SDFix Changelog: View ReadMe Press Enter or CTRL & F to Search with Firefox
1.240 (06/11/08) O2 - BHO: Rmn plugin - {5BEEFD1C-446F-48a7-A7C7-C8E5986A9760} - rbsgam.dll O2 - BHO: Rmn plugin - {5BEEFD1C-446F-48a7-A7C7-C8E5986A9760} - rbsgem.dll O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {c5af42a3-94f3-42bd-f434-3604832c897d} - C:\WINDOWS\system32\(Random Name).dll O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntmtdl.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe O4 - HKLM\..\Run: [{**-**-**-**-**}] c:\windows\system32\dwwnw64r.exe DWAM01 O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogun.exe O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogun.exe O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntmtdl.exe DWAM01 O4 - HKCU\..\Run: [gadcom] "%AppData%\gadcom\gadcom.exe" * O4 - HKCU\..\Run: [WindowsUpdate] C:\RECYCLER\S-1-5-21-**********-**********-*********-****\windowsupdate.exe O22 - SharedTaskScheduler: (Random Name) - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\(Random Name).dll O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\sxchost.exe v1.239 (03/11/08) F2 - REG:system.ini: Shell=explorer.exe Servicess.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msupdt.exe, O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\rsdgbtkq***.dll O2 - BHO: Game.OS - {3A303EF6-2598-4D2D-B4DA-DEFA7CD0DC51} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: gootbl2 - {435ADC46-DCAB-4593-92C8-25D2BEFCEAB7} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Kaspaz - {6ECB8E85-7A9E-4175-8113-1136D1A325DB} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IXO.crash - {87A69B72-DAE6-4517-BD12-42F62CF395FB} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: 311496 helper - {95325092-62FC-473B-B32A-AE613278855B} - C:\WINDOWS\System32\311496\311496.dll O2 - BHO: Load-Spy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Kioals - {DED2B61B-1A26-4566-BF2F-DE539D4468DD} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Lamsa - {DED2B61B-1A26-4566-BF2F-DE539D4468DD} - C:\WINDOWS\system32\(Random Name).dll O3 - Toolbar: wvfsrqab - {********-****-****-****-************} - C:\WINDOWS\wvfsrqab.dll O4 - HKLM\..\Run: [antispyknight] C:\Program Files\AntispyKnight\antispyknight.exe O4 - HKCU\..\Run: [internet security manager] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe O4 - HKCU\..\Run: [kek] c:\WINDOWS\system32\kek.exe O4 - HKLM\..\Run: [loader.exe] C:\WINDOWS\system32\loader.exe O4 - HKCU\..\Run: [loader.exe] C:\WINDOWS\system32\loader.exe O4 - HKLM\..\Run: [Logitech RX] slrhost.exe O4 - HKLM\..\RunServices: [Logitech RX] slrhost.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msagent\svhost.exe O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsas.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsuss.exe O4 - HKLM\..\Run: [MSn Client Cfg] msnclicfg.exe O4 - HKLM\..\Run: [Personal Defender 2009] "C:\Program Files\Personal Defender 2009\pdefendr.exe" O4 - HKCU\..\Run: [Printer Spooler] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\service.exe O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\drivers\service.exe O4 - HKLM\..\Run: [SVCHOST Generic application] c:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [Symantec Boot Config] symbootcfg.exe O4 - HKLM\..\Run: [sysmanager.exe] C:\WINDOWS\system32\sysmanager.exe.exe O4 - HKCU\..\RunOnce: [System] c:\WINDOWS\system32\Drivers\lsass.exe O4 - HKCU\..\RunOnce: [System Update] c:\WINDOWS\system32\Drivers\smss.exe O4 - HKCU\..\Run: [Windows] c:\WINDOWS\services.exe O4 - HKLM\..\Run: [Windows Services] explrer.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\VNASC.exe O4 - HKLM\..\Run: [Winsock2 driver] (Random 7 Letter).exe O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 7 Letter).exe O4 - HKLM\..\Run: [XP HOT Ops] KB15oooo.exe O4 - HKLM\..\RunServices: [XP HOT Ops] KB15oooo.exe O4 - HKLM\..\RunOnce: [XP HOT Ops] KB15oooo.exe O4 - HKCU\..\Run: [XP HOT Ops] KB15oooo.exe O4 - HKCU\..\RunOnce: [XP HOT Ops] KB15oooo.exe O21 - SSODL: wfexqnrp - {********-****-****-****-************} - \wfexqnrp.dll O21 - SSODL: wvbegpqs - {********-****-****-****-************} - \wvbegpqs.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {3B5C01D2-3541-080B-0602-050403070505} c:\WINDOWS\msisv.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\dsa\dsa.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A797F5CE-088E-F569-4314-616820293A49} C:\Program Files\Ganeralos\kiral.exe v1.238 (27/10/08) O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\WINDOWS\system32\512686\512686.dll O2 - BHO: Phonomia - {A2F253AD-1F23-4D87-A64B-D6987F38D981} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: VResLabWarningBHO Class - {B494E7BB-1E33-4922-A947-F74EFF4E714F} - C:\Program Files\VResLab\VResLabWarning.dll O2 - BHO: SpyPsy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - C:\WINDOWS\system32\(Random Name).DLL O2 - BHO: Rmn plugin - {D619AF-6D3D-4E50-8B1B-C6DDE13DC7E5} - gcomd32.dll O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll O4 - HKLM\..\Run: [AntiSpywareXP 2009] "C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe" /hide O4 - HKLM\..\Run: [localhost] winlogom.exe O4 - HKLM\..\RunServices: [localhost] winlogom.exe O4 - HKCU\..\Run: [localhost] winlogom.exe O4 - HKLM\..\Run: [Microsoft Firewall] suvhost.exe O4 - HKLM\..\RunServices: [Microsoft Firewall] suvhost.exe O4 - HKLM\..\Run: [Microsoft Windows Service] explorer.exe O4 - HKLM\..\RunServices: [Microsoft Windows Service] explorer.exe O4 - HKCU\..\Run: [Microsoft Windows Service] explorer.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\service.exe O4 - HKLM\..\Run: [nbsession] nbsystem.exe O4 - HKCU\..\Run: [Pro Antispyware 2009] "%allusersprofile%\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" /autorun O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe O4 - HKCU\..\Run: [VResLab] "C:\Program Files\VResLab\VResLab.exe" O4 - HKLM\..\Run: [VTkMgr.exe] C:\WINDOWS\pchealth\helpctr\binaries\VTkMgr.exe O4 - HKLM\..\Run: [Windows UDP Control Center] tmps.exe O4 - HKLM\..\Run: [winudpt32.exe] winudpt32.exe O4 - HKLM\..\RunServices: [winudpt32.exe] winudpt32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A9260CCB-B2B6-7B3B-D778-C92DBC5AEE18} C:\WINDOWS\system32\EvEnR.exe v1.237 (22/10/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32:hlpnod32.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWSY\aetlsrkn***.dll O2 - BHO: offersfortoday browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: 675873 helper - {030A0F33-5B99-482E-83F5-2EEB8457878B} - C:\WINDOWS\system32\675873\675873.dll O2 - BHO: Microsoft copyright - {32C620D6-CC10-4e6a-9715-BACACD5B0E61} - sxmg4.dll O2 - BHO: Mimino2 - {A9D17DA6-022A-454A-AB26-E104C0F6D13A} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: pl - {B200799F-9538-403d-9A6E-36F5942EC540} - C:\WINDOWS\system32\kjsoft64.dll O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\ieguard.dll O3 - Toolbar: bkqxdons - {********-****-****-****-************} - C:\WINDOWSY\bkqxdons.dll O4 - HKLM\..\Run: [] winlogom.exe O4 - HKLM\..\RunServices: [] winlogom.exe O4 - HKCU\..\Run: [] winlogom.exe O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\tasgmger.exe O4 - HKCU\..\Run: [Facegame] "%AppData%\Facegame\Facegame.exe" * O4 - HKCU\..\Policies\Explorer\Run: [LowRiskFileTypes] C:\WINDOWS\system32\svchost32.exe O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\msconfig.com O4 - HKCU\..\Run: [msconfig] C:\WINDOWS\msconfig.com O4 - HKCU\..\Run: [MSFox] %Temp%\xxx****.exe O4 - HKLM\..\Run: [MSN] gallery.exe O4 - HKCU\..\Run: [mstwain32] C:\WINDOWS\mstwain32.exe O4 - HKLM\..\Run: [Performance Monitor] C:\WINDOWS\system32\pernfmon.exe O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe O4 - HKLM\..\Run: [WinDLL (service.exe)] service.exe O4 - HKLM\..\Run: [Windows] toolbar.exe O4 - HKLM\..\Run: [Windows Online Tech] scvhost.exe O4 - HKLM\..\Run: [Windows Secure Fix] iPodFixer.exe O4 - HKLM\..\RunOnce: [Windows Secure Fix] iPodFixer.exe O4 - HKLM\..\RunServices: [Windows Secure Fix] iPodFixer.exe O4 - HKCU\..\Run: [Windows Secure Fix] iPodFixer.exe O4 - HKCU\..\RunOnce: [Windows Secure Fix] iPodFixer.exe O4 - HKLM\..\Run: [Windows Update ] temps.exe O4 - HKLM\..\Run: [WinRAR Archive] winrar.exe O4 - HKLM\..\Run: [Xfire32] xfire32.exe O4 - HKLM\..\RunServices: [Xfire32] xfire32.exe O21 - SSODL: qnflkotm - {********-****-****-****-************} - C:\WINDOWSY\qnflkotm.dll O21 - SSODL: vwnskbot - {********-****-****-****-************} - C:\WINDOWSY\vwnskbot.dll O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll O22 - SharedTaskScheduler: (Random Name) - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll O23 - Service: (Random Name) - Unknown owner - C:\Program Files\TinyProxy\TinyProxy.exe O23 - Service: windows mail service - Unknown owner - C:\WINDOWS\install\mail.exe O4 - HKLM\..\Run: [hack1x2] C:\WINDOWS\system32:hlpnod32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\hack1x2 C:\WINDOWS\system32:hlpnod32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {02E3932B-EEC8-3AEA-064E-9088EDF68EDE} C:\WINDOWS\system32\wbem\msinfo.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\win32\update.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\SYSTEM33\RUNDILL32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\2060\svchst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\Update\win32update.