6435748] winupdates.exe
O4 - HKLM\..\RunServices: [6435748] winupdates.exe
O4 - HKCU\..\Run: [6435748] winupdates.exe
O4 - HKLM\..\Run: [64823457] taskdll32.exe
O4 - HKLM\..\RunServices: [64823457] taskdll32.exe
O4 - HKCU\..\Run: [64823457] taskdll32.exe
O4 - HKLM\..\Run: [.nvsvc] %Appdata%\smss.exe /w
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [.nvsvcb] C:\WINDOWS\System32\smssb.exe
O4 - HKLM\..\Run: [*windows update] wscxt.exe
O4 - HKLM\..\RunServices: [*windows update] wscxt.exe
O4 - HKCU\..\Run: [*windows update] wscxt.exe
O4 - HKLM\..\Run: [aa bbcc dde effgghh jj] update.exe
O4 - HKCU\..\Run: [aa bbcc dde effgghh jj] update.exe
O4 - HKLM\..\Run: [AAMSFree702] C:\windows\system32\sys.exe
O4 - HKLM\..\Run: [Acess2007a] access2007a.exe
O4 - HKLM\..\RunServices: [Acess2007a] access2007a.exe
O4 - HKLM\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKCU\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKLM\..\Run: [Acronis.exe] C:\WINDOWS\Acronis.exe
O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKLM\..\Run: [ActiveScript32] C:\WINDOWS\System32\nod.exe
O4 - HKLM\..\RunServices: [ActiveScript32] C:\WINDOWS\System32\nod.exe
O4 - HKLM\..\Run: [ActiveSync] C:\WINDOWS\System32\wcescom32.exe
O4 - HKCU\..\Run: [ActiveSync] C:\WINDOWS\System32\wcescom32.exe
O4 - HKLM\..\Run: [ADDITIONAL Services] pkgadd.exe
O4 - HKLM\..\RunServices: [ADDITIONAL Services] pkgadd.exe
O4 - HKCU\..\Run: [ADDITIONAL Services] pkgadd.exe
O4 - HKCU\..\RunServices: [ADDITIONAL Services] pkgadd.exe
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnserve.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnserve.exe
O4 - HKLM\..\Run: [AdobeReaderPro] subset.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] subset.exe
O4 - HKLM\..\Run: [AdobeReaderPro] updt.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] updt.exe
O4 - HKLM\..\Run: [AdobeReaderPro] winini.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winini.exe
O4 - HKLM\..\Run: [AdobeReaderPro] winslog.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winslog.exe
O4 - HKCU\..\Run: [AdobeReaderPro] winslog.exe
O4 - HKLM\..\Run: [AdobeReaderProfessional] msx64.exe
O4 - HKLM\..\RunServices: [AdobeReaderProfessional] msx64.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [ADSL Rundll32.exe] C:\WINDOWS\system32\helpw86.exe
O4 - HKLM\..\RunServices: [ADSL Rundll32.exe] C:\WINDOWS\system32\helpw86.exe
O4 - HKLM\..\Run: [Ag3nt Servers Nt] ag3nt.exe
O4 - HKLM\..\RunServices: [Ag3nt Servers Nt] ag3nt.exe
O4 - HKLM\..\Run: [America Online 8.0] taskrg.exe
O4 - HKCU\..\RunOnce: [America Online 8.0] taskrg.exe
O4 - HKLM\..\Run: [AntiVirus Process] C:\WINDOWS\system32\Com\virprot.exe
O4 - HKLM\..\RunServices: [AntiVirus Process] C:\WINDOWS\system32\Com\virprot.exe
O4 - HKCU\..\Run: [AntiVirus Process] C:\WINDOWS\system32\Com\virprot.exe
O4 - HKLM\..\Run: [Antivirus Startup] C:\WINDOWS\system32\inetsrv\antivir.exe
O4 - HKLM\..\RunServices: [Antivirus Startup] C:\WINDOWS\system32\inetsrv\antivir.exe
O4 - HKCU\..\Run: [Antivirus Startup] C:\WINDOWS\system32\inetsrv\antivir.exe
O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe
O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe
O4 - HKLM\..\Run: [aolupdater.exe] aolupdater.exe
O4 - HKLM\..\RunServices: [aolupdater.exe] aolupdater.exe
O4 - HKLM\..\Run: [Append] C:\WINDOWS\system32\apend.exe
O4 - HKLM\..\Run: [AppletINIT] INITIATE.EXE
O4 - HKCU\..\RunOnce: [AppletINIT] INITIATE.EXE
O4 - HKLM\..\Run: [Application Adapter] abvsvc.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] aIg.exe
O4 - HKLM\..\RunServices: [Application Layer Gateway Service] aIg.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe
O4 - HKLM\..\Run: [Application Layer Scheduler] agtsvc.exe
O4 - HKLM\..\Run: [Application Layer Services] avrsvc.exe
O4 - HKLM\..\Run: [Application Manager] acnsvc.exe
O4 - HKLM\..\Run: [ApplicationProtocolRun] smsbvl32.exe
O4 - HKCU\..\Run: [ApplicationProtocolRun] smsbvl32.exe
O4 - HKLM\..\Run: [Application Task Service] lssys.exe
O4 - HKLM\..\RunServices: [Application Task Service] lssys.exe
O4 - HKLM\..\Run: [asedwes] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKCU\..\Run: [asedwes] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [asnconsole] msasn.exe
O4 - HKLM\..\RunServices: [asnconsole] msasn.exe
O4 - HKLM\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKLM\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - HKLM\..\Run: [ATI] msnmsur.exe
O4 - HKLM\..\Run: [Ati2evxx] C:\WINDOWS\system32\Ati2evxx.com
O4 - HKLM\..\Run: [ATI Active Graphics Card Monitor] C:\WINDOWS\System32\atievx.exe
O4 - HKLM\..\Run: [ATI AS Filter] msnse.exe
O4 - HKLM\..\RunServices: [ATI AS Filter] msnse.exe
O4 - HKCU\..\Run: [ATI AS Filter] msnse.exe
O4 - HKCU\..\RunServices: [ATI AS Filter] msnse.exe
O4 - HKLM\..\Run: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe
O4 - HKLM\..\RunServices: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe
O4 - HKLM\..\Run: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe
O4 - HKLM\..\RunServices: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe
O4 - HKLM\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] atigfx.exe
O4 - HKLM\..\Run: [ATI Video Driver Control] blah.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] blah.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] blah.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] blah.exe
O4 - HKLM..Run: [ATI Video Driver Control] btorrent.exe
O4 - HKLM..RunServices: [ATI Video Driver Control] btorrent.exe
O4 - HKCU..Run: [ATI Video Driver Control] btorrent.exe
O4 - HKCU..RunServices: [ATI Video Driver Control] btorrent.exe
O4 - HKLM\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] pixman.exe
O4 - HKLM\..\Run: [Audio Device Manager] sfhgj.exe
O4 - HKLM\..\Run: [Audio Device Manager] windrivers.exe
O4 - HKLM\..\Run: [Audio Device Manager] winfp.exe
O4 - HKLM\..\Run: [Audio Device Manager] WinNT.exe
O4 - HKLM\..\Run: [Audio Device Manager] WNDXP.exe
O4 - HKLM\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKLM\..\Run: [Automatic Updates] algs.exe
O4 - HKLM\..\Run: [Automatic Updates] wupdmgr32.exe
O4 - HKLM\..\RunServices: [Automatic Updates] wupdmgr32.exe
O4 - HKCU\..\Run: [Automatic Updates] wupdmgr32.exe
O4 - HKCU\..\RunServices: [Automatic Updates] wupdmgr32.exe
O4 - HKLM\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKLM\..\RunServices: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\RunServices: [Automatic Updates] wupdmgr32x.exe
O4 - HKLM\..\Run: [Auto Scroll Loader] (Random 6 Letter).exe
O4 - HKCU\..\RunOnce: [Auto Scroll Loader] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [avast] C:\WINDOWS\troyan.exe
O4 - HKLM\..\Run: [Avast AntiVirus Process] msav.exe
O4 - HKLM\..\RunServices: [Avast AntiVirus Process] msav.exe
O4 - HKLM\..\Run: [Avg AntiVirus PE] av.exe
O4 - HKLM\..\RunServices: [Avg AntiVirus PE] av.exe
O4 - HKLM\..\Run: [Avira Antivir PE] antivir.exe
O4 - HKLM\..\RunServices: [Avira Antivir PE] antivir.exe
O4 - HKLM\..\Run: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe
O4 - HKLM\..\RunServices: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe
O4 - HKCU\..\Run: [AvpWx] C:\WINDOWS\system32\dllcache\WErcx.exe
O4 - HKLM\..\Run: [AVupdate32 Update] AVupdate32.exe
O4 - HKLM\..\RunServices: [AVupdate32 Update] AVupdate32.exe
O4 - HKLM\..\Run: [BIG] C:\WINDOWS\system32\biggy.exe
O4 - HKLM\..\Run: [BIOS Config] sytray.exe
O4 - HKLM\..\RunServices: [BIOS Config] sytray.exe
O4 - HKLM\..\Run: [blah service] b0bq4n.exe
O4 - HKLM\..\RunServices: [blah service] b0bq4n.exe
O4 - HKLM\..\Run: [blah service] svchosts.exe
O4 - HKLM\..\RunServices: [blah service] svchosts.exe
O4 - HKLM\..\Run: [blah service.] widows.exe
O4 - HKLM\..\RunServices: [blah service.] widows.exe
O4 - HKLM\..\Run: [blah services] xagwxzy.exe
O4 - HKLM\..\RunServices: [blah services] xagwxzy.exe
O4 - HKLM\..\Run: [BLF] C:\WINDOWS\system32\blf.exe
O4 - HKLM\..\Run: [Bluetooth Config] btwindin32.exe
O4 - HKLM\..\RunServices: [Bluetooth Config] btwindin32.exe
O4 - HKCU\..\Run: [Bluetooth Config] btwindin32.exe
O4 - HKCU\..\RunServices: [Bluetooth Config] btwindin32.exe
O4 - HKLM\..\Run: [boat32] boat32.exe
O4 - HKLM\..\RunServices: [boat32] boat32.exe
O4 - HKLM\..\Run: [Boot Check] C:\WINDOWS\system32\bootchk.exe
O4 - HKLM\..\Run: [Boot Conf] bootconf.exe
O4 - HKLM\..\Run: [Boot Config] bootconfig.exe
O4 - HKLM\..\Run: [Boot K] bootk.exe
O4 - HKLM\..\Run: [BootLoader] (Random 10 Letter).exe
O4 - HKLM\..\RunServices: [BootLoader] (Random 10 Letter).exe
O4 - HKLM\..\Run: [Boot Service] bootsv.exe
O4 - HKLM\..\Run: [Boot Starter] bootst.exe
O4 - HKLM\..\Run: [Boot Verify] bootvfy.exe
O4 - HKLM\..\Run: [btmsre.exe] C:\WINDOWS\btmsre.exe
O4 - HKLM\..\Run: [by h1dd3n] lkjgf.exe
O4 - HKCU\..\RunOnce: [by h1dd3n] lkjgf.exe
O4 - HKLM\..\Run: [Call Function System32] C:\WINDOWS\system32\Com\sddriver.exe
O4 - HKLM\..\RunServices: [Call Function System32] C:\WINDOWS\system32\Com\sddriver.exe
O4 - HKCU\..\Run: [Call Function System32] C:\WINDOWS\system32\Com\sddriver.exe
O4 - HKLM\..\Run: [Casino Royale] jamesbond.exe
O4 - HKLM\..\RunServices: [Casino Royale] jamesbond.exe
O4 - HKLM\..\Run: [Catalyst Control Centre] atixvdm.exe
O4 - HKLM\..\RunServices: [Catalyst Control Centre] atixvdm.exe
O4 - HKLM\..\Run: [ccSvcHst.exe] C:\WINDOWS\ccSvcHst.exe
O4 - HKLM\..\Run: [CD AutoPlay] cdplayer.exe
O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe
O4 - HKLM\..\Run: [cftmon] C:\Program Files\Common Files\System\sfcmonit.exe
O4 - HKLM\..\Run: [chcp.exe] C:\WINDOWS\chcp.exe
O4 - HKLM\..\Run: [CHK Disker] chkdsker.exe
O4 - HKLM\..\Run: [CHK NT] chkntf.exe
O4 - HKLM\..\Run: [Ci Svr] cisvr.exe
O4 - HKLM\..\Run: [cleanmgr.exe] C:\WINDOWS\cleanmgr.exe
O4 - HKLM\..\Run: [Clean Mgr] cleanmg.exe
O4 - HKLM\..\Run: [Cli Confg] cliconfig.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\csrs.exe
O4 - HKLM\..\Run: [Client Server Run Time Proccess] csrsrv.exe
O4 - HKLM\..\RunServices: [Client Server Run Time Proccess] csrsrv.exe
O4 - HKLM\..\Run: [Clip Srv] clipsv.exe
O4 - HKLM\..\Run: [Command Interpreter] ucmd.exe
O4 - HKLM\..\RunServices: [Command Interpreter] ucmd.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - HKCU\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] msnsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] msnsvc.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] msnsvc.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] rundll42.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] rundll42.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] rundll42.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] rundll42.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] winsvc.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers 32] compq32.exe
O4 - HKLM\..\Run: [Complete Antivirus] complete.exe
O4 - HKLM\..\RunServices: [Complete Antivirus] complete.exe
O4 - HKCU\..\Run: [Complete Antivirus] complete.exe
O4 - HKLM\..\Run: [Configuration] ntsys32.exe
O4 - HKLM\..\RunServices: [Configuration] ntsys32.exe
O4 - HKCU\..\Run: [Configuration] ntsys32.exe
O4 - HKLM\..\Run: [Configuration Loader] cnfgld32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] cnfgld32.exe
O4 - HKLM\..\Run: [Configuration Loader] configldr.exe
O4 - HKLM\..\RunServices: [Configuration Loader] configldr.exe
O4 - HKLM\..\Run: [Configuration Loader] iexpl3re.exe
O4 - HKLM\..\RunServices: [Configuration Loader] iexpl3re.exe
O4 - HKLM\..\Run: [Configuration Loader] iexplore.exe
O4 - HKLM\..\RunServices: [Configuration Loader] iexplore.exe
O4 - HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 - HKLM\..\RunServices: [Configuration Loader] msgfix.exe
O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [Configuration Loader] svchost2.exe
O4 - HKLM\..\RunServices: [Configuration Loader] svchost2.exe
O4 - HKLM\..\Run: [Configuration Loader] syscfg32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] syscfg32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] loadcfg32.exe
