SDFix Changelog: View ReadMe Press Enter or CTRL & F to Search with Firefox
1.240 (06/11/08) O2 - BHO: Rmn plugin - {5BEEFD1C-446F-48a7-A7C7-C8E5986A9760} - rbsgam.dll O2 - BHO: Rmn plugin - {5BEEFD1C-446F-48a7-A7C7-C8E5986A9760} - rbsgem.dll O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {c5af42a3-94f3-42bd-f434-3604832c897d} - C:\WINDOWS\system32\(Random Name).dll O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntmtdl.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe O4 - HKLM\..\Run: [{**-**-**-**-**}] c:\windows\system32\dwwnw64r.exe DWAM01 O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogun.exe O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogun.exe O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntmtdl.exe DWAM01 O4 - HKCU\..\Run: [gadcom] "%AppData%\gadcom\gadcom.exe" * O4 - HKCU\..\Run: [WindowsUpdate] C:\RECYCLER\S-1-5-21-**********-**********-*********-****\windowsupdate.exe O22 - SharedTaskScheduler: (Random Name) - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\(Random Name).dll O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\sxchost.exe v1.239 (03/11/08) F2 - REG:system.ini: Shell=explorer.exe Servicess.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msupdt.exe, O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\rsdgbtkq***.dll O2 - BHO: Game.OS - {3A303EF6-2598-4D2D-B4DA-DEFA7CD0DC51} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: gootbl2 - {435ADC46-DCAB-4593-92C8-25D2BEFCEAB7} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Kaspaz - {6ECB8E85-7A9E-4175-8113-1136D1A325DB} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IXO.crash - {87A69B72-DAE6-4517-BD12-42F62CF395FB} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: 311496 helper - {95325092-62FC-473B-B32A-AE613278855B} - C:\WINDOWS\System32\311496\311496.dll O2 - BHO: Load-Spy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Kioals - {DED2B61B-1A26-4566-BF2F-DE539D4468DD} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Lamsa - {DED2B61B-1A26-4566-BF2F-DE539D4468DD} - C:\WINDOWS\system32\(Random Name).dll O3 - Toolbar: wvfsrqab - {********-****-****-****-************} - C:\WINDOWS\wvfsrqab.dll O4 - HKLM\..\Run: [antispyknight] C:\Program Files\AntispyKnight\antispyknight.exe O4 - HKCU\..\Run: [internet security manager] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe O4 - HKCU\..\Run: [kek] c:\WINDOWS\system32\kek.exe O4 - HKLM\..\Run: [loader.exe] C:\WINDOWS\system32\loader.exe O4 - HKCU\..\Run: [loader.exe] C:\WINDOWS\system32\loader.exe O4 - HKLM\..\Run: [Logitech RX] slrhost.exe O4 - HKLM\..\RunServices: [Logitech RX] slrhost.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msagent\svhost.exe O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsas.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsuss.exe O4 - HKLM\..\Run: [MSn Client Cfg] msnclicfg.exe O4 - HKLM\..\Run: [Personal Defender 2009] "C:\Program Files\Personal Defender 2009\pdefendr.exe" O4 - HKCU\..\Run: [Printer Spooler] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\service.exe O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\drivers\service.exe O4 - HKLM\..\Run: [SVCHOST Generic application] c:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [Symantec Boot Config] symbootcfg.exe O4 - HKLM\..\Run: [sysmanager.exe] C:\WINDOWS\system32\sysmanager.exe.exe O4 - HKCU\..\RunOnce: [System] c:\WINDOWS\system32\Drivers\lsass.exe O4 - HKCU\..\RunOnce: [System Update] c:\WINDOWS\system32\Drivers\smss.exe O4 - HKCU\..\Run: [Windows] c:\WINDOWS\services.exe O4 - HKLM\..\Run: [Windows Services] explrer.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\VNASC.exe O4 - HKLM\..\Run: [Winsock2 driver] (Random 7 Letter).exe O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 7 Letter).exe O4 - HKLM\..\Run: [XP HOT Ops] KB15oooo.exe O4 - HKLM\..\RunServices: [XP HOT Ops] KB15oooo.exe O4 - HKLM\..\RunOnce: [XP HOT Ops] KB15oooo.exe O4 - HKCU\..\Run: [XP HOT Ops] KB15oooo.exe O4 - HKCU\..\RunOnce: [XP HOT Ops] KB15oooo.exe O21 - SSODL: wfexqnrp - {********-****-****-****-************} - \wfexqnrp.dll O21 - SSODL: wvbegpqs - {********-****-****-****-************} - \wvbegpqs.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {3B5C01D2-3541-080B-0602-050403070505} c:\WINDOWS\msisv.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\dsa\dsa.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A797F5CE-088E-F569-4314-616820293A49} C:\Program Files\Ganeralos\kiral.exe v1.238 (27/10/08) O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\WINDOWS\system32\512686\512686.dll O2 - BHO: Phonomia - {A2F253AD-1F23-4D87-A64B-D6987F38D981} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: VResLabWarningBHO Class - {B494E7BB-1E33-4922-A947-F74EFF4E714F} - C:\Program Files\VResLab\VResLabWarning.dll O2 - BHO: SpyPsy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - C:\WINDOWS\system32\(Random Name).DLL O2 - BHO: Rmn plugin - {D619AF-6D3D-4E50-8B1B-C6DDE13DC7E5} - gcomd32.dll O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll O4 - HKLM\..\Run: [AntiSpywareXP 2009] "C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe" /hide O4 - HKLM\..\Run: [localhost] winlogom.exe O4 - HKLM\..\RunServices: [localhost] winlogom.exe O4 - HKCU\..\Run: [localhost] winlogom.exe O4 - HKLM\..\Run: [Microsoft Firewall] suvhost.exe O4 - HKLM\..\RunServices: [Microsoft Firewall] suvhost.exe O4 - HKLM\..\Run: [Microsoft Windows Service] explorer.exe O4 - HKLM\..\RunServices: [Microsoft Windows Service] explorer.exe O4 - HKCU\..\Run: [Microsoft Windows Service] explorer.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\service.exe O4 - HKLM\..\Run: [nbsession] nbsystem.exe O4 - HKCU\..\Run: [Pro Antispyware 2009] "%allusersprofile%\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" /autorun O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe O4 - HKCU\..\Run: [VResLab] "C:\Program Files\VResLab\VResLab.exe" O4 - HKLM\..\Run: [VTkMgr.exe] C:\WINDOWS\pchealth\helpctr\binaries\VTkMgr.exe O4 - HKLM\..\Run: [Windows UDP Control Center] tmps.exe O4 - HKLM\..\Run: [winudpt32.exe] winudpt32.exe O4 - HKLM\..\RunServices: [winudpt32.exe] winudpt32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A9260CCB-B2B6-7B3B-D778-C92DBC5AEE18} C:\WINDOWS\system32\EvEnR.exe v1.237 (22/10/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32:hlpnod32.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWSY\aetlsrkn***.dll O2 - BHO: offersfortoday browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: 675873 helper - {030A0F33-5B99-482E-83F5-2EEB8457878B} - C:\WINDOWS\system32\675873\675873.dll O2 - BHO: Microsoft copyright - {32C620D6-CC10-4e6a-9715-BACACD5B0E61} - sxmg4.dll O2 - BHO: Mimino2 - {A9D17DA6-022A-454A-AB26-E104C0F6D13A} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: pl - {B200799F-9538-403d-9A6E-36F5942EC540} - C:\WINDOWS\system32\kjsoft64.dll O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\ieguard.dll O3 - Toolbar: bkqxdons - {********-****-****-****-************} - C:\WINDOWSY\bkqxdons.dll O4 - HKLM\..\Run: [] winlogom.exe O4 - HKLM\..\RunServices: [] winlogom.exe O4 - HKCU\..\Run: [] winlogom.exe O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\tasgmger.exe O4 - HKCU\..\Run: [Facegame] "%AppData%\Facegame\Facegame.exe" * O4 - HKCU\..\Policies\Explorer\Run: [LowRiskFileTypes] C:\WINDOWS\system32\svchost32.exe O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\msconfig.com O4 - HKCU\..\Run: [msconfig] C:\WINDOWS\msconfig.com O4 - HKCU\..\Run: [MSFox] %Temp%\xxx****.exe O4 - HKLM\..\Run: [MSN] gallery.exe O4 - HKCU\..\Run: [mstwain32] C:\WINDOWS\mstwain32.exe O4 - HKLM\..\Run: [Performance Monitor] C:\WINDOWS\system32\pernfmon.exe O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe O4 - HKLM\..\Run: [WinDLL (service.exe)] service.exe O4 - HKLM\..\Run: [Windows] toolbar.exe O4 - HKLM\..\Run: [Windows Online Tech] scvhost.exe O4 - HKLM\..\Run: [Windows Secure Fix] iPodFixer.exe O4 - HKLM\..\RunOnce: [Windows Secure Fix] iPodFixer.exe O4 - HKLM\..\RunServices: [Windows Secure Fix] iPodFixer.exe O4 - HKCU\..\Run: [Windows Secure Fix] iPodFixer.exe O4 - HKCU\..\RunOnce: [Windows Secure Fix] iPodFixer.exe O4 - HKLM\..\Run: [Windows Update ] temps.exe O4 - HKLM\..\Run: [WinRAR Archive] winrar.exe O4 - HKLM\..\Run: [Xfire32] xfire32.exe O4 - HKLM\..\RunServices: [Xfire32] xfire32.exe O21 - SSODL: qnflkotm - {********-****-****-****-************} - C:\WINDOWSY\qnflkotm.dll O21 - SSODL: vwnskbot - {********-****-****-****-************} - C:\WINDOWSY\vwnskbot.dll O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll O22 - SharedTaskScheduler: (Random Name) - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll O23 - Service: (Random Name) - Unknown owner - C:\Program Files\TinyProxy\TinyProxy.exe O23 - Service: windows mail service - Unknown owner - C:\WINDOWS\install\mail.exe O4 - HKLM\..\Run: [hack1x2] C:\WINDOWS\system32:hlpnod32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\hack1x2 C:\WINDOWS\system32:hlpnod32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {02E3932B-EEC8-3AEA-064E-9088EDF68EDE} C:\WINDOWS\system32\wbem\msinfo.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\win32\update.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\SYSTEM33\RUNDILL32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\2060\svchst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\Update\win32update.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A744F16C-B2D5-4138-81A2-085CDFCDE83A} rundll32 sxmg4.dll,InitModule HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {E797B9BF-8FBD-A39F-F11D-66F75C92D908} C:\WINDOWS\system32\tasgmger.exe glaide32.sys v1.236 (16/10/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\btwdins.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\grfxbano***.dll O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\system32\ipv6monl.dll O2 - BHO: IP - {000051AF-07E2-461B-BA37-A2AF7E652E7D} - %Allusersprofile%\Application Data\ipd\ipb.dll O2 - BHO: 124909 helper - {51FC8C8A-A290-44BB-9331-C2D3289976A6} - C:\WINDOWS\system32\124909\124909.dll O2 - BHO: VirRLWarningBHO Class - {A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} - C:\Program Files\VirRL2009\VirRLWarning.dll O2 - BHO: pl - {B200799F-9538-403d-9A6E-36F5942EC540} - C:\WINDOWS\system32\rcsoft32.dll O3 - Toolbar: rosqxvmn - {********-****-****-****-************} - C:\WINDOWS\rosqxvmn.dll O4 - Global Startup: Start Shopper Link System Tray App.lnk = %Allusersprofile%\Application Data\ipd\tray.exe O4 - HKLM\..\Run: [btwdins.exe] C:\WINDOWS\system32\drivers\btwdins.exe O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe O4 - HKCU\..\Run: [explorer] C:\Windows\System32\UPMSN.exe O4 - HKLM\..\Run: [PASMonitor] "C:\Program Files\Common Files\PersonalAntiSpy\pbm.exe" dm=ht*p://personalantispy.com;http://load.personalantispy.com ad=ht*p://personalantispy.com;ht*p://load.personalantispy.com sd=ht*p://log.personalantispy.com O4 - HKLM\..\Run: [PersonalAntiSpy Free] "C:\Program Files\PersonalAntiSpy Free\pas.exe" /min O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe O4 - HKLM\..\Run: [upascw] C:\Program Files\PersonalAntiSpy Free\upascw.exe -c O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe" O4 - HKLM\..\Run: [Windows Logon Applicationedc] %UserProfile%\winlogon.exe O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe O21 - SSODL: ngwstxfd - {********-****-****-****-************} - C:\WINDOWS\ngwstxfd.dll O21 - SSODL: qrbgltos - {********-****-****-****-************} - C:\WINDOWS\qrbgltos.dll uwasfsd.sys v1.235 (12/10/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\wuact.exe F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe" O2 - BHO: Rmn plugin - {21D7135F-AEE9-45e7-A0C1-791A4654BFF1} - hst32.dll O2 - BHO: Rmn plugin - {21D7135F-AEE9-45e7-A0C1-791A4654BFF1} - svc32.dll O2 - BHO: 304434 helper - {7A2F3A2E-4B59-4932-B2C3-2E7F13B03207} - C:\WINDOWS\system32\304434\304434.dll O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5AF42A3-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe O4 - Global Startup: wmsncs.exe O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogen.exe O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\TEMP\winlogen.exe O4 - HKLM\..\Run: [antike] wingate32.exe O4 - HKLM\..\RunServices: [antike] wingate32.exe O4 - HKCU\..\Run: [antike] wingate32.exe O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe" O4 - HKLM\..\Run: [Keyboard Driver] skfhost.exe O4 - HKLM\..\RunServices: [Keyboard Driver] skfhost.exe O4 - HKLM\..\Run: [newstead] %Temp%\newstead.exe O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Service] chkdsks.exe O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe O4 - HKLM\..\Run: [Sound System] srmhost.exe O4 - HKLM\..\RunServices: [Sound System] srmhost.exe O4 - HKLM\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe O4 - HKLM\..\Run: [SystemCleaner] %AllUsersProfile%\Clean2.exe O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\*****.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] ciadvs.exe O4 - HKLM\..\Run: [Windows Services] msnsmg.exe O4 - HKLM\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe O4 - HKLM\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe O4 - HKLM\..\Run: [wuact.exe] C:\WINDOWS\system32\drivers\wuact.exe O4 - HKLM\..\Run: [XP Antispyware 2009] "C:\Program Files\XP_Antispyware\XP_AntiSpyware.exe" /hide O20 - AppInit_DLLs: karna.dat O22 - SharedTaskScheduler: (RandomName) - {C5AF42A3-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(RandomName).dll O23 - Service: NET Runtime Optimization Service v2.1.41329_X86 - Unknown owner - C:\WINDOWS\Fonts\wmsncs.exe O23 - Service: Windows Process Sevices - Unknown owner - C:\WINDOWS\System32\dllcache\prsc32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {103L3C30-C3B3-4130-9363-E59E1375PERM} C:\WINDOWS\Fonts\wmsncs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-21CX1C642131} c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iqe32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {3F38BE81-8266-E3A0-E48A-9379769D13B9} %Temp%\newstead.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {DD452CC3-449D-77DF-7B7C-AC0843EAD058} C:\WINDOWS\System32\Messanger\msn.exe restore.sys v1.234 (09/10/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\FmMgr.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\PrdMgr.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\regvcs.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\winlogon.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\wuaclt.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\NMBgMonitor.exe O2 - BHO: IEDefenderBHO - {FC8A493F-D236-4653-9A03-2BF4FD94F643} - C:\Windows\System32\IEDefender.dll O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe O4 - HKLM\..\Run: [lsass.exe] C:\WINDOWS\pchealth\helpctr\binaries\lsass.exe O4 - HKCU\..\Run: [MSFox] %Temp%\video*.cfg.exe O4 - HKLM\..\Run: [NMBgMonitor.exe] C:\WINDOWS\system32\NMBgMonitor.exe O4 - HKLM\..\Run: [PrdMgr.exe] C:\WINDOWS\system32\drivers\PrdMgr.exe O4 - HKLM\..\Run: [Qualys] C:\WINDOWS\system32\wmpirvse.exe O4 - HKLM\..\Run: [Qualys Security] qualysguard.exe O4 - HKLM\..\RunServices: [Qualys Security] qualysguard.exe O4 - HKCU\..\Run: [Qualys Security] qualysguard.exe O4 - HKCU\..\RunServices: [Qualys Security] qualysguard.exe O4 - HKLM\..\Run: [regvcs.exe] C:\WINDOWS\system32\drivers\regvcs.exe O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\system32\drivers\services.exe O4 - HKLM\..\Run: [Symantec Drive Maintenance] symldsm.exe O4 - HKLM\..\Run: [Syncronization Task] shrhost.exe O4 - HKLM\..\RunServices: [Syncronization Task] shrhost.exe O4 - HKLM\..\Run: [System32] C:\WINDOWS\system32\update32.exe O4 - HKLM\..\Run: [Windows Gamma Display] C:\Windows\System32\wingamma.exe /adjustment O4 - HKLM\..\Run: [winlogon.exe] C:\WINDOWS\system32\drivers\winlogon.exe O4 - HKLM\..\Run: [wuaclt.exe] C:\WINDOWS\system32\drivers\wuaclt.exe O4 - HKLM\..\Run: [zfton.exe] zfton.exe O4 - HKLM\..\RunServices: [zfton.exe] zfton.exe O4 - HKCU\..\Run: [zfton.exe] zfton.exe O23 - Service: PsycheEnqueue - Unknown owner - C:\WINDOWS\System32\PsycheEnqueue.exe O23 - Service: windows mail service - Tune - C:\WINDOWS\mail.exe v1.233 (07/10/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vortsgbq***.dll O2 - BHO: QuickTalk 2.1 - {A34FA88D-8437-4634-8A60-E913011EF2E5} - %AppData%\sp2\qaccess.dll O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll O3 - Toolbar: olnmraew - {********-****-****-****-************} - C:\WINDOWS\olnmraew.dll O4 - HKCU\..\Run: [Gool] "%AppData%\Gool\Gool.exe" O4 - HKLM\..\Run: [Symantec Drive SecMon] symldsv.exe O4 - HKLM\..\Run: [Windows msvc Control Centers] msvc32s.exe O21 - SSODL: lfstbwvd - {********-****-****-****-************} - C:\WINDOWS\lfstbwvd.dll O21 - SSODL: qmafxprs - {********-****-****-****-************} - C:\WINDOWS\qmafxprs.dll O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] (Default) = "taskdrv32.exe "%1" %*" v1.232 (07/10/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\LBTWiz.exe O2 - BHO: innbanner browser enhancer - {********-****-****-****-************} - C:\WINNT\system32\(Random Name).dll O2 - BHO: 912525 helper - {0354731F-950C-4A53-BC2B-132B5EE6B0FA} - C:\WINDOWS\system32\912525\912525.dll O2 - BHO: pl - {3DC8CA1D-D31A-474b-979A-A3823FA34ED8} - C:\WINDOWS\system32\dccplus.dll O2 - BHO: GigaNet - {5D682D50-876E-454C-90BE-EFE6028FE389} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: Osma - {6599A965-FA2D-41CD-95B1-13140F1CF8A3} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: 590075 helper - {AFC8A14F-B50A-4F0F-8FB7-77982092D81D} - C:\WINDOWS\system32\590075\590075.dll O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\(Random Name).dll" EntryPoint O4 - HKCU\..\Run: [] "%AppData%\Adobe\Player.exe" O4 - HKLM\..\Run: [Client Server] C:\WINDOWS\system\csrcs.exe O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\system32\drivers\LBTWiz.exe O4 - HKLM\..\Run: [mmsass] mldmm.exe O4 - HKLM\..\RunServices: [mmsass] mldmm.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\scvrun.exe O4 - HKCU\..\Run: [Player] "%AppData%\Adobe\Player.exe" O4 - HKLM\..\Run: [VTskMgr.exe] C:\WINDOWS\pchealth\helpctr\binaries\VTskMgr.exe O4 - HKLM\..\Run: [WinAmp Player] swphost.exe O4 - HKLM\..\RunServices: [WinAmp Player] swphost.exe O4 - HKLM\..\Run: [Windows Layer] mrtmoons.exe O4 - HKLM\..\RunServices: [Windows Layer] mrtmoons.exe O4 - HKCU\..\Run: [Windows Layer] mrtmoons.exe O4 - HKLM\..\Run: [Windows Sub-Classing Routine Manager] scvhost.exe O4 - HKLM\..\RunServices: [Windows Sub-Classing Routine Manager] scvhost.exe O4 - HKLM\..\Run: [Windows Update] WindowsUpdate.exe O4 - HKLM\..\RunServices: [Windows Update] WindowsUpdate.exe O4 - HKLM\..\Run: [Windows Updater] updater.com O4 - HKLM\..\RunOnce: [Windows Updater] updater.com O4 - HKLM\..\Run: [winis] C:\WINDOWS\system32\winis.exe O23 - Service: Windows System32 Management (SMSC32e) - Unknown owner - C:\WINDOWS\system\smsc32.exe O23 - Service: Windows32 Host Service Manager (SMSC32) - Unknown owner - C:\WINDOWS\system\smsc.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {98542AD2-6BEE-16FA-7063-790594B10AA0} C:\Program Files\Outlook Express\oemig32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\frost\ver.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\cam2\cam2.exe v1.231 (04/10/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nkefbltd***.dll O2 - BHO: LPVideoPlugin - {********-****-****-****-************} - C:\WINDOWS\system32\LPVideo.dll O2 - BHO: AlpGld.Tb6 - {57BE2636-F271-4151-9D4A-40A2663E4FD7} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Anyway toolbar - {7F47CD2E-581E-4C07-9AD5-82451B604699} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Soplygui - {BCCCB3D5-17DC-43DD-9F46-A31AB28FECB2} - C:\WINDOWS\ system32\(Random Name).dll O3 - Toolbar: dkwqgnbe - {********-****-****-****-************} - C:\WINDOWS\dkwqgnbe.dll O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe 04 - HKLM\..\Run: [Basic_14_Process.exe] C:\WINDOWS\system32\Basic_14_process.exe O4 - HKLM\..\Run: [LoadAudio] C:\WINDOWS\snd2d3d.exe 04 - HKLM\..\Run: [Microsoft MachineUpdatese] tempes.exe O4 - HKLM\..\RunServices: [Microsoft MachineUpdatese] tempes.exe 04 - HKLM\..\Run: [Microsoft Svchost local services] Winsec32.exe O4 - HKLM\..\RunServices: [Microsoft Svchost local services] Winsec32.exe 04 - HKLM\..\Run: [Monitor Resolution] svmhost.exe O4 - HKLM\..\RunServices: [Monitor Resolution] svmhost.exe 04 - HKLM\..\Run: [OpenSSL] C:\WINDOWS\system32\rpcmon.exe O4 - HKLM\..\Run: [Rout111] serv454.exe O4 - HKLM\..\RunOnce: [Rout111] serv454.exe O4 - HKLM\..\RunServices: [Rout111] serv454.exe O4 - HKCU\..\Run: [Rout111] serv454.exe O4 - HKCU\..\RunOnce: [Rout111] serv454.exe 04 - HKLM\..\Run: [skype.exe] C:\WINDOWS\system32\iconchanger.exe O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\pchealth\helpctr\binaries\svchost.exe O4 - HKLM\..\Run: [system32] %Temp%\lsass.exe 04 - HKLM\..\Run: [Transaction Tasker] stdhost.exe O4 - HKLM\..\RunServices: [Transaction Tasker] stdhost.exe 04 - HKLM\..\Run: [Windows Defendar] C:\WINDOWS\system32\RatBot.exe O4 - HKLM\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Service CV] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [Windows Service CV] (Random 6 Letter).exe O4 - HKCU\..\Run: [Windows Service CV] (Random 6 Letter).exe 04 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\update.exe O4 - HKLM\..\Run: [XP HOT ReHard] b7r63.exe O4 - HKLM\..\RunOnce: [XP HOT ReHard] b7r63.exe O4 - HKLM\..\RunServices: [XP HOT ReHard] b7r63.exe O4 - HKCU\..\Run: [XP HOT ReHard] b7r63.exe O4 - HKCU\..\RunOnce: [XP HOT ReHard] b7r63.exe O21 - SSODL: neksolda - {********-****-****-****-************} - C:\WINDOWS\neksolda.dll O21 - SSODL: xgpsarbm - {********-****-****-****-************} - C:\WINDOWS\xgpsarbm.dll O23 - Service: WINDOWS VISTA UPDATA DEFENDAR (Windows Defandur) - Unknown owner - C:\WINDOWS\system32\RatBot.