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A744F16C-B2D5-4138-81A2-085CDFCDE83A} rundll32 sxmg4.dll,InitModule HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {E797B9BF-8FBD-A39F-F11D-66F75C92D908} C:\WINDOWS\system32\tasgmger.exe glaide32.sys v1.236 (16/10/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\btwdins.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\grfxbano***.dll O2 - BHO: (no name) - {********-****-****-****-************} - C:\WINDOWS\system32\ipv6monl.dll O2 - BHO: IP - {000051AF-07E2-461B-BA37-A2AF7E652E7D} - %Allusersprofile%\Application Data\ipd\ipb.dll O2 - BHO: 124909 helper - {51FC8C8A-A290-44BB-9331-C2D3289976A6} - C:\WINDOWS\system32\124909\124909.dll O2 - BHO: VirRLWarningBHO Class - {A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} - C:\Program Files\VirRL2009\VirRLWarning.dll O2 - BHO: pl - {B200799F-9538-403d-9A6E-36F5942EC540} - C:\WINDOWS\system32\rcsoft32.dll O3 - Toolbar: rosqxvmn - {********-****-****-****-************} - C:\WINDOWS\rosqxvmn.dll O4 - Global Startup: Start Shopper Link System Tray App.lnk = %Allusersprofile%\Application Data\ipd\tray.exe O4 - HKLM\..\Run: [btwdins.exe] C:\WINDOWS\system32\drivers\btwdins.exe O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe O4 - HKCU\..\Run: [explorer] C:\Windows\System32\UPMSN.exe O4 - HKLM\..\Run: [PASMonitor] "C:\Program Files\Common Files\PersonalAntiSpy\pbm.exe" dm=ht*p://personalantispy.com;http://load.personalantispy.com ad=ht*p://personalantispy.com;ht*p://load.personalantispy.com sd=ht*p://log.personalantispy.com O4 - HKLM\..\Run: [PersonalAntiSpy Free] "C:\Program Files\PersonalAntiSpy Free\pas.exe" /min O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe O4 - HKLM\..\Run: [upascw] C:\Program Files\PersonalAntiSpy Free\upascw.exe -c O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe" O4 - HKLM\..\Run: [Windows Logon Applicationedc] %UserProfile%\winlogon.exe O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe O21 - SSODL: ngwstxfd - {********-****-****-****-************} - C:\WINDOWS\ngwstxfd.dll O21 - SSODL: qrbgltos - {********-****-****-****-************} - C:\WINDOWS\qrbgltos.dll uwasfsd.sys v1.235 (12/10/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\wuact.exe F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe" O2 - BHO: Rmn plugin - {21D7135F-AEE9-45e7-A0C1-791A4654BFF1} - hst32.dll O2 - BHO: Rmn plugin - {21D7135F-AEE9-45e7-A0C1-791A4654BFF1} - svc32.dll O2 - BHO: 304434 helper - {7A2F3A2E-4B59-4932-B2C3-2E7F13B03207} - C:\WINDOWS\system32\304434\304434.dll O2 - BHO: C:\WINDOWS\system32\(Random Name).dll - {C5AF42A3-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(Random Name).dll O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe O4 - Global Startup: wmsncs.exe O4 - HKLM\..\Run: [(Random Name)] %Temp%\winlogen.exe O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\TEMP\winlogen.exe O4 - HKLM\..\Run: [antike] wingate32.exe O4 - HKLM\..\RunServices: [antike] wingate32.exe O4 - HKCU\..\Run: [antike] wingate32.exe O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe" O4 - HKLM\..\Run: [Keyboard Driver] skfhost.exe O4 - HKLM\..\RunServices: [Keyboard Driver] skfhost.exe O4 - HKLM\..\Run: [newstead] %Temp%\newstead.exe O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Service] chkdsks.exe O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe O4 - HKLM\..\Run: [Sound System] srmhost.exe O4 - HKLM\..\RunServices: [Sound System] srmhost.exe O4 - HKLM\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe O4 - HKLM\..\Run: [SystemCleaner] %AllUsersProfile%\Clean2.exe O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\*****.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] ciadvs.exe O4 - HKLM\..\Run: [Windows Services] msnsmg.exe O4 - HKLM\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe O4 - HKLM\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe O4 - HKLM\..\Run: [wuact.exe] C:\WINDOWS\system32\drivers\wuact.exe O4 - HKLM\..\Run: [XP Antispyware 2009] "C:\Program Files\XP_Antispyware\XP_AntiSpyware.exe" /hide O20 - AppInit_DLLs: karna.dat O22 - SharedTaskScheduler: (RandomName) - {C5AF42A3-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(RandomName).dll O23 - Service: NET Runtime Optimization Service v2.1.41329_X86 - Unknown owner - C:\WINDOWS\Fonts\wmsncs.exe O23 - Service: Windows Process Sevices - Unknown owner - C:\WINDOWS\System32\dllcache\prsc32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {103L3C30-C3B3-4130-9363-E59E1375PERM} C:\WINDOWS\Fonts\wmsncs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-21CX1C642131} c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iqe32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {3F38BE81-8266-E3A0-E48A-9379769D13B9} %Temp%\newstead.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {DD452CC3-449D-77DF-7B7C-AC0843EAD058} C:\WINDOWS\System32\Messanger\msn.exe restore.sys v1.234 (09/10/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\FmMgr.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\PrdMgr.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\regvcs.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\winlogon.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\wuaclt.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\NMBgMonitor.exe O2 - BHO: IEDefenderBHO - {FC8A493F-D236-4653-9A03-2BF4FD94F643} - C:\Windows\System32\IEDefender.dll O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe O4 - HKLM\..\Run: [lsass.exe] C:\WINDOWS\pchealth\helpctr\binaries\lsass.exe O4 - HKCU\..\Run: [MSFox] %Temp%\video*.cfg.exe O4 - HKLM\..\Run: [NMBgMonitor.exe] C:\WINDOWS\system32\NMBgMonitor.exe O4 - HKLM\..\Run: [PrdMgr.exe] C:\WINDOWS\system32\drivers\PrdMgr.exe O4 - HKLM\..\Run: [Qualys] C:\WINDOWS\system32\wmpirvse.exe O4 - HKLM\..\Run: [Qualys Security] qualysguard.exe O4 - HKLM\..\RunServices: [Qualys Security] qualysguard.exe O4 - HKCU\..\Run: [Qualys Security] qualysguard.exe O4 - HKCU\..\RunServices: [Qualys Security] qualysguard.exe O4 - HKLM\..\Run: [regvcs.exe] C:\WINDOWS\system32\drivers\regvcs.exe O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\system32\drivers\services.exe O4 - HKLM\..\Run: [Symantec Drive Maintenance] symldsm.exe O4 - HKLM\..\Run: [Syncronization Task] shrhost.exe O4 - HKLM\..\RunServices: [Syncronization Task] shrhost.exe O4 - HKLM\..\Run: [System32] C:\WINDOWS\system32\update32.exe O4 - HKLM\..\Run: [Windows Gamma Display] C:\Windows\System32\wingamma.exe /adjustment O4 - HKLM\..\Run: [winlogon.exe] C:\WINDOWS\system32\drivers\winlogon.exe O4 - HKLM\..\Run: [wuaclt.exe] C:\WINDOWS\system32\drivers\wuaclt.exe O4 - HKLM\..\Run: [zfton.exe] zfton.exe O4 - HKLM\..\RunServices: [zfton.exe] zfton.exe O4 - HKCU\..\Run: [zfton.exe] zfton.exe O23 - Service: PsycheEnqueue - Unknown owner - C:\WINDOWS\System32\PsycheEnqueue.exe O23 - Service: windows mail service - Tune - C:\WINDOWS\mail.exe v1.233 (07/10/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vortsgbq***.dll O2 - BHO: QuickTalk 2.1 - {A34FA88D-8437-4634-8A60-E913011EF2E5} - %AppData%\sp2\qaccess.dll O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll O3 - Toolbar: olnmraew - {********-****-****-****-************} - C:\WINDOWS\olnmraew.dll O4 - HKCU\..\Run: [Gool] "%AppData%\Gool\Gool.exe" O4 - HKLM\..\Run: [Symantec Drive SecMon] symldsv.exe O4 - HKLM\..\Run: [Windows msvc Control Centers] msvc32s.exe O21 - SSODL: lfstbwvd - {********-****-****-****-************} - C:\WINDOWS\lfstbwvd.dll O21 - SSODL: qmafxprs - {********-****-****-****-************} - C:\WINDOWS\qmafxprs.dll O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] (Default) = "taskdrv32.exe "%1" %*" v1.232 (07/10/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\LBTWiz.exe O2 - BHO: innbanner browser enhancer - {********-****-****-****-************} - C:\WINNT\system32\(Random Name).dll O2 - BHO: 912525 helper - {0354731F-950C-4A53-BC2B-132B5EE6B0FA} - C:\WINDOWS\system32\912525\912525.dll O2 - BHO: pl - {3DC8CA1D-D31A-474b-979A-A3823FA34ED8} - C:\WINDOWS\system32\dccplus.dll O2 - BHO: GigaNet - {5D682D50-876E-454C-90BE-EFE6028FE389} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: Osma - {6599A965-FA2D-41CD-95B1-13140F1CF8A3} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: 590075 helper - {AFC8A14F-B50A-4F0F-8FB7-77982092D81D} - C:\WINDOWS\system32\590075\590075.dll O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\(Random Name).dll" EntryPoint O4 - HKCU\..\Run: [] "%AppData%\Adobe\Player.exe" O4 - HKLM\..\Run: [Client Server] C:\WINDOWS\system\csrcs.exe O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\system32\drivers\LBTWiz.exe O4 - HKLM\..\Run: [mmsass] mldmm.exe O4 - HKLM\..\RunServices: [mmsass] mldmm.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\scvrun.exe O4 - HKCU\..\Run: [Player] "%AppData%\Adobe\Player.exe" O4 - HKLM\..\Run: [VTskMgr.exe] C:\WINDOWS\pchealth\helpctr\binaries\VTskMgr.exe O4 - HKLM\..\Run: [WinAmp Player] swphost.exe O4 - HKLM\..\RunServices: [WinAmp Player] swphost.exe O4 - HKLM\..\Run: [Windows Layer] mrtmoons.exe O4 - HKLM\..\RunServices: [Windows Layer] mrtmoons.exe O4 - HKCU\..\Run: [Windows Layer] mrtmoons.exe O4 - HKLM\..\Run: [Windows Sub-Classing Routine Manager] scvhost.exe O4 - HKLM\..\RunServices: [Windows Sub-Classing Routine Manager] scvhost.exe O4 - HKLM\..\Run: [Windows Update] WindowsUpdate.exe O4 - HKLM\..\RunServices: [Windows Update] WindowsUpdate.exe O4 - HKLM\..\Run: [Windows Updater] updater.com O4 - HKLM\..\RunOnce: [Windows Updater] updater.com O4 - HKLM\..