O4 - HKLM\..\Run: [Configuration Servecie] sewins.exe
O4 - HKLM\..\RunServices: [Configuration Servecie] sewins.exe
O4 - HKCU\..\Run: [Configuration Servecie] sewins.exe
O4 - HKLM\..\Run: [Configuration win32] cnfgld32.exe
O4 - HKLM\..\RunServices: [Configuration win32] cnfgld32.exe
O4 - HKLM\..\Run: [control panel software service] cprs.exe
O4 - HKLM\..\RunServices: [control panel software service] cprs.exe
O4 - HKCU\..\Run: [control panel software service] cprs.exe
O4 - HKLM\..\Run: [Core Process Aplication] C:\WINDOWS\system32\Com\ccapl.exe
O4 - HKLM\..\RunServices: [Core Process Aplication] C:\WINDOWS\system32\Com\ccapl.exe
O4 - HKCU\..\Run: [Core Process Aplication] C:\WINDOWS\system32\Com\ccapl.exe
O4 - HKLM\..\Run: [Core Process Aplication x16] C:\WINDOWS\system32\Com\ccapl16.exe
O4 - HKLM\..\RunServices: [Core Process Aplication x16] C:\WINDOWS\system32\Com\ccapl16.exe
O4 - HKCU\..\Run: [Core Process Aplication x16] C:\WINDOWS\system32\Com\ccapl16.exe
O4 - HKLM\..\Run: [Core Process Aplication x32] C:\WINDOWS\system32\Com\ccapl32.exe
O4 - HKLM\..\RunServices: [Core Process Aplication x32] C:\WINDOWS\system32\Com\ccapl32.exe
O4 - HKCU\..\Run: [Core Process Aplication x32] C:\WINDOWS\system32\Com\ccapl32.exe
O4 - HKLM\..\Run: [Corporate Microsoft Update] uptask.exe
O4 - HKLM\..\RunServices: [Corporate Microsoft Update] uptask.exe
O4 - HKLM\..\Run: [Counterstrike Service Agent] czrzns.exe
O4 - HKLM\..\RunServices: [Counterstrike Service Agent] czrzns.exe
O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe
O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe
O4 - HKLM\..\Run: [CPMP32 Settings] cpmp32.exe
O4 - HKLM\..\RunServices: [CPMP32 Settings] cpmp32.exe
O4 - HKCU\..\Run: [CPMP32 Settings] cpmp32.exe
O4 - HKLM\..\Run: [CPVHOST Settings] cpvhost.exe
O4 - HKLM\..\RunServices: [CPVHOST Settings] cpvhost.exe
O4 - HKCU\..\Run: [CPVHOST Settings] cpvhost.exe
O4 - HKLM\..\Run: [CRC Value Verifier] crsss64.exe
O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss64.exe
O4 - HKCU\..\Run: [CRC Value Verifier] crsss64.exe
O4 - HKLM\..\Run: [CRCSS] crcss.exe
O4 - HKLM\..\Run: [Creates Files Systems Protections] C:\WINDOWS\system32\inetsrv\csrs.exe
O4 - HKLM\..\RunServices: [Creates Files Systems Protections] C:\WINDOWS\system32\inetsrv\csrs.exe
O4 - HKCU\..\Run: [Creates Files Systems Protections] C:\WINDOWS\system32\inetsrv\csrs.exe
O4 - HKLM\..\Run: [Creates R Files Systems] C:\WINDOWS\system32\inetsrv\crsss.exe
O4 - HKLM\..\RunServices: [Creates R Files Systems] C:\WINDOWS\system32\inetsrv\crsss.exe
O4 - HKCU\..\Run: [Creates R Files Systems] C:\WINDOWS\system32\inetsrv\crsss.exe
O4 - HKLM\..\Run: [Creates Remote Systems] C:\WINDOWS\system32\inetsrv\crs.exe
O4 - HKLM\..\RunServices: [Creates Remote Systems] C:\WINDOWS\system32\inetsrv\crs.exe
O4 - HKCU\..\Run: [Creates Remote Systems] C:\WINDOWS\system32\inetsrv\crs.exe
O4 - HKLM\..\Run: [Creates stractures for system management] C:\WINDOWS\system32\inetsrv\stacture.exe
O4 - HKLM\..\RunServices: [Creates stractures for system management] C:\WINDOWS\system32\inetsrv\stacture.exe
O4 - HKCU\..\Run: [Creates stractures for system management] C:\WINDOWS\system32\inetsrv\stacture.exe
O4 - HKLM\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKLM\..\RunServices: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\RunServices: [Creative Audio Drivers] creative.exe
O4 - HKLM\..\Run: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunOnce: [Creative Devldr32] devldr32exe
O4 - HKCU\..\Run: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunOnce: [Creative Devldr32] devldr32exe
O4 - HKLM\..\Run: [Critical sysup] syncinups.exe
O4 - HKLM\..\RunServices: [Critical sysup] syncinups.exe
O4 - HKLM\..\Run: [crmssrlt] (Random 8 Letter).exe
O4 - HKCU\..\Run: [crmssrlt] (Random 8 Letter).exe
O4 - HKLM\..\Run: [CRP386 Networking] crp386.exe
O4 - HKLM\..\RunServices: [CRP386 Networking] crp386.exe
O4 - HKCU\..\Run: [CRP386 Networking] crp386.exe
O4 - HKLM\..\Run: [CRSSXP SysInfo] crssxp.exe
O4 - HKLM\..\RunServices: [CRSSXP SysInfo] crssxp.exe
O4 - HKCU\..\Run: [CRSSXP SysInfo] crssxp.exe
O4 - HKLM\..\Run: [cScripts] cscripts.exe
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\ssms.exe
O4 - HKLM\..\Run: [csrvss] csrvss.exe
O4 - HKLM\..\RunServices: [csrvss] csrvss.exe
O4 - HKLM\..\Run: [ctrmode] -C:\WINDOWS\ctrmode.exe
O4 - HKLM\..\Run: [Current32] msnpla.exe
O4 - HKLM\..\RunServices: [Current32] msnpla.exe
O4 - HKLM\..\Run: [cxsemse] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKCU\..\Run: [cxsemse] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [DateTimeUpdater] %windir%\system\rundll.exe
O4 - HKLM\..\Run: [DCOM CNF] dcomcnf.exe
O4 - HKLM\..\Run: [Dcom Helper] utorrent.exe
O4 - HKLM\..\RunServices: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [Dcom Helper] utorrent.exe
O4 - HKLM\..\Run: [DDE Sharer] ddesharer.exe
O4 - HKLM\..\Run: [Defrag FAT32] dfrgfat32.exe
O4 - HKLM\..\Run: [DELXP Protocol] delxp.exe
O4 - HKLM\..\RunServices: [DELXP Protocol] delxp.exe
O4 - HKCU\..\Run: [DELXP Protocol] delxp.exe
O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\Run: [Development Environment] C:\WINDOWS\system32\devenv.exe
O4 - HKLM\..\Run: [Device Manager] wfxmgr.exe
O4 - HKLM\..\RunServices: [Device Manager] wfxmgr.exe
O4 - HKLM\..\Run: [dfkj] C:\WINDOWS\system32\win32sp.exe
O4 - HKLM\..\RunServices: [dfkj] C:\WINDOWS\system32\win32sp.exe
O4 - HKLM\..\Run: [Directx Startup Drivers] C:\WINDOWS\system32\inetsrv\direct.exe
O4 - HKLM\..\RunServices: [Directx Startup Drivers] C:\WINDOWS\system32\inetsrv\direct.exe
O4 - HKCU\..\Run: [Directx Startup Drivers] C:\WINDOWS\system32\inetsrv\direct.exe
O4 - HKLM\..\Run: [DirectX9] %Temp%\direct3d.exe
O4 - HKLM\..\Run: [Disk Defragmentation Loader] pmsvcr.exe
O4 - HKLM\..\Run: [Disk Essensial Tools] detsvc.exe
O4 - HKLM\..\Run: [Disk Panel Configuration] dpcsvc.exe
O4 - HKLM\..\Run: [Disk Panel Setup] npcsvc.exe
O4 - HKLM\..\Run: [Display Device Driver] winadll.exe
O4 - HKLM\..\RunServices: [Display Device Driver] winadll.exe
O4 - HKLM\..\Run: [DIVX Video Player] DIVXPloyer.exe
O4 - HKLM\..\RunServices: [DIVX Video Player] DIVXPloyer.exe
O4 - HKLM\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKLM\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKLM\..\Run: [dllcvss] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKCU\..\Run: [dllcvss] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [DLL executes156] xg165.exe
O4 - HKLM\..\RunServices: [DLL executes156] xg165.exe
O4 - HKCU\..\Run: [DLL executes156] xg165.exe
O4 - HKCU\..\RunServices: [DLL executes156] xg165.exe
O4 - HKLM\..\Run: [DLLHost] C:\WINDOWS\system32\dllhst.exe
O4 - HKLM\..\Run: [DNS Service] C:\WINDOWS\system32\dnssvc.exe
O4 - HKLM\..\Run: [DRam Monitor 23] tskman3.exe
O4 - HKLM\..\RunServices: [DRam Monitor 23] tskman3.exe
O4 - HKLM\..\Run: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\RunServices: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\Run: [DRam prosessor] dll.exe
O4 - HKLM\..\RunServices: [DRam prosessor] dll.exe
O4 - HKLM\..\Run: [DRam prosessor] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [DRam prosessor] (Random 6 Letter).exe
O4 - HKLM\..\Run: [DRam prosessor] DTBoT.exe
O4 - HKLM\..\RunServices: [DRam prosessor] DTBoT.exe
O4 - HKLM\..\Run: [DRam prosessor] HWAPI.exe
O4 - HKLM\..\RunServices: [DRam prosessor] HWAPI.exe
O4 - HKLM\..\Run: [DRam prosessor] mngr.exe
O4 - HKLM\..\RunServices: [DRam prosessor] mngr.exe
O4 - HKLM\..\Run: [DRam prosessor] msconfig.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msconfig.exe
O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKLM\..\Run: [DRam prosessor] System32.exe
O4 - HKLM\..\RunServices: [DRam prosessor] System32.exe
O4 - HKLM\..\Run: [DRam prosessor] Task.exe
O4 - HKLM\..\RunServices: [DRam prosessor] Task.exe
O4 - HKLM\..\Run: [DRam prosessor] TskMngr.exe
O4 - HKLM\..\RunServices: [DRam prosessor] TskMngr.exe
O4 - HKLM\..\Run: [DRam prosessor] Winsyncupxxx.exe
O4 - HKLM\..\RunServices: [DRam prosessor] Winsyncupxxx.exe
O4 - HKLM\..\Run: [DRam prosessor] winsys.exe
O4 - HKLM\..\RunServices: [DRam prosessor] winsys.exe
O4 - HKLM\..\Run: [DRam prosessor] winupdate.exe
O4 - HKLM\..\RunServices: [DRam prosessor] winupdate.exe
O4 - HKLM\..\Run: [DRam prosessor] Windws.exe
O4 - HKLM\..\RunServices: [DRam prosessor] Windws.exe
O4 - HKLM\..\Run: [DRam rar proc] winupdaterar.exe
O4 - HKLM\..\RunServices: [DRam rar proc] winupdaterar.exe
O4 - HKLM\..\Run: [DRam rare proc] updaterarwin.exe
O4 - HKLM\..\RunServices: [DRam rare proc] updaterarwin.exe
O4 - HKLM\..\Run: [Drammm] lolla.exe
O4 - HKLM\..\RunServices: [Drammm] lolla.exe
O4 - HKLM\..\Run: [DRan posessor] DAP.exe
O4 - HKLM\..\RunServices: [DRan posessor] DAP.exe
O4 - HKLM\..\Run: [drimmsd] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Driver] h.exe
O4 - HKLM\..\RunServices: [Driver] h.exe
O4 - HKCU\..\Run: [Driver] h.exe
O4 - HKCU\..\RunServices: [Driver] h.exe
O4 - HKLM\..\Run: [DRM Upgrade] drmupgd.exe
O4 - HKLM\..\Run: [dsd] zz.exe
O4 - HKLM\..\RunServices: [dsd] zz.exe
O4 - HKCU\..\Run: [dsd] zz.exe
O4 - HKCU\..\RunServices: [dsd] zz.exe
O4 - HKLM\..\Run: [DVD Upgrade] dvdupgd.exe
O4 - HKLM\..\Run: [dxdiag diagnose] msidxdia.exe
O4 - HKLM\..\RunServices: [dxdiag diagnose] msidxdia.exe
O4 - HKCU\..\Run: [dxdiag diagnose] msidxdia.exe
O4 - HKCU\..\RunServices: [dxdiag diagnose] msidxdia.exe
O4 - HKLM\..\Run: [dxo] dxo.exe
O4 - HKLM\..\RunServices: [dxo] dxo.exe
O4 - HKCU\..\Run: [dxo] dxo.exe
O4 - HKLM\..\Run: [Dynamic Dns Binary] cmd16.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] cmd16.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] cmd16.exe
O4 - HKLM\..\Run: [Eclipse Environment] C:\WINDOWS\system32\eclipse.exe
O4 - HKLM\..\Run: [EcoLite] polyair.exe
O4 - HKLM\..\RunServices: [EcoLite] polyair.exe
O4 - HKCU\..\Run: [EcoLite] polyair.exe
O4 - HKLM\..\Run: [Edzy AntiVirus] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Edzy AntiVirus] (Random 6 Letter).exe
O4 - HKLM\..\Run: [ehSched] C:\WINDOWS\system\ehSched.exe
O4 - HKLM\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe
O4 - HKCU\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe
O4 - HKLM\..\Run: [emre1] emre1.exe
O4 - HKLM\..\RunServices: [emre1] emre1.exe
O4 - HKCU\..\Run: [emre1] emre1.exe
O4 - HKLM\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKLM\..\RunServices: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKCU\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKLM\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe
O4 - HKCU\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe
O4 - HKLM\..\Run: [ethernet] msftp.exe
O4 - HKLM\..\RunServices: [ethernet] msftp.exe
O4 - HKLM\..\Run: [ethernet adapter] csrmss.exe
O4 - HKLM\..\RunServices: [ethernet adapter] csrmss.exe
O4 - HKLM\..\Run: [Ethernet Driver] cmsrrs.exe
O4 - HKLM\..\RunServices: [Ethernet Driver] cmsrrs.exe
O4 - HKLM\..\Run: [Ethernet Drivers] smrrs.exe
O4 - HKLM\..\RunServices: [Ethernet Drivers] smrrs.exe
O4 - HKLM\..\Run: [Ethernet Linking] ethernet.exe
O4 - HKLM\..\Run: [EUP Service] C:\WINDOWS\system32\eupsvc.exe
O4 - HKLM\..\Run: [Event Manager] C:\WINDOWS\system32\eventmgr.exe
O4 - HKLM\..\Run: [exn] C:\WINDOWS\system32\exn.exe
O4 - HKLM\..\Run: [expcrt] C:\WINDOWS\system32\liscrts.exe
O4 - HKCU\..\Run: [expcrt] C:\WINDOWS\system32\liscrts.exe
O4 - HKLM\..\Run: [Expl0rer soft] expl0rer.pif
O4 - HKLM\..\RunServices: [Expl0rer soft] expl0rer.pif
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\CRSVS.exe
O4 - HKLM\..\Run: [explorer] iexplore.exe
O4 - HKLM\..\RunServices: [explorer] iexplore.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\scif\explorer.exe
O4 - HKLM\..\Run: [Explorer6.1.EXE] Explorer.exe
O4 - HKLM\..\RunServices: [Explorer6.1.EXE] Explorer.exe
O4 - HKCU\..\Run: [Explorer6.1.EXE] Explorer.exe