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1A8E7CF0-6E0E-6C59-BCF4-193E66A52F9B} C:\WINDOWS\Bifrost\Winsetup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {3680A955-6283-7BFC-E782-A222F642CBB3} C:\WINDOWS\system32\iconchanger.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A24CDBE1-DE51-32C9-7C14-F7DF9AD1BA9E} C:\Program Files\Components\Component.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {BD195C73-48CA-FFB7-61FD-038F0AAB384B} %Temp%\lsass.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {EE8B124C-3C68-C5C6-B314-0122FE9EE2D4} C:\WINDOWS\system32\BAZOOKA\server.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} C:\WINDOWS\Downloaded Program Files\svchost.exe v1.230 (30/09/08) O2 - BHO: ***libP - {********-****-****-****-************} - C:\WINDOWS\system32\***lib.dll O2 - BHO: LPN.df3 - {5B171109-DED1-4403-90E9-6F7778533B9A} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: CisoASpy - {98237227-8F14-46CA-B743-241103BEE8A6} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Genaps - {E402C66A-D5CB-441E-9F12-A5A864430AA2} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: GNS_tbl - {F7B20872-3B45-4F1D-A45E-A360E4102BDA} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: NitroBomb - {D4BA1B98-9E26-454D-A42B-AA69E732383F} - C:\Windows\system32\(Random Name).dll O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe O4 - HKCU\..\Run: [System Kernel] C:\WINDOWS\lsass.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {164EB102-BDC3-BC08-0004-000303080604} C:\WINDOWS\system32\divxupdate.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1CB622F9-7299-4245-0705-080208070506} C:\WINDOWS\system32\SecSystem.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {D9A766BE-75DF-67A8-F982-2404FB114406} C:\WINDOWS\system32\Services\server.exe msansspc.dll v1.229 (25/09/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe, O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\dfmlxbpk***.dll O2 - BHO: 846888 helper - {10A07F79-70F2-4169-B872-55184904D41D} - C:\WINDOWS\system32\846888\846888.dll O2 - BHO: 848700 helper - {0CC6DB27-243B-4450-96A7-7E868225858D} - C:\WINDOWS\system32\848700\848700.dll O3 - Toolbar: peltodgx - {********-****-****-****-************} - C:\WINDOWS\peltodgx.dll O3 - Toolbar: Fileshredder Panel - {D99C619E-00DE-44bc-8870-D3030D4708B4} - C:\Program Files\SecureFileShredder\ExpBtn.dll O4 - HKCU\..\Run: [Antispyware PRO XP] "%allusersprofile%\Application Data\Software Licensors\Antispyware PRO XP\asproxp.exe" /autorun O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe O4 - HKLM\..\Run: [DumpPrep] Isass32.exe O4 - HKLM\..\RunServices: [DumpPrep] Isass32.exe O4 - HKCU\..\Run: [DumpPrep] Isass32.exe O4 - HKCU\..\RunServices: [DumpPrep] Isass32.exe O4 - HKLM\..\Run: [FileMonitor] C:\Program Files\SecureFileShredder\FileMonitor.exe O4 - HKLM\..\Run: [Microsoft] Security.exe O4 - HKLM\..\RunServices: [Microsoft] Security.exe O4 - HKLM\..\Run: [Msgw32] C:\WINDOWS\system32\WINMSG32.EXE O4 - HKLM\..\Run: [Paner cPanle] cPanere.exe O4 - HKLM\..\RunServices: [Paner cPanle] cPanere.exe O4 - HKLM\..\Run: [Poison.Ivy] C:\WINDOWS\system32:Poison Ivy.exe O4 - HKLM\..\Run: [Reminder] C:\Program Files\SecureExpertCleaner\Reminder.exe O4 - HKLM\..\Run: [SecureExpertCleaner] C:\Program Files\SecureExpertCleaner\sec.exe O4 - HKLM\..\Run: [SecureFileShredder] C:\Program Files\SecureFileShredder\FileShredder.exe O4 - HKLM\..\Run: [Sun Java] cpu.exe O4 - HKLM\..\RunServices: [Sun Java] cpu.exe O4 - HKLM\..\Run: [Symantec Configuration Load] symloadcfg.exe O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\sspool.exe" O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\winserv.exe" O4 - HKLM\..\Run: [WINMGR] taskgmgr.exe O4 - HKLM\..\RunServices: [WINMGR] taskgmgr.exe O4 - HKCU\..\Run: [WINMGR] taskgmgr.exe O21 - SSODL: AppProcSmart - {********-****-****-****-************} - C:\Program Files\(Random Name)\AppProcSmart.dll O21 - SSODL: DscSmartSrv - {********-****-****-****-************} - C:\Program Files\(Random Name)\DscSmartSrv.dll O21 - SSODL: mondb - {********-****-****-****-************} - C:\Program Files\(Random Name)\mondb.dll O21 - SSODL: onfwbsak - {********-****-****-****-************} - C:\WINDOWS\onfwbsak.dll O21 - SSODL: rwlfsdmk - {********-****-****-****-************} - C:\WINDOWS\rwlfsdmk.dll O23 - Service: Microsoft Windows Video Driver - Unknown owner - C:\Program Files\Common Files\System\MSWVR32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lovely.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9670A6CE-B4AD-8EC3-0739-848F861C03BD} C:\WINDOWS\system32\piji.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {B2-SKD-9838-AF9E-B498-929436CEC38C} C:\Program Files\B\w.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {DCAEFAB7-1E71-36E3-7011-7FDD7E74EFC9} C:\WINDOWS\system32:Poison Ivy.exe v1.228 (22/09/08) O2 - BHO: Adom.To - {0F95467C-AB44-4274-BEEA-2A75AB01B77E} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: CHNSVP - {0F95467C-AB44-4274-BEEA-2A75AB01B77E} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe O4 - HKLM\..\Run: [iseeu.exe] C:\WINDOWS:iseeu.exe O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKCU\..\Run: [Run] "%AppData%\Adobe\Player.exe" O4 - HKLM\..\Run: [Symantec Administration Service] symlasvc.exe O4 - HKLM\..\Run: [Symantec Drive Services] symlssdr.exe O4 - HKLM\..\Run: [Symantec Service Client] symlcserv.exe O20 - Winlogon Notify: asplug - C:\WINDOWS\SYSTEM32\asplug.dll O23 - Service: Windows Server IP Verification Service (LSIVS) - Unknown owner - C:\WINDOWS\system32\lsivs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {4C25E078-D042-268B-1044-1CFAAFB8E82B} C:\WINDOWS:iseeu.exe asplg.sys v1.227 (19/09/08) O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll O2 - BHO: Gordon tool - {4D8F81B2-80C9-45B1-9F03-67B2B0D2320B} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [csrss] C:\csrss.exe O4 - HKLM\..\Run: [Logical Volume] slvhost.exe O4 - HKLM\..\RunServices: [Logical Volume] slvhost.exe O4 - HKLM\..\Run: [Microsoft Device Manager] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [Security Host] solhost.exe O4 - HKLM\..\RunServices: [Security Host] solhost.exe O4 - HKLM\..\Run: [Symantec Device Config] symldvc.exe O4 - HKLM\..\Run: [Symantec Device Manager] symlsrd.exe O4 - HKLM\..\Run: [Symantec DVD Record] symldvd.exe O4 - HKLM\..\Run: [Symantec RPC Call] symlsrp.exe O4 - HKLM\..\Run: [Symantec System DB] symlssdb.exe O4 - HKLM\..\Run: [Symantec System Maintenance] symlssm.exe O4 - HKLM\..\Run: [Windows] %Temp%\Setup_ver1.1400.0.exe O4 - HKLM\..\Run: [\YUR?.exe] C:\Windows\system32\YUR?.exe O4 - HKCU\..\Run: [\YUR?.exe] C:\Windows\system32\YUR?.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {3E8A5B30-87C5-ABCB-DB7E-65FC98714A8D} C:\Program Files\Messenger\Update.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\csrss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\system32\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\Bi\gfgrg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\Valuei\nando.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {EB71766F-7401-EC72-E39B-86827DB4E086} C:\Program Files\Windows\svchost.exe v1.226 (16/09/08) F2 - REG:system.ini: Shell=Explorer.exe winservicess.exe O2 - BHO: Microsoft copyright - {0DDD155F-B89C-4f34-90F0-53D7BD21A37C} - mscont32.dll O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - jetaccss.dll O2 - BHO: 907465 helper - {73D8D2C9-E615-4A23-8013-30FFF3C5BF8E} - C:\WINDOWS\system32\907465\907465.dll O2 - BHO: AVLWarningBHO Class - {A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6} - C:\Program Files\AntiVirusLab2009\AVLWarning.dll O2 - BHO: AVLWarningBHO Class - {A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6} - C:\Program Files\VirusResponseLab2009\AVLWarning.dll O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - smb32.dll O2 - BHO: GPI.ex - {D80C8DC6-A525-4AE5-AAF3-A4B13105A700} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Jany.bho.module - {D80C8DC6-A525-4AE5-AAF3-A4B13105A700} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: HACK.SPY - {D83E84DA-D187-4300-B5D7-727727352096} - C:\WINDOWS\system32\(Random Name).dll O4 - HKCU\..\Run: [AntiVirusLab2009] "C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe" O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\wints.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\wints.exe O4 - HKLM\..\Run: [microsft windows updates] mswupdate32.exe O4 - HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe O4 - HKLM\..\Run: [msmsg] C:\WINDOWS\system32\msmsg.exe O4 - HKCU\..\Run: [msmsg] C:\WINDOWS\system32\msmsg.exe O4 - HKLM\..\Run: [NCplDeamon] winservicess.exe O4 - HKCU\..\RunOnce: [NCplDeamon] winservicess.exe O4 - HKLM\..\Run: [Symantec Core LTD] symlsmd.exe O4 - HKLM\..\Run: [Symantec Restore Services] symlsrw.exe O4 - HKLM\..\Run: [Symantec Security License] symlsrx.exe O4 - HKLM\..\Run: [Symantec Spooler Application] symlsma.exe O4 - HKCU\..\Run: [VirusResponseLab2009] "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe" O4 - HKLM\..\Run: [win1ogin] C:\WINDOWS\tvmware-tray..exe O4 - HKLM\..\Run: [win2login] C:\WINDOWS\vmware-tray.exe O4 - HKCU\..\Run: [WinButler] %AppData%\WinButler\WinButler.exe O20 - Winlogon Notify: arm80reg - C:\Settings\arm80.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1C3E1657-0519-FEAF-0303-060404050506} C:\WINDOWS\system32\winlogin.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {23D8A3E5-B11D-A418-0302-000402060805} C:\WINDOWS\system32\winlog.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ipse32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {5EB96953-7D02-4594-AC15-F55FC9AACFCB} rundll32 mscont32.dll,InitModule HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {741CC5B5-242A-F54F-7F3E-E0B90901289B} C:\Program Files\config32\system36.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\glg\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\Dark\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\msmsg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\Bifrost\Regidl.exe v1.225 (14/09/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%userprofile%\(Random Name).exe \s O2 - BHO: agadoo browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll O2 - BHO: bambanner browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: cpmsky browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll O2 - BHO: milehighads browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll O2 - BHO: GMX toolbar - {1EF7B347-DBAF-412F-879D-DC7A95BFCC94} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Rmn plugin - {2FDA60DF-6D94-4f16-A48C-3C4EC57FEF58} - symdb32.dll O2 - BHO: 242112 helper - {4B05A613-988E-4FA1-B2D7-55A1145FD1EF} - C:\WINDOWS\system32\242112\242112.dll O2 - BHO: QXK Olive - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - %Temp%\msfont32.dll O2 - BHO: Apaps - {EC748705-E0FD-4671-9AFF-890579E57450} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\system32\(Random Name).exe \u O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe * O4 - HKLM\..\Run: [Symantec Handler Service] symlsmc.exe O4 - HKLM\..\Run: [Symantec License Server] symlcsrv.exe O4 - HKLM\..\Run: [Symantec Network AI] symlsmr.exe O4 - HKLM\..\Run: [Symantec Registery Services] symlsnreg.exe O4 - HKLM\..\Run: [Symantec Registry Server] symsnreg.exe O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe v1.224 (12/09/08) O2 - BHO: svc.Apx - {7D6A0C8D-7C34-44FC-BED8-96528D13BEE9} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: XGame - {F3A486C3-6341-4BE6-B94D-D4172B69E430} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [Advanced Graphics Driver] smvhost.exe O4 - HKLM\..\RunServices: [Advanced Graphics Driver] smvhost.exe O4 - HKLM\..\Run: [Configuration Loader] sysdevice.exe O4 - HKLM\..\RunServices: [Configuration Loader] sysdevice.exe O4 - HKCU\..\Run: [MalP] C:\WINDOWS\wkssvr.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msnsrv.exe O4 - HKLM\..\Run: [Service Restore Panels] servpanel.exe O4 - HKLM\..\Run: [Symantec Licensing Source] symlsrc.exe O4 - HKLM\..\Run: [Symantec Licensing Svc] symlsrv.exe O4 - HKLM\..\Run: [System Installer Prep] sysprep.exe O4 - HKLM\..\Run: [System Service] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [System Update] mssetupconf.exe O4 - HKLM\..\RunServices: [System Update] mssetupconf.exe O4 - HKCU\..\Run: [System Update] mssetupconf.exe O4 - HKCU\..\RunServices: [System Update] mssetupconf.exe O4 - HKLM\..\Run: [VGA Driver] scmhost.exe O4 - HKLM\..\RunServices: [VGA Driver] scmhost.exe O4 - HKLM\..\Run: [Windows Plugin] winmsn.exe O4 - HKLM\..\Run: [Windows Service] (Random 11 letter).exe O4 - HKCU\..\Run: [Windows Service] (Random 11 letter).exe O4 - HKCU\..\Run: [WInUpdate16] C:\WINDOWS\system32\udate32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\grinder.exe v1.223 (09/09/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vmgspntb***.dll O2 - BHO: iebho surf - {341116E2-9CC4-4A6E-9303-4819C84846DE} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - siemens32.dll O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - skrb32.dll O2 - BHO: CIEBHO Object - {528A3CF7-AAF9-42FE-A5D0-2A8EDA9E299E} - %userprofile%\My Documents\SpyDevastator\SDBHO.dll O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll O3 - Toolbar: fqbewlna - {********-****-****-****-************} - C:\WINDOWS\fqbewlna.dll O4 - Startup: .security O4 - Global Startup: .security O4 - HKLM\..\Run: [Msn Messenger Plugins] msnplugin.exe O4 - HKLM\..\Run: [PC-Antispy] "C:\Program Files\PC-Antispy\PC-Antispy.exe" hide O4 - HKCU\..\Run: [PC Clean Pro] "C:\Program Files\PC Clean Pro\PC Clean Pro.exe" hide O4 - HKLM\..\Run: [serviccs.exe] C:\WINDOWS\system32\serviccs.exe O4 - HKCU\..\Run: [SpyDevastator] C:\Program Files\SpyDevastator\SpyDevastator.exe /h O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32:hh2.exe O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKLM\..\Run: [Symantec Licensing Server] symlserv.exe O20 - Winlogon Notify: arm65reg - C:\Settings\arm65.dll O21 - SSODL: dtseqrxk - {********-****-****-****-************} - C:\WINDOWS\dtseqrxk.dll O21 - SSODL: mgxfebsq - {********-****-****-****-************} - C:\WINDOWS\mgxfebsq.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {0C9FD060-3198-C677-E681-ED3660DE8B88} C:\WINDOWS\system32\ghh.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {0D94F3F4-BA95-258D-0008-070006060802} C:\WINDOWS\system32\msrun32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {54277B55-E73D-3C13-43DD-6B03660716FA} C:\WINDOWS\win32sydkey\sydkey.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {6B1379D1-80C1-7FD1-F0AE-74DB0733EF22} C:\WINDOWS\system32\serviccs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {84B02893-50FC-15F7-BCD6-C731BE4C7E66} C:\WINDOWS\logo.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {994477D6-C2D8-0644-429A-3C94CD9F33F5} C:\WINDOWS\update.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe Debugger = "C:\Program Files\Microsoft Common\wuauclt.exe" pcantispy.sys v1.222 (07/09/08) O2 - BHO: bannerstyles15 browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\**************.dll O2 - BHO: CodecPlugin Class - {********-****-****-****-************} - C:\WINDOWS\system32\RichVideoCodec.dll O2 - BHO: getsn32.msiesn - {********-****-****-****-************} - C:\WINDOWS\system32\getsn32.dll O2 - BHO: AFS plugin - {8EF40C36-293F-4749-8EA0-94FB3AD83FA1} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: EasyPic - {62F96656-0788-4D00-8E32-D41C239E205B} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: library.edu - {8EF40C36-293F-4749-8EA0-94FB3AD83FA1} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: RupTool - {F32B24F1-25FA-4A91-9F97-5272B3CE8FCA} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Safe surf - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: stx.tbl - {7E61BB38-A952-40BA-98F0-0AD229658CB7} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: svc - {BE17AE9C-3BD1-4BAD-936F-B77B63D5763F} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WEP Viewer - {746CBA32-C671-44F6-BC73-C5351A316D03} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Rmn plugin - {2FDA60DF-6D94-4f16-A48C-3C4EC57FEF58} - nokia32.dll O2 - BHO: Data Tracker - {AF3A4E11-2F63-35EF-D6BC-F3646308105D} - %Windir%\system\gowtae32.dll O3 - Toolbar: Internet Service - {94A5C93F-BD18-4C46-B777-C94C145C3CAB} - C:\Program Files\Applications\iebr.dll O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe O4 - HKCU\..\Run: [AdobeReaderPro] msnservex.exe O4 - HKCU\..\Run: [alg] %UserProfile%\Local Settings\alg.exe O4 - HKLM\..\Run: [Boot SFV] Bootsfv.exe O4 - HKLM\..\Run: [Botnet] blablabla.exe O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\(Random 6 letter).exe O4 - HKLM\..\Run: [ctfmon.exe] c:\WINDOWS\ctfmon.exe O4 - HKCU\..\Run: [ctfmon.exe] c:\WINDOWS\ctfmon.exe O4 - HKLM\..\Run: [Firewall DRV] spfhost.exe O4 - HKLM\..\RunServices: [Firewall DRV] spfhost.exe O4 - HKLM\..\Run: [Messenger] msnmgsr.exe O4 - HKLM\..\RunServices: [Messenger] msnmgsr.exe O4 - HKLM\..\Policies\Explorer\Run: [Messenger] msnmgsr.exe O4 - HKCU\..\Run: [MSN] DebugMan.exe O4 - HKLM\..\Run: [MsnMessengerSvc] msnmsgr.exe O4 - HKLM\..\RunServices: [MsnMessengerSvc] msnmsgr.exe O4 - HKLM\..\Run: [SIMO.exe] C:\WINDOWS:slm.exe O4 - HKLM\..\Run: [stoner] C:\WINDOWS\system32\winsvcx.exe O4 - HKLM\..\Run: [Symantec DB Server] symdbsvr.exe O4 - HKLM\..\Run: [SYSrow32] C:\WINDOWS\system32\SYSrowdl32.exe O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TotalSecure2009\scan.exe O4 - HKLM\..\Run: [WinDLL (dasda.com)] rundll32.exe C:\WINDOWS\system32\dasda.com,start O4 - HKLM\..\Run: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows system] winsys.exe O4 - HKLM\..\RunServices: [Windows system] winsys.exe O4 - HKCU\..\Run: [Windows system] winsys.exe O4 - HKLM\..\Run: [Windows System 32] System32.exe O4 - HKLM\..\RunServices: [Windows System 32] System32.exe O4 - HKCU\..\Run: [Windows System 32] System32.exe O4 - HKLM\..\Run: [Windows TaskManager] iexplorer.exe O4 - HKLM\..\RunServices: [Windows TaskManager] iexplorer.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winmsn.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\winupd.exe O4 - HKLM\..\Run: [Windows Uptade] C:\WINDOWS\system32\winupd.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "aux1"="(Random Numbers).CPX" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1A26E42D-21DA-C7A1-70C5-8877AE12D531} c:\WINDOWS\system32\winupd.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1AD977CE-D626-8F6A-8016-257FA225337F} C:\WINDOWS\System32\msconflg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isys32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28B0E5C2-99CB-11CF-AYX5-00401C648513} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2bf41070-b2b1-21d1-b5c1-0305f4055515} c:\WINDOWS\svcr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {5B7AC5A1-6568-13F1-261B-67911AF4B4D8} c:\WINDOWS\system32\orb32wvx\rhb32swo.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {729CC054-9FC8-238E-0A98-75B7A1C73972} c:\WINDOWS\system32\kb478342122.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {8007BF46-2EE2-BE34-FC98-F324FA453D59} C:\Program Files\Messenger\MSN.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {924340DF-8FC3-EB1B-76EE-D5AB94BD9A05} C:\WINDOWS:slm.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\Bifrost\msn.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} c:\WINDOWS\ctfmon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} c:\WINDOWS\system32\messenger\msn.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A5CDF7EC-751B-46aa-AD69-4005FE080DE8}] %UserProfile%\Local Settings\alg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {AB072FA3-300A-7D69-0336-3392B7DFCDF5} C:\WINDOWS\MSN\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {AD378C62-D2B9-1B6D-5BA5-9B285FE7DBFD} c:\WINDOWS\system32\Bifrost\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {C955AF69-D02F-5372-DFEF-452FA15A98C9} c:\WINDOWS\system32\win32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {CA238EBC-26ED-8EA9-89A8-F04283B6E902} c:\WINDOWS\system32\Bifrost\Server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {D0C0E9C3-FA6C-19B9-754A-46087D2044E1} C:\WINDOWS\system32\SYSrowdl32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {D3B838CC-A487-8C98-F763-907E35B6FB0A} c:\WINDOWS\system32\System Conf\loadwindows.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {E39D7708-A3BB-478F-01F0-DC54566A4F4B} c:\WINDOWS\system32\winupd.exe v1.221 (03/09/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe, O2 - BHO: CodecPlugin Class - {********-****-****-****-************} - C:\WINDOWS\system32\CodecBHO.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vanwxemg***.dll O2 - BHO: ThreatWarningBHO Class - {E1FAB6BD-4A34-47ce-82AF-50B16A6BE77E} - C:\Program Files\aspch\ThreatWarning.dll O3 - Toolbar: gksraemq - {********-****-****-****-************} - C:\WINDOWS\gksraemq.dll O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe O4 - HKCU\..\Run: [aspch] "C:\Program Files\aspch\ASpCh.exe" O4 - HKLM\..\Run: [Cpl32ver] C:\WINDOWS\System32\Cpl32ver.exe O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe O4 - HKLM\..\Run: [lol.exe] C:\WINDOWS\system32\sys21.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] lsas.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] lsas.exe O4 - HKLM\..\Run: [Microsoft Update Machine] (Random 7 Letter).exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] (Random 7 Letter).exe O4 - HKCU\..\Run: [Microsoft Update Machine] (Random 7 Letter).exe O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe O4 - HKLM\..