\Run: [winis] C:\WINDOWS\system32\winis.exe O23 - Service: Windows System32 Management (SMSC32e) - Unknown owner - C:\WINDOWS\system\smsc32.exe O23 - Service: Windows32 Host Service Manager (SMSC32) - Unknown owner - C:\WINDOWS\system\smsc.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {98542AD2-6BEE-16FA-7063-790594B10AA0} C:\Program Files\Outlook Express\oemig32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\frost\ver.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\cam2\cam2.exe v1.231 (04/10/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nkefbltd***.dll O2 - BHO: LPVideoPlugin - {********-****-****-****-************} - C:\WINDOWS\system32\LPVideo.dll O2 - BHO: AlpGld.Tb6 - {57BE2636-F271-4151-9D4A-40A2663E4FD7} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Anyway toolbar - {7F47CD2E-581E-4C07-9AD5-82451B604699} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Soplygui - {BCCCB3D5-17DC-43DD-9F46-A31AB28FECB2} - C:\WINDOWS\ system32\(Random Name).dll O3 - Toolbar: dkwqgnbe - {********-****-****-****-************} - C:\WINDOWS\dkwqgnbe.dll O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe 04 - HKLM\..\Run: [Basic_14_Process.exe] C:\WINDOWS\system32\Basic_14_process.exe O4 - HKLM\..\Run: [LoadAudio] C:\WINDOWS\snd2d3d.exe 04 - HKLM\..\Run: [Microsoft MachineUpdatese] tempes.exe O4 - HKLM\..\RunServices: [Microsoft MachineUpdatese] tempes.exe 04 - HKLM\..\Run: [Microsoft Svchost local services] Winsec32.exe O4 - HKLM\..\RunServices: [Microsoft Svchost local services] Winsec32.exe 04 - HKLM\..\Run: [Monitor Resolution] svmhost.exe O4 - HKLM\..\RunServices: [Monitor Resolution] svmhost.exe 04 - HKLM\..\Run: [OpenSSL] C:\WINDOWS\system32\rpcmon.exe O4 - HKLM\..\Run: [Rout111] serv454.exe O4 - HKLM\..\RunOnce: [Rout111] serv454.exe O4 - HKLM\..\RunServices: [Rout111] serv454.exe O4 - HKCU\..\Run: [Rout111] serv454.exe O4 - HKCU\..\RunOnce: [Rout111] serv454.exe 04 - HKLM\..\Run: [skype.exe] C:\WINDOWS\system32\iconchanger.exe O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\pchealth\helpctr\binaries\svchost.exe O4 - HKLM\..\Run: [system32] %Temp%\lsass.exe 04 - HKLM\..\Run: [Transaction Tasker] stdhost.exe O4 - HKLM\..\RunServices: [Transaction Tasker] stdhost.exe 04 - HKLM\..\Run: [Windows Defendar] C:\WINDOWS\system32\RatBot.exe O4 - HKLM\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Service CV] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [Windows Service CV] (Random 6 Letter).exe O4 - HKCU\..\Run: [Windows Service CV] (Random 6 Letter).exe 04 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\update.exe O4 - HKLM\..\Run: [XP HOT ReHard] b7r63.exe O4 - HKLM\..\RunOnce: [XP HOT ReHard] b7r63.exe O4 - HKLM\..\RunServices: [XP HOT ReHard] b7r63.exe O4 - HKCU\..\Run: [XP HOT ReHard] b7r63.exe O4 - HKCU\..\RunOnce: [XP HOT ReHard] b7r63.exe O21 - SSODL: neksolda - {********-****-****-****-************} - C:\WINDOWS\neksolda.dll O21 - SSODL: xgpsarbm - {********-****-****-****-************} - C:\WINDOWS\xgpsarbm.dll O23 - Service: WINDOWS VISTA UPDATA DEFENDAR (Windows Defandur) - Unknown owner - C:\WINDOWS\system32\RatBot.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1A8E7CF0-6E0E-6C59-BCF4-193E66A52F9B} C:\WINDOWS\Bifrost\Winsetup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {3680A955-6283-7BFC-E782-A222F642CBB3} C:\WINDOWS\system32\iconchanger.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A24CDBE1-DE51-32C9-7C14-F7DF9AD1BA9E} C:\Program Files\Components\Component.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {BD195C73-48CA-FFB7-61FD-038F0AAB384B} %Temp%\lsass.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {EE8B124C-3C68-C5C6-B314-0122FE9EE2D4} C:\WINDOWS\system32\BAZOOKA\server.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} C:\WINDOWS\Downloaded Program Files\svchost.exe v1.230 (30/09/08) O2 - BHO: ***libP - {********-****-****-****-************} - C:\WINDOWS\system32\***lib.dll O2 - BHO: LPN.df3 - {5B171109-DED1-4403-90E9-6F7778533B9A} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: CisoASpy - {98237227-8F14-46CA-B743-241103BEE8A6} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Genaps - {E402C66A-D5CB-441E-9F12-A5A864430AA2} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: GNS_tbl - {F7B20872-3B45-4F1D-A45E-A360E4102BDA} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: NitroBomb - {D4BA1B98-9E26-454D-A42B-AA69E732383F} - C:\Windows\system32\(Random Name).dll O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe O4 - HKCU\..\Run: [System Kernel] C:\WINDOWS\lsass.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {164EB102-BDC3-BC08-0004-000303080604} C:\WINDOWS\system32\divxupdate.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1CB622F9-7299-4245-0705-080208070506} C:\WINDOWS\system32\SecSystem.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {D9A766BE-75DF-67A8-F982-2404FB114406} C:\WINDOWS\system32\Services\server.exe msansspc.dll v1.229 (25/09/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe, O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\dfmlxbpk***.dll O2 - BHO: 846888 helper - {10A07F79-70F2-4169-B872-55184904D41D} - C:\WINDOWS\system32\846888\846888.dll O2 - BHO: 848700 helper - {0CC6DB27-243B-4450-96A7-7E868225858D} - C:\WINDOWS\system32\848700\848700.dll O3 - Toolbar: peltodgx - {********-****-****-****-************} - C:\WINDOWS\peltodgx.dll O3 - Toolbar: Fileshredder Panel - {D99C619E-00DE-44bc-8870-D3030D4708B4} - C:\Program Files\SecureFileShredder\ExpBtn.dll O4 - HKCU\..\Run: [Antispyware PRO XP] "%allusersprofile%\Application Data\Software Licensors\Antispyware PRO XP\asproxp.exe" /autorun O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe O4 - HKLM\..\Run: [DumpPrep] Isass32.exe O4 - HKLM\..\RunServices: [DumpPrep] Isass32.exe O4 - HKCU\..\Run: [DumpPrep] Isass32.exe O4 - HKCU\..\RunServices: [DumpPrep] Isass32.exe O4 - HKLM\..\Run: [FileMonitor] C:\Program Files\SecureFileShredder\FileMonitor.exe O4 - HKLM\..\Run: [Microsoft] Security.exe O4 - HKLM\..\RunServices: [Microsoft] Security.exe O4 - HKLM\..\Run: [Msgw32] C:\WINDOWS\system32\WINMSG32.EXE O4 - HKLM\..\Run: [Paner cPanle] cPanere.exe O4 - HKLM\..\RunServices: [Paner cPanle] cPanere.exe O4 - HKLM\..\Run: [Poison.Ivy] C:\WINDOWS\system32:Poison Ivy.exe O4 - HKLM\..\Run: [Reminder] C:\Program Files\SecureExpertCleaner\Reminder.exe O4 - HKLM\..\Run: [SecureExpertCleaner] C:\Program Files\SecureExpertCleaner\sec.exe O4 - HKLM\..\Run: [SecureFileShredder] C:\Program Files\SecureFileShredder\FileShredder.exe O4 - HKLM\..\Run: [Sun Java] cpu.exe O4 - HKLM\..\RunServices: [Sun Java] cpu.exe O4 - HKLM\..\Run: [Symantec Configuration Load] symloadcfg.exe O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\sspool.exe" O4 - HKLM\..\Run: [Windows Update] "C:\Documents and Settings\winserv.exe" O4 - HKLM\..\Run: [WINMGR] taskgmgr.exe O4 - HKLM\..\RunServices: [WINMGR] taskgmgr.exe O4 - HKCU\..\Run: [WINMGR] taskgmgr.exe O21 - SSODL: AppProcSmart - {********-****-****-****-************} - C:\Program Files\(Random Name)\AppProcSmart.dll O21 - SSODL: DscSmartSrv - {********-****-****-****-************} - C:\Program Files\(Random Name)\DscSmartSrv.dll O21 - SSODL: mondb - {********-****-****-****-************} - C:\Program Files\(Random Name)\mondb.dll O21 - SSODL: onfwbsak - {********-****-****-****-************} - C:\WINDOWS\onfwbsak.dll O21 - SSODL: rwlfsdmk - {********-****-****-****-************} - C:\WINDOWS\rwlfsdmk.dll O23 - Service: Microsoft Windows Video Driver - Unknown owner - C:\Program Files\Common Files\System\MSWVR32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lovely.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9670A6CE-B4AD-8EC3-0739-848F861C03BD} C:\WINDOWS\system32\piji.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {B2-SKD-9838-AF9E-B498-929436CEC38C} C:\Program Files\B\w.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {DCAEFAB7-1E71-36E3-7011-7FDD7E74EFC9} C:\WINDOWS\system32:Poison Ivy.exe v1.228 (22/09/08) O2 - BHO: Adom.To - {0F95467C-AB44-4274-BEEA-2A75AB01B77E} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: CHNSVP - {0F95467C-AB44-4274-BEEA-2A75AB01B77E} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe O4 - HKLM\..\Run: [iseeu.exe] C:\WINDOWS:iseeu.exe O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKCU\..\Run: [Run] "%AppData%\Adobe\Player.exe" O4 - HKLM\..\Run: [Symantec Administration Service] symlasvc.exe O4 - HKLM\..\Run: [Symantec Drive Services] symlssdr.exe O4 - HKLM\..\Run: [Symantec Service Client] symlcserv.exe O20 - Winlogon Notify: asplug - C:\WINDOWS\SYSTEM32\asplug.dll O23 - Service: Windows Server IP Verification Service (LSIVS) - Unknown owner - C:\WINDOWS\system32\lsivs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {4C25E078-D042-268B-1044-1CFAAFB8E82B} C:\WINDOWS:iseeu.exe asplg.sys v1.227 (19/09/08) O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll O2 - BHO: Gordon tool - {4D8F81B2-80C9-45B1-9F03-67B2B0D2320B} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [csrss] C:\csrss.exe O4 - HKLM\..\Run: [Logical Volume] slvhost.exe O4 - HKLM\..\RunServices: [Logical Volume] slvhost.exe O4 - HKLM\..\Run: [Microsoft Device Manager] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [Security Host] solhost.exe O4 - HKLM\..\RunServices: [Security Host] solhost.exe O4 - HKLM\..\Run: [Symantec Device Config] symldvc.exe O4 - HKLM\..\Run: [Symantec Device Manager] symlsrd.exe O4 - HKLM\..