O4 - HKLM\..\Run: [FC Tilecom] Tilecomfc.com
O4 - HKLM\..\RunServices: [FC Tilecom] Tilecomfc.com
O4 - HKLM\..\Run: [Fdaemon security] C:\WINDOWS\system32\Com\fsecur.exe
O4 - HKLM\..\RunServices: [Fdaemon security] C:\WINDOWS\system32\Com\fsecur.exe
O4 - HKCU\..\Run: [Fdaemon security] C:\WINDOWS\system32\Com\fsecur.exe
O4 - HKLM\..\Run: [fgggfd] lockx.exe
O4 - HKLM\..\RunServices: [fgggfd] lockx.exe
O4 - HKCU\..\Run: [fgggfd] lockx.exe
O4 - HKLM\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKLM\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - HKLM\..\Run: [File Protection Monitor] C:\WINDOWS\system32\Com\filemon.exe
O4 - HKLM\..\RunServices: [File Protection Monitor] C:\WINDOWS\system32\Com\filemon.exe
O4 - HKCU\..\Run: [File Protection Monitor] C:\WINDOWS\system32\Com\filemon.exe
O4 - HKLM\..\Run: [File System] taskmqr.exe
O4 - HKLM\..\RunServices: [File System] taskmqr.exe
O4 - HKCU\..\Run: [File System] taskmqr.exe
O4 - HKLM\..\Run: [File System] taskmqrs.exe
O4 - HKLM\..\RunServices: [File System] taskmqrs.exe
O4 - HKCU\..\Run: [File System] taskmqrs.exe
O4 - HKLM\..\Run: [FireExplore Update] FireExplore.exe
O4 - HKLM\..\RunServices: [FireExplore Update] FireExplore.exe
O4 - HKLM\..\Run: [Firefox Plugin Manager] firefoxpgm.exe
O4 - HKLM\..\Run: [Firewall Controls] sys32.exe
O4 - HKLM\..\RunServices: [Firewall Controls] sys32.exe
O4 - HKCU\..\Run: [Firewall Controls] sys32.exe
O4 - HKCU\..\RunServices: [Firewall Controls] sys32.exe
O4 - HKLM\..\Run: [Flash Driver] %Temp%\winlogon.exe
O4 - HKLM\..\Run: [Flash Media] %Temp%\services.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%%%.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^^.exe
O4 - HKLM\..\Run: [Flash Player2] %Temp%\services.exe
O4 - HKLM\..\Run: [flxplamis] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [Font Viewer] fontviewer.exe
O4 - HKLM\..\Run: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\RunServices: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\Run: [FW Manager] C:\WINDOWS\system32\fwcheck.exe
O4 - HKLM\..\Run: [gangsta] C:\WINDOWS\System32\gangsta.exe
O4 - HKLM\..\Run: [gcasServ32] gcasServ32.exe
O4 - HKCU\..\RunOnce: [gcasServ32] gcasServ32.exe
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] svchosts.exe
O4 - HKLM\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe
O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] svchosts.exe
O4 - HKCU\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe
O4 - HKLM\..\Run: [Ghost Relay] C:\WINDOWS\system32\W,),),W,*exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\update1.exe
O4 - HKLM\..\Run: [google] google.exe
O4 - HKLM\..\RunServices: [google] google.exe
O4 - HKLM\..\Run: [Google service] Googlesetup.exe
O4 - HKLM\..\RunServices: [Google service] Googlesetup.exe
O4 - HKLM\..\Run: [Google Service FR] GO0GLEFREE.EXE
O4 - HKLM\..\RunServices: [Google Service FR] GO0GLEFREE.EXE
O4 - HKCU\..\Run: [Google Service FR] GO0GLEFREE.EXE
O4 - HKLM\..\Run: [GP Updater] gpupdater.exe
O4 - HKLM\..\Run: [Graphic Update] %temp%\msnmsgr.exe
O4 - HKLM\..\Run: [Graphic Update] %Temp%\msnmsgs.exe
O4 - HKLM\..\Run: [Graphic Update] C:\WINDOWS\system32\openglx.exe
O4 - HKLM\..\Run: [gummy] C:\WINDOWS\system32\gummy.exe
O4 - HKLM\..\Run: [HanUpdate] hanz.exe
O4 - HKLM\..\RunServices: [HanUpdate] hanz.exe
O4 - HKCU\..\Run: [HanUpdate] hanz.exe
O4 - HKLM\..\Run: [Hardware Shell Detection] WinHSD.exe
O4 - HKLM\..\RunServices: [Hardware Shell Detection] WinHSD.exe
O4 - HKCU\..\Run: [Hardware Shell Detection] WinHSD.exe
O4 - HKLM\..\Run: [hcksys32.exe] hck.exe
O4 - HKLM\..\RunServices: [hcksys32.exe] hck.exe
O4 - HKLM\..\Run: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe
O4 - HKLM\..\RunServices: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe
O4 - HKCU\..\Run: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe
O4 - HKLM\..\Run: [Hostname Manager Server] C:\WINDOWS\system32\inetsrv\host32srv.exe
O4 - HKLM\..\RunServices: [Hostname Manager Server] C:\WINDOWS\system32\inetsrv\host32srv.exe
O4 - HKCU\..\Run: [Hostname Manager Server] C:\WINDOWS\system32\inetsrv\host32srv.exe
O4 - HKLM\..\Run: [hotfix] msnnmaneger.exe
O4 - HKLM\..\RunServices: [hotfix] msnnmaneger.exe
O4 - HKLM\..\RunOnce: [hotfix] msnnmaneger.exe
O4 - HKCU\..\Run: [hotfix] msnnmaneger.exe
O4 - HKCU\..\RunOnce: [hotfix] msnnmaneger.exe
O4 - HKLM\..\Run: [hotefix] msnmanegers.exe
O4 - HKLM\..\RunServices: [hotefix] msnmanegers.exe
O4 - HKLM\..\RunOnce: [hotefix] msnmanegers.exe
O4 - HKCU\..\Run: [hotefix] msnmanegers.exe
O4 - HKCU\..\RunOnce: [hotefix] msnmanegers.exe
O4 - HKLM\..\Run: [HOT FIX] Gothic.exe
O4 - HKLM\..\RunOnce: [HOT FIX] Gothic.exe
O4 - HKLM\..\RunServices: [HOT FIX] Gothic.exe
O4 - HKCU\..\Run: [HOT FIX] Gothic.exe
O4 - HKCU\..\RunOnce: [HOT FIX] Gothic.exe
O4 - HKLM\..\Run: [HOT FIX] windsys2.exe
O4 - HKLM\..\RunOnce: [HOT FIX] windsys2.exe
O4 - HKLM\..\RunServices: [HOT FIX] windsys2.exe
O4 - HKCU\..\Run: [HOT FIX] windsys2.exe
O4 - HKCU\..\RunOnce: [HOT FIX] windsys2.exe
O4 - HKLM\..\Run: [htssv32.exe] C:\WINDOWS\htssv32.exe
O4 - HKLM\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKLM\..\RunServices: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\RunServices: [HTTP Tunneling Server] mstunnel.exe
O4 - HKLM\..\Run: [icccomp] (Random 8 Letter).exe
O4 - HKCU\..\Run: [icccomp] (Random 8 Letter).exe
O4 - HKLM\..\Run: [idlesam] (Random 8 Letter).exe
O4 - HKCU\..\Run: [idlesam] (Random 8 Letter).exe
O4 - HKLM\..\Run: [idmlssp] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKCU\..\Run: [idmlssp] C:\WINDOWS\system32\(Random 8 Letter).exe
O4 - HKLM\..\Run: [IE6] winsnt.exe
O4 - HKLM\..\RunServices: [IE6] winsnt.exe
O4 - HKLM\..\Run: [IE6] ypag3r.exe
O4 - HKLM\..\RunServices: [IE6] ypag3r.exe
O4 - HKLM\..\Run: [IEexplorer AUpdate] IEexplore32.exe
O4 - HKLM\..\RunServices: [IEexplorer AUpdate] IEexplore32.exe
O4 - HKLM\..\Run: [iesetup7b] iesetup7b.exe
O4 - HKLM\..\RunRunServices: [iesetup7b] iesetup7b.exe
O4 - HKLM\..\Run: [iesetupi.exe] iesetupi.exe
O4 - HKLM\..\RunServices: [iesetupi.exe] iesetupi.exe
O4 - HKLM\..\Run: [IEUpdate] ieupdate.exe
O4 - HKLM\..\RunServices: [IEUpdate] ieupdate.exe
O4 - HKCU\..\Run: [IEUpdate] ieupdate.exe
O4 - HKCU\..\Run: [iexplor.exe] C:\WINDOWS\system32\iexplor.exe
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [iexplore] iexplore.exe
O4 - HKLM\..\RunServices: [iexplore] iexplore.exe
O4 - HKLM\..\Run: [iExplore Ini] ie4uini.exe
O4 - HKLM\..\Run: [iexplore start] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [iexplore start] IEXPLORE.EXE
O4 - HKLM\..\Run: [IExplorer] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKLM\..\RunServices: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKCU\..\Run: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKCU\..\Run: [IExplorerService] C:\WINDOWS\system32\WinSock.exe
O4 - HKLM\..\Run: [iExpresser] iexpresser.exe
O4 - HKLM\..\Run: [Image Remote Players] sysvn.exe
O4 - HKLM\..\Run: [Index Service] dllhost32.exe
O4 - HKLM\..\RunServices: [Index Service] dllhost32.exe
O4 - HKLM\..\Run: [InstallTheme] Lune.exe
O4 - HKLM\..\RunServices: [InstallTheme] Lune.exe
O4 - HKCU\..\Run: [InstallTheme] Lune.exe
O4 - HKLM\..\Run: [Instant Messenger Service] imservice.exe
O4 - HKLM\..\Run: [Intec Service Drivers] msconfig32x.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] msconfig32x.exe
O4 - HKCU\..\Run: [Intec Service Drivers] msconfig32x.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] msconfig32x.exe
O4 - HKLM\..\Run: [Intec Service Drivers] msmsgr.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] msmsgr.exe
O4 - HKCU\..\Run: [Intec Service Drivers] msmsgr.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] msmsgr.exe
O4 - HKLM\..\Run: [Intec Service Drivers] msmsgrs.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] msmsgrs.exe
O4 - HKCU\..\Run: [Intec Service Drivers] msmsgrs.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] msmsgrs.exe
O4 - HKLM\..\Run: [Intec Service Drivers] mss.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] mss.exe
O4 - HKCU\..\Run: [Intec Service Drivers] mss.exe
O4 - HKLM\..\Run: [Intec Service Drivers] ntservice.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] ntservice.exe
O4 - HKCU\..\Run: [Intec Service Drivers] ntservice.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] ntservice.exe
O4 - HKLM\..\Run: [Intec Service Drivers] tktest.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] tktest.exe
O4 - HKCU\..\Run: [Intec Service Drivers] tktest.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] tktest.exe
O4 - HKLM\..\Run: [Intec Service Drivers] C:\WINDOWS\system32\wing32.exe
O4 - HKCU\..\Run: [Intec Service Drivers] C:\WINDOWS\system32\wing32.exe
O4 - HKLM\..\Run: [Intec Services Driverrs] winrvc.exe
O4 - HKLM\..\RunServices: [Intec Services Driverrs] winrvc.exe
O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe
O4 - HKLM\..\Run: [Internal Memory File] sysintmemory.exe
O4 - HKLM\..\RunServices: [Internal Memory File] sysintmemory.exe
O4 - HKCU\..\Run: [Internal Memory File] sysintmemory.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\alm7tas.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\alm7tas.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\alota.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\alota.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\l1nksys.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\l1nksys.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\System32\nteusodp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\System32\nteusodp.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\wins.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\wins.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\WinSecUp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\WinSecUp.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\WinSecUps.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\WinSecUps.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\System32\WinSUp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\System32\WinSUp.exe
O4 - HKLM\..\Run: [internet] winsas32.exe
O4 - HKLM\..\RunServices: [internet] winsas32.exe
O4 - HKCU\..\Run: [internet] winsas32.exe
O4 - HKLM\..\Run: [InternetExplorer2] C:\WINDOWS\System32\windows.exe
O4 - HKLM\..\RunServices: [InternetExplorer2] C:\WINDOWS\System32\windows.exe
O4 - HKLM\..\Run: [InternetExplorer32] iexplore32.exe
O4 - HKLM\..\RunServices: [InternetExplorer32] iexplore32.exe
O4 - HKLM\..\Run: [Internet Application Driver] C:\WINDOWS\system32\expIorer.exe
O4 - HKLM\..\RunServices: [Internet Application Driver] C:\WINDOWS\system32\expIorer.exe
O4 - HKLM\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKLM\..\RunServices: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\RunServices: [Internet Explorer Security] iexplore.pif
O4 - HKLM\..\Run: [INTERNET EXPLORER] iexpllore.exe
O4 - HKLM\..\RunServices: [INTERNET EXPLORER] iexpllore.exe
O4 - HKCU\..\Run: [INTERNET EXPLORER] iexpllore.exe
O4 - HKLM\..\Run: [INTERNET EXPLORER] iexplor.exe
O4 - HKLM\..\RunServices: [INTERNET EXPLORER] iexplor.exe
O4 - HKCU\..\Run: [INTERNET EXPLORER] iexplor.exe
O4 - HKLM\..\Run: [Internet Explorer 6.0] iexplore.exe
O4 - HKLM\..\RunServices: [Internet Explorer 6.0] iexplore.exe
O4 - HKCU\..\Run: [Internet Explorer 6.0] iexplore.exe
O4 - HKCU\..\RunServices: [Internet Explorer 6.0] iexplore.exe
O4 - HKLM\..\Run: [Internet Security Service] msq23.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msq23.exe
O4 - HKCU\..\Run: [Internet Security Service] msq23.exe
O4 - HKLM\..\Run: [Internet Security Service] msq32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msq32.exe
O4 - HKCU\..\Run: [Internet Security Service] msq32.exe
O4 - HKLM\..\Run: [Internet Security Service] msql23.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msql23.exe
O4 - HKCU\..\Run: [Internet Security Service] msql23.exe