\RunServices: [Msn Messenger] msnmsgs.exe O4 - HKLM\..\Policies\Explorer\Run: [Msn Messenger] msnmsgs.exe O4 - HKLM\..\Run: [RIOTBOT] riotz.exe O4 - HKLM\..\RunServices: [RIOTBOT] riotz.exe O4 - HKCU\..\Run: [RIOTBOT] riotz.exe O4 - HKLM\..\Run: [sconfig] C:\WINDOWS\mshosts.exe O4 - HKLM\..\Run: [Services Control] iexplore.exe O4 - HKLM\..\RunServices: [Services Control] iexplore.exe O4 - HKLM\..\Policies\Explorer\Run: [Services Control] iexplore.exe O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\svchosy.exe O4 - HKLM\..\Run: [Symantec Control Client] symclisvc.exe O4 - HKLM\..\Run: [Windows Service Agent] dsass.exe O4 - HKLM\..\RunServices: [Windows Service Agent] dsass.exe O4 - HKCU\..\Run: [Windows Service Agent] dsass.exe O4 - HKLM\..\Run: [Windows Services Managt] wpservice.exe O4 - HKLM\..\Run: [Windows Taskmanager] taskmngr.exe O4 - HKLM\..\RunServices: [Windows Taskmanager] taskmngr.exe O4 - HKLM\..\Policies\Explorer\Run: [Windows Taskmanager] taskmngr.exe O4 - HKLM\..\Run: [Windows Helper] service.exe O4 - HKLM\..\RunServices: [Windows Helper] service.exe O23 - Service: WindowsHelpService - Unknown owner - C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Windows xmutler] cftmon32.exe O21 - SSODL: dgksvbpn - {********-****-****-****-************} - C:\WINDOWS\dgksvbpn.dll O21 - SSODL: xrdwbfgn - {********-****-****-****-************} - C:\WINDOWS\xrdwbfgn.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2C57EDE3-C380-C4BD-4ADC-ECC8F2BDFB35} C:\WINDOWS\system32\sys21.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {530DFCD7-7C64-F51E-DC82-8AAE264424EE} C:\WINDOWS\svchosy.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\MSN Messenger\msn.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\mshosts.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9CD81F6A-B74A-D406-D482-D55DE3A0A802} C:\WINDOWS\system32\win32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {C399F668-9A68-50CE-BC0C-2901F5522786}] C:\Program Files\programsis\m5z.exe v1.220 (29/08/08) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\csrss.exe F2 - REG:system.ini: Shell=Explorer.exe SVCH0ST.exe O2 - BHO: D - {********-****-****-****-************} - C:\WINDOWS\system32\mmx*****.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\rodqgpvl***.dll O2 - BHO: 120237 helper - {176D799E-6C8C-4D1A-8024-044D96A035E2} - C:\WINDOWS\system32\120237\120237.dll O2 - BHO: msvbcr40 module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll O2 - BHO: 690974 helper - {3912DDE2-4295-4A5F-A8E4-A1B1C7EF7313} - C:\WINDOWS\system32\690974\690974.dll O2 - BHO: Rmn plugin - {9988775D-4368-4857-871A-D01D66CA3A71} - ritz8.dll O3 - Toolbar: qalkfxor - {********-****-****-****-************} - C:\WINDOWS\qalkfxor.dll O4 - HKLM\..\Run: [***] C:\WINDOWS\system32\****\svchost.exe O4 - HKLM\..\Run: [AcerVGA Engine Drivers V1.2] C:\WINDOWS\iuengine32.exe O4 - HKLM\..\Run: [Adobe SpeedLaunch] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [Adobe SpeedLaunch] (Random 6 Letter).exe O4 - HKCU\..\Run: [Adobe SpeedLaunch] (Random 6 Letter).exe O4 - HKLM\..\Run: [Computer Driver] scshost.exe O4 - HKLM\..\RunServices: [Computer Driver] scshost.exe O4 - HKLM\..\Run: [Files Driver] sfdhost.exe O4 - HKLM\..\RunServices: [Files Driver] sfdhost.exe O4 - HKLM\..\Run: [manager] C:\WINDOWS\system32\drivers\setup\manager.exe O4 - HKCU\..\Run: [manager] C:\WINDOWS\system32\drivers\setup\manager.exe O4 - HKLM\..\Run: [Microsoft] winlogonsys.exe O4 - HKLM\..\RunServices: [Microsoft] winlogonsys.exe O4 - HKLM\..\Run: [Microsoft Host Scheduler] svchostt32.exe O4 - HKLM\..\RunServices: [Microsoft Host Scheduler] svchostt32.exe O4 - HKLM\..\Run: [Microsoft Updates] C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Microsoft Windows] System.exe.exe O4 - HKLM\..\RunServices: [Microsoft Windows] System.exe.exe O4 - HKCU\..\Run: [Microsoft Windows] System.exe.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\winmedia.exe O4 - HKLM\..\Run: [Nero Burner] svdhost.exe O4 - HKLM\..\RunServices: [Nero Burner] svdhost.exe O4 - HKLM\..\Run: [Realtek_Audio] C:\WINDOWS\system32\Realtek.exe O4 - HKLM\..\Run: [RealtekAC] C:\WINDOWS\system32\RealtekAC.exe O4 - HKCU\..\Run: [Run] "%AppData%\Adobe\Manager.exe" O4 - HKLM\..\Run: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe O4 - HKLM\..\RunServices: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe O4 - HKCU\..\Run: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe O4 - HKLM\..\Run: [Sound Driver for Windows] sdshost.exe O4 - HKLM\..\RunServices: [Sound Driver for Windows] sdshost.exe O4 - HKLM\..\Run: [Sound Manager] C:\WINDOWS\winrun32.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe O4 - HKLM\..\Run: [startkey] C:\svchost.exe O4 - HKCU\..\Run: [startkey] C:\svchost.exe O4 - HKLM\..\Run: [svchosts] C:\WINDOWS\system32:svchosts.exe O4 - HKLM\..\Run: [svchostt] C:\WINDOWS\system32\TH.exe O4 - HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe O4 - HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe O4 - HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe O4 - HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe O4 - HKLM\..\Run: [\VIE??.exe] C:\Windows\system32\VIE??.exe O4 - HKCU\..\Run: [\VIE??.exe] C:\Windows\system32\VIE??.exe O4 - HKLM\..\Run: [Windows Debug Manager] DebugManager.exe O4 - HKLM\..\Run: [Windows Genuine Check] Windows Genuine Check.exe O4 - HKLM\..\RunServices: [Windows Genuine Check] Windows Genuine Check.exe O4 - HKCU\..\Run: [Windows Genuine Check] Windows Genuine Check.exe O4 - HKLM\..\Run: [Windows Live Messenger] msnmsgr.exe O4 - HKLM\..\RunServices: [Windows Live Messenger] msnmsgr.exe O4 - HKCU\..\Run: [Windows Live Messenger] msnmsgr.exe O4 - HKLM\..\Run: [Windows mid Control Services] wuactll.exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 9 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 9 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 9 Letter).exe O4 - HKLM\..\Run: [Windows Services] weccom.exe O4 - HKLM\..\Run: [Windows UDP Control Center] msnmngs.exe O21 - SSODL: pdoskegl - {********-****-****-****-************} - C:\WINDOWS\pdoskegl.dll O21 - SSODL: rqbmvpso - {********-****-****-****-************} - C:\WINDOWS\rqbmvpso.dll (Trojan-Downloader.Win32.Agent variant) O23 - Service: Physical Memory Protector - Unknown owner - C:\(Random Location)\(Random Name).exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ AcerVGA Engine Drivers V1.2 C:\WINDOWS\iuengine32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {08B0E5C0-4FCB-11CF-AAX5-00401C608512} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {08B0E5C0-4FCB-11CF-AAX5-00401C608512} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1FDAC107-871A-A4BE-0704-060506040805} C:\WINDOWS\system32\svost.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\helper.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {38D33011-7115-0816-4F85-8571E5873992} C:\WINDOWS\aplication\Intals.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {54F67D53-4C0F-D9D3-5A4C-111EA5DCE522} C:\WINDOWS\system32\TH.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {5E91C572-C63F-2D7D-E561-FCC851EC2FC1} C:\WINDOWS\system32:svchosts.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {5FDEC229-E086-E943-FEE5-FF75C431CA22} C:\WINDOWS\system32\backup\backup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {649ECE67-BA10-F963-8F75-09FD492F0283} C:\Program Files\win32a\msnger.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {6A0C09D2-B74C-68DF-89AB-93479621C994} C:\WINDOWS\system32\WlNDWOS\Systam.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {6A6D30B3-DEE8-DF78-BE74-05991ED10065} C:\WINDOWS\pif\did.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {820392F6-B191-D0CA-D576-D9544EAAE3AA} C:\WINDOWS\system32\service.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {90302276-6E6D-C710-DAD5-257BCE8FE76A} C:\WINDOWS\system32\Realtek.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\Bifrost\[KD]Naruto.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\windows32\system32dll.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\winrun32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\Bifrost\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836}] C:\WINDOWS\system32\Bifrost\rty.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {B2248E7E-47AE-1C6C-1479-739621F9A67C} C:\WINDOWS\system32\Bifrost\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {B4A3BA44-AF1D-8043-3767-FDF387375AD2} C:\WINDOWS\system32\Bifrost\svhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {C2B2D6F1-4BE2-328F-AFB3-05377BB517EC} C:\WINDOWS\system32\RealtekAC.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {FCBABD4C-10E5-5008-FA5B-014542C24FCD} C:\Program Files\Bifrost\server.exe v1.219 (24/08/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\twmxbsqr***.dll O2 - BHO: dcads - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: gooochi browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Worm Radar - {07EF0649-D5BA-4139-B0A2-4D047F223B2D} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll O2 - BHO: IE Story - {A83359CE-23D4-4E1A-9D4E-C94AEDD1A67C} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE Shop - {F73DBD9E-5F1B-4BCA-8604-A911DCE08B37} - C:\WINDOWS\system32\(Random Name).dll O3 - Toolbar: rafbsvnx - {********-****-****-****-************} - C:\WINDOWS\rafbsvnx.dll O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\AV9\av2009.exe O4 - HKLM\..\Run: [blahh service] msengine.exe O4 - HKLM\..\RunServices: [blahh service] msengine.exe O4 - HKLM\..\Run: [Dcom Helper] dcmhlp.exe O4 - HKLM\..\RunServices: [Dcom Helper] dcmhlp.exe O4 - HKCU\..\Run: [Dcom Helper] dcmhlp.exe O4 - HKLM\..\Run: [F-Secure Gatekeeper] taskmon.exe O4 - HKLM\..\Run: [Genius Mose Driver] svghost.exe O4 - HKLM\..\RunServices: [Genius Mose Driver] svghost.exe O4 - HKLM\..\Run: [kernel32dll] guardpc.exe O4 - HKLM\..\RunServices: [kernel32dll] guardpc.exe O4 - HKLM\..\RunOnce: [kernel32dll] guardpc.exe O4 - HKCU\..\Run: [kernel32dll] guardpc.exe O4 - HKCU\..\RunOnce: [kernel32dll] guardpc.exe O4 - HKLM\..\Run: [Microsoft Windows Sound Drivers] sounddrivers.exe O4 - HKLM\..\Run: [Service PAck hard] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Service PAck hard] (Random 8 Letter).exe O4 - HKCU\..\Run: [Service PAck hard] (Random 8 Letter).exe O4 - HKLM\..\Run: [Sound System Driver] svlhost.exe O4 - HKLM\..\RunServices: [Sound System Driver] svlhost.exe O4 - HKLM\..\Run: [Symantec Configuration Settings] symconfig.exe O4 - HKLM\..\Run: [WinDLL (algs.exe)] rundll32.exe C:\WINDOWS\System32\algs.exe,start O4 - HKLM\..\Run: [WinDLL (wintmp.exe)] rundll32.exe C:\WINDOWS\system32\wintmp.exe,start O4 - HKLM\..\Run: [Windows MSN Live 2.3] C:\WINDOWS\system32\svhvchost.exe O4 - HKCU\..\Run: [Windows MSN Live 2.3] C:\WINDOWS\system32\svhvchost.exe O4 - HKLM\..\Run: [Windows msvc Control Host] msvs32s.exe O4 - HKLM\..\Run: [Windows Newresck] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Newresck] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Newresck] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Services] windows.exe O4 - HKLM\..\Run: [Windows UDP Control Center] installer.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winrofl32.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\Nod32Av.exe O4 - HKLM\..\Run: [Winsock2 driver] (Random 3 Letter).exe O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 3 Letter).exe O21 - SSODL: tsxngabr - {********-****-****-****-************} - C:\WINDOWS\tsxngabr.dll O21 - SSODL: vtqnxfko - {********-****-****-****-************} - C:\WINDOWS\vtqnxfko.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winhelp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe Debugger= C:\Program Files\Microsoft Common\svchost.exe v1.218 (18/08/08) O4 - HKLM\..\Run: [ISPSERVICE] C:\WINDOWS\system32\wintmp.exe O4 - HKLM\..\Run: [Symantec Client Security] symclient.exe O4 - HKLM\..\Run: [System Presets] systempre.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\winsc.exe v1.217 (18/08/08) O2 - BHO: BhoApp Class - {********-****-****-****-************} - C:\Program Files\altcmd\altcmd32.dll O2 - BHO: agadoo browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\**************.dll O2 - BHO: radbanner browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\***********.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\mesdxbrq***.dll O3 - Toolbar: vwsrfton - {********-****-****-****-************} - C:\WINDOWS\vwsrfton.dll O2 - BHO: A.Video - {0603D38B-C4FF-458D-9E9A-C0FD113FAEC3} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: CTR Video - {0CF8753B-DEB6-4266-BEFF-71F5E0312B0D} - C:\Windows\system32\(Random Name).dll O2 - BHO: MSN Search - {24A1E1CC-4393-941E-B765-2264A695D4E3} - C:\WINDOWS\system32\browsearch.dll O2 - BHO: Windows module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll O2 - BHO: IE Storage - {3F1CEB16-3615-47ED-B153-3E98A4B9F3F5} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: 857060 helper - {6CCBAFC1-5285-494F-93F1-6894C87A9C43} - C:\WINDOWS\system32\857060\857060.dll O2 - BHO: IE VideoStream - {B5B77C65-5849-48E4-999A-FACA72F7B822} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE Optimizer - {BACA5B3B-DD57-4E62-B986-9A5677FBF001} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [\SUE**.exe] C:\Windows\SUE**.exe O4 - HKCU\..\Run: [\SUE**.exe] C:\Windows\SUE**.exe O4 - HKCU\..\Run: [Antivir64] C:\Program Files\Antivir64\Antivir64.exe O4 - HKLM\..\Run: [Device Security] dvcsecure.exe O4 - HKLM\..\Run: [Device Security Manager] dvcsecure.exe O4 - HKLM\..\Run: [DirectX Driver] stdhost.exe O4 - HKLM\..\RunServices: [DirectX Driver] stdhost.exe O4 - HKLM\..\Run: [Help] C:\WINDOWS\system32\lshost.exe O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\msn.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\msn.exe O4 - HKLM\..\Run: [Live Windows Messenger Version] msnmessage7.7.exe O4 - HKLM\..\Run: [Nod32 Service] nod6.exe O4 - HKLM\..\RunServices: [Nod32 Service] nod6.exe O4 - HKCU\..\Run: [Power-Antivirus-2009] C:\Program Files\Power-Antivirus-2009\Power-Antivirus-2009.exe O4 - HKLM\..\Run: [Security Monitor] securemon.exe O4 - HKLM\..\Run: [Symantec Debug Client] symdebugs.exe O4 - HKLM\..\Run: [System Core Memory] syscoremem.exe O4 - HKLM\..\Run: [System DataBase Root] sysdbroot.exe O4 - HKLM\..\Run: [WinDLL (tmp.exe)] rundll32.exe C:\WINDOWS\system32\tmp.exe,start O4 - HKLM\..\Run: [Windows Services] w32services.exe O4 - HKLM\..\Run: [Windows Services M7] ctfmon32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] auth.exe O4 - HKLM\..\Run: [Windows UDP Control Center] msnpd.exe O4 - HKLM\..\Run: [Windows UDP Control Center] taksmrg.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\McAfee.exe O4 - HKLM\..\Run: [WinXPService] C:\windows\fonts\taksmgr.exe O21 - SSODL: tpabfelq - {********-****-****-****-************} - C:\WINDOWS\tpabfelq.dll O21 - SSODL: wbqxfpgl - {********-****-****-****-************} - C:\WINDOWS\wbqxfpgl.dll O23 - Service: msnmgs (Microsoft Message Service XP) - Ap - C:\WINDOWS\fuckit.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\caam\caam.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\emacs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iexplorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\raping.exe v1.216 (14/08/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\ashDsp.exe F3 - REG:win.ini: run="%AppData%\Adobe\Manager.exe" O2 - BHO: addestination browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: ads_optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: adssite - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: adsonmedia browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: adzgalore - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: banneradsgalore browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: bannerstyle browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: bannerstyles browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: browser optimizer superiorads - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: cpmsky browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: giantads.biz browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: gooochi browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: mysidesearch browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: MySidesearch Search Assistant - {********-****-****-****-************} - C:\WINDOWS\system32\mysidesearch_sidebar.dll O2 - BHO: mysidesearch search enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: nextads browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: rightonadz browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\rgtndz.dll O2 - BHO: rightonadz browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll O2 - BHO: superiorads browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: targettedbanner browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll O2 - BHO: 604262 helper - {4F006697-FB04-4B67-86BB-0DCA9C0514B4} - C:\WINDOWS\system32\604262\604262.dll O2 - BHO: GTool - {53322B35-2C26-4FAC-A713-C31BBAA1C636} - C:\WINDOWS\system32\(RandomName).dll O4 - HKLM\..\Run: [{********-****-****-****-************}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\(RandomName).dll" DllStart O4 - HKLM\..\Run: [ashDsp.exe] C:\WINDOWS\system32\ashDsp.exe O4 - HKLM\..\Run: [Core System Hardware] syscorehd.exe O4 - HKCU\..\RunOnce: [dcom] rundll32.exe ritz8.dll,InitDll O4 - HKLM\..\Run: [Device Hardware] devicehnd.exe O4 - HKLM\..\Run: [Device IO System] deviceio.exe O4 - HKLM\..\Run: [Device Security Driver] devicesec.exe O4 - HKLM\..\Run: [logonUiInit] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\rgtndz.dll" DllInit O4 - HKLM\..\Run: [Microsoft Windows (D)] %Temp%\iexplore.exe O4 - HKLM\..\Run: [Security Center Distribution] securesec.exe O4 - HKLM\..\Run: [Security Server DB] secserver.exe O4 - HKLM\..\Run: [Security Service DB] secservice.exe O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\(RandomName).dll" DllInit O4 - HKLM\..\Run: [svc32] C:\WINDOWS\system32\svc32.exe O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe O23 - Service: CdbgEvtSvc - Unknown owner - C:\WINDOWS\System32\CdbgEvtSvc.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINDOWS\system32\sobicyt.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: Virtual Memory Protector - Unknown owner - C:\(Random Location)\(Random Name).exe O23 - Service: WINLOGIN (winlogin) - Unknown owner - C:\WINDOWS\lsass.exe O23 - Service: WinLogons (systems) - Unknown owner - C:\WINDOWS\run32dll.exe O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe v1.215 (11/08/08) O2 - BHO: mxlivemedia browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: Gold.Manager - {67956585-9B5C-4E2B-ABE1-A01BF3046EE1} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\(RandomName).dll O2 - BHO: Mirar - {8DD6F82D-A947-414B-ABD0-72CEF07FB544} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - pns32.dll O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll O2 - BHO: 461942 helper - {F75B6637-89E2-4EA0-8343-F8BF98103654} - C:\WINDOWS\system32\461942\461942.dll O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll O3 - Toolbar: Mirar - {8DD6F82C-A947-414B-ABD0-72CEF07FB544} - C:\WINDOWS\system32\(RandomName).dll O4 - HKLM\..\Run: [{********-****-****-****-************}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\(RandomName).dll" DllStart O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase.exe O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe O4 - HKLM\..\Run: [AXPFixer] C:\Program Files\AXPFixer\AXPFixer.exe O4 - HKCU\..\Run: [ctfnnon] C:\WINDOWS\ctfmon.exe O4 - HKLM\..\Run: [LCASS] lcass.exe O4 - HKLM\..\RunServices: [LCASS] lcass.exe O4 - HKCU\..\Run: [LCASS] lcass.exe O4 - HKCU\..\Run: [SpywareSweeper] C:\Program Files\SpywareSweeper\SpywareSweeper.exe O2 - BHO: ExpertHelper - {EB6EC5D7-7D19-A8C7-D607-F0993BF94A9F} - C:\Program Files\ExpertHelper\ExpertHelper-1.dll O4 - HKLM\..\Run: [MbarInstall] %Temp%\tem**.tmp.exe O4 - HKLM\..\Run: [Msn Message Acount Helper 7.7] msnmessage7.7.exe O4 - HKLM\..\Run: [MSN Security Agent] msnsecure.exe O4 - HKCU\..\Run: [MSWTL32] C:\WINDOWS\MSATL32.exe O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun O4 - HKLM\..\Run: [Security System] securesys.exe O4 - HKLM\..\Run: [SVGA Adapter] svghost.exe O4 - HKLM\..\RunServices: [SVGA Adapter] svghost.exe O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe" O4 - HKLM\..\Run: [\Win***.exe] C:\Windows\system32\Win***.exe O4 - HKCU\..\Run: [\Win***.exe] C:\Windows\system32\Win***.exe O4 - HKLM\..\Run: [WinDLL (asdfsa.exe)] rundll32.exe C:\WINDOWS\System32\asdfsa.exe,start O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmsgr.exe O4 - HKCU\..\Run: [WinXDefender] C:\Program Files\WinXDefender\WinXDefender.exe O23 - Service: Advance Service Process - Unknown owner - C:\Program Files\Common Files\System\MSASP32.exe O23 - Service: Local Network Service (algs) - Unknown owner - C:\WINDOWS\winss O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\system32\msinet.exe O23 - Service: System Event Browser - Unknown owner - C:\WINDOWS\system32\sysbrw32.exe O23 - Service: Windows Network Data Management Service (WNDMS) - Unknown owner - C:\WINDOWS\system32\wndms.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {E4195BA6-9309-6037-9D9B-30D823FEDE06} C:\WINDOWS\1222\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe v1.214 (07/08/08) O2 - BHO: 995937 helper - {1E1465F3-56CF-4FC4-8684-1BD6245AA30D} - C:\WINDOWS\system32\995937\995937.dll O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: Megaupload Toolbar - {EEE17712-987E-4424-A00C-9DA0BC4E2078} - C:\WINDOWS\system32\(RandomName).dll O4 - HKLM\..\Run: [DRam prosessor] msupdate.exe O4 - HKLM\..\RunServices: [DRam prosessor] msupdate.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] windowsupdate.