\Run: [Symantec DVD Record] symldvd.exe O4 - HKLM\..\Run: [Symantec RPC Call] symlsrp.exe O4 - HKLM\..\Run: [Symantec System DB] symlssdb.exe O4 - HKLM\..\Run: [Symantec System Maintenance] symlssm.exe O4 - HKLM\..\Run: [Windows] %Temp%\Setup_ver1.1400.0.exe O4 - HKLM\..\Run: [\YUR?.exe] C:\Windows\system32\YUR?.exe O4 - HKCU\..\Run: [\YUR?.exe] C:\Windows\system32\YUR?.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {3E8A5B30-87C5-ABCB-DB7E-65FC98714A8D} C:\Program Files\Messenger\Update.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\csrss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\system32\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\Bi\gfgrg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\Valuei\nando.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {EB71766F-7401-EC72-E39B-86827DB4E086} C:\Program Files\Windows\svchost.exe v1.226 (16/09/08) F2 - REG:system.ini: Shell=Explorer.exe winservicess.exe O2 - BHO: Microsoft copyright - {0DDD155F-B89C-4f34-90F0-53D7BD21A37C} - mscont32.dll O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - jetaccss.dll O2 - BHO: 907465 helper - {73D8D2C9-E615-4A23-8013-30FFF3C5BF8E} - C:\WINDOWS\system32\907465\907465.dll O2 - BHO: AVLWarningBHO Class - {A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6} - C:\Program Files\AntiVirusLab2009\AVLWarning.dll O2 - BHO: AVLWarningBHO Class - {A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6} - C:\Program Files\VirusResponseLab2009\AVLWarning.dll O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - smb32.dll O2 - BHO: GPI.ex - {D80C8DC6-A525-4AE5-AAF3-A4B13105A700} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Jany.bho.module - {D80C8DC6-A525-4AE5-AAF3-A4B13105A700} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: HACK.SPY - {D83E84DA-D187-4300-B5D7-727727352096} - C:\WINDOWS\system32\(Random Name).dll O4 - HKCU\..\Run: [AntiVirusLab2009] "C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe" O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\wints.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\wints.exe O4 - HKLM\..\Run: [microsft windows updates] mswupdate32.exe O4 - HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe O4 - HKLM\..\Run: [msmsg] C:\WINDOWS\system32\msmsg.exe O4 - HKCU\..\Run: [msmsg] C:\WINDOWS\system32\msmsg.exe O4 - HKLM\..\Run: [NCplDeamon] winservicess.exe O4 - HKCU\..\RunOnce: [NCplDeamon] winservicess.exe O4 - HKLM\..\Run: [Symantec Core LTD] symlsmd.exe O4 - HKLM\..\Run: [Symantec Restore Services] symlsrw.exe O4 - HKLM\..\Run: [Symantec Security License] symlsrx.exe O4 - HKLM\..\Run: [Symantec Spooler Application] symlsma.exe O4 - HKCU\..\Run: [VirusResponseLab2009] "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe" O4 - HKLM\..\Run: [win1ogin] C:\WINDOWS\tvmware-tray..exe O4 - HKLM\..\Run: [win2login] C:\WINDOWS\vmware-tray.exe O4 - HKCU\..\Run: [WinButler] %AppData%\WinButler\WinButler.exe O20 - Winlogon Notify: arm80reg - C:\Settings\arm80.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1C3E1657-0519-FEAF-0303-060404050506} C:\WINDOWS\system32\winlogin.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {23D8A3E5-B11D-A418-0302-000402060805} C:\WINDOWS\system32\winlog.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ipse32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {5EB96953-7D02-4594-AC15-F55FC9AACFCB} rundll32 mscont32.dll,InitModule HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {741CC5B5-242A-F54F-7F3E-E0B90901289B} C:\Program Files\config32\system36.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\glg\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\Dark\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\msmsg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\Bifrost\Regidl.exe v1.225 (14/09/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%userprofile%\(Random Name).exe \s O2 - BHO: agadoo browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll O2 - BHO: bambanner browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: cpmsky browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll O2 - BHO: milehighads browser enhancer - {********-****-****-****-************} - C:\Windows\system32\(Random Name).dll O2 - BHO: GMX toolbar - {1EF7B347-DBAF-412F-879D-DC7A95BFCC94} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Rmn plugin - {2FDA60DF-6D94-4f16-A48C-3C4EC57FEF58} - symdb32.dll O2 - BHO: 242112 helper - {4B05A613-988E-4FA1-B2D7-55A1145FD1EF} - C:\WINDOWS\system32\242112\242112.dll O2 - BHO: QXK Olive - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - %Temp%\msfont32.dll O2 - BHO: Apaps - {EC748705-E0FD-4671-9AFF-890579E57450} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [(Random Name)] C:\WINDOWS\system32\(Random Name).exe \u O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe * O4 - HKLM\..\Run: [Symantec Handler Service] symlsmc.exe O4 - HKLM\..\Run: [Symantec License Server] symlcsrv.exe O4 - HKLM\..\Run: [Symantec Network AI] symlsmr.exe O4 - HKLM\..\Run: [Symantec Registery Services] symlsnreg.exe O4 - HKLM\..\Run: [Symantec Registry Server] symsnreg.exe O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe v1.224 (12/09/08) O2 - BHO: svc.Apx - {7D6A0C8D-7C34-44FC-BED8-96528D13BEE9} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: XGame - {F3A486C3-6341-4BE6-B94D-D4172B69E430} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [Advanced Graphics Driver] smvhost.exe O4 - HKLM\..\RunServices: [Advanced Graphics Driver] smvhost.exe O4 - HKLM\..\Run: [Configuration Loader] sysdevice.exe O4 - HKLM\..\RunServices: [Configuration Loader] sysdevice.exe O4 - HKCU\..\Run: [MalP] C:\WINDOWS\wkssvr.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msnsrv.exe O4 - HKLM\..\Run: [Service Restore Panels] servpanel.exe O4 - HKLM\..\Run: [Symantec Licensing Source] symlsrc.exe O4 - HKLM\..\Run: [Symantec Licensing Svc] symlsrv.exe O4 - HKLM\..\Run: [System Installer Prep] sysprep.exe O4 - HKLM\..\Run: [System Service] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [System Update] mssetupconf.exe O4 - HKLM\..\RunServices: [System Update] mssetupconf.exe O4 - HKCU\..\Run: [System Update] mssetupconf.exe O4 - HKCU\..\RunServices: [System Update] mssetupconf.exe O4 - HKLM\..\Run: [VGA Driver] scmhost.exe O4 - HKLM\..\RunServices: [VGA Driver] scmhost.exe O4 - HKLM\..\Run: [Windows Plugin] winmsn.exe O4 - HKLM\..\Run: [Windows Service] (Random 11 letter).exe O4 - HKCU\..\Run: [Windows Service] (Random 11 letter).exe O4 - HKCU\..\Run: [WInUpdate16] C:\WINDOWS\system32\udate32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\grinder.exe v1.223 (09/09/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vmgspntb***.dll O2 - BHO: iebho surf - {341116E2-9CC4-4A6E-9303-4819C84846DE} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - siemens32.dll O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - skrb32.dll O2 - BHO: CIEBHO Object - {528A3CF7-AAF9-42FE-A5D0-2A8EDA9E299E} - %userprofile%\My Documents\SpyDevastator\SDBHO.dll O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll O3 - Toolbar: fqbewlna - {********-****-****-****-************} - C:\WINDOWS\fqbewlna.dll O4 - Startup: .security O4 - Global Startup: .security O4 - HKLM\..\Run: [Msn Messenger Plugins] msnplugin.exe O4 - HKLM\..\Run: [PC-Antispy] "C:\Program Files\PC-Antispy\PC-Antispy.exe" hide O4 - HKCU\..\Run: [PC Clean Pro] "C:\Program Files\PC Clean Pro\PC Clean Pro.exe" hide O4 - HKLM\..\Run: [serviccs.exe] C:\WINDOWS\system32\serviccs.exe O4 - HKCU\..\Run: [SpyDevastator] C:\Program Files\SpyDevastator\SpyDevastator.exe /h O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32:hh2.exe O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKLM\..\Run: [Symantec Licensing Server] symlserv.exe O20 - Winlogon Notify: arm65reg - C:\Settings\arm65.dll O21 - SSODL: dtseqrxk - {********-****-****-****-************} - C:\WINDOWS\dtseqrxk.dll O21 - SSODL: mgxfebsq - {********-****-****-****-************} - C:\WINDOWS\mgxfebsq.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {0C9FD060-3198-C677-E681-ED3660DE8B88} C:\WINDOWS\system32\ghh.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {0D94F3F4-BA95-258D-0008-070006060802} C:\WINDOWS\system32\msrun32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {54277B55-E73D-3C13-43DD-6B03660716FA} C:\WINDOWS\win32sydkey\sydkey.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {6B1379D1-80C1-7FD1-F0AE-74DB0733EF22} C:\WINDOWS\system32\serviccs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {84B02893-50FC-15F7-BCD6-C731BE4C7E66} C:\WINDOWS\logo.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {994477D6-C2D8-0644-429A-3C94CD9F33F5} C:\WINDOWS\update.