O4 - HKLM\..\Run: [Internet Security Service] mysqlwin32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] mysqlwin32.exe
O4 - HKCU\..\Run: [Internet Security Service] mysqlwin32.exe
O4 - HKLM\..\Run: [Internet Security Service] ssyst3m32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] ssyst3m32.exe
O4 - HKCU\..\Run: [Internet Security Service] ssyst3m32.exe
O4 - HKLM\..\Run: [internet service] svho0st98.exe
O4 - HKLM\..\RunServices: [internet service] svho0st98.exe
O4 - HKLM\..\Run: [Internet Service Provider] C:\WINDOWS\system32\ispinstall.exe
O4 - HKLM\..\RunServices: [Internet Service Provider] C:\WINDOWS\system32\ispinstall.exe
O4 - HKLM\..\Run: [Intranet] schost.exe
O4 - HKLM\..\RunServices: [Intranet] schost.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] system32.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] system32.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] system32.exe
O4 - HKLM\..\Run: [Ipod Help] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Ipod Help] (Random 9 Letter).exe
O4 - HKCU\..\Run: [Ipod Help] (Random 9 Letter).exe
O4 - HKLM\..\Run: [iPSec7] ipsec7.exe
O4 - HKLM\..\Run: [iPX Router] ipxrouter.exe
O4 - HKLM\..\Run: [IRQ Assigning Agent] IRQconf.exe
O4 - HKLM\..\RunServices: [IRQ Assigning Agent] IRQconf.exe
O4 - HKLM\..\Run: [iTunes Music] iTunesHelper32.exe
O4 - HKLM\..\RunServices: [iTunes Music] iTunesHelper32.exe
O4 - HKLM\..\Run: [ivhost] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [ivhost] (Random 6 Letter).exe
O4 - HKCU\..\Run: [ivhost] (Random 6 Letter).exe
O4 - HKLM\..\Run: [JA Config 32] Awesome32.exe
O4 - HKLM\..\RunServices: [JA Config 32] Awesome32.exe
O4 - HKCU\..\Run: [JA Config 32] Awesome32.exe
O4 - HKLM\..\Run: [java] system.exe
O4 - HKLM\..\RunServices: [java] system.exe
O4 - HKLM\..\Run: [Java32 Configuration Loader] msnmesgr.exe
O4 - HKLM\..\RunServices: [Java32 Configuration Loader] msnmesgr.exe
O4 - HKCU\..\Run: [Java32 Configuration Loader] msnmesgr.exe
O4 - HKLM\..\Run: [Java Runtime Environment] C:\WINDOWS\system32\jbuild.exe
O4 - HKLM\..\Run: [Java Runtime Value] runjava.exe
O4 - HKLM\..\RunServices: [Java Runtime Value] runjava.exe
O4 - HKCU\..\Run: [Java Runtime Value] runjava.exe
O4 - HKCU\..\RunServices: [Java Runtime Value] runjava.exe
O4 - HKLM\..\Run: [Java Softe] Java32.com
O4 - HKLM\..\RunServices: [Java Softe] Java32.com
O4 - HKLM\..\Run: [Javascript] C:\WINDOWS\system32\jscript.exe
O4 - HKLM\..\Run: [Java Update] nod.exe
O4 - HKLM\..\RunServices: [Java Update] nod.exe
O4 - HKCU\..\Run: [Java Update] nod.exe
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [Jufualt] j2.exe
O4 - HKCU\..\Run: [Jufualt] j2.exe
O4 - HKLM\..\Run: [JvcHost] jvcsvc32.exe
O4 - HKLM\..\RunServices: [JvcHost] jvcsvc32.exe
O4 - HKLM\..\Run: [JW Manager] jwmngr.exe
O4 - HKLM\..\Run: [JXL Radio] jxl.exe
O4 - HKLM\..\RunServices: [JXL Radio] jxl.exe
O4 - HKCU\..\Run: [JXL Radio] jxl.exe
O4 - HKCU\..\RunServices: [JXL Radio] jxl.exe
O4 - HKLM\..\Run: [kaspersky32] kasperskyLabs32.exe
O4 - HKLM\..\RunServices: [kaspersky32] kasperskyLabs32.exe
O4 - HKLM\..\Run: [Killer XP Key] killer.exe
O4 - HKLM\..\RunServices: [Killer XP Key] killer.exe
O4 - HKLM\..\Run: [kiss] %ProgramFiles%\dfsdfsd\pingy.exe
O4 - HKLM\..\Run: [kdmsx] (Random 8 Letter).exe
O4 - HKCU\..\Run: [kdmsx] (Random 8 Letter).exe
O4 - HKLM\..\Run: [kernel32.exe] C:\WINDOWS\system32\kernel32.exe
O4 - HKLM\..\RunServices: [kernel32.exe] C:\WINDOWS\system32\kernel32.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\LBTWiz.exe
O4 - HKLM\..\Run: [LEMSRV] C:\WINDOWS\system32\lemsrv.exe
O4 - HKLM\..\Run: [LetsRock] TODOTWO.EXE
O4 - HKLM\..\Run: [Lexmark Print] lexmark.exe
O4 - HKLM\..\RunServices: [Lexmark Print] lexmark.exe
O4 - HKLM\..\Run: [Linksys Modem Drivers] linksys.exe
O4 - HKLM\..\RunServices: [Linksys Modem Drivers] linksys.exe
O4 - HKCU\..\Run: [Linksys Modem Drivers] linksys.exe
O4 - HKLM\..\Run: [Limewire] LimeWire.exe
O4 - HKLM\..\RunServices: [Limewire] LimeWire.exe
O4 - HKLM\..\RunServices: [limewirepro.exe] C:\limewirepro.exe
O4 - HKLM\..\Run: [Live-Help] lmns.exe
O4 - HKLM\..\RunServices: [Live-Help] lmns.exe
O4 - HKCU\..\Run: [Live-Help] lmns.exe
O4 - HKLM\..\Run: [Live Messanger] livemsgr.exe
O4 - HKLM\..\RunServices: [Live Messanger] livemsgr.exe
O4 - HKCU\..\Run: [Live Messanger] livemsgr.exe
O4 - HKLM\..\Run: [Live Messanger] wllmsngr.exe
O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
O4 - HKLM\..\Run: [lnternet Update] sysmem.exe
O4 - HKLM\..\RunServices: [lnternet Update] sysmem.exe
O4 - HKLM\..\Run: [L0aders] faxneti.exe
O4 - HKLM\..\RunServices: [L0aders] faxneti.exe
O4 - HKCU\..\Run: [L0aders] faxneti.exe
O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe
O4 - HKLM\..\RunServices: [Loader msgzl] msgzl.exe
O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe
O4 - HKLM\..\Run: [Local area connection] winlive.exe
O4 - HKLM\..\RunServices: [Local area connection] winlive.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [Local Services] winserv32.exe
O4 - HKLM\..\RunServices: [Local Services] winserv32.exe
O4 - HKLM\..\Run: [LoghDriver] winlde.exe
O4 - HKLM\..\RunServices: [LoghDriver] winlde.exe
O4 - HKLM\..\Run: [LoghDriverr] winnlde.exe
O4 - HKLM\..\RunServices: [LoghDriverr] winnlde.exe
O4 - HKLM\..\Run: [Logical Disk Browser] mcrsvc.exe
O4 - HKLM\..\Run: [Logical Disk Detection] mrisvc.exe
O4 - HKLM\..\Run: [Logon Agent] logonagt.exe
O4 - HKLM\..\Run: [lost] WinUpdate.exe
O4 - HKLM\..\RunServices: [lost] WinUpdate.exe
O4 - HKCU\..\Run: [lost] WinUpdate.exe
O4 - HKLM\..\Run: [lpddcls] (Random 8 Letter).exe
O4 - HKCU\..\Run: [lpddcls] (Random 8 Letter).exe
O4 - HKLM\..\Run: [LSA] run.exe
O4 - HKLM\..\RunServices: [LSA] run.exe
O4 - HKCU\..\Run: [LSA] run.exe
O4 - HKCU\..\RunServices: [LSA] run.exe
O4 - HKLM\..\Run: [LSA] scvhost.exe
O4 - HKLM\..\RunServices: [LSA] scvhost.exe
O4 - HKCU\..\Run: [LSA] scvhost.exe
O4 - HKCU\..\RunServices: [LSA] scvhost.exe
O4 - HKLM\..\Run: [LSA Shell] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [LSA Shell (Export Version)] lsasss.exe
O4 - HKLM\..\RunServices: [LSA Shell (Export Version)] lsasss.exe
O4 - HKCU\..\Run: [LSA Shell (Export Version)] lsasss.exe
O4 - HKLM\..\Run: [LSA Shellu] %UserProfile%\lsass.exe
O4 - HKLM\..\Run: [lsass] svchost32.exe
O4 - HKLM\..\RunServices: [lsass] svchost32.exe
O4 - HKLM\..\Run: [Lsass16] C:\WINDOWS\lsass16.exe
O4 - HKLM\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKLM\..\RunServices: [lsass2k Update] lsass2k.exe
O4 - HKCU\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\RunServices: [lsass32] lsass32.exe
O4 - HKLM\..\Run: [ltoqhdmw] C:\WINDOWS\System32\wuvenr.exe
O4 - HKCU\..\Run: [ltoqhdmw] C:\WINDOWS\System32\wuvenr.exe
O4 - HKLM\..\Run: [m0rgan.org] bling.exe
O4 - HKLM\..\RunServices: [m0rgan.org] bling.exe
O4 - HKLM\..\Run: [Machine Debug Mgr] mdn.exe
O4 - HKLM\..\Run: [mackfy.exe] msms.exe
O4 - HKLM\..\RunServices: [mackfy.exe] msms.exe
O4 - HKLM\..\Run: [Managment Service] xagwxzyrxbce.exe
O4 - HKLM\..\RunServices: [Managment Service] xagwxzyrxbce.exe
O4 - HKLM\..\Run: [MasterBoot Switch] popupkill.exe
O4 - HKLM\..\RunServices: [MasterBoot Switch] popupkill.exe
O4 - HKCU\..\Run: [MasterBoot Switch] popupkill.exe
O4 - HKLM\..\Run: [Master Card Updaate 32] Mastercard32.exe
O4 - HKLM\..\RunServices: [Master Card Updaate 32] Mastercard32.exe
O4 - HKLM\..\Run: [McAfee Online virus Scanner] avp.exe
O4 - HKLM\..\RunServices: [McAfee Online virus Scanner] avp.exe
O4 - HKLM\..\Run: [mceipww] (Random 8 Letter).exe
O4 - HKCU\..\Run: [mceipww] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Media Server] msdts.exe
O4 - HKLM\..\Run: [Media Software UPdater] sscs.exe
O4 - HKLM\..\RunServices: [Media Software UPdater] sscs.exe
O4 - HKCU\..\Run: [Media Software UPdater] sscs.exe
O4 - HKLM\..\Run: [Media Transfer Protocals] msstc.exe
O4 - HKLM\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKLM\..\RunServices: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\RunServices: [MediaXPServicePack] mxpsp.exe
O4 - HKLM\..\Run: [Memory Allocation Host] cihost.exe
O4 - HKLM\..\Run: [Memory Allocation Server] ciserv.exe
O4 - HKLM\..\Run: [Memory Allocation Services] cisrv.exe
O4 - HKLM\..\Run: [Messanger modix Configuration] winmsn.exe
O4 - HKLM\..\RunServices: [Messanger modix Configuration] winmsn.exe
O4 - HKLM\..\Run: [Messenger91] messengersystem.exe
O4 - HKLM\..\RunServices: [Messenger91] messengersystem.exe
O4 - HKLM\..\Run: [Messenger Sharing Control] mnwsvc.exe
O4 - HKLM\..\Run: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\Run: [Micosoft Data Core] antivir32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] antivir32.exe
O4 - HKLM\..\Run: [Micosoft Data Core] iexplore.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] iexplore.exe
O4 - HKLM\..\Run: [Micosoft Data Core] shell32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] shell32.exe
O4 - HKLM\..\Run: [Micosoft Data Core stuff] atiwarez.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core stuff] atiwarez.exe
O4 - HKLM\..\Run: [Micosoft Data Core stuff] cores.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core stuff] cores.exe
O4 - HKLM\..\Run: [Micosoft Data Core stuff] datacorez.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core stuff] datacorez.exe
O4 - HKLM\..\Run: [Micosoft Data Core stuff] svshosts.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core stuff] svshosts.exe
O4 - HKLM\..\Run: [Micromedia Flash Update] xptxt.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] xptxt.exe
O4 - HKLM\..\Run: [Microsft Conf 32] msaconf.exe
O4 - HKLM\..\RunServices: [Microsft Conf 32] msaconf.exe
O4 - HKCU\..\Run: [Microsft Conf 32] msaconf.exe
O4 - HKLM\..\Run: [Microsft Corporation Version 2001.12.4414] C:\WINDOWS\system32\Com\comrel.exe
O4 - HKLM\..\RunServices: [Microsft Corporation Version 2001.12.4414] C:\WINDOWS\system32\Com\comrel.exe
O4 - HKCU\..\Run: [Microsft Corporation Version 2001.12.4414] C:\WINDOWS\system32\Com\comrel.exe
O4 - HKLM\..\Run: [Microsft Corporation Version 2002.12.2414] C:\WINDOWS\system32\Com\comserv.exe
O4 - HKLM\..\RunServices: [Microsft Corporation Version 2002.12.2414] C:\WINDOWS\system32\Com\comserv.exe
O4 - HKCU\..\Run: [Microsft Corporation Version 2002.12.2414] C:\WINDOWS\system32\Com\comserv.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] cmh.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] cmh.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKLM\..\Run: [Microsft Word] MSWORD.exe
O4 - HKLM\..\RunServices: [Microsft Word] MSWORD.exe
O4 - HKLM\..\Run: [Microsoff Windows Update] mswins.exe
O4 - HKLM\..\RunServices: [Microsoff Windows Update] mswins.exe
O4 - HKLM\..\Run: [Microsoft] .exe
O4 - HKLM\..\RunServices: [Microsoft] .exe
O4 - HKLM\..\Run: [Microsoft] aim.exe
O4 - HKLM\..\RunServices: [Microsoft] aim.exe
O4 - HKLM\..\Run: [Microsoft] avgemcu.exe
O4 - HKLM\..\RunServices: [Microsoft] avgemcu.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\taskbar.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\taskbar.exe
O4 - HKLM\..\Run: [Microsoft] derservice.exe
O4 - HKLM\..\RunServices: [Microsoft] derservice.exe
O4 - HKLM\..\Run: [Microsoft] Explorer.exe
O4 - HKLM\..\RunServices: [Microsoft] Explorer.exe
O4 - HKLM\..\Run: [Microsoft] Explorerr.exe
O4 - HKLM\..\RunServices: [Microsoft] Explorerr.exe
O4 - HKLM\..\Run: [Microsoft] firefox.exe
O4 - HKLM\..\RunServices: [Microsoft] firefox.exe
O4 - HKLM\..\Run: [Microsoft] guard.exe
O4 - HKLM\..\RunServices: [Microsoft] guard.exe
O4 - HKCU\..\Run: [Microsoft] guard.exe
O4 - HKLM\..\Run: [Microsoft] iexplore.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplore.exe
O4 - HKLM\..\Run: [Microsoft] iexplorer.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe
O4 - HKLM\..\Run: [Microsoft] install.exe
O4 - HKLM\..\RunServices: [Microsoft] install.exe
O4 - HKLM\..\Run: [Microsoft] internetdat.exe
O4 - HKLM\..\RunServices: [Microsoft] internetdat.exe
O4 - HKLM\..\Run: [Microsoft] iusr.exe