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] windowsupdate.exe O4 - HKLM\..\Run: [Microsoft Windows Expl0rer] expl0rer.exe O4 - HKLM\..\RunServices: [Microsoft Windows Expl0rer] expl0rer.exe O4 - HKLM\..\Run: [Microsoft Winedows startup] WinKey.exe O4 - HKLM\..\RunOnce: [Microsoft Winedows startup] WinKey.exe O4 - HKLM\..\RunServices: [Microsoft Winedows startup] WinKey.exe O4 - HKCU\..\Run: [Microsoft Winedows startup] WinKey.exe O4 - HKCU\..\RunOnce: [Microsoft Winedows startup] WinKey.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\iTuneshelp.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\wmev.exe O4 - HKLM\..\Run: [MSN CST Manager] mancstmgr.exe O4 - HKLM\..\Run: [MSN Database Client] msndbcli.exe O4 - HKLM\..\Run: [MSN Messenger Live Windows] messengerlive.exe O4 - HKLM\..\Run: [MSN Settings Manager] msnsetmg.exe O4 - HKCU\..\Run: [neos] C:\WINDOWS\neos.exe O4 - HKLM\..\Run: [system32] system32.exe O4 - HKLM\..\RunServices: [system32] system32.exe O4 - HKCU\..\Run: [Systems] C:\WINDOWS\Systems.exe O4 - HKLM\..\Run: [WinDLL (windns32.dll)] rundll32.exe C:\WINDOWS\System32\windns32.dll,start O4 - HKLM\..\Run: [Windows Messenger Live MSN] winlivemsnmessenger.exe O4 - HKLM\..\Run: [Windows Messenger Live Startup] windowsmsnlive.exe O4 - HKLM\..\Run: [Windows MSN Live Messenger] winmessengerlive.exe O4 - HKLM\..\Run: [Windows Services] winsyssrv.exe O4 - HKLM\..\Run: [Windows Servser] serviser.exe O4 - HKLM\..\Run: [Windows Taskmanager] taskngr.exe O4 - HKLM\..\RunServices: [Windows Taskmanager] taskngr.exe O4 - HKLM\..\Policies\Explorer\Run: [Windows Taskmanager] taskngr.exe O23 - Service: Virtual Memory Dispatcher - Unknown owner - C:\(RandomName).exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {604BCB9F-5379-1D60-ACED-7E51436972DE} C:\WINDOWS:update.exe v1.213 (05/08/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\wnlmdakq***.dll O3 - Toolbar: bgrqfetx - {********-****-****-****-************} - C:\WINDOWS\bgrqfetx.dll O4 - HKLM\..\Run: [buritos] buritos.exe O4 - HKLM\..\Run: [Live Windows Messenger Version] msnmsngrlive.exe O4 - HKLM\..\Run: [Topic Tilesys] Tilesys.com O4 - HKLM\..\RunServices: [Topic Tilesys] Tilesys.com O4 - HKLM\..\Run: [XP SecurityCenter] C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe /hide O21 - SSODL: tfnslopk - {********-****-****-****-************} - C:\WINDOWS\tfnslopk.dll O21 - SSODL: xokvrpwg - {********-****-****-****-************} - C:\WINDOWS\xokvrpwg.dll O22 - SharedTaskScheduler: COM+ Service - {3229DFCD-3EAF-4712-ED45-4876FEDC170C} - C:\WINDOWS\system32\winload.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {9988775D-4368-4857-871A-D01D66CA3A71}] rundll32 ritz8.dll,InitO tdssserv.sys v1.212 (03/08/08) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe O2 - BHO: 518963 helper - {7F764725-92AF-4164-9554-CFE075CE0263} - C:\WINDOWS\system32\518963\518963.dll O2 - BHO: 784953 helper - {32E0E18C-7B9A-4A83-96D1-75DF1AFD98A3} - C:\WINDOWS\system32\784953\784953.dll O2 - BHO: 960932 helper - {36C38422-602D-48A3-8110-4174CBDDA12C} - C:\WINDOWS\system32\960932\960932.dll O2 - BHO: 977751 helper - {399CF5DA-29AE-43C2-8F9D-786B803F1DC1} - C:\WINDOWS\system32\977751\977751.dll O2 - BHO: LabelCommand module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - %allusersprofile%\Application Data\services\services.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O4 - HKLM\..\Run: [CLI Services] clisrv.exe O4 - HKLM\..\Run: [Microsft Remote Procedure Daemon] msrpcd.exe O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32:svchost.exe O4 - HKLM\..\Run: [Windows Services] dllhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {05678D88-71DC-B123-1C5C-A2194F963210} C:\WINDOWS\system32\sysm\smssm.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {0D0E2092-26AA-197F-AD04-42AAB7AA4C5F} C:\WINDOWS\system32:svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {354558B1-932C-7AA1-7E39-339591EDCC80} C:\Program Files\Micros\svhoost.exe v1.211 (01/08/08) O2 - BHO: Rmn plugin - {930247B4-16BE-48d2-87DD-86D7FB314639} - ritz8.dll O2 - BHO: CUNta - {933ED98E-57E9-11DD-BF82-A36255D89593} - C:\WINDOWS\system32\cunta.dll O3 - Toolbar: Internet Service - {38BF827A-D7C5-46E1-A9A2-47B1B5BB5438} - C:\Program Files\Applications\iebr.dll O4 - HKLM\..\Run: [Clip Service Manager] clipmg.exe O4 - HKLM\..\Run: [Clip Servicer] clipsrvc.exe O4 - HKLM\..\Run: [nVidia Application Drivers] nvidiav32.exe O20 - AppInit_DLLs: karina.dat v1.210 (30/07/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mrcmgr.exe, F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\wsivs.exe, O2 - BHO: IE Microsoft extension - {161B953B-95F9-4af3-B071-D5FF5EA132EF} - C:\WINDOWS\system32\mshpc.dll O2 - BHO: MddApp Class - {1A4F919F-4334-4abf-BF47-0836A8B5A54B} - C:\WINDOWS\System32\ddr7xm.dll O2 - BHO: BHO.tbl2 - {76086C05-4D0A-4B92-9219-2E3FE8C553F9} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: 804031 helper - {C82B3296-FC52-4CD7-876B-8147E28DA748} - C:\WINDOWS\system32\804031\804031.dll O2 - BHO: AOL Toolbar - {FB0E529A-3D2C-473E-83FE-9E56AC6CC0EB} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\mrcmgr.exe O4 - HKLM\..\Run: [nVidia Display Drivers (x86)] nvsys86.exe O4 - HKLM\..\Run: [nVidia System Drivers] nvsys32.exe O4 - HKCU\..\Run: [Skra] C:\Program Files\Skra\Skra.exe O4 - HKLM\..\Run: [Windows Server IP Verification Service] "C:\WINDOWS\System32\wsivs.exe" * O23 - Service: Windows Server IP Verification Service (WSIVS) - Unknown owner - C:\WINDOWS\System32\wsivs.exe v1.209 (27/07/08) O2 - BHO: Rmn plugin - {7FED228E-A6F7-49aa-A0BC-76E0A67C53BB} - drweb32.dll O2 - BHO: Rmn plugin - {7FED228E-A6F7-49aa-A0BC-76E0A67C53BB} - nod32.dll O2 - BHO: DrFlex IE Helper - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - C:\Program Files\QdrDrive\QdrDrive20.dll O2 - BHO: BHO5 - {9873E994-669E-4044-BA64-E5D9AD534A55} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BHO.toolbar3 - {A4D16645-4149-41FB-B670-E06072E540C1} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe" O4 - HKLM\..\Run: [Microsoft] ntsvr.exe O4 - HKLM\..\RunServices: [Microsoft] ntsvr.exe O4 - HKLM\..\Run: [System Config Boot] syscgboot.exe O4 - HKLM\..\Run: [System Registry Manager] sysrgmgr.exe O4 - HKLM\..\Run: [wmisrv] C:\wmisrv.exe O20 - Winlogon Notify: mcrwave - C:\WINDOWS\SYSTEM32\mcrwave.dll msdefender.sys dwave.sys v1.208 (24/07/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nfavxwdb***.dll O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\Windows\system32\(Random Name).dll O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE.Filter - {F65E955E-26C0-42FF-8EE2-443A05EA286A} - C:\WINDOWS\system32\(Random Name).dll O3 - Toolbar: fdkowvbp - {********-****-****-****-************} - C:\WINDOWS\fdkowvbp.dll O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\Antivirus 2009\av2009.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\AVM\avm.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\AVM\avm.exe O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\microsoft\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\microsoft\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\microsoft\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\microsoft\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\microsoft\svchost.exe O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [beta] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKCU\..\Run: [s9201] "%AllUsersProfile%\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe O4 - HKLM\..\Run: [System CGI Manager] syscgmgr.exe O4 - HKLM\..\Run: [System DB Manager] sysdbmg.exe O4 - HKCU\..\Run: [TheSpyBot] C:\Program Files\TheSpyBot\TheSpyBot.exe O4 - HKLM\..\Run: [Windows Registery Center] svhchosts.exe O4 - HKLM\..\Run: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] mssngear.exe O4 - HKLM\..\RunServices: [Windows Service Agent] mssngear.exe O4 - HKCU\..\Run: [Windows Service Agent] mssngear.exe O4 - HKLM\..\Run: [Windows Services] servicez.exe O4 - HKLM\..\Run: [WinManage] C:\WINDOWS\system32\wmanage.exe O21 - SSODL: eqvwamkl - {********-****-****-****-************} - C:\WINDOWS\eqvwamkl.dll O21 - SSODL: wnslvxtf - {********-****-****-****-************} - C:\WINDOWS\wnslvxtf.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {19787F52-F569-66C9-0107-060800060008} C:\WINDOWS\system32\WinSecDir.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} C:\WINDOWS\lofFile.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} C:\WINDOWS\lofFile.exe v1.207 (20/07/08) O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll O2 - BHO: 219725 helper - {6EA1DB25-2524-4DD6-B997-42E8F38C6E46} - C:\WINDOWS\system32\219725\219725.dll O2 - BHO: toolbar.search - {19B8572F-894F-41E0-9309-00091B688905} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: search toolbar - {7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: TBBho Class - {F8EA6827-1B82-494a-ACAC-A582A714DCA8} - C:\WINDOWS\tBHO.dll O4 - HKLM\..\Run: [Boot Server] bootserver.exe O4 - HKLM\..\Run: [Boot Service] bootservice.exe O4 - HKLM\..\Run: [Csrss Host] csrhost.exe O4 - HKLM\..\Run: [File-Sharing Wizard] shwizard.exe O4 - HKLM\..\Run: [Firewall] C:\WINDOWS\ctfmon.exe O4 - HKLM\..\Run: [G4G] C:\WINDOWS\ghg8aw3lo.exe O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\system\winlogon.exe O4 - HKLM\..\Run: [Gestionnaire des tâches de Windows] C:\WINDOWS\system32\taskmgr.exe O4 - HKLM\..\Run: [IPLog Security] iplogsec.exe O4 - HKLM\..\Run: [Microsoft Excele] C:\WINDOWS\System32\msmsgs.exe O4 - HKCU\..\Run: [Microsoft Excele] C:\WINDOWS\System32\msmsgs.exe O4 - HKLM\..\Run: [Microsoft Initialization Service] initsvc.exe O4 - HKLM\..\Run: [Microsoft Initialization Services] initserv.exe O4 - HKLM\..\Run: [Microsoft Kinetik Svc] msftksvc.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] svcchost.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] svcchost.exe O4 - HKLM\..\Run: [Microsoft Update] enule.exe O4 - HKLM\..\RunServices: [Microsoft Update] enule.exe O4 - HKLM\..\Run: [mshujsys] C:\WINDOWS\system32\mshujsys.exe O4 - HKLM\..\Run: [MSN Messages] msnmessgs.exe O4 - HKLM\..\Run: [MSN Messenger Inbox Loader] msninbox.exe O4 - HKLM\..\Run: [MSN Messenger Live Login] msnmessengerlive.exe O4 - HKLM\..\Run: [MSN Messenger Service Startup] msnservice.exe O4 - HKLM\..\Run: [MSN Router] msnrouter.exe O4 - HKLM\..\Run: [MSN Servicer] msnservicer.exe O4 - HKLM\..\Run: [Services DLL Loader] srvdll.exe O4 - HKLM\..\Run: [Smss Host] smhost.exe O4 - HKLM\..\Run: [SND Volumes] sndvolumes.exe O4 - HKLM\..\Run: [Srv Host] srvhost.exe O4 - HKCU\..\Run: [SYSTEM] C:\WINDOWS\SystemFile.exe O4 - HKLM\..\Run: [System IP] systemip.exe O4 - HKLM\..\Run: [System Task Manager] taskmrg.exe O4 - HKLM\..\RunServices: [System Task Manager] taskmrg.exe O4 - HKLM\..\Run: [Win Config] winconfig.exe O4 - HKLM\..\Run: [Windows Genuine Validate] C:\WINDOWS\system32\winservicessss.exe O4 - HKLM\..\Run: [Windows Helper] wsctnfy.exe O4 - HKLM\..\RunServices: [Windows Helper] wsctnfy.exe O4 - HKLM\..\Run: [Windows Local ISP] winthcr.exe O4 - HKLM\..\Run: [Windows Messenger Live Startup] windowslivemsn.exe O4 - HKLM\..\Run: [Win Security] winsecure.exe O4 - HKLM\..\Run: [Windows Temperate Services] wintmp.exe O4 - HKLM\..\Run: [XP Loader] loaderxp.exe O4 - HKLM\..\Run: [XP System] systemxp.exe O23 - Service: AOL Antivirus Update Service (RandomName) - Unknown owner - C:\WINDOWS\system32\(RandomName).exe O23 - Service: Asset Management Daemon (RandomName) - Unknown owner - C:\WINDOWS\System32\(RandomName).exe O23 - Service: Backbone Service (RandomName) - Unknown owner - C:\WINDOWS\system32\(RandomName).exe O23 - Service: BsHelpCS (RandomName) - Unknown owner - C:\WINDOWS\System32\(RandomName).exe O23 - Service: SmartLinkService (RandomName) - Unknown owner - C:\WINDOWS\system32\(RandomName).exe O23 - Service: Websense CPM Report Scheduler (RandomName) - Unknown owner - C:\WINDOWS\system32\(RandomName).exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2bf41072-b2b1-21c1-b5c1-0305f4155515} C:\WINDOWS\system32\winservicessss.exe glok+*-*.sys v1.206 (17/07/08) O2 - BHO: C:\WINDOWS\system32\(RandomName).dll - {C5AF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: IE.SpamFilter - {DB055111-4F4F-4730-ADC5-C40EBBFF6E67} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [MSN6.1 Auto-Updater] v6msn.exe O4 - HKLM\..\Run: [MSN File Configuration] msnfilecfg.exe O4 - HKLM\..\Run: [MSN File Sharing Wizard] msnsharewiz.exe O4 - HKLM\..\Run: [System Updates] (Random 4 Letter).exe O4 - HKLM\..\RunServices: [System Updates] (Random 4 Letter).exe O4 - HKCU\..\Run: [System Updates] (Random 4 Letter).exe O4 - HKCU\..\RunServices: [System Updates] (Random 4 Letter).exe O4 - HKLM\..\Run: [Windows Services] winsysdll.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\msnsa32.exe O21 - SSODL: evgratsm - {********-****-****-****-************} - C:\WINDOWS\evgratsm.dll O21 - SSODL: kvxqmtre - {********-****-****-****-************} - C:\WINDOWS\kvxqmtre.dll O22 - SharedTaskScheduler: (RandomName) - {C5AF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(RandomName).dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635615} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635618} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe msliksurserv.sys v1.205 (15/07/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\service.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Media\csrss.exe F3 - REG:win.ini: load=C:\WINDOWS\soundmgr.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kgxmotap***.dll O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll O2 - BHO: NETWORK SERVICE - {3A4E6FF3-BF59-446E-9DC8-731BCE2F349A} - C:\WINDOWS\system32\msupdate.dll O2 - BHO: 750623 helper - {3CCCCEF1-D6D1-4BD0-84D3-BA6E364E7DCD} - C:\WINDOWS\system32\750623\750623.dll O2 - BHO: IEBlocker.Flt - {FFE59EC6-5491-4EF3-BA0D-77B0D895B4F7} - C:\WINDOWS\System32\(Random Name).dll O2 - BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE.Filter - {8B2AE9C0-1555-4C92-905A-531532F15698} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program FileS\Web Technologies\iebt.dll O3 - Toolbar: qndsfmao - {********-****-****-****-************} - C:\WINDOWS\qndsfmao.dll O3 - Toolbar: Internet Service - {1C56E97B-A95F-47B2-93C0-3FEED24479A7} - C:\Program Files\Web Technologies\iebr.dll O3 - Toolbar: Internet Service - {65742936-8079-408B-9F3C-874B78030A72} - C:\Program FileS\Web Technologies\iebr.dll O4 - HKCU\..\Run: [Antivirus] C:\Program Files\AAV\aav.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\AAV\aav.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe O4 - HKLM\..\Run: [asc32] "C:\Program Files\ASC 2.1\asc 2.1.exe" O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\ASC 2.1\asc 2.1.exe O4 - HKLM\..\Run: [Generic Host Process for Win Services] mscvs.exe O4 - HKLM\..\RunServices: [Generic Host Process for Win Services] mscvs.exe O4 - HKLM\..\RunOnce: [Generic Host Process for Win Services] mscvs.exe O4 - HKLM\..\Policies\Explorer\Run: [GT15J4R49V] C:\WINDOWS\cpuserv.exe O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean O4 - HKLM\..\Run: [Microsoft] svhost.exe O4 - HKLM\..\RunServices: [Microsoft] svhost.exe O4 - HKLM\..\Run: [MPatrolPRO] C:\Program Files\MPatrolPRO\MPatrolPRO.exe O4 - HKLM\..\Run: [MSN Communication Manager] msncommgr.exe O4 - HKLM\..\Run: [MSN RPC Manager] msnrpcmgr.exe O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Service Update Client] svcupdcli.exe O4 - HKCU\..\Run: [Services] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [Sys*.exe] C:\WINDOWS\Sys*.exe O4 - HKCU\..\Run: [Sys*.exe] C:\WINDOWS\Sys*.exe O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe O4 - HKLM\..\Policies\Explorer\Run: [win] C:\WINDOWS\winupdt.exe O4 - HKLM\..\Policies\Explorer\Run: [win aggior] C:\WINDOWS\winupdt.exe O4 - HKLM\..\Policies\Explorer\Run: [win aggiornamento] C:\WINDOWS\winupdate.exe O4 - HKLM\..\Run: [Windows] C:\WINDOWS\system32\spoovlss.exe O4 - HKLM\..\Run: [Windows Host Booter] hostbooter.exe O4 - HKLM\..\Run: [Windows MSN Live Messenger] winlivemsn.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogin.exe O4 - HKLM\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Services] service.exe O4 - HKLM\..\Run: [Windows Services] w32edus.exe O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\scrigz.exe O4 - HKLM\..\Run: [Windows WKS Services] wkssvr1.exe O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe O21 - SSODL: fdxbameg - {********-****-****-****-************} - C:\WINDOWS\fdxbameg.dll O21 - SSODL: fsrpknov - {********-****-****-****-************} - C:\WINDOWS\fsrpknov.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {10388970-0592-BCC4-1BCB-3147DA75A2F6} C:\WINDOWS\system32\Resource\wblinds.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {10388970-0592-BCC4-1BCB-3147DA75A2F6} C:\WINDOWS\system32\Resource\wga.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {712EFA19-5088-15E5-1990-B875C6D83C16} C:\WINDOWS\Resource\svchost.exe mickey32.sys v1.204 (09/07/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\wbxdpgfe***.dll O2 - BHO: IESiteBlocker.NavFilter - {1AB6932F-92FE-42E6-870C-544AE458EA78} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - C:\Program Files\ASC 2.1\ASCWarning32.dll O3 - Toolbar: sqvgnrpx - {********-****-****-****-************} - C:\WINDOWS\sqvgnrpx.dll O4 - HKLM\..\Run: [Service2] C:\WINDOWS\Drivers\Intel\Service2.exe -b C:\WINDOWS\Drivers\Intel\Sample.config O4 - HKLM\..\Run: [Windows Services] winlogon.exe O4 - HKLM\..\Run: [Windows Services] winudp.exe O23 - Service: Client Server Runtime Counter - Unknown owner - C:\WINDOWS\system32\crssc.exe v1.203 (07/07/08) O2 - BHO: VideoCodec Class - {284AAAD9-FDF9-49A3-93ED-9CAE4AA26805} - C:\WINDOWS\system32\AswBHO.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\PCTotalDefender\Tools\pblock.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\PCTotalDefender\Tools\sbiebho.dll O2 - BHO: EpsonToolBandKicker Class - {87FD33C2-7891-45D5-ACD1-7935F9AEA26B} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dll O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - C:\Program Files\IE Extensions\cj.v5.dll O2 - BHO: rmd - {DE5F80FD-8A16-4E53-A670-25EDD1152274} - C:\WINDOWS\system32\rmd.dll O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\PCTotalDefender\bm.exe" dm=ht*p://pctotaldefender.com ad=ht*p://pctotaldefender.com sd=ht*p://loginst.pctotaldefender.com O4 - HKLM\..\Run: [Boot Client] bootcli.exe O4 - HKCU\..\Run: [msserv] C:\WINDOWS\msserv.exe O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\PCTotalDefender\pgs.exe" /empty O4 - HKLM\..\Run: [pctdf.exe] C:\WINDOWS\pctdf.exe O4 - HKLM\..\Run: [PCTotalDefender] C:\Program Files\PCTotalDefender\pgs.exe O4 - HKLM\..\Run: [Service Client] winsvcli.exe O4 - HKLM\..\Run: [sprof] C:\Program Files\sprof\sprof.exe O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\PCTOTA~1\ugac.exe" -start O4 - HKLM\..\Run: [UPD Client] updclient.exe O4 - HKLM\..\Run: [WinAntispyware2008] "C:\Program Files\WinAntispyware2008\WinAntispyware2008.exe" /hide O4 - HKLM\..\Run: [Windows Firewall] rundll32.exe O4 - HKLM\..\RunServices: [Windows Firewall] rundll32.exe O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe v1.202 (06/07/08) O2 - BHO: 778670 helper - {1B12F639-CBA9-45DD-89FE-9FA7D4340716} - C:\WINDOWS\system32\778670\778670.dll O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {784CE1EA-4109-4D9E-BAD0-6E022808EEAE} - C:\Program Files\SpyGuarder\redir.dll O2 - BHO: (no name) - {83798BB2-00CD-4CF4-84CC-D814DC7A510F} - C:\Program Files\SpyGuarder\redir.dll O2 - BHO: (no name) - {C40624B4-CCDB-4F00-8888-7896032D234A} - %AppData%\redir.dll O2 - BHO: (no name) - {E37D4210-1D22-437A-96B6-977EC202869E} - %AppData%\redir.dll O2 - BHO: (no name) - {F3642B57-3EA8-4EEA-A643-9DE138381A57} - C:\Program Files\WinX Security Center\redir.dll O4 - HKLM\..\Run: [MSN Update Cfg] msnupdbt.exe O4 - HKCU\..\Run: [SpyGuarder] C:\Program Files\SpyGuarder\SpyGuarder.exe O4 - HKLM\..\Run: [Windows Driver Sup] windvrhost.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe O4 - HKCU\..\Run: [WinX Security Center] C:\Program Files\WinX Security Center\WinX Security Center.exe v1.201 (03/07/08) O2 - BHO: Microsoft Shared Library Object Version - {0000AC13-3487-1583-C4BE-BE6A839DB000} - C:\WINDOWS\system32\mfc42dx1.dll O2 - BHO: Rmn plugin - {00EBB3B3-DEAD-4440-B1F8-B09DDDB89EF3} - lbbd32.dll O2 - BHO: 734914 helper - {0BD071A6-C989-49E8-9B8E-80F92A868E26} - C:\WINDOWS\system32\734914\734914.dll O2 - BHO: WarningBHO Class - {9989F1F6-70DE-4244-AC9F-6672983681A0} - C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll O2 - BHO: XTTBPos00 - {E014A78F-34DC-4BE5-83BB-58CA12E384B6} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll O4 - HKLM\..\Run: [AntiSpyCheck 2.1] "C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe" O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe O4 - HKLM\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\RunServices: [Ms System Config] xplsass.exe O4 - HKCU\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\system32\systems.exe O4 - HKLM\..\Run: [MSN Auto-Updater] msnaupdater.exe O4 - HKLM\..\Run: [MSN Update Client] msnupdcli.exe O4 - HKLM\..\Run: [OS Boot Loader] bootloader.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe O4 - HKLM\..\Run: [Windows ARP Detectioncx] winlogon.exe O4 - HKLM\..\Run: [Windows Messenger User Agent] msnmsrg.exe O4 - HKLM\..\Run: [Windows Networking Monitor] C:\WINDOWS\system32\mdm.exe O4 - HKCU\..\Run: [Windows Networking Monitor] C:\WINDOWS\system32\mdm.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {D49F8938-7BA6-108A-3377-03D18C391234} C:\WINDOWS\system32\systems.exe v1.200 (02/07/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\Spool.