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe Debugger = "C:\Program Files\Microsoft Common\wuauclt.exe" pcantispy.sys v1.222 (07/09/08) O2 - BHO: bannerstyles15 browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\**************.dll O2 - BHO: CodecPlugin Class - {********-****-****-****-************} - C:\WINDOWS\system32\RichVideoCodec.dll O2 - BHO: getsn32.msiesn - {********-****-****-****-************} - C:\WINDOWS\system32\getsn32.dll O2 - BHO: AFS plugin - {8EF40C36-293F-4749-8EA0-94FB3AD83FA1} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: EasyPic - {62F96656-0788-4D00-8E32-D41C239E205B} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: library.edu - {8EF40C36-293F-4749-8EA0-94FB3AD83FA1} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: RupTool - {F32B24F1-25FA-4A91-9F97-5272B3CE8FCA} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Safe surf - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: stx.tbl - {7E61BB38-A952-40BA-98F0-0AD229658CB7} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: svc - {BE17AE9C-3BD1-4BAD-936F-B77B63D5763F} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WEP Viewer - {746CBA32-C671-44F6-BC73-C5351A316D03} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Rmn plugin - {2FDA60DF-6D94-4f16-A48C-3C4EC57FEF58} - nokia32.dll O2 - BHO: Data Tracker - {AF3A4E11-2F63-35EF-D6BC-F3646308105D} - %Windir%\system\gowtae32.dll O3 - Toolbar: Internet Service - {94A5C93F-BD18-4C46-B777-C94C145C3CAB} - C:\Program Files\Applications\iebr.dll O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe O4 - HKCU\..\Run: [AdobeReaderPro] msnservex.exe O4 - HKCU\..\Run: [alg] %UserProfile%\Local Settings\alg.exe O4 - HKLM\..\Run: [Boot SFV] Bootsfv.exe O4 - HKLM\..\Run: [Botnet] blablabla.exe O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\(Random 6 letter).exe O4 - HKLM\..\Run: [ctfmon.exe] c:\WINDOWS\ctfmon.exe O4 - HKCU\..\Run: [ctfmon.exe] c:\WINDOWS\ctfmon.exe O4 - HKLM\..\Run: [Firewall DRV] spfhost.exe O4 - HKLM\..\RunServices: [Firewall DRV] spfhost.exe O4 - HKLM\..\Run: [Messenger] msnmgsr.exe O4 - HKLM\..\RunServices: [Messenger] msnmgsr.exe O4 - HKLM\..\Policies\Explorer\Run: [Messenger] msnmgsr.exe O4 - HKCU\..\Run: [MSN] DebugMan.exe O4 - HKLM\..\Run: [MsnMessengerSvc] msnmsgr.exe O4 - HKLM\..\RunServices: [MsnMessengerSvc] msnmsgr.exe O4 - HKLM\..\Run: [SIMO.exe] C:\WINDOWS:slm.exe O4 - HKLM\..\Run: [stoner] C:\WINDOWS\system32\winsvcx.exe O4 - HKLM\..\Run: [Symantec DB Server] symdbsvr.exe O4 - HKLM\..\Run: [SYSrow32] C:\WINDOWS\system32\SYSrowdl32.exe O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TotalSecure2009\scan.exe O4 - HKLM\..\Run: [WinDLL (dasda.com)] rundll32.exe C:\WINDOWS\system32\dasda.com,start O4 - HKLM\..\Run: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows system] winsys.exe O4 - HKLM\..\RunServices: [Windows system] winsys.exe O4 - HKCU\..\Run: [Windows system] winsys.exe O4 - HKLM\..\Run: [Windows System 32] System32.exe O4 - HKLM\..\RunServices: [Windows System 32] System32.exe O4 - HKCU\..\Run: [Windows System 32] System32.exe O4 - HKLM\..\Run: [Windows TaskManager] iexplorer.exe O4 - HKLM\..\RunServices: [Windows TaskManager] iexplorer.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winmsn.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\winupd.exe O4 - HKLM\..\Run: [Windows Uptade] C:\WINDOWS\system32\winupd.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "aux1"="(Random Numbers).CPX" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1A26E42D-21DA-C7A1-70C5-8877AE12D531} c:\WINDOWS\system32\winupd.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1AD977CE-D626-8F6A-8016-257FA225337F} C:\WINDOWS\System32\msconflg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isys32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28B0E5C2-99CB-11CF-AYX5-00401C648513} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2bf41070-b2b1-21d1-b5c1-0305f4055515} c:\WINDOWS\svcr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {5B7AC5A1-6568-13F1-261B-67911AF4B4D8} c:\WINDOWS\system32\orb32wvx\rhb32swo.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {729CC054-9FC8-238E-0A98-75B7A1C73972} c:\WINDOWS\system32\kb478342122.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {8007BF46-2EE2-BE34-FC98-F324FA453D59} C:\Program Files\Messenger\MSN.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {924340DF-8FC3-EB1B-76EE-D5AB94BD9A05} C:\WINDOWS:slm.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\Bifrost\msn.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} c:\WINDOWS\ctfmon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} c:\WINDOWS\system32\messenger\msn.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {A5CDF7EC-751B-46aa-AD69-4005FE080DE8}] %UserProfile%\Local Settings\alg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {AB072FA3-300A-7D69-0336-3392B7DFCDF5} C:\WINDOWS\MSN\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {AD378C62-D2B9-1B6D-5BA5-9B285FE7DBFD} c:\WINDOWS\system32\Bifrost\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {C955AF69-D02F-5372-DFEF-452FA15A98C9} c:\WINDOWS\system32\win32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {CA238EBC-26ED-8EA9-89A8-F04283B6E902} c:\WINDOWS\system32\Bifrost\Server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {D0C0E9C3-FA6C-19B9-754A-46087D2044E1} C:\WINDOWS\system32\SYSrowdl32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {D3B838CC-A487-8C98-F763-907E35B6FB0A} c:\WINDOWS\system32\System Conf\loadwindows.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {E39D7708-A3BB-478F-01F0-DC54566A4F4B} c:\WINDOWS\system32\winupd.exe v1.221 (03/09/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe, O2 - BHO: CodecPlugin Class - {********-****-****-****-************} - C:\WINDOWS\system32\CodecBHO.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\vanwxemg***.dll O2 - BHO: ThreatWarningBHO Class - {E1FAB6BD-4A34-47ce-82AF-50B16A6BE77E} - C:\Program Files\aspch\ThreatWarning.dll O3 - Toolbar: gksraemq - {********-****-****-****-************} - C:\WINDOWS\gksraemq.dll O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe O4 - HKCU\..\Run: [aspch] "C:\Program Files\aspch\ASpCh.exe" O4 - HKLM\..\Run: [Cpl32ver] C:\WINDOWS\System32\Cpl32ver.exe O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe O4 - HKLM\..\Run: [lol.exe] C:\WINDOWS\system32\sys21.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] lsas.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] lsas.exe O4 - HKLM\..\Run: [Microsoft Update Machine] (Random 7 Letter).exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] (Random 7 Letter).exe O4 - HKCU\..\Run: [Microsoft Update Machine] (Random 7 Letter).exe O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe O4 - HKLM\..\RunServices: [Msn Messenger] msnmsgs.exe O4 - HKLM\..\Policies\Explorer\Run: [Msn Messenger] msnmsgs.exe O4 - HKLM\..\Run: [RIOTBOT] riotz.exe O4 - HKLM\..\RunServices: [RIOTBOT] riotz.exe O4 - HKCU\..\Run: [RIOTBOT] riotz.exe O4 - HKLM\..\Run: [sconfig] C:\WINDOWS\mshosts.exe O4 - HKLM\..\Run: [Services Control] iexplore.exe O4 - HKLM\..\RunServices: [Services Control] iexplore.exe O4 - HKLM\..\Policies\Explorer\Run: [Services Control] iexplore.exe O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\svchosy.exe O4 - HKLM\..\Run: [Symantec Control Client] symclisvc.exe O4 - HKLM\..\Run: [Windows Service Agent] dsass.exe O4 - HKLM\..\RunServices: [Windows Service Agent] dsass.exe O4 - HKCU\..\Run: [Windows Service Agent] dsass.exe O4 - HKLM\..\Run: [Windows Services Managt] wpservice.exe O4 - HKLM\..\Run: [Windows Taskmanager] taskmngr.exe O4 - HKLM\..\RunServices: [Windows Taskmanager] taskmngr.exe O4 - HKLM\..\Policies\Explorer\Run: [Windows Taskmanager] taskmngr.exe O4 - HKLM\..\Run: [Windows Helper] service.exe O4 - HKLM\..\RunServices: [Windows Helper] service.exe O23 - Service: WindowsHelpService - Unknown owner - C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Windows xmutler] cftmon32.exe O21 - SSODL: dgksvbpn - {********-****-****-****-************} - C:\WINDOWS\dgksvbpn.dll O21 - SSODL: xrdwbfgn - {********-****-****-****-************} - C:\WINDOWS\xrdwbfgn.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2C57EDE3-C380-C4BD-4ADC-ECC8F2BDFB35} C:\WINDOWS\system32\sys21.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {530DFCD7-7C64-F51E-DC82-8AAE264424EE} C:\WINDOWS\svchosy.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\MSN Messenger\msn.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\mshosts.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9CD81F6A-B74A-D406-D482-D55DE3A0A802} C:\WINDOWS\system32\win32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {C399F668-9A68-50CE-BC0C-2901F5522786}] C:\Program Files\programsis\m5z.exe v1.220 (29/08/08) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\csrss.exe F2 - REG:system.ini: Shell=Explorer.exe SVCH0ST.exe O2 - BHO: D - {********-****-****-****-************} - C:\WINDOWS\system32\mmx*****.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\rodqgpvl***.dll O2 - BHO: 120237 helper - {176D799E-6C8C-4D1A-8024-044D96A035E2} - C:\WINDOWS\system32\120237\120237.dll O2 - BHO: msvbcr40 module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll O2 - BHO: 690974 helper - {3912DDE2-4295-4A5F-A8E4-A1B1C7EF7313} - C:\WINDOWS\system32\690974\690974.dll O2 - BHO: Rmn plugin - {9988775D-4368-4857-871A-D01D66CA3A71} - ritz8.dll O3 - Toolbar: qalkfxor - {********-****-****-****-************} - C:\WINDOWS\qalkfxor.dll O4 - HKLM\..\Run: [***] C:\WINDOWS\system32\****\svchost.exe O4 - HKLM\..\Run: [AcerVGA Engine Drivers V1.2] C:\WINDOWS\iuengine32.exe O4 - HKLM\..\Run: [Adobe SpeedLaunch] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [Adobe SpeedLaunch] (Random 6 Letter).exe O4 - HKCU\..\Run: [Adobe SpeedLaunch] (Random 6 Letter).exe O4 - HKLM\..\Run: [Computer Driver] scshost.exe O4 - HKLM\..\RunServices: [Computer Driver] scshost.exe O4 - HKLM\..\Run: [Files Driver] sfdhost.exe O4 - HKLM\..\RunServices: [Files Driver] sfdhost.exe O4 - HKLM\..\Run: [manager] C:\WINDOWS\system32\drivers\setup\manager.exe O4 - HKCU\..\Run: [manager] C:\WINDOWS\system32\drivers\setup\manager.exe O4 - HKLM\..\Run: [Microsoft] winlogonsys.exe O4 - HKLM\..