O4 - HKLM\..\RunServices: [Microsoft] iusr.exe
O4 - HKCU\..\Run: [Microsoft] iusr.exe
O4 - HKLM\..\Run: [Microsoft] kasperskyLive32.exe
O4 - HKLM\..\RunServices: [Microsoft] kasperskyLive32.exe
O4 - HKLM\..\Run: [Microsoft] listc.exe
O4 - HKLM\..\RunServices: [Microsoft] listc.exe
O4 - HKCU\..\Run: [Microsoft] listc.exe
O4 - HKLM\..\Run: [Microsoft] livemessenger.exe
O4 - HKLM\..\RunServices: [Microsoft] livemessenger.exe
O4 - HKLM\..\Run: [Microsoft] lol.exe
O4 - HKLM\..\RunServices: [Microsoft] lol.exe
O4 - HKLM\..\Run: [Microsoft] loval32.exe
O4 - HKLM\..\RunServices: [Microsoft] loval32.exe
O4 - HKLM\..\Run: [Microsoft] lsass.ppf
O4 - HKLM\..\RunServices: [Microsoft] lsass.ppf
O4 - HKCU\..\Run: [Microsoft] lsass.ppf
O4 - HKLM\..\Run: [Microsoft] mdms.exe
O4 - HKLM\..\RunServices: [Microsoft] mdms.exe
O4 - HKCU\..\Run: [Microsoft] mdms.exe
O4 - HKLM\..\Run: [Microsoft] mixers.exe
O4 - HKLM\..\RunServices: [Microsoft] mixers.exe
O4 - HKCU\..\Run: [Microsoft] mixers.exe
O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\Run: [Microsoft] msngerf.exe
O4 - HKLM\..\RunServices: [Microsoft] msngerf.exe
O4 - HKLM\..\Run: [Microsoft] msns.exe
O4 - HKLM\..\RunServices: [Microsoft] msns.exe
O4 - HKLM\..\Run: [Microsoft] msserv32.exe
O4 - HKLM\..\RunServices: [Microsoft] msserv32.exe
O4 - HKLM\..\Run: [Microsoft] MSUPDATE.exe
O4 - HKCU\..\Run: [Microsoft] MSUPDATE.exe
O4 - HKLM\..\Run: [Microsoft] msvchost.exe
O4 - HKLM\..\RunServices: [Microsoft] msvchost.exe
O4 - HKLM\..\Run: [Microsoft] msvcs.exe
O4 - HKLM\..\RunServices: [Microsoft] msvcs.exe
O4 - HKLM\..\Run: [Microsoft] netfix32.exe
O4 - HKLM\..\RunServices: [Microsoft] netfix32.exe
O4 - HKLM\..\Run: [Microsoft] netshield.exe
O4 - HKLM\..\RunServices: [Microsoft] netshield.exe
O4 - HKLM\..\Run: [Microsoft] netsrv.exe
O4 - HKLM\..\RunServices: [Microsoft] netsrv.exe
O4 - HKCU\..\Run: [Microsoft] netsrv.exe
O4 - HKLM\..\Run: [Microsoft] Nvpss.exe
O4 - HKLM\..\RunServices: [Microsoft] Nvpss.exe
O4 - HKLM\..\Run: [Microsoft] prefinal.exe
O4 - HKLM\..\RunServices: [Microsoft] prefinal.exe
O4 - HKLM\..\Run: [Microsoft] qtask.exe
O4 - HKLM\..\RunServices: [Microsoft] qtask.exe
O4 - HKCU\..\Run: [Microsoft] qtask.exe
O4 - HKLM\..\Run: [Microsoft] radnom.exe
O4 - HKLM\..\RunServices: [Microsoft] radnom.exe
O4 - HKCU\..\Run: [Microsoft] radnom.exe
O4 - HKLM\..\Run: [Microsoft] rtvcscan.exe
O4 - HKLM\..\RunServices: [Microsoft] rtvcscan.exe
O4 - HKCU\..\Run: [Microsoft] rtvcscan.exe
O4 - HKLM\..\Run: [Microsoft] rundll.exe
O4 - HKLM\..\RunServices: [Microsoft] rundll.exe
O4 - HKCU\..\Run: [Microsoft] rundll.exe
O4 - HKLM\..\Run: [Microsoft] scvhost32.exe
O4 - HKLM\..\RunServices: [Microsoft] scvhost32.exe
O4 - HKLM\..\Run: [Microsoft] sdcom.exe
O4 - HKLM\..\RunServices: [Microsoft] sdcom.exe
O4 - HKLM\..\Run: [Microsoft] services.exe
O4 - HKLM\..\RunServices: [Microsoft] services.exe
O4 - HKLM\..\Run: [Microsoft] servicess.exe
O4 - HKLM\..\RunServices: [Microsoft] servicess.exe
O4 - HKCU\..\Run: [Microsoft] servicess.exe
O4 - HKLM\..\Run: [Microsoft Update] SetPoints.exe
O4 - HKLM\..\RunServices: [Microsoft Update] SetPoints.exe
O4 - HKLM\..\Run: [Microsoft] soundvol32.exe
O4 - HKLM\..\RunServices: [Microsoft] soundvol32.exe
O4 - HKLM\..\Run: [Microsoft] sql.exe
O4 - HKLM\..\RunServices: [Microsoft] sql.exe
O4 - HKLM\..\Run: [Microsoft] sqlservice.exe
O4 - HKLM\..\RunServices: [Microsoft] sqlservice.exe
O4 - HKLM\..\Run: [Microsoft] steam.exe
O4 - HKLM\..\RunServices: [Microsoft] steam.exe
O4 - HKLM\..\Run: [Microsoft] svchost32.exe
O4 - HKLM\..\RunServices: [Microsoft] svchost32.exe
O4 - HKLM\..\Run: [Microsoft] svhcost.exe
O4 - HKLM\..\RunServices: [Microsoft] svhcost.exe
O4 - HKLM\..\Run: [Microsoft] synstat.exe
O4 - HKLM\..\RunServices: [Microsoft] synstat.exe
O4 - HKCU\..\Run: [Microsoft] synstat.exe
O4 - HKLM\..\Run: [Microsoft] system32.exe
O4 - HKLM\..\RunServices: [Microsoft] system32.exe
O4 - HKLM\..\Run: [Microsoft] systemdtm.exe
O4 - HKLM\..\RunServices: [Microsoft] systemdtm.exe
O4 - HKLM\..\Run: [Microsoft] systern.exe
O4 - HKLM\..\RunServices: [Microsoft] systern.exe
O4 - HKLM\..\Run: [Microsoft] taskmaneger.exe
O4 - HKLM\..\RunServices: [Microsoft] taskmaneger.exe
O4 - HKLM\..\Run: [Microsoft] updater.exe
O4 - HKLM\..\RunServices: [Microsoft] updater.exe
O4 - HKLM\..\Run: [Microsoft] verticals.exe
O4 - HKLM\..\RunServices: [Microsoft] verticals.exe
O4 - HKLM\..\Run: [Microsoft] wcsntfy.exe
O4 - HKLM\..\RunServices: [Microsoft] wcsntfy.exe
O4 - HKCU\..\Run: [Microsoft] wcsntfy.exe
O4 - HKLM\..\Run: [Microsoft] winampaa.exe
O4 - HKLM\..\RunServices: [Microsoft] winampaa.exe
O4 - HKLM\..\Run: [Microsoft] windl32.exe
O4 - HKLM\..\RunServices: [Microsoft] windl32.exe
O4 - HKCU\..\Run: [Microsoft] windl32.exe
O4 - HKLM\..\Run: [Microsoft] winline.exe
O4 - HKLM\..\RunServices: [Microsoft] winline.exe
O4 - HKLM\..\Run: [Microsoft] winlog.exe
O4 - HKLM\..\RunServices: [Microsoft] winlog.exe
O4 - HKCU\..\Run: [Microsoft] winlog.exe
O4 - HKLM\..\Run: [Microsoft] winlogom.exe
O4 - HKLM\..\RunServices: [Microsoft] winlogom.exe
O4 - HKLM\..\Run: [Microsoft] winlogon.exe
O4 - HKLM\..\RunServices: [Microsoft] winlogon.exe
O4 - HKLM\..\Run: [Microsoft] WinSecUp.exe
O4 - HKLM\..\RunServices: [Microsoft] WinSecUp.exe
O4 - HKLM\..\Run: [Microsoft] winsock.exe
O4 - HKLM\..\RunServices: [Microsoft] winsock.exe
O4 - HKLM\..\Run: [Microsoft] winsys32.exe
O4 - HKLM\..\RunServices: [Microsoft] winsys32.exe
O4 - HKLM\..\Run: [Microsoft] wplayer.exe
O4 - HKLM\..\RunServices: [Microsoft] wplayer.exe
O4 - HKLM\..\Run: [Microsoft] wsim32.exe
O4 - HKLM\..\RunServices: [Microsoft] wsim32.exe
O4 - HKLM\..\Run: [Microsoft] wuaudit.exe
O4 - HKLM\..\RunServices: [Microsoft] wuaudit.exe
O4 - HKLM\..\Run: [Microsoft] xhost.exe
O4 - HKLM\..\RunServices: [Microsoft] xhost.exe
O4 - HKCU\..\Run: [Microsoft] xhost.exe
O4 - HKLM\..\Run: [Microsoft.exe] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft.exe] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft32] win32sys.exe
O4 - HKLM\..\RunServices: [Microsoft32] win32sys.exe
O4 - HKLM\..\Run: [Microsoft Admin Protocal] MSADNIN.exe
O4 - HKLM\..\RunServices: [Microsoft Admin Protocal] MSADNIN.exe
O4 - HKCU\..\Run: [Microsoft Admin Protocal] MSADNIN.exe
O4 - HKCU\..\RunServices: [Microsoft Admin Protocal] MSADNIN.exe
O4 - HKLM\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\RunServices: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKCU\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsoft AntiSpyware] KT06.pif
O4 - HKLM\..\RunServices: [Microsoft AntiSpyware] KT06.pif
O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc.exe
O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc32.exe
O4 - HKLM\..\Run: [Microsoft AntiVirus] winav32.exe
O4 - HKLM\..\RunServices: [Microsoft AntiVirus] winav32.exe
O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\Run: [Microsoft Browser Services] Brwsr32.exe
O4 - HKLM\..\Run: [Microsoft Browser Services] Brwsr64.exe
O4 - HKLM\..\Run: [Microsoft Calculator] calc.exe
O4 - HKLM\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKLM\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKLM\..\Run: [Microsoft Chat] mIRC.exe
O4 - HKLM\..\RunServices: [Microsoft Chat] mIRC.exe
O4 - HKLM\..\Run: [Microsoft Client] msclient.exe
O4 - HKLM\..\Run: [Microsoft Client] mshost.exe
O4 - HKLM\..\RunServices: [Microsoft Client] mshost.exe
O4 - HKCU\..\Run: [Microsoft Client] mshost.exe
O4 - HKCU\..\RunServices: [Microsoft Client] mshost.exe
O4 - HKLM\..\Run: [Microsoft Clients] msclients.exe
O4 - HKLM\..\Run: [Microsoft Command Line] wincmd.exe
O4 - HKLM\..\RunServices: [Microsoft Command Line] wincmd.exe
O4 - HKLM\..\Run: [Microsoft CONFIG] winmx.exe
O4 - HKLM\..\RunServices: [Microsoft CONFIG] winmx.exe
O4 - HKCU\..\Run: [Microsoft CONFIG] winmx.exe
O4 - HKLM\..\Run: [Microsoft Compiler Pack] DSDEV.EXE
O4 - HKLM\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKLM\..\RunServices: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\RunServices: [Microsoft Configoration Service] msconfigs.exe
O4 - HKLM\..\Run: [Microsoft Configure 32] msgconfigre.exe
O4 - HKLM\..\RunServices: [Microsoft Configure 32] msgconfigre.exe
O4 - HKCU\..\Run: [Microsoft Configure 32] msgconfigre.exe
O4 - HKLM\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\RunServices: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\Run: [Microsoft Core Support] MSbz32.exe
O4 - HKLM\..\RunServices: [Microsoft Core Support] MSbz32.exe
O4 - HKLM\..\Run: [Microsoft Corp. Critical Services] csrs.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Critical Services] csrs.exe
O4 - HKCU\..\Run: [Microsoft Corp. Critical Services] csrs.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Critical Services] csrs.exe
O4 - HKLM\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKLM\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKLM\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKLM\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKLM\..\Run: [Microsoft Corp Updates] synet-ud.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] synet-ud.exe
O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe
O4 - HKCU\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKCU\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKLM\..\Run: [Microsoft Corporation] nsvdec.exe
O4 - HKLM\..\Run: [Microsoft Corporation RCMD] msrcmd.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation RCMD] msrcmd.exe
O4 - HKLM\..\Run: [Microsoft Corporation Server] wupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation Server] wupdate.exe
O4 - HKLM\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKLM\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKLM\..\Run: [Microsoft Corporation Svchost Service] mswsc.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Service] mswsc.exe
O4 - HKCU\..\Run: [Microsoft Corporation Svchost Service] mswsc.exe
O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Service] mswsc.exe
O4 - HKLM\..\Run: [Microsoft Corporation SYM monitor] mssym.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation SYM monitor] mssym.exe
O4 - HKLM\..\Run: [Microsoft CP Web Manager] webcp.exe
O4 - HKLM\..\Run: [Microsoft CPU Over Heat Manager] CPU.exe
O4 - HKLM\..\Run: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKLM\..\RunServices: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKCU\..\Run: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKLM\..\Run: [Microsoft Critical Services] svhhost.exe
O4 - HKLM\..\RunServices: [Microsoft Critical Services] svhhost.exe
O4 - HKLM\..\Run: [Microsoft CRT Monitor Manager] crtmon.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKLM\..\RunServices: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\RunServices: [Microsoft Development Services] msdevelop.exe
O4 - HKLM\..\Run: [Microsoft Digital Clock] msclock.exe
O4 - HKLM\..\RunServices: [Microsoft Digital Clock] msclock.exe
O4 - HKLM\..\Run: [Microsoft Directx] directxat.exe
O4 - HKLM\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKCU\..\Run: [Microsoft Directx] directxat.exe
O4 - HKCU\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKLM\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O4 - HKLM\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\Run: [Microsoft Display Driver] keyboard.exe
O4 - HKLM\..\RunServices: [Microsoft Display Driver] keyboard.exe
O4 - HKCU\..\Run: [Microsoft Display Driver] keyboard.exe
O4 - HKCU\..\RunServices: [Microsoft Display Driver] keyboard.exe
O4 - HKLM\..\Run: [Microsoft Display Driver] windsp.exe
O4 - HKLM\..\RunServices: [Microsoft Display Driver] windsp.exe
O4 - HKLM\..\Run: [Microsoft Device Manager] C:\WINDOWS\svcswin.exe
O4 - HKLM\..\Run: [Microsoft Dll] runapidll.exe
O4 - HKLM\..\RunServices: [Microsoft Dll] runapidll.exe
O4 - HKLM\..\Run: [Microsoft DLL Authentification] dllsecure.exe
O4 - HKLM\..\Run: [Microsoft DLL Host Service] dllmemhost.exe