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kgqfwelt***.dll O2 - BHO: Microsoft Shared Library Object Version - {0000AC13-3487-1583-C4BE-BE6A839DB000} - C:\WINDOWS\system32\mfc42dx1.dll O2 - BHO: Rmn plugin - {0de68a8a-8158-4bde-8f5f-849f00af31fb} - bsndcom.dll O2 - BHO: Rmn plugin - {0de68a8a-8158-4bde-8f5f-849f00af31fb} - sndcom.dll O2 - BHO: Rmn plugin - {096059fd-99ab-41eb-9e55-59aeb0a3b444} - roadmap16.dll O2 - BHO: 459849 helper - {2839B753-1D7A-4C28-8F8D-86CEFFE5F205} - C:\WINDOWS\system32\459849\459849.dll O2 - BHO: scriptproxy - {6D0386B3-FD72-488E-9740-90355AE21735} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WarningBHO Class - {9989F1F6-70DE-4244-AC9F-6672983681A0} - C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\Windows\system32\(Random Name).dll O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - C:\Program Files\Web Technologies\iebt.dll O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll O3 - Toolbar: nqgpedlr - {********-****-****-****-************} - C:\WINDOWS\nqgpedlr.dll O4 - HKLM\..\Run: [AntiSpyCheck 2.1] "C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe" O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe O4 - HKLM\..\Run: [Intranet] schost.exe O4 - HKLM\..\RunServices: [Intranet] schost.exe O4 - HKLM\..\Run: [java] system.exe O4 - HKLM\..\RunServices: [java] system.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] service.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] service.exe O4 - HKLM\..\Run: [Microsoft Update] rundll32.dll O4 - HKLM\..\RunServices: [Microsoft Update] rundll32.dll O4 - HKLM\..\Run: [Microsoft Update Machine] systemi.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemi.exe O4 - HKCU\..\Run: [Microsoft Update Machine] systemi.exe O4 - HKLM\..\Run: [Microsoft Windows Express] Microsoft Update O4 - HKLM\..\RunServices: [Microsoft Windows Express] Microsoft Update O4 - HKLM\..\Run: [Microsoft Windows Sound] svuhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svuhost.exe O4 - HKLM\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\RunServices: [Ms System Config] xplsass.exe O4 - HKCU\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsass32.exe O4 - HKLM\..\Run: [MSN Auto-Updater] msnupdates.exe O4 - HKLM\..\Run: [MSN CNF Manager] msncnfmgr.exe O4 - HKLM\..\Run: [MSN File & Folder Sharing App] msnfileshare.exe O4 - HKLM\..\Run: [MSN P2P Manager] msnp2pmgr.exe O4 - HKLM\..\Run: [MSN Rx Manager] msnrxmgr.exe O4 - HKLM\..\Run: [MSN Update Client] msnupdater.exe O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe O4 - HKLM\..\Run: [OS Boot Loader] bootloader.exe O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe O4 - HKLM\..\Run: [Registry System] Regsys.exe O4 - HKLM\..\RunServices: [Registry System] Regsys.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\System Doctor\dcmon.exe" dm=ht*p://systemdoctor.com ad=ht*p://systemdoctor.com sd=ht*p://log.systemdoctor.com/ O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min O4 - HKLM\..\Run: [System Doctor Free] C:\Program Files\System Doctor Free\systemdoc.exe -scan O4 - HKLM\..\Run: [Task managebrkb] taskmg.exe O4 - HKLM\..\RunServices: [Task managebrkb] taskmg.exe O4 - HKCU\..\Run: [Task managebrkb] taskmg.exe O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe O4 - HKLM\..\Run: [VistaUpgrade] C:\WINDOWS\System32\vistaupgrade.exe O4 - HKLM\..\Run: [Windows Messenger User Agent] msnmsrg.exe O4 - HKLM\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe O4 - HKCU\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe O4 - HKLM\..\Run: [Windows Services] avsrv32.exe O4 - HKLM\..\Run: [Windows TaskManager] tskmngr.exe O4 - HKLM\..\RunServices: [Windows TaskManager] tskmngr.exe O4 - HKLM\..\Run: [WPSVC Services] wpnsc.exe O18 - Filter hijack: text/html - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\twain_16.dll O18 - Filter hijack: text/html - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\xmlmimefilter.dll O21 - SSODL: axrfgvek - {********-****-****-****-************} - C:\WINDOWS\axrfgvek.dll O21 - SSODL: okmdepgb - {********-****-****-****-************} - C:\WINDOWS\okmdepgb.dll O23 - Service: Spool SubSystem App - Unknown owner - C:\WINDOWS\system\Spool.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {15CDF7EC-751B-46aa-AD69-4005FE080DE8} C:\Windows\system32\netservs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {88ABC5C0-4FCB-11BB-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe v1.199 (30/06/08) O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avrscan.exe clbdriver.sys v1.198 (28/06/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe, O2 - BHO: QuickTalk 2.1 - {A34FA88D-8437-4634-8A60-E913011EF2E5} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Abobe BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BHO toolbar - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BhoApp Class - {28F51CDA-3BD1-4F06-8F7B-2A881411983F} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: ProAct - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WinGold - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Xena toolbar - {2FF811E6-8925-4084-A649-C159955E67E8}} - C:\WINDOWS\system32\(Random Name).dll O4 - HKCU\..\Run: [InstallProgram] %Temp%\lprn32.exe O4 - HKCU\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avscan.exe O4 - HKLM\..\Run: [Windows Service Controller Agent] taksmgr.exe O4 - HKLM\..\Run: [Windows Services] w32services.exe v1.197 (26/06/08) O2 - BHO: 788877 helper - {7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B} - C:\WINDOWS\system32\788877\788877.dll O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - C:\WINDOWS\system32\931928\931928.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\gfetqaxs***.dll O3 - Toolbar: gxvpsafm - {********-****-****-****-************} - C:\WINDOWS\gxvpsafm.dll O3 - Toolbar: Internet Service - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - C:\Program Files\Web Technologies\iebr.dll O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKCU\..\Run: [Antivirus2008y] C:\Program Files\Antivirus2008y\antvrs.exe O4 - HKLM\..\Run: [MSN Client Manager] msnclimgr.exe O4 - HKLM\..\Run: [secdrive.exe] C:\WINDOWS\pchealth\helpctr\binaries\secdrive.exe O4 - HKLM\..\Run: [system.exe] C:\WINDOWS\pchealth\helpctr\binaries\system.exe O4 - HKLM\..\Run: [Windows Services] w32service.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\McAfee3.exe O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKLM\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\Run: [WinXProtector] C:\Program Files\WinXProtector\WinXProtector.exe O21 - SSODL: pntqkflv - {********-****-****-****-************} - C:\WINDOWS\pntqkflv.dll O21 - SSODL: qegbdmwf - {********-****-****-****-************} - C:\WINDOWS\qegbdmwf.dll O23 - Service: TCP/IP NetBIOS (NetBS) - Unknown owner - C:\WINDOWS\system32\netbios.exe v1.196 (23/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\MSVCRT.exe O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jkcom32.dll O2 - BHO: 441465 helper - {D311C486-7D5F-4D73-B791-EE56C47D3B2E} - C:\WINDOWS\system32\441465\441465.dll O4 - HKLM\..\Run: [GP Updater] gpupdater.exe O4 - HKLM\..\Run: [kiss] %ProgramFiles%\dfsdfsd\pingy.exe O4 - HKLM\..\Run: [Microsoft Manage Services] schost.exe O4 - HKLM\..\Run: [Microsoft SQL Services] scvhost.exe O4 - HKCU\..\Run: [MicrosoftUpdate] C:\WINDOWS\RBuilder.exe O4 - HKLM\..\Run: [Microsoft Update] SetPoints.exe O4 - HKLM\..\RunServices: [Microsoft Update] SetPoints.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svghost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svghost.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svrhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svrhost.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svshost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svshost.exe O4 - HKLM\..\Run: [MSN] C:\Windows\SexyMama.JPG.exe O4 - HKLM\..\Run: [Network maneger] C:\WINDOWS\system\svchost.exe O4 - HKCU\..\Run: [Network maneger] C:\WINDOWS\system\svchost.exe O4 - HKLM\..\Run: [Srv32Win] C:\Program Files\csrss.exe O4 - HKLM\..\Run: [Windows Anti Virus Control Center] winavscan.exe O4 - HKLM\..\Run: [Windows Update] livesrvs.exe O4 - HKLM\..\RunServices: [Windows Update] livesrvs.exe O4 - HKCU\..\Run: [Windows Update] livesrvs.exe O4 - HKCU\..\RunServices: [Windows Update] livesrvs.exe O23 - Service: Microsoft Visual Basic - Unknown owner - C:\WINDOWS\system\MSVCRT.exe v1.195 (20/06/08) O2 - BHO: 238044 helper - {C0F371D7-926D-4700-B65E-63BFF1197205} - C:\WINDOWS\system32\238044\238044.dll O2 - BHO: 349168 helper - {72B76B57-6F12-4931-9910-B04B5E8A8268} - C:\WINDOWS\system32\349168\349168.dll O2 - BHO: 371186 helper - {27D351C5-4044-4C42-B3FE-33C57B9459C0} - C:\WINDOWS\system32\371186\371186.dll O2 - BHO: 689371 helper - {9710AFD1-B321-4B6A-B2A7-E9001B5E894B} - C:\WINDOWS\system32\689371\689371.dll O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll O2 - BHO: Editor plugin - {3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C} - winbios1.dll O2 - BHO: H - {6A2432C9-F515-40c4-A5C7-402A0EC7A9C3} - s1df23e_.dll O2 - BHO: Gamburg provider - {937A3F9C-6D70-483f-804F-BB6C118FE760} - natkssn.dll O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\WINDOWS\system32\iebt.dll O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\Program Files\Web Technologies\iebt.dll O2 - BHO: H - {B1FBF2E1-C164-4ebe-AB04-B839655CC927} - sffer2222.dll O2 - BHO: Flash Module - {B7A4FE11-BF1A-467b-9E24-C4CF9CFC74AF} - stylem1.dll O2 - BHO: H - {CC9BC69C-F035-46bc-A67B-353B8BAE61CD} - fgwsqe_.dll O2 - BHO: H - {D3992FA1-7712-49ae-A6D5-927FE2F17632} - marasm.dll O2 - BHO: Editor plugin - {D8BF9488-4F5C-41f7-8EE5-358FA79C5092} - nuid1.dll O2 - BHO: Editor plugin - {E4B4FEAA-FC1B-488d-9AA4-EDD924EAA809} - flashm1.dll O2 - BHO: Gamburg provider - {FFFFFFFF-6D70-483f-804F-BB6C118FE760} - resnm16 O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:\Program Files\Web Technologies\iebr.dll O4 - HKLM\..\Run: [MSN] C:\Windows\wkssvrs.exe O4 - HKLM\..\Run: [mssysif] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\Run: [mssysif] C:\WINDOWS\system32\(Random Name).tmp O4 - HKCU\..\Run: [msvupdater] C:\WINDOWS\msvupdater.exe O4 - HKLM\..\Run: [Sys*.exe] C:\Sys*.exe O4 - HKCU\..\Run: [Sys*.exe] C:\Sys*.exe O4 - HKLM\..\Run: [Windows svchost] avserv.exe O4 - HKLM\..\Run: [Winsock2 driver] CFTMON.EXE O4 - HKCU\..\RunOnce: [Winsock2 driver] CFTMON.EXE pqasghjd.sys v1.194 (17/06/08) F2 - REG:system.ini: Shell=C:\WINDOWS\system32\drivers\services.exe Explorer.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googlecb.dll O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googleci.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\ksendlbt***.dll O2 - BHO: 214075 helper - {8E96D546-8096-42B2-8EBF-16AC5A119A59} - C:\WINDOWS\system32\214075\214075.dll O2 - BHO: 851174 helper - {CC021A21-6AC0-4BDA-A503-68F041A7EAD2} - C:\WINDOWS\system32\851174\851174.dll O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jzcom32.dll O3 - Toolbar: vrmdtneg - {********-****-****-****-************} - C:\WINDOWS\vrmdtneg.dll O4 - Startup: userinit.exe O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe O4 - HKLM\..\Run: [Image Remote Players] sysvn.exe O4 - HKLM\..\Run: [Windows Acer Service ] acersv.exe O4 - HKLM\..\Run: [Windows svchost] ctfmon32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgrs.exe O4 - HKLM\..\Run: [Windows svchost] servicean.exe O4 - HKLM\..\Run: [winlogon] %userprofile%\svchost.exe O4 - HKCU\..\Run: [winlogon] %userprofile%\svchost.exe O21 - SSODL: wpvmqosg - {********-****-****-****-************} - C:\WINDOWS\wpvmqosg.dll O21 - SSODL: xvorfwbd - {********-****-****-****-************} - C:\WINDOWS\xvorfwbd.dll O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe v1.193 (16/06/08) O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - C:\WINDOWS\system32\763444\763444.dll O4 - HKLM\..\Run: [] fada.exe O4 - HKLM\..\RunServices: [] fada.exe O4 - HKCU\..\Run: [] fada.exe O4 - HKLM\..\Run: [{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}] "C:\WINDOWS\sysqyzwud.exe" O4 - HKLM\..\Run: [{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}] "C:\WINDOWS\sysqkmwfedz.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\Windows\sysawpbkvnq.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\Windows\sxpgknrwva.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\WINDOWS\sysavxjgdu.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\sxjecknqhu.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\syssfzvakqg.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\syspyukrazv.exe" O4 - HKLM\..\Run: [{7DD4A7AC-A3F1-4495-884A-7947C5B89108}] "C:\WINDOWS\sysahbecjh.exe" O4 - HKLM\..\Run: [{9754B85A-3B34-4969-BE1F-CD03227E9470}] "C:\WINDOWS\sysatjsicj.exe" O4 - HKLM\..\Run: [{9754B85A-3B34-4969-BE1F-CD03227E9470}] "C:\WINDOWS\syszweuas.exe" O4 - HKLM\..\Run: [{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}] "C:\WINDOWS\sxnwhbvrzc.exe" O4 - HKLM\..\Run: [{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}] "C:\WINDOWS\sysqrnxstju.exe" O4 - HKLM\..\Run: [{B081DB1F-4EE6-4021-9DD4-8B300F0D636D}] "C:\WINDOWS\syssngbeh.exe" O4 - HKLM\..\Run: [{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}] "C:\WINDOWS\sysawechod.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysabmpmfr.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysnxcphmgy.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysutrnez.exe" O4 - HKLM\..\Run: [{E4785213-3EFE-4c26-A9B4-332440E31F6F}] "C:\WINDOWS\sysrxmfdksp.exe" O4 - HKLM\..\Run: [{F758F78B-0885-490e-AA3C-4A38D28B0240}] "C:\Windows\sxpjbwvahn.exe" O4 - HKLM\..\Run: [1234klsjdc uiar924c af] "C:\WINDOWS\sxgnsvuxct.exe" O4 - HKLM\..\Run: [1234klsjdc uiar924c af] "C:\WINDOWS\sysvtypkbjx.exe" O4 - HKLM\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe O4 - HKCU\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe O4 - HKCU\..\Run: [GetModule*] "C:\Program Files\GetModule\GetModule*.exe" O4 - HKCU\..\Run: [GetPack*] "C:\Program Files\GetPack\GetPack*.exe" O4 - HKLM\..\Run: [icccomp] (Random 8 Letter).exe O4 - HKCU\..\Run: [icccomp] (Random 8 Letter).exe O4 - HKLM\..\Run: [idlesam] (Random 8 Letter).exe O4 - HKCU\..\Run: [idlesam] (Random 8 Letter).exe O4 - HKLM\..\Run: [kdmsx] (Random 8 Letter).exe O4 - HKCU\..\Run: [kdmsx] (Random 8 Letter).exe O4 - HKLM\..\Run: [mceipww] (Random 8 Letter).exe O4 - HKCU\..\Run: [mceipww] (Random 8 Letter).exe O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe O4 - HKLM\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\system32\wuaclt.exe O4 - HKCU\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\system32\wuaclt.exe O4 - HKLM\..\Run: [msdefender] C:\WINDOWS\system32\msdefender.exe O4 - HKCU\..\Run: [msmacro32] C:\WINDOWS\msmacro32.exe O4 - HKLM\..\Run: [reszrv] (Random 8 Letter).exe O4 - HKCU\..\Run: [reszrv] (Random 8 Letter).exe O4 - HKLM\..\Run: [rfcsx] (Random 8 Letter).exe O4 - HKCU\..\Run: [rfcsx] (Random 8 Letter).exe O4 - HKLM\..\Run: [runservices] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [spoolvs] C:\WINDOWS\system32\spoolvs.exe O4 - HKLM\..\Run: [System32] C:\WINDOWS\system32\winds32.exe O4 - HKLM\..\Run: [Winamp Media Player] winamap.exe O4 - HKLM\..\RunServices: [Winamp Media Player] winamap.exe O4 - HKCU\..\Run: [Winamp Media Player] winamap.exe O4 - HKLM\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Office Monitor] C:\WINDOWS\system32\emdm.exe O4 - HKCU\..\Run: [Windows Office Monitor] C:\WINDOWS\system32\emdm.exe O4 - HKLM\..\Run: [Windows Service alge] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Service alge] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Service alge] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Sound] svdhost.exe O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe O4 - HKLM\..\Run: [Windows USB Control Driver] iexplore.exe O4 - HKLM\..\Run: [xswdmse] (Random 8 Letter).exe O4 - HKCU\..\Run: [xswdmse] (Random 8 Letter).exe v1.192 (14/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\svchost.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\cftmon.exe O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googlech.dll O2 - BHO: (no name) - {BB604754-D031-4D2E-AB6C-BF3D367F6944} - %AppData%\redir.dll O4 - HKCU\..\Run: [biglow] C:\WINDOWS\biglow.exe O4 - HKCU\..\Run: [fastsmell] C:\WINDOWS\fastsmell.exe O4 - HKCU\..\Run: [grinders] C:\WINDOWS\grinders.exe O4 - HKCU\..\Run: [helloserv] C:\WINDOWS\helloserv.exe O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc.exe O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc32.exe O4 - HKLM\..\Run: [Microsoft NotePad] NOTEPAD.EXE O4 - HKLM\..\RunServices: [Microsoft NotePad] NOTEPAD.EXE O4 - HKLM\..\Run: [Microsoft Update] C:\windows\system32\msupdate.exe O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe O4 - HKLM\..\RunOnce: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe O4 - HKLM\..\Run: [MSN] C:\Windows\msscomd.exe O4 - HKCU\..\Run: [msupdater] C:\WINDOWS\msupdater.exe O4 - HKCU\..\Run: [SpyGuarder] %AppData%\spyguarder.exe O4 - HKLM\..\Run: [Winamp Media Player] winamp.exe O4 - HKLM\..\Run: [Wind32] C:\WINDOWS\System32\Wind32.exe O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogon.exe O4 - HKLM\..\Run: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 6 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 6 Letter).exe O20 - Winlogon Notify: WinNt64 - C:\WINDOWS\SYSTEM32\WinNt64.dll O20 - Winlogon Notify: upsctl - C:\WINDOWS\SYSTEM32\upsctl.dll O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe O23 - Service: Host Process for Win32 Services - Unknown owner - C:\WINDOWS\system\svchost.exe O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\shvhost.exe O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe O23 - Service: wksscvs - Unknown owner - C:\WINDOWS\system\wksscvs.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}] C:\WINDOWS\system32:winsock32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {15DA01DC-1327-AEEA-0003-020004040303} C:\WINDOWS\wlnlogon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {59BB1731-822C-95A7-55E2-A6A4CF791D97} C:\WINDOWS\System32\Wind32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} %ProgramFiles%\Services.exe narqwe.sys upscr.sys v1.191 (11/06/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kvsdpfea***.dll O2 - BHO: Std plugin - {096059FD-99AB-41eb-9E55-59AEB0A3B444} - haskel32.dll O2 - BHO: 514852 helper - {9420D9C5-E151-4D83-B9A6-27DE1A7A0E5F} - C:\WINDOWS\system32\514852\514852.dll O3 - Toolbar: rtsplgob - {********-****-****-****-************} - C:\WINDOWS\rtsplgob.dll O4 - HKLM\..\Run: [DRam prosessor] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [DRam prosessor] (Random 6 Letter).exe O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\wins.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\wins.exe O4 - HKLM\..\Run: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKLM\..\RunOnce: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKLM\..\RunServices: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKCU\..\Run: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKCU\..\RunOnce: [MicroSoft Legal Syst3m32] Syst3m32.exe O4 - HKLM\..\Run: [Microsoft Update] service.exe O4 - HKLM\..\RunServices: [Microsoft Update] service.exe O4 - HKCU\..\Run: [Mr] C:\WINDOWS\rundll32.exe O4 - HKLM\..\Run: [MS Agent Protection] ag1.exe O4 - HKLM\..\RunServices: [MS Agent Protection] ag1.exe O4 - HKLM\..\Run: [MSN Messager] msnmgr.exe O4 - HKLM\..\Run: [spoolsv] "C:\Windows\temp\spoolsv\spoolsv.exe" O4 - HKLM\..\Run: [Windowfdgfds DasdLL Verifier] winupdatr.exe O4 - HKLM\..\RunServices: [Windowfdgfds DasdLL Verifier] winupdatr.exe O4 - HKLM\..\Run: [Windows MSN Live Messanger] livemsngs.exe O4 - HKLM\..\Run: [Windows USB Printer] exe.exe O4 - HKLM\..\RunServices: [Windows USB Printer] exe.exe O4 - HKCU\..\Run: [Windows USB Printer] exe.exe O4 - HKLM\..\Run: [Windows Serviece Agents] (Random 9 Letter).exe O4 - HKLM\..\RunServices: [Windows Serviece Agents] (Random 9 Letter).exe O4 - HKCU\..\Run: [Windows Serviece Agents] (Random 9 Letter).exe O4 - HKLM\..\Run: [Windows Updates Agent] winupdate.exe O4 - HKLM\..\RunServices: [Windows Updates Agent] winupdate.exe O4 - HKLM\..\Run: [Windows USB Printer] unqgod.exe O4 - HKLM\..\RunServices: [Windows USB Printer] unqgod.exe O4 - HKCU\..\Run: [Windows USB Printer] unqgod.exe O4 - HKLM\..\Run: [Windows xp] Wins.exe O4 - HKLM\..\RunServices: [Windows xp] Wins.exe O21 - SSODL: rnopbfgt - {********-****-****-****-************} - C:\WINDOWS\rnopbfgt.dll O21 - SSODL: xkefqtgs - {********-****-****-****-************} - C:\WINDOWS\xkefqtgs.dll O23 - Service: Help and Support Service (hasvc) - Unknown owner - C:\WINDOWS\usnsvc.exe jwzpqng.sys v1.190 (09/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\ImgBurn.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe, O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\googleed.dll O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntqkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64*.exe O4 - HKLM\..\Run: [{**-**-**-**-**}] c:\windows\system32\jpwnw64*.exe DWram O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\scntqkdm.exe DWram O4 - HKLM\..\Run: [Microsoft Corporation] nsvdec.exe O4 - HKLM\..\Run: [Win32 SubSystem] %Temp%\lsass.exe O4 - HKLM\..\Run: [Windows ARP Detectionc] winlogon.exe O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe O4 - HKLM\..\Run: [Windows Local Hosting Service] mscnfg.exe O4 - HKLM\..\Run: [Windows UDP Control Center] scvhost.exe O23 - Service: ImgBurn - Unknown owner - C:\WINDOWS\ImgBurn.exe v1.189 (07/06/08) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\winlogon.exe O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooeh.dll O2 - BHO: 247880 helper - {6B5CFD66-1F55-4FC2-B5AF-36B66E7CFE6A} - C:\WINDOWS\system32\247880\247880.dll O2 - BHO: 752300 helper - {F3033476-017B-44FA-8661-91A353BDF774} - C:\WINDOWS\system32\752300\752300.dll O2 - BHO: Std plugin - {ffffffff-dad2-4a4c-848d-2cbfc6f0fd21} - bsn32.dll O2 - BHO: Std plugin - {ffffffff-dad2-4a4c-848d-2cbfc6f0fd21} - sac32.dll O4 - HKLM\..