\RunServices: [Microsoft] winlogonsys.exe O4 - HKLM\..\Run: [Microsoft Host Scheduler] svchostt32.exe O4 - HKLM\..\RunServices: [Microsoft Host Scheduler] svchostt32.exe O4 - HKLM\..\Run: [Microsoft Updates] C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Microsoft Windows] System.exe.exe O4 - HKLM\..\RunServices: [Microsoft Windows] System.exe.exe O4 - HKCU\..\Run: [Microsoft Windows] System.exe.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\winmedia.exe O4 - HKLM\..\Run: [Nero Burner] svdhost.exe O4 - HKLM\..\RunServices: [Nero Burner] svdhost.exe O4 - HKLM\..\Run: [Realtek_Audio] C:\WINDOWS\system32\Realtek.exe O4 - HKLM\..\Run: [RealtekAC] C:\WINDOWS\system32\RealtekAC.exe O4 - HKCU\..\Run: [Run] "%AppData%\Adobe\Manager.exe" O4 - HKLM\..\Run: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe O4 - HKLM\..\RunServices: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe O4 - HKCU\..\Run: [Shellwin Time Service Tools] C:\WINDOWS\system32\winskvc32.exe O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe O4 - HKLM\..\Run: [Sound Driver for Windows] sdshost.exe O4 - HKLM\..\RunServices: [Sound Driver for Windows] sdshost.exe O4 - HKLM\..\Run: [Sound Manager] C:\WINDOWS\winrun32.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe O4 - HKLM\..\Run: [startkey] C:\svchost.exe O4 - HKCU\..\Run: [startkey] C:\svchost.exe O4 - HKLM\..\Run: [svchosts] C:\WINDOWS\system32:svchosts.exe O4 - HKLM\..\Run: [svchostt] C:\WINDOWS\system32\TH.exe O4 - HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe O4 - HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe O4 - HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe O4 - HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe O4 - HKLM\..\Run: [\VIE??.exe] C:\Windows\system32\VIE??.exe O4 - HKCU\..\Run: [\VIE??.exe] C:\Windows\system32\VIE??.exe O4 - HKLM\..\Run: [Windows Debug Manager] DebugManager.exe O4 - HKLM\..\Run: [Windows Genuine Check] Windows Genuine Check.exe O4 - HKLM\..\RunServices: [Windows Genuine Check] Windows Genuine Check.exe O4 - HKCU\..\Run: [Windows Genuine Check] Windows Genuine Check.exe O4 - HKLM\..\Run: [Windows Live Messenger] msnmsgr.exe O4 - HKLM\..\RunServices: [Windows Live Messenger] msnmsgr.exe O4 - HKCU\..\Run: [Windows Live Messenger] msnmsgr.exe O4 - HKLM\..\Run: [Windows mid Control Services] wuactll.exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 9 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 9 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 9 Letter).exe O4 - HKLM\..\Run: [Windows Services] weccom.exe O4 - HKLM\..\Run: [Windows UDP Control Center] msnmngs.exe O21 - SSODL: pdoskegl - {********-****-****-****-************} - C:\WINDOWS\pdoskegl.dll O21 - SSODL: rqbmvpso - {********-****-****-****-************} - C:\WINDOWS\rqbmvpso.dll (Trojan-Downloader.Win32.Agent variant) O23 - Service: Physical Memory Protector - Unknown owner - C:\(Random Location)\(Random Name).exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ AcerVGA Engine Drivers V1.2 C:\WINDOWS\iuengine32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {08B0E5C0-4FCB-11CF-AAX5-00401C608512} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {08B0E5C0-4FCB-11CF-AAX5-00401C608512} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {1FDAC107-871A-A4BE-0704-060506040805} C:\WINDOWS\system32\svost.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\helper.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {38D33011-7115-0816-4F85-8571E5873992} C:\WINDOWS\aplication\Intals.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {54F67D53-4C0F-D9D3-5A4C-111EA5DCE522} C:\WINDOWS\system32\TH.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {5E91C572-C63F-2D7D-E561-FCC851EC2FC1} C:\WINDOWS\system32:svchosts.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {5FDEC229-E086-E943-FEE5-FF75C431CA22} C:\WINDOWS\system32\backup\backup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {649ECE67-BA10-F963-8F75-09FD492F0283} C:\Program Files\win32a\msnger.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {6A0C09D2-B74C-68DF-89AB-93479621C994} C:\WINDOWS\system32\WlNDWOS\Systam.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {6A6D30B3-DEE8-DF78-BE74-05991ED10065} C:\WINDOWS\pif\did.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {820392F6-B191-D0CA-D576-D9544EAAE3AA} C:\WINDOWS\system32\service.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {90302276-6E6D-C710-DAD5-257BCE8FE76A} C:\WINDOWS\system32\Realtek.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\Bifrost\[KD]Naruto.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\windows32\system32dll.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\winrun32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836} C:\Program Files\Bifrost\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9D71D88C-C598-4935-C5D1-43AA4DB90836}] C:\WINDOWS\system32\Bifrost\rty.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {B2248E7E-47AE-1C6C-1479-739621F9A67C} C:\WINDOWS\system32\Bifrost\server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {B4A3BA44-AF1D-8043-3767-FDF387375AD2} C:\WINDOWS\system32\Bifrost\svhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {C2B2D6F1-4BE2-328F-AFB3-05377BB517EC} C:\WINDOWS\system32\RealtekAC.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {FCBABD4C-10E5-5008-FA5B-014542C24FCD} C:\Program Files\Bifrost\server.exe v1.219 (24/08/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\twmxbsqr***.dll O2 - BHO: dcads - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: gooochi browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Worm Radar - {07EF0649-D5BA-4139-B0A2-4D047F223B2D} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll O2 - BHO: IE Story - {A83359CE-23D4-4E1A-9D4E-C94AEDD1A67C} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE Shop - {F73DBD9E-5F1B-4BCA-8604-A911DCE08B37} - C:\WINDOWS\system32\(Random Name).dll O3 - Toolbar: rafbsvnx - {********-****-****-****-************} - C:\WINDOWS\rafbsvnx.dll O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\AV9\av2009.exe O4 - HKLM\..\Run: [blahh service] msengine.exe O4 - HKLM\..\RunServices: [blahh service] msengine.exe O4 - HKLM\..\Run: [Dcom Helper] dcmhlp.exe O4 - HKLM\..\RunServices: [Dcom Helper] dcmhlp.exe O4 - HKCU\..\Run: [Dcom Helper] dcmhlp.exe O4 - HKLM\..\Run: [F-Secure Gatekeeper] taskmon.exe O4 - HKLM\..\Run: [Genius Mose Driver] svghost.exe O4 - HKLM\..\RunServices: [Genius Mose Driver] svghost.exe O4 - HKLM\..\Run: [kernel32dll] guardpc.exe O4 - HKLM\..\RunServices: [kernel32dll] guardpc.exe O4 - HKLM\..\RunOnce: [kernel32dll] guardpc.exe O4 - HKCU\..\Run: [kernel32dll] guardpc.exe O4 - HKCU\..\RunOnce: [kernel32dll] guardpc.exe O4 - HKLM\..\Run: [Microsoft Windows Sound Drivers] sounddrivers.exe O4 - HKLM\..\Run: [Service PAck hard] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Service PAck hard] (Random 8 Letter).exe O4 - HKCU\..\Run: [Service PAck hard] (Random 8 Letter).exe O4 - HKLM\..\Run: [Sound System Driver] svlhost.exe O4 - HKLM\..\RunServices: [Sound System Driver] svlhost.exe O4 - HKLM\..\Run: [Symantec Configuration Settings] symconfig.exe O4 - HKLM\..\Run: [WinDLL (algs.exe)] rundll32.exe C:\WINDOWS\System32\algs.exe,start O4 - HKLM\..\Run: [WinDLL (wintmp.exe)] rundll32.exe C:\WINDOWS\system32\wintmp.exe,start O4 - HKLM\..\Run: [Windows MSN Live 2.3] C:\WINDOWS\system32\svhvchost.exe O4 - HKCU\..\Run: [Windows MSN Live 2.3] C:\WINDOWS\system32\svhvchost.exe O4 - HKLM\..\Run: [Windows msvc Control Host] msvs32s.exe O4 - HKLM\..\Run: [Windows Newresck] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Newresck] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Newresck] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Services] windows.exe O4 - HKLM\..\Run: [Windows UDP Control Center] installer.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winrofl32.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\Nod32Av.exe O4 - HKLM\..\Run: [Winsock2 driver] (Random 3 Letter).exe O4 - HKCU\..\RunOnce: [Winsock2 driver] (Random 3 Letter).exe O21 - SSODL: tsxngabr - {********-****-****-****-************} - C:\WINDOWS\tsxngabr.dll O21 - SSODL: vtqnxfko - {********-****-****-****-************} - C:\WINDOWS\vtqnxfko.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winhelp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe Debugger= C:\Program Files\Microsoft Common\svchost.exe v1.218 (18/08/08) O4 - HKLM\..\Run: [ISPSERVICE] C:\WINDOWS\system32\wintmp.exe O4 - HKLM\..\Run: [Symantec Client Security] symclient.exe O4 - HKLM\..\Run: [System Presets] systempre.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\winsc.exe v1.217 (18/08/08) O2 - BHO: BhoApp Class - {********-****-****-****-************} - C:\Program Files\altcmd\altcmd32.dll O2 - BHO: agadoo browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\**************.dll O2 - BHO: radbanner browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\***********.