O4 - HKLM\..\Run: [Microsoft DLL Host Service] svcdllhost.exe
O4 - HKLM\..\Run: [Microsoft DLL Host Service] svcdllhst.exe
O4 - HKLM\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKLM\..\RunServices: [Microsoft dll Host Service ] wkssr.exe
O4 - HKCU\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKLM\..\Run: [Microsoft Dll Manager] microsoft32dll.exe
O4 - HKLM\..\Run: [Microsoft DLL Monitor] dllmon64.exe
O4 - HKLM\..\Run: [Microsoft DLL Monitor] dllmonitor.exe
O4 - HKLM\..\Run: [Microsoft DLL Service] servicedll.exe
O4 - HKLM\..\Run: [Microsoft DLL Service] svcdll.exe
O4 - HKLM\..\Run: [Microsoft DLL Source] dllsrc.exe
O4 - HKLM\..\Run: [Microsoft DLL Suspension] dllsuspend.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] Desktop.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] Desktop.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] drivedate.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] drivedate.exe
O4 - HKLM\..\Run: [Microsoft DLL verifier] file.exe
O4 - HKLM\..\RunServices: [Microsoft DLL verifier] file.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] rundll.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] rundll.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] svhosts.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] svhosts.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] system33.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] system33.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] winavguard.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] winavguard.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] wind0w.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] wind0w.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] windowsvista.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] windowsvista.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] wns.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] wns.exe
O4 - HKLM\..\Run: [Microsoft DNSx] C:\WINDOWS\system32\mdnex.exe
O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\system32\mstc.exe
O4 - HKLM\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] msdriver.exe
O4 - HKCU\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\Run: [MicrosoftDriverService32] drsys32.exe
O4 - HKLM\..\Run: [Microsoft Event Engine] EvtEngn.exe
O4 - HKLM\..\RunServices: [Microsoft Event Engine] EvtEngn.exe
O4 - HKLM\..\Run: [Microsoft Exchange Server Resource] msese.exe
O4 - HKLM\..\Run: [Microsoft Explorer Service] msexplore.exe
O4 - HKLM\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunServices: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunOnce: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\RunOnce: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\Run: [MicroSoft FTPCheck] msftp.exe
O4 - HKLM\..\RunServices: [MicroSoft FTPCheck] msftp.exe
O4 - HKLM\..\Run: [Microsoft Genuine Logon] msnmsg.exe
O4 - HKLM\..\Run: [MicroSoft Getway Dire] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [MicroSoft Getway Dire] (Random 9 Letter).exe
O4 - HKLM\..\Run: [MicroSoft Getway mqbol] (Random 12 Letter).exe
O4 - HKLM\..\RunServices: [MicroSoft Getway mqbol] (Random 12 Letter).exe
O4 - HKCU\..\Run: [MicroSoft Getway mqbol] (Random 12 Letter).exe
O4 - HKLM\..\Run: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKLM\..\RunServices: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKCU\..\Run: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKCU\..\RunServices: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKLM\..\Run: [Microsoft HDCP for NT and Win9x] msdhcprs.exe
O4 - HKLM\..\RunServices: [Microsoft HDCP for NT and Win9x] msdhcprs.exe
O4 - HKCU\..\Run: [Microsoft HDCP for NT and Win9x] msdhcprs.exe
O4 - HKCU\..\RunServices: [Microsoft HDCP for NT and Win9x] msdhcprs.exe
O4 - HKLM\..\Run: [Microsoft Help] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Help] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft Help Process for Win32 Services] mshelp.exe
O4 - HKLM\..\RunServices: [Microsoft Help Process for Win32 Services] mshelp.exe
O4 - HKLM\..\Run: [Microsoft Hyptertext Helper] MSHTHA.EXE
O4 - HKCU\..\RunOnce: [Microsoft Hyptertext Helper] MSHTHA.EXE
O4 - HKLM\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\Run: [Microsoft Incroporate] mfs.exe
O4 - HKLM\..\RunServices: [Microsoft Incroporate] mfs.exe
O4 - HKLM\..\Run: [Microsoft Information Check] microsoft.exe
O4 - HKLM\..\Run: [Microsoft Installshield] nundll32.exe
O4 - HKLM\..\RunServices: [Microsoft Installshield] nundll32.exe
O4 - HKLM\..\Run: [Microsoft Internal Service] spoolsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Internal Service] spoolsrv.exe
O4 - HKCU\..\Run: [Microsoft Internal Service] spoolsrv.exe
O4 - HKLM\..\Run: [Microsoft Internel Corporat ] netvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] netvhost.exe
O4 - HKLM\..\Run: [Microsoft Internel Corporat ] smbvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] smbvhost.exe
O4 - HKLM\..\Run: [Microsoft Internet Antivirus Protection] antivirus.exe
O4 - HKLM\..\Run: [Microsoft Internet Dumping Protocol] inetdump.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [Microsoft Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\Run: [Microsoft Internet Explorer Manager] ie.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer Update] ieupdate.exe
O4 - HKLM\..\Run: [Microsoft Internet Firewall] firewall.exe
O4 - HKLM\..\Run: [Microsoft Internet Firewall Update] updater.exe
O4 - HKLM\..\Run: [Microsoft Internet Syncing] inetsync.exe
O4 - HKLM\..\Run: [Microsoft IT Update] Rhost32.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] Rhost32.exe
O4 - HKCU\..\Run: [Microsoft IT Update] Rhost32.exe
O4 - HKLM\..\Run: [Microsoft IT Update] Rvhost32.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] Rvhost32.exe
O4 - HKCU\..\Run: [Microsoft IT Update] Rvhost32.exe
O4 - HKLM\..\Run: [Microsoft Java Virtual Machine] msvmjava.exe
O4 - HKLM\..\RunServices: [Microsoft Java Virtual Machine] msvmjava.exe
O4 - HKCU\..\Run: [Microsoft Java Virtual Machine] msvmjava.exe
O4 - HKLM\..\Run: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKLM\..\RunOnce: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKLM\..\RunServices: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKCU\..\Run: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKCU\..\RunOnce: [MicroSoft Legal Syst3m32] Syst3m32.exe
O4 - HKLM\..\Run: [Microsoft lnternet Update] aim.exe
O4 - HKLM\..\RunServices: [Microsoft lnternet Update] aim.exe
O4 - HKLM\..\Run: [Microsoft Live 8.5] (Random 7 Letters).exe
O4 - HKLM\..\RunServices: [Microsoft Live 8.5] (Random 7 Letters).exe
O4 - HKLM\..\Run: [Microsoft Lsass Center] Isass.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Center] Isass.exe
O4 - HKCU\..\Run: [Microsoft Lsass Center] Isass.exe
O4 - HKLM\..\Run: [Microsoft Lsass Center] telecomes.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Center] telecomes.exe
O4 - HKCU\..\Run: [Microsoft Lsass Center] telecomes.exe
O4 - HKLM\..\Run: [Microsoft Lsass Manager] lsass.exe
O4 - HKLM\..\Run: [Microsoft Lsass Service] wintcp32.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Service] wintcp32.exe
O4 - HKLM\..\Run: [Microsoft machine] blah.exe
O4 - HKLM\..\RunServices: [Microsoft machine] blah.exe
O4 - HKLM\..\Run: [Microsoft Machine] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] system32.exe
O4 - HKLM\..\Run: [Microsoft Machine] temp.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] temp.exe
O4 - HKLM\..\Run: [Microsoft Manage Services] schost.exe
O4 - HKLM\..\Run: [Microsoft Manage Services] sychost.exe
O4 - HKLM\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\RunServices: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKCU\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [Microsoft Memory Dumping Protocol] memdump.exe
O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycle.exe
O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycles.exe
O4 - HKLM\..\Run: [Microsoft Monitors] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Monitors] explorers.exe
O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsger.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsger.exe
O4 - HKLM\..\Run: [Microsoft MSN Messenger] C:\RECYCLER\msnmnsgr.exe
O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\Run: [Microsoft Network Neighbourhood] networknbh.exe
O4 - HKLM\..\RunServices: [Microsoft Servicez Manager] servicemgrz.exe
O4 - HKLM\..\Run: [Microsoft Norotn Anti Virus] mnhpot.exe
O4 - HKLM\..\RunServices: [Microsoft Norotn Anti Virus] mnhpot.exe
O4 - HKLM\..\Run: [Microsoft Norton Antivirus] norton.exe
O4 - HKLM\..\Run: [Microsoft Notepad Manager] notepad.exe
O4 - HKLM\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKLM\..\RunServices: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\RunServices: [Microsoft NT Drivers] ntdrv.exe
O4 - HKLM\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKLM\..\RunServices: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\RunServices: [Microsoft Nvidia Video] nvidia.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Office] C:\WINDOWS\system32\mdm.exe
O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe
O4 - HKLM\..\RunServices: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe
O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe
O4 - HKCU\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe
O4 - HKLM\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Microsoft Oftice] C:\WINDOWS\system32\msn.exe
O4 - HKCU\..\Run: [Microsoft Oftice] C:\WINDOWS\system32\msn.exe
O4 - HKLM\..\Run: [MicroSoft OneCare] FreeS3x.exe
O4 - HKLM\..\RunServices: [MicroSoft OneCare] FreeS3x.exe
O4 - HKLM\..\RunOnce: [MicroSoft OneCare] FreeS3x.exe
O4 - HKCU\..\Run: [MicroSoft OneCare] FreeS3x.exe
O4 - HKCU\..\RunOnce: [MicroSoft OneCare] FreeS3x.exe
O4 - HKLM\..\Run: [Microsoft Patch Update] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Patch Update] bootini.exe
O4 - HKLM\..\Run: [Microsoft Printer Drivers] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Printer Drivers] scvhost.exe
O4 - HKCU\..\Run: [Microsoft Printer Drivers] scvhost.exe
O4 - HKLM\..\Run: [Microsoft Printer Status] mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Printer Status] mssmp.exe
O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr32.exe
O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr64.exe
O4 - HKLM\..\Run: [Microsoft Problem Doctor] windr128.exe
O4 - HKLM\..\Run: [Microsoft Process Manager] process32.exe
O4 - HKLM\..\Run: [Microsoft Profile Manager] profile.exe
O4 - HKLM\..\Run: [Microsoft Protection] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Protection] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Microsoft Protection] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKLM\..\RunServices: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKCU\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\Run: [Microsoft Regestry Edit Manager] regedit.exe
O4 - HKLM\..\Run: [Microsoft Regestry Manager] regedit32.exe
O4 - HKLM\..\Run: [Microsoft Regestry Manager] registry32.exe
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [MicrosoftROMDriverService] cdrss.exe
O4 - HKLM\..\Run: [Microsoft Router Manager] linksys.exe
O4 - HKLM\..\Run: [Microsoft Router Manager] router.exe
O4 - HKLM\..\Run: [Microsoft Runtime Initialization] msvcbm.exe
O4 - HKLM\..\RunServices: [Microsoft Runtime Initialization] msvcbm.exe