\Run: [emre1] emre1.exe O4 - HKLM\..\RunServices: [emre1] emre1.exe O4 - HKCU\..\Run: [emre1] emre1.exe O4 - HKLM\..\Run: [gangsta] C:\WINDOWS\System32\gangsta.exe O4 - HKLM\..\Run: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe O4 - HKLM\..\RunServices: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe O4 - HKCU\..\Run: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe O4 - HKCU\..\RunServices: [Microsoft Spooler Services] C:\WINDOWS\System32\drivers\Spoolsv.exe O4 - HKLM\..\Run: [Windows ARP Detectionc] nvudlsp.exe O4 - HKLM\..\Run: [Windows svchost] ups.exe O4 - HKLM\..\Run: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe O4 - HKLM\..\RunServices: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe O4 - HKCU\..\Run: [Windows Time Service Diagnostic Tool] C:\WINDOWS\System32\wbem\winscrvs.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winlive32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winupmgr.exe O4 - HKLM\..\Run: [Windows USB Monitor] servupdate.exe O4 - HKLM\..\RunServices: [Windows USB Monitor] servupdate.exe bzsqlpa.sys v1.188 (05/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\cygwin.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nogxfvbl***.dll O2 - BHO: 905757 helper - {E28F671C-3D83-4149-BA2F-546A67702B49} - C:\WINDOWS\system32\905757\905757.dll O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll O3 - Toolbar: nmwegbsf - {********-****-****-****-************} - C:\WINDOWS\nmwegbsf.dll O4 - HKCU\..\Run: [abass] C:\WINDOWS\abass.exe O4 - HKLM\..\Run: [advap32] "%TEMP%\loader.exe" /r O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe O4 - HKCU\..\Run: [farkrish] C:\WINDOWS\farkrish.exe O4 - HKLM\..\Run: [ltoqhdmw] C:\WINDOWS\System32\wuvenr.exe O4 - HKCU\..\Run: [ltoqhdmw] C:\WINDOWS\System32\wuvenr.exe O4 - HKCU\..\Run: [mahmud] C:\WINDOWS\mahmud.exe O4 - HKLM\..\Run: [Microsoft] Explorer.exe O4 - HKLM\..\RunServices: [Microsoft] Explorer.exe O4 - HKLM\..\Run: [Microsoft] winampaa.exe O4 - HKLM\..\RunServices: [Microsoft] winampaa.exe O4 - HKLM\..\Run: [Microsoft Update] livemessenger.com O4 - HKLM\..\Run: [MSN] scvhost.exe O4 - HKLM\..\Run: [MSN Updating] msnupdate.exe O4 - HKLM\..\RunServices: [MSN Updating] msnupdate.exe O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe O4 - HKLM\..\Run: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe O4 - HKLM\..\RunServices: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe O4 - HKCU\..\Run: [Norman Worl System Ability] C:\WINDOWS\System32\nwcss32.exe O4 - HKLM\..\Run: [NvGraphicsInterface] Winhost.exe O4 - HKLM\..\Run: [Office Desktops] C:\WINDOWS\System32\imag.exe O4 - HKCU\..\Run: [Office Desktops] C:\WINDOWS\System32\imag.exe O4 - HKLM\..\Run: [Office Monitor] C:\WINDOWS\System32\nvsvc86.exe O4 - HKCU\..\Run: [Office Monitor] C:\WINDOWS\System32\nvsvc86.exe O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [Topic cPanr] cPaner.com O4 - HKLM\..\RunServices: [Topic cPanr] cPaner.com O4 - HKLM\..\Run: [win32 security updates downloader] tskmngr.exe O4 - HKLM\..\RunServices: [win32 security updates downloader] tskmngr.exe O4 - HKLM\..\Run: [Windows Identify] C:\WINDOWS\System32\sysays.exe O4 - HKCU\..\Run: [Windows Identify] C:\WINDOWS\System32\sysays.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe O4 - HKLM\..\Run: [Windows svchost] service.exe O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe O4 - HKLM\..\Run: [Windows UDP Control Center] mswinudpmgr32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmg.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winuscn32.exe O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe O4 - HKLM\..\Run: [Winsock driver] win.exe O4 - HKCU\..\RunOnce: [Winsock driver] win.exe O21 - SSODL: adgpfoxs - {********-****-****-****-************} - C:\WINDOWS\adgpfoxs.dll O21 - SSODL: erpobmsw - {********-****-****-****-************} - C:\WINDOWS\erpobmsw.dll O23 - Service: cyg_win - Unknown owner - C:\WINDOWS\cygwin.exe hcnwg4u.sys v1.187 (01/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\btwdin.exe O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\luapvs.dll O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - %AppData%\sp1\luapvs.dll O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe O4 - HKLM\..\Run: [btmsre.exe] C:\WINDOWS\btmsre.exe O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe O4 - HKLM\..\Run: [Microsoft] install.exe O4 - HKLM\..\RunServices: [Microsoft] install.exe O4 - HKLM\..\Run: [Microsoft] internetdat.exe O4 - HKLM\..\RunServices: [Microsoft] internetdat.exe O4 - HKLM\..\Run: [Microsoft] soundvol32.exe O4 - HKLM\..\RunServices: [Microsoft] soundvol32.exe O4 - HKLM\..\Run: [Microsoft] sqlservice.exe O4 - HKLM\..\RunServices: [Microsoft] sqlservice.exe O4 - HKLM\..\Run: [Microsoft] winline.exe O4 - HKLM\..\RunServices: [Microsoft] winline.exe O4 - HKLM\..\Run: [Microsoft] wplayer.exe O4 - HKLM\..\RunServices: [Microsoft] wplayer.exe O4 - HKCU\..\Run: [run] regsvr32.exe /s C:\WINDOWS\system32\luapvs.dll O4 - HKCU\..\Run: [run] regsvr32.exe /s "%AppData%\sp1\luapvs.dll" O4 - HKCU\..\Run: [Systray] rundll32.exe sockins32.dll,RunMain O4 - HKCU\..\Run: [Systray] rundll32.exe sockots64.dll,RunMain O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe O4 - HKLM\..\Run: [Windows Executer] svchostie.exe O4 - HKLM\..\RunServices: [Windows Executer] svchostie.exe O4 - HKLM\..\Run: [Windows UDP Control Manager] winudpmgr.exe O4 - HKLM\..\Run: [Windows SYN Control Center] winmnon32.exe O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll O23 - Service: Bluetooth Connect Support Server - Unknown owner - C:\WINDOWS\btwdin.exe O23 - Service: Video Display - Unknown owner - C:\WINDOWS\system32\Video.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {66186F05-BBBB-4a39-864F-72D84615C679}] stubpath= rundll32 sockots64.dll,InitModule v1.186 (27/05/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\naPrdMgr.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\boqnrwdm***.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nldfmtap***.dll O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - C:\WINDOWS\system32\818646\818646.dll O2 - BHO: 959563 helper - {7C9E1967-FA81-47C2-B649-5E52A35D854F} - C:\WINDOWS\system32\959563\959563.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\AntivirusFiable\Tools\pblock.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirusEffaceur\Tools\pblock.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirusGarde\Tools\pblock.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\AntivirusFiable\Tools\sbiebho.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirusEffaceur\Tools\sbiebho.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirusGarde\Tools\sbiebho.dll O2 - BHO: Gamburg Provider - {FFFFFFFF-28F7-41a7-8D75-7E006D0C15B8} - html32.dll O3 - Toolbar: atfxqogp - {********-****-****-****-************} - C:\WINDOWS\atfxqogp.dll O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\XP Antivirus\xpa.exe O4 - HKLM\..\Run: [AntiMalwareGuard] C:\Program Files\AntiMalwareGuard\amg.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Run: [AntivirusFiable] C:\Program Files\AntivirusFiable\pgs.exe O4 - HKLM\..\Run: [BMN] "C:\Program Files\Fichiers communs\AntivirusFiable\bm.exe" dm=h**p://antivirusfiable.com ad=h**p://antivirusfiable.com sd=h**p://gregistre.antivirusfiable.com O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\VirusEffaceur\bm.exe" dm=h**p://viruseffaceur.com ad=h**p://viruseffaceur.com sd=h**p://gregistre.viruseffaceur.com O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\VirusGarde\bm.exe" dm=h**p://virusgarde.com ad=h**p://virusgarde.com sd=h**p://gregistre.virusgarde.com O4 - HKLM\..\Run: [DelayLoad] %Temp%\msprint.exe O4 - HKCU\..\Run: [OneMoreKey] C:\Program Files\XP Antivirus\xpa.exe O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\AntivirusFiable\pgs.exe" /empty O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\VirusEffaceur\pgs.exe" /empty O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\VirusGarde\pgs.exe" /empty O4 - HKLM\..\Run: [PrdMgr.exe] C:\WINDOWS\PrdMgr.exe O4 - HKLM\..\Run: [ptask] C:\Program Files\AntivirusFiable\ptask.exe O4 - HKLM\..\Run: [ptask] C:\Program Files\VirusEffaceur\ptask.exe O4 - HKLM\..\Run: [ptask] C:\Program Files\VirusGarde\ptask.exe O4 - HKCU\..\Run: [totacon] C:\WINDOWS\totacon.exe O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\ANTIVI~1\ugac.exe" -start O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\VIRUSE~1\ugac.exe" -start O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\VIRUSG~1\ugac.exe" -start O4 - HKLM\..\Run: [VirusEffaceur] C:\Program Files\VirusEffaceur\pgs.exe O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: vltdfabw - {********-****-****-****-************} - C:\WINDOWS\vltdfabw.dll O21 - SSODL: vregfwlx - {********-****-****-****-************} - C:\WINDOWS\vregfwlx.dll O23 - Service: naPrdMgr - Unknown owner - C:\WINDOWS\naPrdMgr.exe ksnhtr.sys v1.185 (23/05/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\slysom.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe, O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\WINDOWS\system32\566828\566828.dll O2 - BHO: 824223 helper - {34CF6660-9BD3-431A-BA32-6B511D4126DA} - C:\WINDOWS\system32\824223\824223.dll O2 - BHO: Std plugin - {FFFFFFFF-08DF-483c-BD3A-99CBCF44E4DC} - hnew32.dll O2 - BHO: Std plugin - {FFFFFFFF-08DF-483c-BD3A-99CBCF44E4DC} - knmld.dll O4 - HKLM\..\Run: [ivhost] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [ivhost] (Random 6 Letter).exe O4 - HKCU\..\Run: [ivhost] (Random 6 Letter).exe O4 - HKLM\..\Run: [Microsoft] livemessenger.exe O4 - HKLM\..\RunServices: [Microsoft] livemessenger.exe F2 - REG:system.ini: Shell=Explorer.exe msnmngr.exe O4 - HKLM\..\Run: [msnmgnr] C:\WINDOWS\system32\msnmgnr.exe O4 - HKLM\..\RunServices: [msnmgnr] C:\WINDOWS\system32\msnmgnr.exe O4 - HKLM\..\Run: [System Fetch DLL Runtime] C:\WINDOWS\mscmtl32.exe O4 - HKLM\..\Run: [Windows Defender] windowsdefender.exe O4 - HKLM\..\RunServices: [Windows Defender] windowsdefender.exe O4 - HKLM\..\Policies\Explorer\Run: [WindowsFirewall] C:\WINDOWS\system32\svclcheck.exe O4 - HKCU\..\Policies\Explorer\Run: [WindowsFirewall] C:\WINDOWS\system32\svclcheck.exe O4 - HKLM\..\Run: [Windows Protector] winprot32.exe O4 - HKLM\..\RunServices: [Windows Protector] winprot32.exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 5 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 5 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 5 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 7 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 7 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 7 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] SDSEWEW.EXE O4 - HKLM\..\RunServices: [Windows Service Agent] SDSEWEW.EXE O4 - HKCU\..\Run: [Windows Service Agent] SDSEWEW.EXE O4 - HKLM\..\Run: [Windows System Restart Sync] slrss.exe O4 - HKLM\..\RunServices: [Windows System Restart Sync] slrss.exe O4 - HKCU\..\Run: [Windows System Restart Sync] slrss.exe O23 - Service: Microsoft Newss - Unknown owner - C:\WINDOWS\system32\dllcache\newhost.exe O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe O23 - Service: slysom - Unknown owner - C:\WINDOWS\slysom.exe O23 - Service: Windows NetBalance Monitor - Unknown owner - C:\WINDOWS\system32\msnbm32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} "C:\WINDOWS\system32\msn\msn.exe" sywtdxaz.sys v1.184 (20/05/08) O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll O2 - BHO: 443059 helper - {C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF} - C:\WINDOWS\system32\443059\443059.dll O2 - BHO: 673351 helper - {570EE2A3-039B-4E5F-AE6A-D7949F9D356B} - C:\WINDOWS\system32\673351\673351.dll O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooah.dll O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooa1.dll O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooo2.dll O2 - BHO: QXK Rhythm - {********-****-****-****-************} - C:\WINDOWS\nldfmtap***.dll O3 - Toolbar: gktxaspm - {********-****-****-****-************} - C:\WINDOWS\gktxaspm.dll O4 - HKCU\..\Run: [herjek] C:\WINDOWS\herjek.exe O4 - HKLM\..\Run: [Windows Control Server] wksmgrtsgs.exe O21 - SSODL: gnowmebk - {********-****-****-****-************} - C:\WINDOWS\gnowmebk.dll O21 - SSODL: pxgdslro - {********-****-****-****-************} - C:\WINDOWS\pxgdslro.dll O23 - Service: syom - Unknown owner - C:\WINDOWS\syom.exe O23 - Service: Windows Host Services (ExplorerSvc) - Unknown owner - C:\WINDOWS\system\explorer.exe gsbgqpwwfw.sys v1.183 (17/05/08) O2 - BHO: Yahoo! Messenger - {********-****-****-****-************} - %SystemRoot%\system32\msyahooaa.dll O2 - BHO: 158117 helper - {427B1FD8-2123-4334-A7D8-7A497363914B} - C:\WINDOWS\system32\158117\158117.dll O2 - BHO: Explorer - {97182737-4655-64C7-8730-2921803F7A9D} - %Windir%\system\wmcstd32.dll O2 - BHO: 774563 helper - {FB13FFCC-F4D1-46DA-96B4-C5666E53344D} - C:\WINDOWS\system32\774563\774563.dll O2 - BHO: 916992 helper - {FE741E34-A693-4EEB-9A6A-C4B14DD2C727} - C:\WINDOWS\system32\916992\916992.dll O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - gwin32.dll O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - swin32.dll O4 - HKLM\..\Run: [autoload] %AppData%\spooll.exe O4 - HKCU\..\Run: [autoload] %AppData%\spooll.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmun.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmun.exe O20 - Winlogon Notify: droute - C:\WINDOWS\SYSTEM32\droute.dll O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\ctfmun.exe iuzqpaf.sys nzqtegh.sys rotr.sys v1.182 (12/05/08) O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - C:\WINDOWS\system32\834668\834668.dll O2 - BHO: BeSideit IE Helper - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll O2 - BHO: BndDrive BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndDrive2 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndShell3 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndShell3 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndBlock4 BHO Class - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: BndBlock5 BHO Class - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll O2 - BHO: BndVeano4 BHO Class - {********-****-****-****-************} - C:\Program Files\QdrDrive\*.dll O2 - BHO: Internet Speed Monitor - {********-****-****-****-************} - C:\Program Files\ISM\*.dll O2 - BHO: QXK Rhythm - {********-****-****-****-************} - C:\WINDOWS\fvowketq***.dll O3 - Toolbar: pvnsmfor - {********-****-****-****-************} - C:\WINDOWS\pvnsmfor.dll O4 - HKLM\..\Run: [Boot Service] bootsv.exe O4 - HKLM\..\Run: [CHK NT] chkntf.exe O4 - HKCU\..\Run: [ISMModule*] "C:\Program Files\ISM\ISMModule*.exe" O4 - HKCU\..\Run: [ISMPack*] "C:\Program Files\ISM2\ISMPack*.exe" O4 - HKLM\..\Run: [Microsoft32] win32sys.exe O4 - HKLM\..\RunServices: [Microsoft32] win32sys.exe O4 - HKLM\..\Run: [Microsoft Client] msclient.exe O4 - HKLM\..\Run: [Microsoft Clients] msclients.exe O4 - HKLM\..\Run: [MSN Hostn] msnhostn.exe O4 - HKLM\..\Run: [NetBioy Client] netbioy.exe O4 - HKCU\..\Run: [QdrModule*] "C:\Program Files\QdrModule\QdrModule*.exe" O4 - HKCU\..\Run: [QdrPack*] "C:\Program Files\QdrPack\QdrPack*.exe" O4 - HKLM\..\Run: [spoolsrv.exe] C:\WINDOWS\system32\spoolsrv.exe O4 - HKLM\..\Run: [System Init] systeminit.exe O4 - HKCU\..\Run: [vipantispyware] C:\Program Files\vipantispyware\vipantispyware.exe O4 - HKCU\..\Run: [VnrPack*] "C:\Program Files\VnrPack\VnrPack*.exe" O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O21 - SSODL: mpfanvqg - {********-****-****-****-************} - C:\WINDOWS\mpfanvqg.dll O21 - SSODL: vbksrofa - {********-****-****-****-************} - C:\WINDOWS\vbksrofa.dll O23 - Service: svchost - Unknown owner - C:\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\svchost.exe O23 - Service: srvcm - Unknown owner - C:\WINDOWS\srvcm.exe wzghui.sys yzbgqap.sys v1.181 (09/05/08) O2 - BHO: BeSideit IE Helper - {89CBB8EA-FA02-4f61-B997-0247E69F002B} - C:\Program Files\QdrDrive\QdrDrive15.dll O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - sincim32.dll O4 - HKCU\..\Run: [VnrPack15] "C:\Program Files\VnrPack\VnrPack15.exe" O4 - HKCU\..\Run: [VnrPack16] "C:\Program Files\VnrPack\VnrPack16.exe" zwqcplsp.sys pjsapdg.sys v1.180 (07/05/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%userprofile%\(Random name).exe \s O2 - BHO: BSM - {141FDC3C-15FB-11DD-B723-9EF855D89593} - C:\WINDOWS\system32\bsm.dll O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spcron.dll O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mspoolg.dll O4 - HKLM\..\Run: [(Random name)] C:\WINDOWS\system32\(Random name).exe \u O4 - HKLM\..\Run: [DRam prosessor] msconfig.exe O4 - HKLM\..\RunServices: [DRam prosessor] msconfig.exe O4 - HKLM\..\Run: [MsConfigs] C:\Program Files\MsConfigs\MsConfigs.exe O4 - HKLM\..\Run: [MSN Applet] msnapplet.exe O4 - HKLM\..\Run: [MSN Connection] msncon.exe O4 - HKLM\..\Run: [MSN Setup] msnsetup.exe O4 - HKLM\..\Run: [MSN Starter] msnstarter.exe O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe O4 - HKLM\..\Run: [Windows] C:\Windows.exe O4 - HKLM\..\Run: [Windows Shutdown Service Launcher] wssl.exe O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll O23 - Service: user32 - Unknown owner - C:\WINDOWS\user32.exe O23 - Service: ws2_32 - Unknown owner - C:\WINDOWS\system32\ws2_32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {66186F05-BBBB-4a39-864F-72D84615C679} StubPath = rundll32 sockins32.dll,InitModule bqzpas.sys tcpsr.sys v1.179 (03/05/08) O2 - BHO: DVA First - {********-****-****-****-************} - C:\WINDOWS\qvlbodmn***.dll O2 - BHO: 639774 helper - {79594085-2E28-4CB7-BFD5-4C84916E5EAE} - C:\WINDOWS\system32\639774\639774.dll O2 - BHO: 795367 helper - {F99BF686-DE30-4D22-B176-135B0E1BDF00} - C:\WINDOWS\system32\795367\795367.dll O2 - BHO: Editor plugin - {2FF5010D-FBAB-4307-B5B2-039C79CB6CEB} - gruws.dll O2 - BHO: H - {4F862FBA-1E2B-4072-9EA8-1FD3FECB86A1} - muscira.dll O2 - BHO: Flash Module - {7B8F2526-F0FD-4971-9CC9-A0B2DFB83031} - systemc.dll O2 - BHO: Gamburg provider - {D8E11460-0D64-4a20-BED9-BA68BED58342} - rppcs.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockots64.dll O3 - Toolbar: mkrndofl - {********-****-****-****-************} - C:\WINDOWS\mkrndofl.dll O4 - HKLM\..\Run: [Host Process] %userprofile%\svchost.exe O4 - HKLM\..\Run: [iesetup7b] iesetup7b.exe O4 - HKLM\..\RunServices: [iesetup7b] iesetup7b.exe O4 - HKLM\..\Run: [KernelFailCheck] C:\WINDOWS\syscheck.exe O4 - HKCU\..\Run: [libor] C:\WINDOWS\libor.exe O4 - HKLM\..\Run: [Sysctrls] mscntrl.exe O4 - HKLM\..\RunServices: [Sysctrls] mscntrl.exe O4 - HKCU\..\Run: [Sysctrls] mscntrl.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\winsyser.exe O21 - SSODL: tdomgafw - {********-****-****-****-************} - C:\WINDOWS\tdomgafw.dll O21 - SSODL: wetkadmr - {********-****-****-****-************} - C:\WINDOWS\wetkadmr.dll O23 - Service: MSSysInterv (MSSysInterv1) - Unknown owner - C:\WINDOWS\winself.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2bf41072-b2b1-21c1-b5c1-0305f4155515} C:\WINDOWS\system32\winsyser.exe v1.178 (02/05/08) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\CRSVS.exe O2 - BHO: 146955 helper - {85F74211-7C2B-4CB8-B80D-4DE1AC85B685} - C:\WINDOWS\system32\146955\146955.dll O2 - BHO: 172135 helper - {3DAA1309-18C3-45F2-B619-2E4DA208263F} - C:\WINDOWS\system32\172135\172135.dll O2 - BHO: 251851 helper - {9B1FA77E-8FCC-4558-A9F1-70F750A75B13} - C:\WINDOWS\system32\251851\251851.dll O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\CRSVS.exe O4 - HKLM\..\Run: [Microsoft Exchange Server Resource] msese.exe O4 - HKLM\..\Run: [Microsoft Service Evaluator Engin] mssee.exe O4 - HKLM\..\Run: [MSN Application] msnapp.exe O4 - HKLM\..\Run: [MSN Clients] msnclients.exe O4 - HKLM\..\Run: [MSN Live Login Mgr] wlloginmsgs.exe O4 - HKLM\..\Run: [Remote Heacle Deamon Security Audit] rhdsa.exe O4 - HKLM\..\Run: [Windows Advance Firewall Protection Service] wafps.exe O4 - HKLM\..\Run: [Windows Advanced GFX Devolping Software] wagfxds.exe O4 - HKLM\..\Run: [Windows Client Login Identafacation System] wclis.exe kzq5re.sys v1.177 (29/04/08) O2 - BHO: Min stor proj. - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll O2 - BHO: Min stor proj. - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - sincim32.dll O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ieav.exe O4 - HKLM\..\Run: [DDE Sharer] ddesharer.exe O4 - HKLM\..\Run: [Defrag FAT32] dfrgfat32.exe O4 - HKLM\..\Run: [Logon Agent] logonagt.exe O4 - HKLM\..\Run: [MNM Srv] mnmsrv.exe O4 - HKLM\..\Run: [Modifiet Amateur] C:\WINDOWS\system32\msl.exe O4 - HKCU\..\Run: [Modifiet Amateur] C:\WINDOWS\system32\msl.exe O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Win Updates] winupdates.exe O4 - HKLM\..\Run: [Windows Updates] updates.exe O4 - HKLM\..\Run: [WinLiveMessanger] wlliveapp.exe O4 - HKCU\..\Run: [WintelUpdate] C:\(Random Location)\(Random Name).exe service.sys nexkaqf.sys v1.176 (27/04/08) O2 - BHO: DVA Gate - {********-****-****-****-************} - C:\WINDOWS\gndarmbl***.dll O3 - Toolbar: wxdbpfvo - {********-****-****-****-************} - C:\WINDOWS\wxdbpfvo.dll O4 - HKLM\..\Run: [DCOM CNF] dcomcnf.exe O4 - HKLM\..\Run: [Microsoft Live 8.5] (Random 7 Letters).exe O4 - HKLM\..\RunServices: [Microsoft Live 8.5] (Random 7 Letters).exe O4 - HKLM\..\Run: [Windows has Layer] fixweb.exe O4 - HKLM\..\RunServices: [Windows has Layer] fixweb.exe O4 - HKLM\..\RunOnce: [Windows has Layer] fixweb.exe O4 - HKCU\..\Run: [Windows has Layer] fixweb.exe O4 - HKCU\..