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\mesdxbrq***.dll O3 - Toolbar: vwsrfton - {********-****-****-****-************} - C:\WINDOWS\vwsrfton.dll O2 - BHO: A.Video - {0603D38B-C4FF-458D-9E9A-C0FD113FAEC3} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: CTR Video - {0CF8753B-DEB6-4266-BEFF-71F5E0312B0D} - C:\Windows\system32\(Random Name).dll O2 - BHO: MSN Search - {24A1E1CC-4393-941E-B765-2264A695D4E3} - C:\WINDOWS\system32\browsearch.dll O2 - BHO: Windows module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll O2 - BHO: IE Storage - {3F1CEB16-3615-47ED-B153-3E98A4B9F3F5} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: 857060 helper - {6CCBAFC1-5285-494F-93F1-6894C87A9C43} - C:\WINDOWS\system32\857060\857060.dll O2 - BHO: IE VideoStream - {B5B77C65-5849-48E4-999A-FACA72F7B822} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE Optimizer - {BACA5B3B-DD57-4E62-B986-9A5677FBF001} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [\SUE**.exe] C:\Windows\SUE**.exe O4 - HKCU\..\Run: [\SUE**.exe] C:\Windows\SUE**.exe O4 - HKCU\..\Run: [Antivir64] C:\Program Files\Antivir64\Antivir64.exe O4 - HKLM\..\Run: [Device Security] dvcsecure.exe O4 - HKLM\..\Run: [Device Security Manager] dvcsecure.exe O4 - HKLM\..\Run: [DirectX Driver] stdhost.exe O4 - HKLM\..\RunServices: [DirectX Driver] stdhost.exe O4 - HKLM\..\Run: [Help] C:\WINDOWS\system32\lshost.exe O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\msn.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\msn.exe O4 - HKLM\..\Run: [Live Windows Messenger Version] msnmessage7.7.exe O4 - HKLM\..\Run: [Nod32 Service] nod6.exe O4 - HKLM\..\RunServices: [Nod32 Service] nod6.exe O4 - HKCU\..\Run: [Power-Antivirus-2009] C:\Program Files\Power-Antivirus-2009\Power-Antivirus-2009.exe O4 - HKLM\..\Run: [Security Monitor] securemon.exe O4 - HKLM\..\Run: [Symantec Debug Client] symdebugs.exe O4 - HKLM\..\Run: [System Core Memory] syscoremem.exe O4 - HKLM\..\Run: [System DataBase Root] sysdbroot.exe O4 - HKLM\..\Run: [WinDLL (tmp.exe)] rundll32.exe C:\WINDOWS\system32\tmp.exe,start O4 - HKLM\..\Run: [Windows Services] w32services.exe O4 - HKLM\..\Run: [Windows Services M7] ctfmon32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] auth.exe O4 - HKLM\..\Run: [Windows UDP Control Center] msnpd.exe O4 - HKLM\..\Run: [Windows UDP Control Center] taksmrg.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\McAfee.exe O4 - HKLM\..\Run: [WinXPService] C:\windows\fonts\taksmgr.exe O21 - SSODL: tpabfelq - {********-****-****-****-************} - C:\WINDOWS\tpabfelq.dll O21 - SSODL: wbqxfpgl - {********-****-****-****-************} - C:\WINDOWS\wbqxfpgl.dll O23 - Service: msnmgs (Microsoft Message Service XP) - Ap - C:\WINDOWS\fuckit.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {9B71D88C-C598-4935-C5D1-43AA4DB90836} C:\WINDOWS\system32\caam\caam.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\emacs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iexplorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\raping.exe v1.216 (14/08/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\ashDsp.exe F3 - REG:win.ini: run="%AppData%\Adobe\Manager.exe" O2 - BHO: addestination browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: ads_optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: adssite - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: adsonmedia browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: adzgalore - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: banneradsgalore browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: bannerstyle browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: bannerstyles browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: browser optimizer superiorads - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: cpmsky browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: giantads.biz browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: gooochi browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: mysidesearch browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: MySidesearch Search Assistant - {********-****-****-****-************} - C:\WINDOWS\system32\mysidesearch_sidebar.dll O2 - BHO: mysidesearch search enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: nextads browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: rightonadz browser enhancer - {********-****-****-****-************} - C:\WINDOWS\system32\rgtndz.dll O2 - BHO: rightonadz browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll O2 - BHO: superiorads browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: targettedbanner browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll O2 - BHO: 604262 helper - {4F006697-FB04-4B67-86BB-0DCA9C0514B4} - C:\WINDOWS\system32\604262\604262.dll O2 - BHO: GTool - {53322B35-2C26-4FAC-A713-C31BBAA1C636} - C:\WINDOWS\system32\(RandomName).dll O4 - HKLM\..\Run: [{********-****-****-****-************}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\(RandomName).dll" DllStart O4 - HKLM\..\Run: [ashDsp.exe] C:\WINDOWS\system32\ashDsp.exe O4 - HKLM\..\Run: [Core System Hardware] syscorehd.exe O4 - HKCU\..\RunOnce: [dcom] rundll32.exe ritz8.dll,InitDll O4 - HKLM\..\Run: [Device Hardware] devicehnd.exe O4 - HKLM\..\Run: [Device IO System] deviceio.exe O4 - HKLM\..\Run: [Device Security Driver] devicesec.exe O4 - HKLM\..\Run: [logonUiInit] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\rgtndz.dll" DllInit O4 - HKLM\..\Run: [Microsoft Windows (D)] %Temp%\iexplore.exe O4 - HKLM\..\Run: [Security Center Distribution] securesec.exe O4 - HKLM\..\Run: [Security Server DB] secserver.exe O4 - HKLM\..\Run: [Security Service DB] secservice.exe O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\(RandomName).dll" DllInit O4 - HKLM\..\Run: [svc32] C:\WINDOWS\system32\svc32.exe O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe O23 - Service: CdbgEvtSvc - Unknown owner - C:\WINDOWS\System32\CdbgEvtSvc.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINDOWS\system32\sobicyt.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: Virtual Memory Protector - Unknown owner - C:\(Random Location)\(Random Name).exe O23 - Service: WINLOGIN (winlogin) - Unknown owner - C:\WINDOWS\lsass.exe O23 - Service: WinLogons (systems) - Unknown owner - C:\WINDOWS\run32dll.exe O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe v1.215 (11/08/08) O2 - BHO: mxlivemedia browser optimizer - {********-****-****-****-************} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: Gold.Manager - {67956585-9B5C-4E2B-ABE1-A01BF3046EE1} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\(RandomName).dll O2 - BHO: Mirar - {8DD6F82D-A947-414B-ABD0-72CEF07FB544} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - pns32.dll O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll O2 - BHO: 461942 helper - {F75B6637-89E2-4EA0-8343-F8BF98103654} - C:\WINDOWS\system32\461942\461942.dll O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll O3 - Toolbar: Mirar - {8DD6F82C-A947-414B-ABD0-72CEF07FB544} - C:\WINDOWS\system32\(RandomName).dll O4 - HKLM\..\Run: [{********-****-****-****-************}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\(RandomName).dll" DllStart O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase.exe O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe O4 - HKLM\..\Run: [AXPFixer] C:\Program Files\AXPFixer\AXPFixer.exe O4 - HKCU\..\Run: [ctfnnon] C:\WINDOWS\ctfmon.exe O4 - HKLM\..\Run: [LCASS] lcass.exe O4 - HKLM\..\RunServices: [LCASS] lcass.exe O4 - HKCU\..\Run: [LCASS] lcass.exe O4 - HKCU\..\Run: [SpywareSweeper] C:\Program Files\SpywareSweeper\SpywareSweeper.exe O2 - BHO: ExpertHelper - {EB6EC5D7-7D19-A8C7-D607-F0993BF94A9F} - C:\Program Files\ExpertHelper\ExpertHelper-1.dll O4 - HKLM\..\Run: [MbarInstall] %Temp%\tem**.tmp.exe O4 - HKLM\..\Run: [Msn Message Acount Helper 7.7] msnmessage7.7.exe O4 - HKLM\..\Run: [MSN Security Agent] msnsecure.exe O4 - HKCU\..\Run: [MSWTL32] C:\WINDOWS\MSATL32.exe O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun O4 - HKLM\..\Run: [Security System] securesys.exe O4 - HKLM\..\Run: [SVGA Adapter] svghost.exe O4 - HKLM\..\RunServices: [SVGA Adapter] svghost.exe O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe" O4 - HKLM\..\Run: [\Win***.exe] C:\Windows\system32\Win***.exe O4 - HKCU\..\Run: [\Win***.exe] C:\Windows\system32\Win***.exe O4 - HKLM\..\Run: [WinDLL (asdfsa.exe)] rundll32.exe C:\WINDOWS\System32\asdfsa.exe,start O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmsgr.exe O4 - HKCU\..\Run: [WinXDefender] C:\Program Files\WinXDefender\WinXDefender.exe O23 - Service: Advance Service Process - Unknown owner - C:\Program Files\Common Files\System\MSASP32.exe O23 - Service: Local Network Service (algs) - Unknown owner - C:\WINDOWS\winss O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\system32\msinet.exe O23 - Service: System Event Browser - Unknown owner - C:\WINDOWS\system32\sysbrw32.exe O23 - Service: Windows Network Data Management Service (WNDMS) - Unknown owner - C:\WINDOWS\system32\wndms.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {E4195BA6-9309-6037-9D9B-30D823FEDE06} C:\WINDOWS\1222\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe v1.214 (07/08/08) O2 - BHO: 995937 helper - {1E1465F3-56CF-4FC4-8684-1BD6245AA30D} - C:\WINDOWS\system32\995937\995937.dll O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: Megaupload Toolbar - {EEE17712-987E-4424-A00C-9DA0BC4E2078} - C:\WINDOWS\system32\(RandomName).dll O4 - HKLM\..\Run: [DRam prosessor] msupdate.exe O4 - HKLM\..\RunServices: [DRam prosessor] msupdate.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] windowsupdate.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] windowsupdate.exe O4 - HKLM\..\Run: [Microsoft Windows Expl0rer] expl0rer.exe O4 - HKLM\..\RunServices: [Microsoft Windows Expl0rer] expl0rer.exe O4 - HKLM\..\Run: [Microsoft Winedows startup] WinKey.exe O4 - HKLM\..