O4 - HKLM\..\Run: [Microsoft Safe Mode Manager] safemode.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] com.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] com.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] firewall.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] firewall.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mail.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mail.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mnsmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mnsmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssm32.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssm32.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssmp32.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssmp32.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssmp.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] msword.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] msword.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] ofice.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] ofice.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] service.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] service.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] spools.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] spools.exe
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] update.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] update.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [Microsoft Security Process] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Security Process] wininit.exe
O4 - HKCU\..\Run: [Microsoft Security Process] wininit.exe
O4 - HKLM\..\Run: [Microsoft Security System] C:\Program Files\Common Files\System\mssecsys.exe
O4 - HKLM\..\Run: [Microsoft Security Updater] system.exe
O4 - HKLM\..\RunServices: [Microsoft Security Updater] system.exe
O4 - HKCU\..\Run: [Microsoft Security Updater] system.exe
O4 - HKLM\..\Run: [Microsoft Server] BVvcDtyPuol.exe
O4 - HKLM\..\RunServices: [Microsoft Server] BVvcDtyPuol.exe
O4 - HKCU\..\Run: [Microsoft Server] BVvcDtyPuol.exe
O4 - HKCU\..\RunServices: [Microsoft Server] BVvcDtyPuol.exe
O4 - HKLM\..\Run: [Microsoft Server] rserv.exe
O4 - HKLM\..\RunServices: [Microsoft Server] rserv.exe
O4 - HKCU\..\Run: [Microsoft Server] rserv.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] ms-doss.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] ms-doss.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] ms-doss.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] Q8See.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] Q8See.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] Q8See.exe
O4 - HKLM\..\Run: [Microsoft Service] sysreg11.exe
O4 - HKLM\..\RunServices: [Microsoft Service] sysreg11.exe
O4 - HKLM\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\Run: [Microsoft Service 32] mssvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Service 32] mssvc32.exe
O4 - HKLM\..\RunOnce: [Microsoft Service 32] mssvc32.exe
O4 - HKLM\..\Run: [Microsoft Service Access Manager] Access.exe
O4 - HKLM\..\Run: [Microsoft Service Boot] sboot.exe
O4 - HKLM\..\RunServices: [Microsoft Service Boot] sboot.exe
O4 - HKLM\..\Run: [Microsoft Service Disk Cycle] disksave.exe
O4 - HKLM\..\Run: [Microsoft Service Evaluator Engin] mssee.exe
O4 - HKLM\..\Run: [Microsoft Service Execution Manager] execute.exe
O4 - HKLM\..\Run: [Microsoft Service firewall Manager] firewall.exe
O4 - HKLM\..\Run: [Microsoft Service Login Manager] winlogin.exe
O4 - HKLM\..\Run: [Microsoft Service Manager] service32.exe
O4 - HKLM\..\Run: [Microsoft Services] iislsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] iislsrv.exe
O4 - HKCU\..\Run: [Microsoft Services] iislsrv.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKCU\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [Microsoft Services] module.exe
O4 - HKLM\..\RunServices: [Microsoft Services] module.exe
O4 - HKCU\..\Run: [Microsoft Services] module.exe
O4 - HKLM\..\Run: [Microsoft Services] msmpserv.exe
O4 - HKLM\..\Run: [Microsoft Services] srvchost.exe
O4 - HKLM\..\RunServices: [Microsoft Services] srvchost.exe
O4 - HKCU\..\Run: [Microsoft Services] srvchost.exe
O4 - HKLM\..\Run: [Microsoft Servicesv] .exe
O4 - HKLM\..\RunServices: [Microsoft Servicesv] .exe
O4 - HKLM\..\Run: [Microsoft Servicez Manager] servicemgrz.exe
O4 - HKLM\..\RunServices: [Microsoft Network Neighbourhood] networknbh.exe
O4 - HKLM\..\Run: [Microsoft Setup Initializazion] localhost.exe
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] localhost.exe
O4 - HKCU\..\Run: [Microsoft Setup Initializazion] localhost.exe
O4 - HKLM\..\Run: [Microsoft Setup Initializazion] Microsoft
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] Microsoft
O4 - HKCU\..\Run: [Microsoft Setup Initializazion] Microsoft
O4 - HKLM\..\Run: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\Run: [Microsoft Software cleaner] mssofts.exe
O4 - HKLM\..\RunServices: [Microsoft Software cleaner] mssofts.exe
O4 - HKLM\..\Run: [Microsoft Sounds] soundman.exe
O4 - HKLM\..\RunServices: [Microsoft Sounds] soundman.exe
O4 - HKLM\..\Run: [Microsoft SpA Service] msapps.exe
O4 - HKLM\..\RunServices: [Microsoft SpA Service] msapps.exe
O4 - HKCU\..\Run: [Microsoft SpA Service] msapps.exe
O4 - HKLM\..\Run: [Microsoft Spool 11 Service] spool11.exe
O4 - HKLM\..\Run: [Microsoft Spool 12 Service] spool12.exe
O4 - HKLM\..\Run: [Microsoft Spool 13 Service] spool13.exe
O4 - HKLM\..\Run: [Microsoft Spool 14 Service] spool14.exe
O4 - HKLM\..\Run: [Microsoft Spool 15 Service] spool15.exe
O4 - HKLM\..\Run: [Microsoft Spool 16 Service] spool16.exe
O4 - HKLM\..\Run: [Microsoft Spool 17 Service] spool17.exe
O4 - HKLM\..\Run: [Microsoft Spool 18 Service] spool18.exe
O4 - HKLM\..\Run: [Microsoft Spool 19 Service] spool19.exe
O4 - HKLM\..\Run: [Microsoft Spool 20 Service] spool20.exe
O4 - HKLM\..\Run: [Microsoft Spool 21 Service] spool21.exe
O4 - HKLM\..\Run: [Microsoft Spool 22 Service] spool22.exe
O4 - HKLM\..\Run: [Microsoft Spool 23 Service] spool23.exe
O4 - HKLM\..\Run: [Microsoft Spool 24 Service] spool24.exe
O4 - HKLM\..\Run: [Microsoft Spool 25 Service] spool25.exe
O4 - HKLM\..\Run: [Microsoft Spool 26 Service] spool26.exe
O4 - HKLM\..\Run: [Microsoft Spool 27 Service] spool27.exe
O4 - HKLM\..\Run: [Microsoft Spool 28 Service] spool28.exe
O4 - HKLM\..\Run: [Microsoft Spool 29 Service] spool29.exe
O4 - HKLM\..\Run: [Microsoft Spool 30 Service] spool30.exe
O4 - HKLM\..\Run: [Microsoft Spool 87 Service] spool87.exe
O4 - HKLM\..\Run: [Microsoft Spool Service] spool23.exe
O4 - HKLM\..\Run: [Microsoft Spool Svc] spoolsvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Spool Svc] spoolsvc32.exe
O4 - HKLM\..\Run: [Microsoft Spooler Service] svcwin32.exe
O4 - HKLM\..\RunServices: [Microsoft Spooler Service] svcwin32.exe
O4 - HKLM\..\Run: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe
O4 - HKLM\..\RunServices: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe
O4 - HKCU\..\Run: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe
O4 - HKCU\..\RunServices: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe
O4 - HKLM\..\Run: [Microsoft SQL Services] scvhost.exe
O4 - HKLM\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunServices: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKLM\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKLM\..\Run: [Microsoft ssrsc update] ssrsc.exe
O4 - HKLM\..\RunServices: [Microsoft ssrsc update] ssrsc.exe
O4 - HKCU\..\Run: [Microsoft ssrsc update] ssrsc.exe
O4 - HKCU\..\RunServices: [Microsoft ssrsc update] ssrsc.exe
O4 - HKLM\..\Run: [Microsoft startup] SoftwareUpdates.exe
O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe
O4 - HKLM\..\Run: [Microsoft startup] wmpIayer.exe
O4 - HKLM\..\RunServices: [Microsoft startup] wmpIayer.exe
O4 - HKLM\..\Run: [Microsoft Stuff you know] winslogin.exe
O4 - HKLM\..\RunServices: [Microsoft Stuff you know] winslogin.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] botcrx.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] botcrx.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] msnmesseng.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] msnmesseng.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] msnserver.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] msnserver.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] nodkrn23.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] nodkrn23.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] nzm23.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] nzm23.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] updater.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] updater.exe
04 - HKLM\..\Run: [Microsoft Svchost local services] winoem.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] winoem.exe
O4 - HKLM\..\Run: [Microsoft Svchost local services] winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] winupdate.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] bot.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] bot.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] EcrandeMoi2.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] EcrandeMoi2.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] EcrandeMoi2.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] netscape.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] netscape.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] netscape.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] sexcam.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] sexcam.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] sexcam.exe
O4 - HKLM\..\Run: [MicroSoft sys32] sysmsgr32.exe
O4 - HKLM\..\RunServices: [MicroSoft sys32] sysmsgr32.exe
O4 - HKLM\..\RunOnce: [MicroSoft sys32] sysmsgr32.exe
O4 - HKCU\..\Run: [MicroSoft sys32] sysmsgr32.exe
O4 - HKCU\..\RunOnce: [MicroSoft sys32] sysmsgr32.exe
O4 - HKLM\..\Run: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKLM\..\RunServices: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKLM\..\RunOnce: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKCU\..\Run: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKCU\..\RunOnce: [MicroSoft sys3s1] h4ckn3t.exe
O4 - HKLM\..\Run: [Microsoft System Administration] system.exe
O4 - HKLM\..\RunServices: [Microsoft System Administration] system.exe
O4 - HKCU\..\Run: [Microsoft System Administration] system.exe
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msnmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msnmsgr.exe
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] reg32.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] reg32.exe
O4 - HKLM\..\Run: [Microsoft System Monitor] system.exe
O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe
O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\Run: [Microsoft System Service] winIogon2.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] winIogon2.exe
O4 - HKLM\..\Run: [Microsoft System Service Device] mssdh.exe
O4 - HKLM\..\RunServices: [Microsoft System Service Device] mssdh.exe
O4 - HKLM\..\Run: [Microsoft System Services] msmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Services] msmsgr.exe
O4 - HKCU\..\Run: [Microsoft System Services] msmsgr.exe
O4 - HKLM\..\Run: [Microsoft system Value] sys57.exe
O4 - HKLM\..\RunServices: [Microsoft system Value] sys57.exe
O4 - HKLM\..\Run: [Microsoft task tray monitor] ctray.exe
O4 - HKLM\..\RunServices: [Microsoft task tray monitor] ctray.exe
O4 - HKLM\..\Run: [Microsoft TCP Protocol] wintcp32.exe
O4 - HKLM\..\RunServices: [Microsoft TCP Protocol] wintcp32.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestore.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKLM\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKLM\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKLM\..\Run: [Micrcoft Updat] spoolsae.exe
O4 - HKLM\..\RunServices: [Micrcoft Updat] spoolsae.exe
O4 - HKLM\..\Run: [Microsft Updtes] sarvice.exe
O4 - HKLM\..\RunServices: [Microsft Updtes] sarvice.exe
O4 - HKLM\..\Run: [Microsoft Update] (Random 7 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Update] (Random 7 Letter).exe
O4 - HKCU\..\Run: [Microsoft Update] (Random 7 Letter).exe
O4 - HKLM\..\Run: [Microsoft Update] aaupdt.exe
O4 - HKLM\..\RunServices: [Microsoft Update] aaupdt.exe