\RunOnce: [Windows has Layer] fixweb.exe O4 - HKLM\..\Run: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe O4 - HKLM\..\RunServices: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe O4 - HKLM\..\Run: [x86 Kernel] krnlx86.exe O21 - SSODL: bdkpfxqw - {********-****-****-****-************} - C:\WINDOWS\bdkpfxqw.dll O21 - SSODL: qadovnel - {********-****-****-****-************} - C:\WINDOWS\qadovnel.dll hqiopa.sys v1.175 (26/04/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\winlogon.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\,),)W))W))*.exe O2 - BHO: 717305 helper - {963916CD-6311-485D-93DC-3BD1B9E2D2CB} - C:\WINDOWS\system32\717305\717305.dll O4 - HKLM\..\Run: [Service Defender] C:\WINDOWS\system32\,),)W))W)*.exe O4 - HKLM\..\Run: [CHK Disker] chkdsker.exe O4 - HKLM\..\Run: [Cli Confg] cliconfig.exe O4 - HKLM\..\Run: [Clip Srv] clipsv.exe O4 - HKLM\..\Run: [cScripts] cscripts.exe O4 - HKLM\..\Run: [iPSec7] ipsec7.exe O4 - HKLM\..\Run: [iPX Router] ipxrouter.exe O4 - HKLM\..\Run: [Live Messanger] wllmsngr.exe O4 - HKLM\..\Run: [MQT Svc] mqtsvc.exe O4 - HKLM\..\Run: [MS Initial] mstinitial.exe O4 - HKLM\..\Run: [MSN Popup Blocker] msnpopblck.exe O23 - Service: Messenger Sharing USN Journal Service - Unknown owner - C:\WINDOWS\usnsv.exe O23 - Service: ServiceHost32 - Unknown owner - C:\WINDOWS\System32\ServiceHost32.exe O23 - Service: Windows NT application - Unknown owner - C:\WINDOWS\winlogon.exe O23 - Service: Windows Security Center - Unknown owner - C:\WINDOWS\system32\winmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe" uazpiq.sys v1.174 (24/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\W,),),W,))),)W)W,,,WWWW))WWW),WW.exe O2 - BHO: DVA Gate - {********-****-****-****-************} - C:\WINDOWS\qnmargol***.dll O2 - BHO: 382077 helper - {F0A035EC-C865-4E47-BF73-B17741DD5232} - C:\WINDOWS\system32\382077\382077.dll O2 - BHO: 433424 helper - {CB3CB6CA-11C3-462B-BC97-FB3E34A34431} - C:\WINDOWS\system32\433424\433424.dll O2 - BHO: 565379 helper - {74031029-077F-4965-8ADD-48B783B00ABD} - C:\WINDOWS\system32\565379\565379.dll O2 - BHO: 609856 helper - {59B964D9-C9D7-4AA0-9F28-C49F8EC10B67} - C:\WINDOWS\system32\609856\609856.dll O2 - BHO: 736876 helper - {66295A43-B9CA-4BF9-BC8D-C3AEBE123C3C} - C:\WINDOWS\system32\736876\736876.dll O2 - BHO: 814810 helper - {DC59D6DA-7CDE-4874-9F97-41C82C177069} - C:\WINDOWS\system32\814810\814810.dll O4 - HKCU\..\Run: [AdobeManager] "%AppData%\Adobe\rundtl.exe" -sys O4 - HKLM\..\Run: [Ci Svr] cisvr.exe O4 - HKLM\..\Run: [Clean Mgr] cleanmg.exe O4 - HKLM\..\Run: [Ghost Relay] C:\WINDOWS\system32\W,),),W,))),)W)W,,,WWWW))WWW),WW.exe O4 - HKLM\..\Run: [iExplore Ini] ie4uini.exe O4 - HKLM\..\Run: [iExpresser] iexpresser.exe O4 - HKCU\..\Run: [mdp] rundll32.exe %AppData%\Adobe\mdp.dll,InitSys O4 - HKLM\..\Run: [Microsoft Windows Express] websploit.exe O4 - HKLM\..\RunServices: [Microsoft Windows Express] websploit.exe O4 - HKLM\..\Run: [MSN User Server!] msnservices.exe O4 - HKLM\..\Run: [Task manager] taskmngr.exe O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe O4 - HKCU\..\Run: [Task manager] taskmngr.exe O4 - HKLM\..\Run: [Windows Security Survy] svchosl.exe O4 - HKLM\..\RunServices: [Windows Security Survy] svchosl.exe O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\msconfig32.exe" O20 - Winlogon Notify: divxrs - C:\WINDOWS\system32\divxrs.dll O20 - Winlogon Notify: ibudu - C:\WINDOWS\system32\ibudu.dll O20 - Winlogon Notify: ibuntu - C:\WINDOWS\system32\ibuntu.dll O23 - Service: ActiveSMART Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Advanced Networking Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Amazon Unbox Video Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Ati HotKey (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Aventail VPN Client (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Axon Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: BlueSoleilCS (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: BT Modem Lock (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: CMG Shield (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Cognos ReportNet (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: CommServer (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Creative Labs Licensing (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: DeepSight Extractor Service for NP08 (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Dell Printer Status Watcher (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: DigiCtrl (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: DQLWinService (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Electronic Arts Licensing (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Electronic Arts Licensing Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: LXCCCustomerConnect (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Print Spooler Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: SolidWorks Licensing Service (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe O23 - Service: Wireless Adapter Configurator (Random Name) - Unknown owner - C:\WINDOWS\system32\(Random Name).exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {196F6BD4-27EA-7FAF-F992-9342843C53B9} "C:\WINDOWS\system32\bt\Systemx.exe" dprot.sys fkjdfje.sys grande48.sys itcoe.sys kbd.sys krnllds.sys qandr.sys ydhqzop.sys zsqalpdt.sys v1.173 (20/04/08) F2 - REG:system.ini: UserInit=userinit.exe,%AppData%\ntos.exe, O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\qnmargol***.dll O2 - BHO: Pinch - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll O2 - BHO: PWS.LD.Pinch - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll O2 - BHO: Video - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll O2 - BHO: 432591 helper - {CD897D22-9C44-411E-808A-B79C7F90DC7E} - C:\WINDOWS\system32\432591\432591.dll O2 - BHO: CLinkerBHO Class - {A1FF3ECE-0EC3-4035-A67D-726A574748B8} - C:\WINDOWS\System32\AcroCLinker.dll O2 - BHO: iHelper - {A1FF3ECE-0EC3-4035-A67D-726A574748B8} - C:\WINDOWS\system32\iHelper.dll O2 - BHO: JavaClass - {C7BCFD25-5C30-4bcf-9483-6F151A54F7C9} - C:\WINDOWS\system32\iHelper.dll O3 - Toolbar: dpevflbg - {********-****-****-****-************} - C:\WINDOWS\dpevflbg.dll O4 - HKLM\..\Run: [BMonq] C:\WINDOWS\System32\bmonq.exe O4 - HKLM\..\Run: [Boot K] bootk.exe O4 - HKLM\..\Run: [Boot Verify] bootvfy.exe O4 - HKLM\..\Run: [DRM Upgrade] drmupgd.exe O4 - HKLM\..\Run: [DVD Upgrade] dvdupgd.exe O4 - HKLM\..\Run: [Font Viewer] fontviewer.exe O4 - HKLM\..\Run: [hotefix] msnmanegers.exe O4 - HKLM\..\RunServices: [hotefix] msnmanegers.exe O4 - HKLM\..\RunOnce: [hotefix] msnmanegers.exe O4 - HKCU\..\Run: [hotefix] msnmanegers.exe O4 - HKCU\..\RunOnce: [hotefix] msnmanegers.exe O4 - HKCU\..\Run: [liibr] C:\WINDOWS\liibr.exe O4 - HKLM\..\Run: [MS Paint] mspainter.exe O4 - HKLM\..\Run: [rsrvmon.exe] C:\WINDOWS\System32\drivers\rsrvmon.exe O4 - HKCU\..\Run: [SfKg6wIP] %AppData%\Microsoft\Windows\(RandomName).exe O4 - HKCU\..\Run: [SpeedRunner] %AppData%\SpeedRunner\SpeedRunner.exe O4 - HKLM\..\Run: [Sysctrls] win32dll.exe O4 - HKLM\..\RunServices: [Sysctrls] win32dll.exe O4 - HKCU\..\Run: [Sysctrls] win32dll.exe O4 - HKLM\..\Run: [system32WXBP Agent] C:\WINDOWS\system32WXBP.exe O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe O4 - HKCU\..\Run: [userinit] %AppData%\ntos.exe O4 - HKLM\..\Run: [Windows Services Aganters] (Random 10 Letter).exe O4 - HKLM\..\RunServices: [Windows Services Aganters] (Random 10 Letter).exe O4 - HKCU\..\Run: [Windows Services Aganters] (Random 10 Letter).exe O21 - SSODL: vadokmxt - {********-****-****-****-************} - C:\WINDOWS\vadokmxt.dll O21 - SSODL: wdpoefan - {********-****-****-****-************} - C:\WINDOWS\wdpoefan.dll njqzpir.sys widuxngq.sys v1.172 (18/04/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Mctray.exe O2 - BHO: PCTools - {********-****-****-****-************} - C:\WINDOWS\(Random Name).dll O2 - BHO: PCTools - {********-****-****-****-************} - C:\WINDOWS\pctools.dll O2 - BHO: 892267 helper - {25E0128D-AAFC-49FF-AB11-1F12C2FCC391} - C:\WINDOWS\system32\892267\892267.dll O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - %Windir%\system\wlcstp32.dll O2 - BHO: Codec pack - {C44Ad542-3B2E-ab42-32ba-a11651A36980} - C:\Program Files\Common Files\System\sys_vd4.dat O2 - BHO: 312191 helper - {E4E30C12-F249-43D5-ACE3-E0C380448648} - C:\WINDOWS\system32\312191\312191.dll O4 - HKLM\..\Run: [explorer] iexplore.exe O4 - HKLM\..\RunServices: [explorer] iexplore.exe O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\alm7tas.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\alm7tas.exe O4 - HKLM\..\Run: [Microsoft Manage Services] sychost.exe O4 - HKLM\..\Run: [Messenger Sharing Control] mnwsvc.exe O4 - HKLM\..\Run: [Remote Event System] resmsvc.exe O4 - HKLM\..\Run: [Remote Storage Access] rmasvc.exe O4 - HKLM\..\Run: [Remote Terminal Task] rtsbsvc.exe O4 - HKLM\..\Run: [System Config] sysloadcnf.exe O4 - HKLM\..\Run: [Windows debug logging] winlogg.exe O4 - HKLM\..\RunServices: [Windows debug logging] winlogg.exe O4 - HKCU\..\Run: [Windows debug logging] winlogg.exe O4 - HKLM\..\Run: [Windows live Messenger] msn.com O4 - HKLM\..\Run: [Windows Live Messenger Addon] wllivemsngr.exe O4 - HKLM\..\Run: [Windows logging] asgasg.exe O4 - HKLM\..\RunServices: [Windows logging] asgasg.exe O4 - HKCU\..\Run: [Windows logging] asgasg.exe O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\system32\mdm.exe O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\system32\mdm.exe O4 - HKLM\..\Run: [Windows Service Threads] svcthreading.exe O4 - HKLM\..\Run: [winlogon] c:\winlogon.exe O4 - HKCU\..\Run: [Wintl] %AppData%\Microsoft\Windows\msdred.exe O4 - HKLM\..\Run: [WPlayer] C:\windows\WPlayer.exe O21 - SSODL: SleepApp - {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\system32\sleep32.dll O23 - Service: (Random Name) - Unknown owner - C:\WINDOWS\system32\svshost.exe O23 - Service: (Random Name) - Unknown owner - C:\WINDOWS\system32\csrcs.exe O23 - Service: McAfee Security Agent Taskbar Extension. - Unknown owner - C:\WINDOWS\Mctray.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {56E511A3-51E1-A4CD-E2C1-A3A1214AA1AC} C:\WINDOWS\msdred.exe v1.171 (15/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\Client\svchost32.exe, O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\lgmxvpat***.dll O2 - BHO: WinSurf - {********-****-****-****-************} - %windir%\ps16sys.dll O2 - BHO: WinSurf - {********-****-****-****-************} - %windir%\winsurf.dll O2 - BHO: SearchHelper Class - {17C4A3BE-BFC0-4dea-A11C-77979ADBDB17} - C:\WINDOWS\system32\FeedMerge.dll O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - berg2.dll O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - tinox1.dll O2 - BHO: 729732 helper - {62CAE572-A9CC-4503-B338-20E06E5C9EDE} - C:\WINDOWS\system32\729732\729732.dll O2 - BHO: Gamburg provider - {937A3F9C-6D70-483f-804F-BB6C118FE760} - dsxmm.dll O2 - BHO: 403445 helper - {9E654A16-4765-4EAA-94EC-D5A6578053A4} - C:\WINDOWS\system32\403445\403445.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - %ProgramFiles%\Google\googletoolbar1.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - %UserProfile%\Google\googletoolbar1.dll O2 - BHO: Help - {CADB5E0F-0223-A58F-D6EF-326223BC90CA} - C:\WINDOWS\system\hnqtse32.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll O3 - Toolbar: qtvglped - {********-****-****-****-************} - C:\WINDOWS\qtvglped.dll O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll O4 - HKLM\..\Run: [VirusIsolator] C:\Program Files\VirusIsolator\VirusIsolator O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\(Random Name).exe O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\(Random Name)v.exe O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe O21 - SSODL: omlbpkaw - {********-****-****-****-************} - C:\WINDOWS\omlbpkaw.dll O21 - SSODL: pmsoarbf - {********-****-****-****-************} - C:\WINDOWS\pmsoarbf.dll qaszpurn.sys v1.170 (12/04/08) O2 - BHO: DVA Storm - {********-****-****-****-************} - C:\WINDOWS\nslbvxpg***.dll O2 - BHO: Sofos - {********-****-****-****-************} - %Windir%\sofos16x.dll O2 - BHO: Sofos - {********-****-****-****-************} - %Windir%\sofos32x.dll O2 - BHO: 286858 helper - {63C02D81-F739-427C-907A-FA6B4FDB39A6} - C:\WINDOWS\system32\286858\286858.dll O3 - Toolbar: sgoblxtm - {********-****-****-****-************} - C:\WINDOWS\sgoblxtm.dll O4 - HKLM\..\Run: [pronto] (Random 4 Letter).exe O4 - HKLM\..\RunServices: [pronto] (Random 4 Letter).exe O21 - SSODL: dsktbwfe - {********-****-****-****-************} - C:\WINDOWS\dsktbwfe.dll O21 - SSODL: ogxtsepr - {********-****-****-****-************} - C:\WINDOWS\ogxtsepr.dll O21 - SSODL: oledll - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {4E854318-1FFB-B264-1032-711E005C6AAA} C:\WINDOWS\system32\cdp.exe v1.169 (10/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe, O2 - BHO: sm_ie_monitor.ie_monitor - {1077480F-C8C5-41FB-A4CA-06EA44A3D318} - C:\Program Files\SpyMaxx\sm_ie_monitor.dll O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll O2 - BHO: as_ie_monitor.ie_monitor - {BD73EBF4-BA5A-4C41-B13F-84E8CA5F2599} - C:\Program Files\AntispyStorm\as_ie_monitor.dll O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\IEBHO.dll O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\IEBHO**.dll O4 - HKLM\..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe O4 - HKLM\..\Run: [autoload] %appdata%\windowsupdate.exe O4 - HKCU\..\Run: [autoload] %appdata%\windowsupdate.exe O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb.exe O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb*.exe O4 - HKCU\..\Run: [kavir] C:\WINDOWS\kavir.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKLM\..\Run: [SpyMaxx] C:\Program Files\SpyMaxx\SpyMaxx.exe O4 - HKCU\..\Run: [spywareisolator] C:\Program Files\SpywareIsolator\spywareisolator.exe O4 - HKLM\..\Run: [win23.exe] win23.exe O4 - HKCU\..\Run: [win23.exe] win23.exe O4 - HKLM\..\Run: [Windll] C:\WINDOWS\windll.exe O4 - HKLM\..\Run: [Windows Offical Netvvorks] mywriter32.exe O4 - HKCU\..\Run: [Windows Offical Netvvorks] mywriter32.exe O4 - HKCU\..\Run: [XMLmedia 10.0] "C:\WINDOWS\system32\wmsdkns.exe" O21 - SSODL: (Random Name) - {********-****-****-****-************} - C:\WINDOWS\Resources\(Random Name).dll O23 - Service: MSSysInterv - Unknown owner - C:\WINDOWS\winself.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} %Windir%\Bifrost\bifrost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {08B0E5C0-4FCB-11CF-AAX5-00401C608512} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\autorun.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {08B0E5C0-4FCB-11CF-AAX5-81C01C608512} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {08B0E5C0-4FCB-11CF-AAX5-90401C608512} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {18B0E5C2-99CB-11CF-AXX5-00401C648513} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe zeqbqwp.sys v1.168 (09/04/08) O2 - BHO: Explorer - {2782DD1A-7F56-CACD-B700-602A8436709B} - "%Windir%\system\wlcstd32.dll O2 - BHO: 209789 helper - {5C78E2DB-5AFC-4A3B-9B9F-6AF136562E6F} - C:\WINDOWS\system32\209789\209789.dll O2 - BHO: 215651 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - C:\WINDOWS\system32\215651\215651.dll O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\system32\375013\375013.dll O2 - BHO: 394559 helper - {3602D2F2-1511-47B3-BCF3-78329701F1B5} - C:\WINDOWS\system32\394559\394559.dll O2 - BHO: 624855 helper - {0E9A703A-D3D3-4663-9DDB-8558A4EB46AB} - C:\WINDOWS\system32\624855\624855.dll O4 - HKLM\..\Run: [Windows modez Verifier] wuamguard.exe O4 - HKLM\..\RunServices: [Windows modez Verifier] wuamguard.exe O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\system32\head2.exe O4 - HKLM\..\Run: [Remote Services Manager] msrmsvc.exe O4 - HKLM\..\Run: [Windows Live Msgr] wllivemsgr.exe O4 - HKLM\..\Run: [Windows Live Messenger!] livemsngr.exe O23 - Service: LPTRDC server (LPTRDCsrv) - Unknown owner - C:\WINDOWS\ctfmon.exe v1.167 (06/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe O2 - BHO: DVA Media - {********-****-****-****-************} - C:\WINDOWS\temlxopqblp.dll O2 - BHO: FLW Viewer - {********-****-****-****-************} - C:\WINDOWS\cndr32a.dll O3 - Toolbar: vnbptxlf - {********-****-****-****-************} - C:\WINDOWS\vnbptxlf.dll O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe O4 - HKLM\..\Run: [MSN Live Client] msnlvclient.exe O4 - HKLM\..\Run: [winlogon] c:\windows\winlogon.exe O21 - SSODL: mgsvflkw - {********-****-****-****-************} - C:\WINDOWS\mgsvflkw.dll O21 - SSODL: qdnkewfa - {********-****-****-****-************} - C:\WINDOWS\qdnkewfa.dll O23 - Service: Microsoft XP TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\winxptcp.exe serazavr.log zalpqbj.sys v1.166 (04/04/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^^.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%%%.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\svchost32.exe, O2 - BHO: Media Codec - {********-****-****-****-************} - C:\WINDOWS\kiasys.dll O2 - BHO: Web Protection Module - {03C59006-FF31-11DC-A920-7C3956D89593} - C:\WINDOWS\system32\kwpm.dll O2 - BHO: Explorer - {3348D07C-7C5C-D2C4-CFBA-A47F82347C8B} - C:\WINDOWS\system32\wjcstd32.dll O2 - BHO: Helper - {5348C01C-0CAC-DFC1-C2B5-A17C8F346C5B} - C:\WINDOWS\system32\wicstd32.dll O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - c:\autoex.dll O4 - HKCU\..\Run: [aromis] C:\WINDOWS\aromis.exe O4 - HKLM\..\Run: [autoload] %appdata%\spool.exe O4 - HKCU\..\Run: [autoload] %appdata%\spool.exe O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^^.exe O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%%%.exe O4 - HKLM\..\Run: [Internet Security Service] mysqlwin32.exe O4 - HKLM\..\RunServices: [Internet Security Service] mysqlwin32.exe O4 - HKCU\..\Run: [Internet Security Service] mysqlwin32.exe O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor O4 - HKLM\..\Run: [msdefender.exe] C:\WINDOWS\system32\msdefender.exe O4 - HKLM\..\Run: [MSN File Sharing] msnusr.exe O4 - HKLM\..\Run: [MSN Update Service] msnupdsv.exe O4 - HKLM\..\Run: [Msshield.exe] C:\WINDOWS\Msshield.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe O4 - HKLM\..\Run: [System Manager] sysmngr.exe O4 - HKLM\..\Run: [WinDLL (bix.exe)] rundll32.exe C:\WINDOWS\System32\bix.exe,start O4 - HKLM\..\Run: [WinDLL (slsass.exe)] rundll32.exe C:\WINDOWS\System32\slsass.exe,start O4 - HKLM\..\Run: [WinDLL (start0s.exe)] rundll32.exe C:\WINDOWS\System32\start0s.exe,start O4 - HKLM\..\Run: [WinDLL (tqurity.exe)] rundll32.exe C:\WINDOWS\System32\tqurity.exe,start O4 - HKLM\..\Run: [Windows MSN Updates] C:\WINDOWS\System32\wnd32.exe O4 - HKCU\..\Run: [Windows MSN Updates] C:\WINDOWS\System32\wnd32.exe O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL O23 - Service: Google Online Services - Unknown owner - %UserProfile%\ie_updates3r.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\ctfmon.exe v1.165 (31/03/08) F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe" F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe O2 - BHO: ****** helper - {********-****-****-****-************} - C:\WINDOWS\system32\******\******.dll O2 - BHO: Codec pack - {b448d946-3623-42ab-ba32-c08651e36980} - C:\Program Files\Common Files\System\sys_vd4.dat O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\(Random Name).dll O4 - HKCU\..\Run: [aromis] C:\WINDOWS\aromis.exe O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^.exe O4 - HKLM\..\Run: [MSN Booster] msnbooster.exe O4 - HKLM\..\Run: [MSN UPSP] msnupnp.exe O4 - Global Startup: update.exe O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll O22 - SharedTaskScheduler: (Random Name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\(Random Name).dll O23 - Service: Management System (XSML) - Unknown owner - C:\WINDOWS\system32\sxml.exe v1.164 (29/03/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\wspl.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsnpoema.exe, O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\WINDOWS\svpekgon***.dll O3 - Toolbar: stfngdvw - {********-****-****-****-************} - C:\WINDOWS\stfngdvw.dll O4 - HKCU\..\Run: [bigoris] C:\WINDOWS\bigoris.exe O4 - HKLM\..\Policies\Explorer\Run: [DvVideo32] dvvid32.exe O4 - HKLM\..\Run: [Msn Boot] msnbootcfg.exe O4 - HKLM\..\Run: [MSN Software] msnsoftware.exe O4 - HKLM\..\Run: [ToolHelp] hwpv.exe O21 - SSODL: fkdnrwsv - {********-****-****-****-************} - C:\WINDOWS\fkdnrwsv.dll O21 - SSODL: sxfnewqb - {********-****-****-****-************} - C:\WINDOWS\sxfnewqb.dll O23 - Service: CxEvtSvc - Unknown owner - C:\WINDOWS\System32\CxEvtSvc.exe v1.163 (28/03/08) O2 - BHO: Connection Optimizer - {20DB9EAE-C9AA-11DC-BD97-09A456D89593} - C:\WINDOWS\system32\ssa.dll O2 - BHO: DiginkBHO Class - {73fc67a7-bdd3-48d0-b358-3a11bab21720} - C:\WINDOWS\TinyBHO.dll O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - comd32.dll O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll O4 - HKLM\..\Run: [Microsoft Services] msmpserv.exe O4 - HKLM\..\Run: [MSN Manager] msnmgrsv.exe O4 - HKLM\..\Run: [MSN User Service!] msnserv.exe O4 - HKLM\..\Run: [MSN User Services] msnuserv.exe O4 - HKLM\..\Run: [Windows Booter] winboot.exe v1.162 (26/03/08) O2 - BHO: Media Player Codec - {********-****-****-****-************} - C:\WINDOWS\dsaip32b.dll O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll O2 - BHO: FeedBack 0.2 - {C0FF3949-2B75-4C1A-970E-BF98CC6A32C6} - C:\Windows\System32\dass.dll O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntnkwd.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe O4 - HKLM\..\Run: [{**-**-**-**-**}] C:\WINDOWS\system32\rwwnw64d.exe DWram O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntnkwd.exe DWram O4 - HKLM\..