O4 - HKCU\..\Run: [Microsoft Update] aaupdt.exe
O4 - HKLM\..\Run: [Microsoft Update] bling.exe
O4 - HKLM\..\RunServices: [Microsoft Update] bling.exe
O4 - HKCU\..\Run: [Microsoft Update] bling.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\windows\system32\msupdate.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\system32\spool.exe
O4 - HKCU\..\Run: [Microsoft Update] C:\WINDOWS\system32\spool.exe
O4 - HKLM\..\Run: [Microsoft Update] CONlME.EXE
O4 - HKLM\..\RunServices: [Microsoft Update] CONlME.EXE
O4 - HKLM\..\Run: [Microsoft Update] drive.exe
O4 - HKLM\..\RunServices: [Microsoft Update] drive.exe
O4 - HKCU\..\Run: [Microsoft Update] drive.exe
O4 - HKLM\..\Run: [Microsoft Update] fixed.exe
O4 - HKLM\..\RunServices: [Microsoft Update] fixed.exe
O4 - HKCU\..\Run: [Microsoft Update] fixed.exe
O4 - HKLM\..\Run: [Microsoft Update] info.exe
O4 - HKLM\..\RunServices: [Microsoft Update] info.exe
O4 - HKLM\..\Run: [Microsoft Update] livemessenger.com
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Microsoft Update] msn.exe
O4 - HKCU\..\Run: [Microsoft Update] msn.exe
O4 - HKLM\..\Run: [Microsoft Update] msnmessenger.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msnmessenger.exe
O4 - HKCU\..\Run: [Microsoft Update] msnmessenger.exe
O4 - HKLM\..\Run: [Microsoft Update] mswins.exe
O4 - HKLM\..\RunServices: [Microsoft Update] mswins.exe
O4 - HKLM\..\Run: [Microsoft Update] nbdos.exe
O4 - HKLM\..\RunServices: [Microsoft Update] nbdos.exe
O4 - HKCU\..\Run: [Microsoft Update] nbdos.exe
O4 - HKLM\..\Run: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\RunServices: [Microsoft Update] rxbot2.exe
O4 - HKCU\..\Run: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\Run: [Microsoft Update] service.exe
O4 - HKLM\..\RunServices: [Microsoft Update] service.exe
O4 - HKLM\..\Run: [Microsoft Update] smss32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] smss32.exe
O4 - HKCU\..\Run: [Microsoft Update] smss32.exe
O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\Run: [Microsoft Update] SP00lSV.exe
O4 - HKLM\..\RunServices: [Microsoft Update] SP00lSV.exe
O4 - HKLM\..\Run: [Microsoft Update] svschost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] svschost.exe
O4 - HKCU\..\Run: [Microsoft Update] svschost.exe
O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\Run: [Microsoft Update] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] system32.exe
O4 - HKCU\..\Run: [Microsoft Update] system32.exe
O4 - HKLM\..\Run: [Microsoft Update] taksmanager.exe
O4 - HKLM\..\RunServices: [Microsoft Update] taksmanager.exe
O4 - HKLM\..\Run: [Microsoft Update] taskmgr32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] taskmgr32.exe
O4 - HKCU\..\Run: [Microsoft Update] taskmgr32.exe
O4 - HKLM\..\Run: [Microsoft update] tskmgr.exe
O4 - HKLM\..\RunServices: [Microsoft update] tskmgr.exe
O4 - HKLM\..\Run: [Microsoft Update] update.exe
O4 - HKLM\..\RunServices: [Microsoft Update] update.exe
O4 - HKCU\..\Run: [Microsoft Update] update.exe
O4 - HKLM\..\Run: [Microsoft Update] wangard.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wangard.exe
O4 - HKCU\..\Run: [Microsoft Update] wangard.exe
O4 - HKLM\..\Run: [Microsoft Update] win32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] win32.exe
O4 - HKCU\..\Run: [Microsoft Update] win32.exe
O4 - HKLM\..\Run: [Microsoft Update] WinDrv32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] WinDrv32.exe
O4 - HKCU\..\Run: [Microsoft Update] WinDrv32.exe
O4 - HKLM\..\Run: [Microsoft Update] wingrd32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wingrd32.exe
O4 - HKCU\..\Run: [Microsoft Update] wingrd32.exe
O4 - HKLM\..\Run: [Microsoft Update] winsys.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys.exe
O4 - HKCU\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuampd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\Run: [Microsoft Updates] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Updates] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Microsoft Updates] (Random 9 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Updates] (Random 9 Letter).exe
O4 - HKLM\..\Run: [Microsoft Updates] helps.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] helps.exe
O4 - HKCU\..\Run: [Microsoft Updates] helps.exe
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Microsoft Updates] svshost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe
O4 - HKLM\..\Run: [Microsoft Updates] winit.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] winit.exe
O4 - HKLM\..\Run: [Microsoft Updates] wkops.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wkops.exe
O4 - HKLM\..\Run: [Microft Update 32] winssx.exe
O4 - HKLM\..\RunServices: [Microft Update 32] winssx.exe
O4 - HKLM\..\Run: [Microsoft Update 32] neta.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] neta.exe
O4 - HKLM\..\Run: [Microsoft Update 32] network.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] network.exe
O4 - HKLM\..\Run: [Microsoft Update 32] windowsp.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] windowsp.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininxt.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininxt.exe
O4 - HKLM\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKLM\..\Run: [Microsoft Update Device Drivers] C:\WINDOWS\system32\drivers\wuauclt.exe
O4 - HKLM\..\RunServices: [Microsoft Update Device Drivers] C:\WINDOWS\system32\drivers\wuauclt.exe
O4 - HKCU\..\Run: [Microsoft Update Device Drivers] C:\WINDOWS\system32\drivers\wuauclt.exe
O4 - HKCU\..\RunServices: [Microsoft Update Device Drivers] C:\WINDOWS\system32\drivers\wuauclt.exe
O4 - HKLM\..\Run: [Microsoft Update Drivers] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Drivers] explorers.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] bee.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bee.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bot.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] bot.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] cssrssv.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] explore.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] explore.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] explore.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] infoDLL.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] infoDLL.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] infoDLL.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] MSlti32.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] MSlti32.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] rx.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] rx.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] rx.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] rxhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] rxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] rxhost.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] svrhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] svrhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] svrhost.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] syspic9.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] syspic9.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] syspic9.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] System.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] System.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] System.exe
O4 - HKCU\..\RunServices: [Microsoft Update Machine] System.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] systemi.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemi.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] systemi.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] WINDOWSUPDATE.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] WINDOWSUPDATE.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] WINDOWSUPDATE.exe
O4 - HKCU\..\RunServices: [Microsoft Update Machine] WINDOWSUPDATE.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winhost.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winmgr.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winmgr.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winsys.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winsys.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winsys.exe
O4 - HKCU\..\RunServices: [Microsoft Update Machine] winsys.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winupdte.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winupdte.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winupdte.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] (Random 6 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] (Random 6 Letter).exe
O4 - HKCU\..\Run: [Microsoft Update Machine] (Random 6 Letter).exe
O4 - HKLM\..\Run: [Microsoft Update Manager] AdAware.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] AdAware.exe
O4 - HKCU\..\Run: [Microsoft Update Manager] AdAware.exe
O4 - HKLM\..\Run: [Microsoft Update Manager] scvideo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] scvideo.exe
O4 - HKLM\..\Run: [Microsoft Update Schedule] mscomt32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Schedule] mscomt32.exe
O4 - HKLM\..\Run: [Microsoft Updater] msconsole.exe
O4 - HKLM\..\RunServices: [Microsoft Updater] msconsole.exe
O4 - HKCU\..\Run: [Microsoft Updater] msconsole.exe
O4 - HKCU\..\RunServices: [Microsoft Updater] msconsole.exe
O4 - HKLM\..\Run: [Microsoft Updote] winmsg.exe
O4 - HKLM\..\RunServices: [Microsoft Updote] winmsg.exe
O4 - HKLM\..\Run: [Microsoft Value Service] spool.exe
O4 - HKLM\..\RunServices: [Microsoft Value Service] spool.exe
O4 - HKCU\..\Run: [Microsoft Value Service] spool.exe
O4 - HKCU\..\RunServices: [Microsoft Value Service] spool.exe
O4 - HKLM\..\Run: [Microsoft Values] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Values] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Microsoft Viewer Monitor Manager] viewmon.exe
O4 - HKLM\..\Run: [Microsoft Virtual Service Manager] vservice32.exe
O4 - HKLM\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKLM\..\RunServices: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKCU\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKLM\..\Run: [Microsoft Visual Application] vpcrtf.exe
O4 - HKLM\..\Run: [Microsoft Visual Application] winsyshp.exe
O4 - HKLM\..\Run: [microsoft visual basic] C:\WINDOWS\system32\vb.exe
O4 - HKLM\..\RunServices: [microsoft visual basic] C:\WINDOWS\system32\vb.exe
O4 - HKLM\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\Run: [Microsoft Web CP Manager] webcp32.exe
O4 - HKLM\..\Run: [Microsoft web update] webmsn.exe
O4 - HKLM\..\RunServices: [Microsoft web update] webmsn.exe
O4 - HKLM\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKLM\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKLM\..\Run: [Microsoft WIN32 DOS] MSdos32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 DOS] MSdos32.exe
O4 - HKLM\..\Run: [Microsoft WIN32 Security] MSsec32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 Security] MSsec32.exe
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] bootini.exe
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O4 - HKCU\..\RunServices: [Microsoft Windows] bootini.exe
O4 - HKLM\..\Run: [Microsoft Windows] (Random 8 Letter).exe
O4 - HKLM\..\RunServices: [Microsoft Windows] (Random 8 Letter).exe
O4 - HKCU\..\Run: [Microsoft Windows] (Random 8 Letter).exe
O4 - HKLM\..\Run: [Microsoft Windows 32 Update] win32update.exe
O4 - HKLM\..\RunServices: [Microsoft Windows 32 Update] win32update.exe
O4 - HKLM\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKLM\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe
O4 - HKCU\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe
O4 - HKLM\..\Run: [Microsoft Windows Config 32] win32conf.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Config 32] win32conf.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services C