\Run: [MSN File Sharing!] msnuser.exe O4 - HKLM\..\Run: [MSN Serv] msmsnserv.exe O4 - HKLM\..\Run: [Msn Serv] msnserv.exe O4 - HKLM\..\Run: [MSN Server] msmsnserver.exe O4 - HKLM\..\Run: [MSN Settings] msnsettings.exe O4 - HKLM\..\Run: [MSN User] mymsnusr.exe O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart v1.161 (25/03/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe, O4 - HKLM\..\Run: [Msn Startup] msnstartup.exe O4 - HKLM\..\Run: [MSN User Server] msnserver.exe O4 - HKLM\..\Run: [Windows Boot] windowsboot.exe O4 - HKLM\..\Run: [Windows Conf] windowsconf.exe O4 - HKLM\..\Run: [Windows Driver!] windriver.exe v1.160 (24/03/08) O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\Windows\dwvdwnq***.dll O2 - BHO: GNX Bingo - {********-****-****-****-************} - C:\WINDOWS\kdftlboe***.dll O2 - BHO: Helper - {5145C41C-1CEC-DDCB-CAB9-A47C8B346251} - C:\WINDOWS\system32\whcstd32.dll O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Program Files\Helper\**********.dll O2 - BHO: Gamburg provider - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - %System%\msindc.dll O3 - Toolbar: ewrssvw - {********-****-****-****-************} - C:\WINDOWS\ewrssvw.dll O3 - Toolbar: qvdntlmw - {********-****-****-****-************} - C:\WINDOWS\qvdntlmw.dll O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\system32\bskl***.exe"/r O4 - HKLM\..\Run: [LSA Shellu] %UserProfile%\lsass.exe O4 - HKLM\..\Run: [Microsoft Update] rxbot2.exe O4 - HKLM\..\RunServices: [Microsoft Update] rxbot2.exe O4 - HKCU\..\Run: [Microsoft Update] rxbot2.exe O4 - HKLM\..\Run: [Msn Host] msnhost.exe O4 - HKLM\..\Run: [Msn Loader] msnloader.exe O4 - HKLM\..\Run: [Mss Serv] msssrv.exe O4 - HKLM\..\Run: [windll] windll.exe O4 - HKLM\..\Run: [Windows Configurator] winconf.exe O4 - HKLM\..\Run: [Windows System] winsystem.exe O4 - HKLM\..\Run: [Windows System Manager] winsysmgr.exe O21 - SSODL: aflqfkw - {********-****-****-****-************} - C:\Windows\aflqfkw.dll O21 - SSODL: btpqkmo - {********-****-****-****-************} - C:\Windows\btpqkmo.dll O21 - SSODL: dwnrpofk - {********-****-****-****-************} - C:\WINDOWS\dwnrpofk.dll O21 - SSODL: vbgtorfd - {********-****-****-****-************} - C:\WINDOWS\vbgtorfd.dll O23 - Service: Google Online Search Service - 2nd - Unknown owner - C:\WINDOWS\system32\winlast.exe v1.159 (20/03/08) O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - %Windir%\ausctv32a.dll O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\iesearch.dll O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\search.dll O2 - BHO: Gamburg provider - {CA462103-CC5D-4b2e-95D6-01636A838DCB} - hkcom32.dll O2 - BHO: Gamburg provider - {CA462103-CC5D-4b2e-95D6-01636A838DCB} - tkcom32.dll O2 - BHO: Gamburg provider - {FFFFFFFF-5FBA-43f9-B7DB-2FD61EB25275} - tkcom32.dll O2 - BHO: Gamburg provider - {FFFFFFFF-5FBA-43f9-B7DB-2FD61EB25275} - hkcom32.dll O4 - HKLM\..\Run: [Boot Conf] bootconf.exe O4 - HKLM\..\Run: [Boot Config] bootconfig.exe O4 - HKLM\..\Run: [DriveSystem] C:\WINDOWS\system32\maxpaynowti1.exe O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe O4 - HKLM\..\Run: [MSN Config Mgr] msnconfigs.exe O4 - HKLM\..\Run: [User Debug Manager] usndebug.exe O4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [SystemDrive] C:\WINDOWS\system32\maxpaynow1.exe O4 - HKLM\..\Run: [System Manager] sysmgr.exe O4 - HKLM\..\Run: [Wifi Boot] wifiboot.exe O4 - HKLM\..\Run: [Wifi Booter] wifibooter.exe O4 - HKLM\..\Run: [Wifi Configuration] wificonfig.exe O4 - HKLM\..\Run: [Wifi Configuration!] wificonfigs.exe O4 - HKLM\..\Run: [Wifi Connection] wificon.exe O4 - HKLM\..\Run: [Wifi Connection!] wificonnect.exe O4 - HKLM\..\Run: [Wifi Debug] wifidebug.exe O4 - HKLM\..\Run: [Wifi Loader] wifiload.exe O4 - HKLM\..\Run: [Wifi Loader!] wifiloader.exe O4 - HKLM\..\Run: [Wifi Setup] wifisetup.exe O4 - HKLM\..\Run: [Win Defrag] windfrag.exe O4 - HKLM\..\Run: [Win Defrag!] windefrag.exe O4 - HKLM\..\Run: [Win Defrags] defrag.exe O4 - HKLM\..\Run: [Windows 32-bit DLL Integrity Verifier] dllrun.exe O4 - HKLM\..\RunServices: [Windows 32-bit DLL Integrity Verifier] dllrun.exe O4 - HKLM\..\Run: [Windows Boot] winboot.exe O4 - HKLM\..\Run: [Windows Booter!] winbooter.exe O4 - HKLM\..\Run: [Windows Config] winconfig.exe O4 - HKLM\..\Run: [Windows Default Server] winampa.exe O4 - HKLM\..\Run: [Windows Driver] windrive.exe O4 - HKLM\..\Run: [Windows Drivers] windrivers.exe O4 - HKLM\..\Run: [Windows Server] winserv.exe O4 - HKLM\..\Run: [Windows Server!] winsvr.exe O4 - HKLM\..\Run: [Windows Services Guide] svcguides.exe O4 - HKLM\..\Run: [Windows Spool] winspool.exe O21 - SSODL: WLogon - {C222CF11-145F-2FF2-31AC-F613D471C63D} - C:\WINDOWS\system32\wlogon32.dll O23 - Service: 1Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlegal.exe O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\system32\wnslogan.exe v1.158 (17/03/08) O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - C:\Program Files\Helper\**********.dll O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - berg2.dll O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll O2 - BHO: Gamburg provider - {FFFFFFFF-8F0D-4322-B01F-B42439E0B71C} - hkcom32.dll O4 - HKLM\..\Run: [Serices Hostin] servicez.exe O4 - HKLM\..\Run: [Services Manager!] svmanager.exe O4 - HKLM\..\Run: [Services Manager] svsmanager.exe O4 - HKLM\..\Run: [Services Managers] svcmanager.exe O4 - HKLM\..\Run: [SystemMigration] C:\WINDOWS\WinMedia.exe O4 - HKLM\..\Run: [Windows Hosts] winhosts.exe O4 - HKLM\..\Run: [Windows Services B-Runner] svcbrun.exe O4 - HKLM\..\Run: [Windows Services B-Runner] svcbrunner.exe O4 - HKLM\..\Run: [Windows Services Jog] svcjog.exe O4 - HKLM\..\Run: [Windows Services Jogging] svcjogging.exe O4 - HKLM\..\Run: [Windows Services Joging] svcjoging.exe O4 - HKLM\..\Run: [Windows Spooler] winsplr.exe v1.157 (14/03/08) O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\WinSecureAv\Tools\pblock.dll O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - sbmdl.dll O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\WinSecureAv\Tools\sbiebho.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - sbmdl.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: Gamburg provider - {FFFFFFFF-8F0D-4322-B01F-B42439E0B71C} - tkcom32.dll O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\WinSecureAv\bm.exe" * O4 - HKLM\..\Run: [MS Host] msthost.exe O4 - HKLM\..\Run: [MS Hosts] msthosts.exe O4 - HKLM\..\Run: [Mss VC] mssvc.exe O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\WinSecureAv\pgs.exe" /empty O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSecureAv\ptask.exe O4 - HKLM\..\Run: [Servicer] servcr.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [some] scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKLM\..\Policies\Explorer\Run: [start] sbmntr.exe O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\WINSEC~1\ugac.exe" -start O4 - HKLM\..\Run: [Windows Services Certification] svccert.exe O4 - HKLM\..\Run: [Windows Services Jog] svcjogg.exe O4 - HKLM\..\Run: [Windows Services Joger] svcjoger.exe O4 - HKLM\..\Run: [Windows Services Tower] svctowing.exe O4 - HKLM\..\Run: [WinSecureAv] C:\Program Files\WinSecureAv\pgs.exe O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.(site name).com/redirect.php O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.(site name).com/redirect.php v1.156 (12/03/08) F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe O2 - BHO: e404 helper - {D4FEDE82-C500-4AA4-BB99-A4DAE5A65A46} - C:\Program Files\Helper\**********.dll O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe O4 - HKLM\..\Run: [Application Layer Scheduler] agtsvc.exe O4 - HKLM\..\Run: [Windows Global Init] ngpsvc.exe O4 - HKLM\..\Run: [Windows Scheduler] wmscheduler.exe O4 - HKLM\..\Run: [Windows Scheduler!] scheduler.exe O4 - HKLM\..\Run: [Windows Services Guide] svcguide.exe O4 - HKLM\..\Run: [Microsoft Spool 11 Service] spool11.exe O4 - HKLM\..\Run: [Microsoft Spool 12 Service] spool12.exe O4 - HKLM\..\Run: [Microsoft Spool 13 Service] spool13.exe O4 - HKLM\..\Run: [Microsoft Spool 14 Service] spool14.exe O4 - HKLM\..\Run: [Microsoft Spool 15 Service] spool15.exe O4 - HKLM\..\Run: [Microsoft Spool 16 Service] spool16.exe O4 - HKLM\..\Run: [Microsoft Spool 17 Service] spool17.exe O4 - HKLM\..\Run: [Microsoft Spool 18 Service] spool18.exe O4 - HKLM\..\Run: [Microsoft Spool 19 Service] spool19.exe O4 - HKLM\..\Run: [Microsoft Spool 20 Service] spool20.exe O4 - HKLM\..\Run: [Microsoft Spool 21 Service] spool21.exe O4 - HKLM\..\Run: [Microsoft Spool 22 Service] spool22.exe O4 - HKLM\..\Run: [Microsoft Spool 23 Service] spool23.exe O4 - HKLM\..\Run: [Microsoft Spool 24 Service] spool24.exe O4 - HKLM\..\Run: [Microsoft Spool 25 Service] spool25.exe O4 - HKLM\..\Run: [Microsoft Spool 26 Service] spool26.exe O4 - HKLM\..\Run: [Microsoft Spool 27 Service] spool27.exe O4 - HKLM\..\Run: [Microsoft Spool 28 Service] spool28.exe O4 - HKLM\..\Run: [Microsoft Spool 29 Service] spool29.exe O4 - HKLM\..\Run: [Microsoft Spool 30 Service] spool30.exe O4 - HKLM\..\Run: [Microsoft Spool 87 Service] spool87.exe O4 - HKLM\..\Run: [Microsoft Spool Service] spool23.exe O4 - HKLM\..\Run: [Microsoft Urlmon] "C:\WINDOWS\system32\urlmon.exe" -r O4 - HKLM\..\Run: [Windows Explorer Services] exploresys.exe O4 - HKLM\..\Run: [Windows Service Threads] svcthreads.exe O4 - HKLM\..\Run: [Windows Services Tower] svctowers.exe O4 - HKLM\..\Run: [Windows Task Mgr] mstasks.exe O4 - HKLM\..\Run: [Windows Task Mgr!] mstasker.exe O4 - HKLM\..\Run: [Windows Media Server] wmserv.exe O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1sv.exe v1.155 (10/03/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\pdf.exe O2 - BHO: RDL Rolex - {********-****-****-****-************} - C:\WINDOWS\drnpfdx***.dll O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\shwol.dll O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\socks_bot.dll O2 - BHO: Gamburg provider - {FD29313B-391A-4691-AF33-5A29C4EC6339} - bnsock.dll O3 - Toolbar: etlrlws - {********-****-****-****-************} - C:\WINDOWS\etlrlws.dll O21 - SSODL: altvxvm - {********-****-****-****-************} - C:\WINDOWS\altvxvm.dll O21 - SSODL: bokpkov - {********-****-****-****-************} - C:\WINDOWS\bokpkov.dll O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe O23 - Service: Print2Email - Unknown owner - C:\WINDOWS\pdf.exe v1.154 (08/03/08) O2 - BHO: Simple Search Assistant - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - C:\WINDOWS\system32\ssa.dll O2 - BHO: RDL Rolex - {0CB4765E-BF84-461A-B820-E61D8CD7A9E2} - C:\WINDOWS\dkxrstqqlx.dll O2 - BHO: SWF Data - {35D2328C-B75A-81BF-081C-B1E9DC54F3EE} - C:\WINDOWS\system\wlcstd32.dll O2 - BHO: RDL Rolex - {3D775ACD-B37F-4341-B671-CB4DE6712EDF} - C:\WINDOWS\dkxrstqmnr.dll O2 - BHO: RDL Rolex - {5BDFEFB8-2E48-40AC-B22B-CC96DBA71FDF} - C:\WINDOWS\dkxrstqxqp.dll O2 - BHO: RDL Rolex - {6BF442E4-D165-46BD-B4B9-D6A69F1C20BA} - C:\WINDOWS\dkxrstqglq.dll O2 - BHO: RDL Rolex - {83BA32CB-81AD-44A3-A0BE-9924A258931C} - C:\WINDOWS\dkxrstqvql.dll O2 - BHO: e404 helper - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - C:\Program Files\Helper\*********.dll O2 - BHO: RDL Rolex - {9BD36596-E80E-47C6-A391-0AF979F2A24B} - C:\WINDOWS\dkxrstqgmp.dll O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\WINDOWS\system32\msram.dll O2 - BHO: RDL Rolex - {B52BAFD4-FD07-4445-A602-CCF49BC2D6E3} - C:\WINDOWS\dkxrstqqgr.dll O2 - BHO: Windows Media Player - {D480850D-85D1-4836-9AEA-86C185CDAE29} - C:\WINDOWS\wmpdxm.dll O2 - BHO: RDL Rolex - {DE875416-E26A-40B2-B3AA-1D2AF0EA09FE} - C:\WINDOWS\dkxrstqxdw.dll O2 - BHO: RDL Rolex - {EB2963E8-6425-4723-809D-7D8785740590} - C:\WINDOWS\dkxrstqlkd.dll O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll O2 - BHO: Windows Media Player - {F3167A8F-30FF-4BA1-9FF8-03568E53BC1A} - C:\WINDOWS\wmpdxm.dll O2 - BHO: Windows Media Player - {F757B0A0-E8CA-4CC3-BFF5-DECD70DFEEDA} - C:\WINDOWS\wmpdxm.dll O3 - Toolbar: enlfxgw - {039A1FE2-1C56-4FBD-B9B1-86BC650F1867} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {66C3B7DA-D037-41F3-A951-55D7B85DE097} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {6F935236-97C7-42A0-AD79-AD299EB60E83} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {959BA9FF-BE80-4A4A-8BB7-7650FD5155A2} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {A133882E-2F89-47A3-A01C-8FA1D04B8E57} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {A61C6CD7-49E2-4A57-B1BB-6F23DA1DBDF0} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {B01B1DB1-AEBB-4920-A353-88E1C97BCA2E} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {BB834DE7-ADD8-49ED-826A-3DE15ED23A44} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {BB99C038-EEE6-44F9-9F70-821824438961} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {D2F58A1B-3FF2-4789-824F-F6000B9E9A78} - C:\WINDOWS\enlfxgw.dll O4 - HKLM\..\Run: [advap32] "%userprofile%\~tmp1174.exe" /r O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\TEMP\loader.exe" /r O4 - HKLM\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe O4 - HKLM\..\Run: [Disk Panel Setup] npcsvc.exe O4 - HKLM\..\Run: [MalwareCrush] C:\Program Files\MalwareCrush\MalwareCrush.exe /h O4 - HKLM\..\Run: [Media Server] msdts.exe O4 - HKLM\..\Run: [Media Transfer Protocals] msstc.exe O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKLM\..\Run: [OS Boot Configuration] nspsvc.exe O4 - HKLM\..\Run: [Spooler Host] smhost.exe O4 - HKLM\..\Run: [Windows Instruction Services] winstruct32.exe O4 - HKLM\..\Run: [Windows Keyboard Services] winkeyboard.exe O4 - HKLM\..\Run: [Windows Media Server!] wmserver.exe O4 - HKLM\..\Run: [Windows Mouse Services] winmouse.exe O4 - HKLM\..\Run: [Windows Mouse Services] winmouse64.exe O4 - HKLM\..\Run: [Windows Network Session] nspsvc.exe O4 - HKLM\..\Run: [Windows Protected Storage] npssvc.exe O4 - HKLM\..\Run: [Windows Relay Service] ipcbind.exe O4 - HKLM\..\Run: [Windows Relay Service] irfnga.exe O4 - HKLM\..\Run: [Windows Virus Scanner] winvsvc.exe O4 - HKLM\..\Run: [WinMed] winmed.exe O23 - Service: 1Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlugan.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe v1.153 (05/03/08) O2 - BHO: RDL Rolex - {A3F21B85-2164-4C17-B5C8-A7E93540F8D6} - C:\WINDOWS\dkxrstqqxn.dll O2 - BHO: Windows Media Player - {E01D62BE-3C96-4165-A54F-1A51CD75D6F9} - C:\WINDOWS\wmpdxm.dll O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\windows\system\nadlocop.exe O4 - HKLM\..\Run: [Microsoft machine] blah.exe O4 - HKLM\..\RunServices: [Microsoft machine] blah.exe O4 - HKLM\..\Run: [Windows System32] explorer.exe O4 - HKLM\..\RunServices: [Windows System32] explorer.exe O4 - HKCU\..\Run: [Windows System32] explorer.exe O4 - HKCU\..\RunServices: [Windows System32] explorer.exe O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide O21 - SSODL: mtkle - {********-****-****-****-************} - C:\WINDOWS\System32\(Random Name)32.dll O23 - Service: Microsoft Logitech WLAN - Unknown owner - C:\WINDOWS\system32\dllcache\mslw.exe v1.152 (04/03/08) O2 - BHO: Windows Media Player - {7DB0A0E2-FD42-43AE-A12A-760DBBC3C876} - C:\WINDOWS\wmpdxm.dll O2 - BHO: RDL Rolex - {83BA32CB-81AD-44A3-A0BE-9924A258931C} - C:\WINDOWS\dkxrstqvql.dll O2 - BHO: Windows Media Player - {AFCB0C91-199F-4C49-9F62-09F8CBDAD17A} - C:\Windows\wmpdxm.dll O2 - BHO: RDL Rolex - {B8C5A2C9-639D-4A41-991C-005412790C99} - C:\WINDOWS\dkxrstqgxt.dll O2 - BHO: RDL Rolex - {BF108732-DF6A-4644-BC03-F04EB71763BF} - C:\WINDOWS\dkxrstqnog.dll O2 - BHO: RDL Rolex - {EC24DF10-9E45-4237-91A6-FEFA2237AF0C} - C:\WINDOWS\dkxrstqxwf.dll O3 - Toolbar: enlfxgw - {1E19EB78-46F9-43F8-93ED-BABF7B8CB2E7} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {41E5536C-D06D-4891-BF9B-BB511A803221} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {5CE71183-A2DF-4834-9D2F-8BA58000126A} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {C5C1C68B-79A3-461B-BF41-410CF67FABB4} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {DC1F4DE1-96E6-421E-888A-B7B2586D85CA} - C:\WINDOWS\enlfxgw.dll O4 - HKLM\..\Run: [Microsoft DLL Service] servicedll.exe O4 - HKLM\..\Run: [Microsoft Service 32] mssvc32.exe O4 - HKLM\..\RunServices: [Microsoft Service 32] mssvc32.exe O4 - HKLM\..\Run: [Microsoft Service 32] mssvc32.exe O4 - HKLM\..\RunOnce: [Microsoft Service 32] mssvc32.exe O4 - HKLM\..\Run: [MSN Configuration] msnconfig.exe O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe O4 - HKLM\..\Run: [User Sharing Wizard] usnshare.exe O4 - HKLM\..\Run: [Windows Default Server] wfdmgrsp.exe O4 - HKLM\..\Run: [Windows DotFix live] msdotfix.exe O4 - HKLM\..\Run: [Windows File XP Manager] wfdmgr.exe O4 - HKLM\..\Run: [Windows Logical Adapter] wsrsvc.exe O4 - HKLM\..\Run: [Windows Memory Running Services] memrun.exe O4 - HKLM\..\Run: [Windows Taskmanager] winpifviewer.exe v1.151 (03/03/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe, O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - bnsock.dll O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - klsock.dll O2 - BHO: RDL Rolex - {1F7CAFA7-9AB3-4198-A8B4-671DD6A73153} - C:\WINDOWS\dkxrstqdgn.dll O2 - BHO: mIRC Addon - {20222418-0727-4AD7-9B49-828A739CF858} - C:\WINDOWS\system32\msram.dll O2 - BHO: mIRC Addon - {20222418-0727-4AD7-9B49-828A739CF858} - C:\WINDOWS\system32\opa.dll O2 - BHO: RDL Rolex - {39E6E4A6-E6C3-48D7-8D25-7E964D8CD46F} - C:\WINDOWS\dkxrstqxrw.dll O2 - BHO: RDL Rolex - {527F343F-EED0-4B39-B7A7-F3FD23AB5095} - C:\WINDOWS\dkxrstqvrl.dll O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll O2 - BHO: RDL Rolex - {67BD0CC9-32AC-4F66-A5AF-E98D90ED556E} - C:\WINDOWS\dkxrstqqlv.dll O2 - BHO: RDL Rolex - {A817505E-AB08-40AB-AD4D-643831AE697A} - C:\WINDOWS\dkxrstqofr.dll O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - %Temp%\ieobj.dll O2 - BHO: RDL Rolex - {BA06C18F-C952-4BC7-BED6-00EEB2BA8C2A} - C:\WINDOWS\dgtxrdfrnq.dll O2 - BHO: RDL Rolex - {CA61B4B8-53F9-49A0-A712-6BD8B671E321} - C:\WINDOWS\dkxrstqrwx.dll O2 - BHO: RDL Rolex - {CD6E6FC0-7BED-4DE5-B37E-FB7CF0A567DF} - C:\WINDOWS\dkxrstqwkx.dll O3 - Toolbar: enlfxgw - {19548442-F344-4F08-A1D3-26C3B696F790} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {54FCE476-E78F-4405-951C-4163DBA7D286} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {9CF5CD0B-DED8-4AEC-9B00-80C9BCB9067D} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {C2448512-8C95-4034-8D0E-F1F3C4EC369B} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: enlfxgw - {C37757F5-7FB4-4273-B3BE-E81667449196} - C:\WINDOWS\enlfxgw.dll O3 - Toolbar: ekvgsnw - {D951325C-D0D2-4F21-BB7F-7D9B41193908} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: enlfxgw - {E4C0E700-8988-4D34-A531-CE8092750335} - C:\WINDOWS\enlfxgw.dll O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe O4 - HKLM\..\Run: [Disk Essensial Tools] detsvc.exe O4 - HKLM\..\Run: [Disk Panel Configuration] dpcsvc.exe O4 - HKLM\..\Run: [Flash Media] %Temp%\services.exe O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe O4 - HKLM\..\Run: [Microsoft Calculator] calc.exe O4 - HKLM\..\Run: [Microsoft Information Check] microsoft.exe O4 - HKLM\..\Run: [Microsoft Internet Antivirus Protection] antivirus.exe O4 - HKLM\..\Run: [Microsoft Internet Explorer Update] ieupdate.exe O4 - HKLM\..\Run: [Microsoft Internet Firewall] firewall.exe O4 - HKLM\..\Run: [Microsoft Internet Firewall Update] updater.exe O4 - HKLM\..\Run: [Microsoft Norton Antivirus] norton.exe O4 - HKLM\..\Run: [Microsoft System Monitor] system.exe O4 - HKLM\..\Run: [Microsoft Viewer Monitor Manager] viewmon.exe O21 - SSODL: apdqnxp - {********-****-****-****-************} - C:\WINDOWS\apdqnxp.dll O21 - SSODL: btrklfr - {********-****-****-****-************} - C:\WINDOWS\btrklfr.dll O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - %Temp%\~~install.dll v1.150 (01/03/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\schedhlp.exe O2 - BHO: RDL Rolex - {0E1A3F96-7459-46B7-848F-6E3A39B2398D} - C:\WINDOWS\dgtxrdfoqs.dll O2 - BHO: RDL Rolex - {6027FDCA-AE2C-438B-8535-3A96C154F97C} - C:\WINDOWS\dgtxrdfqnt.dll O2 - BHO: Flash Module - {6B1A0BFB-3B26-49c5-B699-F5692C673597} - ktaskr.dll O2 - BHO: Flash Module - {6B1A0BFB-3B26-49c5-B699-F5692C673597} - btaskv.dll O2 - BHO: RDL Rolex - {7B6C5DCC-59DE-407C-933D-DEBC2CEFC394} - C:\WINDOWS\dgtxrdfmng.dll O2 - BHO: Windows Media Player - {7CF52009-F408-49AE-BBCB-6279CB53BB42} - C:\WINDOWS\wmpdxm.dll O2 - BHO: e404 helper - {ACD587E9-0E47-4CBE-ABCD-7DD20B86F310} - C:\Program Files\s300\s300_**********.dll O2 - BHO: RDL Rolex - {C2A24021-8E30-4C40-8266-844A2746CA3B} - C:\WINDOWS\dgtxrdfmdl.dll O2 - BHO: RDL Rolex - {D63D92ED-3213-4E4E-B1BB-F612BC8B0068} - C:\WINDOWS\dgtxrdfqgk.dll O2 - BHO: RDL Rolex - {F2D6DA3F-061A-42FB-83E8-80FBDE005898} - C:\WINDOWS\dgtxrdfnfq.dll O3 - Toolbar: ekvgsnw - {27E82F45-2A53-4909-8462-206A43EC5359} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {4B438719-5135-42C8-B47F-83E93572FD1E} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {C04BC04E-1F31-4C85-801C-ACE5B1E84251} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {C8241E4D-67AB-4AFB-AA37-A65D5930E1EE} - C:\WINDOWS\ekvgsnw.dll O3 - Toolbar: ekvgsnw - {D7869ECF-6683-40A2-AEC2-3870FD2BCB22} - C:\WINDOWS\ekvgsnw.dll O4 - HKLM\..\Run: [Disk Defragmentation Loader] pmsvcr.exe O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKLM\..\Run: [Program Access Service] (Random 10 Letter).exe O4 - HKLM\..\RunServices: [Program Access Service] (Random 10 Letter).exe O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\s300\s300_1204076086.dll" O4 - HKLM\..\Run: [Windows Disk Manager] cmnvc.exe O4 - HKLM\..\Run: [Windows Essensials] mvnesc.exe O4 - HKLM\..\Run: [Windows Zero Spooler] nmvcs.exe O23 - Service: Acronis Scheduler_Helper - Unknown owner - C:\WINDOWS\schedhlp.exe O23 - Service: Program Learning Management System (PLMS) - Unknown owner - C:\WINDOWS\system32\plms.exe