\RunOnce: [Microsoft Winedows startup] WinKey.exe O4 - HKLM\..\RunServices: [Microsoft Winedows startup] WinKey.exe O4 - HKCU\..\Run: [Microsoft Winedows startup] WinKey.exe O4 - HKCU\..\RunOnce: [Microsoft Winedows startup] WinKey.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\iTuneshelp.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\wmev.exe O4 - HKLM\..\Run: [MSN CST Manager] mancstmgr.exe O4 - HKLM\..\Run: [MSN Database Client] msndbcli.exe O4 - HKLM\..\Run: [MSN Messenger Live Windows] messengerlive.exe O4 - HKLM\..\Run: [MSN Settings Manager] msnsetmg.exe O4 - HKCU\..\Run: [neos] C:\WINDOWS\neos.exe O4 - HKLM\..\Run: [system32] system32.exe O4 - HKLM\..\RunServices: [system32] system32.exe O4 - HKCU\..\Run: [Systems] C:\WINDOWS\Systems.exe O4 - HKLM\..\Run: [WinDLL (windns32.dll)] rundll32.exe C:\WINDOWS\System32\windns32.dll,start O4 - HKLM\..\Run: [Windows Messenger Live MSN] winlivemsnmessenger.exe O4 - HKLM\..\Run: [Windows Messenger Live Startup] windowsmsnlive.exe O4 - HKLM\..\Run: [Windows MSN Live Messenger] winmessengerlive.exe O4 - HKLM\..\Run: [Windows Services] winsyssrv.exe O4 - HKLM\..\Run: [Windows Servser] serviser.exe O4 - HKLM\..\Run: [Windows Taskmanager] taskngr.exe O4 - HKLM\..\RunServices: [Windows Taskmanager] taskngr.exe O4 - HKLM\..\Policies\Explorer\Run: [Windows Taskmanager] taskngr.exe O23 - Service: Virtual Memory Dispatcher - Unknown owner - C:\(RandomName).exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {604BCB9F-5379-1D60-ACED-7E51436972DE} C:\WINDOWS:update.exe v1.213 (05/08/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\wnlmdakq***.dll O3 - Toolbar: bgrqfetx - {********-****-****-****-************} - C:\WINDOWS\bgrqfetx.dll O4 - HKLM\..\Run: [buritos] buritos.exe O4 - HKLM\..\Run: [Live Windows Messenger Version] msnmsngrlive.exe O4 - HKLM\..\Run: [Topic Tilesys] Tilesys.com O4 - HKLM\..\RunServices: [Topic Tilesys] Tilesys.com O4 - HKLM\..\Run: [XP SecurityCenter] C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe /hide O21 - SSODL: tfnslopk - {********-****-****-****-************} - C:\WINDOWS\tfnslopk.dll O21 - SSODL: xokvrpwg - {********-****-****-****-************} - C:\WINDOWS\xokvrpwg.dll O22 - SharedTaskScheduler: COM+ Service - {3229DFCD-3EAF-4712-ED45-4876FEDC170C} - C:\WINDOWS\system32\winload.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {9988775D-4368-4857-871A-D01D66CA3A71}] rundll32 ritz8.dll,InitO tdssserv.sys v1.212 (03/08/08) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe O2 - BHO: 518963 helper - {7F764725-92AF-4164-9554-CFE075CE0263} - C:\WINDOWS\system32\518963\518963.dll O2 - BHO: 784953 helper - {32E0E18C-7B9A-4A83-96D1-75DF1AFD98A3} - C:\WINDOWS\system32\784953\784953.dll O2 - BHO: 960932 helper - {36C38422-602D-48A3-8110-4174CBDDA12C} - C:\WINDOWS\system32\960932\960932.dll O2 - BHO: 977751 helper - {399CF5DA-29AE-43C2-8F9D-786B803F1DC1} - C:\WINDOWS\system32\977751\977751.dll O2 - BHO: LabelCommand module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - %allusersprofile%\Application Data\services\services.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O4 - HKLM\..\Run: [CLI Services] clisrv.exe O4 - HKLM\..\Run: [Microsft Remote Procedure Daemon] msrpcd.exe O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32:svchost.exe O4 - HKLM\..\Run: [Windows Services] dllhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {05678D88-71DC-B123-1C5C-A2194F963210} C:\WINDOWS\system32\sysm\smssm.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {0D0E2092-26AA-197F-AD04-42AAB7AA4C5F} C:\WINDOWS\system32:svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {354558B1-932C-7AA1-7E39-339591EDCC80} C:\Program Files\Micros\svhoost.exe v1.211 (01/08/08) O2 - BHO: Rmn plugin - {930247B4-16BE-48d2-87DD-86D7FB314639} - ritz8.dll O2 - BHO: CUNta - {933ED98E-57E9-11DD-BF82-A36255D89593} - C:\WINDOWS\system32\cunta.dll O3 - Toolbar: Internet Service - {38BF827A-D7C5-46E1-A9A2-47B1B5BB5438} - C:\Program Files\Applications\iebr.dll O4 - HKLM\..\Run: [Clip Service Manager] clipmg.exe O4 - HKLM\..\Run: [Clip Servicer] clipsrvc.exe O4 - HKLM\..\Run: [nVidia Application Drivers] nvidiav32.exe O20 - AppInit_DLLs: karina.dat v1.210 (30/07/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mrcmgr.exe, F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\wsivs.exe, O2 - BHO: IE Microsoft extension - {161B953B-95F9-4af3-B071-D5FF5EA132EF} - C:\WINDOWS\system32\mshpc.dll O2 - BHO: MddApp Class - {1A4F919F-4334-4abf-BF47-0836A8B5A54B} - C:\WINDOWS\System32\ddr7xm.dll O2 - BHO: BHO.tbl2 - {76086C05-4D0A-4B92-9219-2E3FE8C553F9} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: 804031 helper - {C82B3296-FC52-4CD7-876B-8147E28DA748} - C:\WINDOWS\system32\804031\804031.dll O2 - BHO: AOL Toolbar - {FB0E529A-3D2C-473E-83FE-9E56AC6CC0EB} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\mrcmgr.exe O4 - HKLM\..\Run: [nVidia Display Drivers (x86)] nvsys86.exe O4 - HKLM\..\Run: [nVidia System Drivers] nvsys32.exe O4 - HKCU\..\Run: [Skra] C:\Program Files\Skra\Skra.exe O4 - HKLM\..\Run: [Windows Server IP Verification Service] "C:\WINDOWS\System32\wsivs.exe" * O23 - Service: Windows Server IP Verification Service (WSIVS) - Unknown owner - C:\WINDOWS\System32\wsivs.exe v1.209 (27/07/08) O2 - BHO: Rmn plugin - {7FED228E-A6F7-49aa-A0BC-76E0A67C53BB} - drweb32.dll O2 - BHO: Rmn plugin - {7FED228E-A6F7-49aa-A0BC-76E0A67C53BB} - nod32.dll O2 - BHO: DrFlex IE Helper - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - C:\Program Files\QdrDrive\QdrDrive20.dll O2 - BHO: BHO5 - {9873E994-669E-4044-BA64-E5D9AD534A55} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BHO.toolbar3 - {A4D16645-4149-41FB-B670-E06072E540C1} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe" O4 - HKLM\..\Run: [Microsoft] ntsvr.exe O4 - HKLM\..\RunServices: [Microsoft] ntsvr.exe O4 - HKLM\..\Run: [System Config Boot] syscgboot.exe O4 - HKLM\..\Run: [System Registry Manager] sysrgmgr.exe O4 - HKLM\..\Run: [wmisrv] C:\wmisrv.exe O20 - Winlogon Notify: mcrwave - C:\WINDOWS\SYSTEM32\mcrwave.dll msdefender.sys dwave.sys v1.208 (24/07/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\nfavxwdb***.dll O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\Windows\system32\(Random Name).dll O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE.Filter - {F65E955E-26C0-42FF-8EE2-443A05EA286A} - C:\WINDOWS\system32\(Random Name).dll O3 - Toolbar: fdkowvbp - {********-****-****-****-************} - C:\WINDOWS\fdkowvbp.dll O4 - HKCU\..\Run: [(Random Numbers)] C:\Program Files\Antivirus 2009\av2009.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\AVM\avm.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\AVM\avm.exe O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\microsoft\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\microsoft\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\microsoft\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\microsoft\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\microsoft\svchost.exe O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [beta] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\microsoft\svchost.exe (User 'SYSTEM') O4 - HKCU\..\Run: [s9201] "%AllUsersProfile%\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe O4 - HKLM\..\Run: [System CGI Manager] syscgmgr.exe O4 - HKLM\..\Run: [System DB Manager] sysdbmg.exe O4 - HKCU\..\Run: [TheSpyBot] C:\Program Files\TheSpyBot\TheSpyBot.exe O4 - HKLM\..\Run: [Windows Registery Center] svhchosts.exe O4 - HKLM\..\Run: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Service Agnts] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] mssngear.exe O4 - HKLM\..\RunServices: [Windows Service Agent] mssngear.exe O4 - HKCU\..\Run: [Windows Service Agent] mssngear.exe O4 - HKLM\..\Run: [Windows Services] servicez.exe O4 - HKLM\..\Run: [WinManage] C:\WINDOWS\system32\wmanage.exe O21 - SSODL: eqvwamkl - {********-****-****-****-************} - C:\WINDOWS\eqvwamkl.dll O21 - SSODL: wnslvxtf - {********-****-****-****-************} - C:\WINDOWS\wnslvxtf.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {19787F52-F569-66C9-0107-060800060008} C:\WINDOWS\system32\WinSecDir.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} C:\WINDOWS\lofFile.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} C:\WINDOWS\lofFile.exe v1.207 (20/07/08) O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll O2 - BHO: 219725 helper - {6EA1DB25-2524-4DD6-B997-42E8F38C6E46} - C:\WINDOWS\system32\219725\219725.dll O2 - BHO: toolbar.search - {19B8572F-894F-41E0-9309-00091B688905} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: search toolbar - {7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: TBBho Class - {F8EA6827-1B82-494a-ACAC-A582A714DCA8} - C:\WINDOWS\tBHO.dll O4 - HKLM\..\Run: [Boot Server] bootserver.exe O4 - HKLM\..\Run: [Boot Service] bootservice.exe O4 - HKLM\..\Run: [Csrss Host] csrhost.exe O4 - HKLM\..\Run: [File-Sharing Wizard] shwizard.exe O4 - HKLM\..\Run: [Firewall] C:\WINDOWS\ctfmon.exe O4 - HKLM\..\Run: [G4G] C:\WINDOWS\ghg8aw3lo.exe O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\system\winlogon.exe O4 - HKLM\..\Run: [Gestionnaire des tāches de Windows] C:\WINDOWS\system32\taskmgr.exe O4 - HKLM\..\Run: [IPLog Security] iplogsec.exe O4 - HKLM\..\Run: [Microsoft Excele] C:\WINDOWS\System32\msmsgs.exe O4 - HKCU\..\Run: [Microsoft Excele] C:\WINDOWS\System32\msmsgs.exe O4 - HKLM\..\Run: [Microsoft Initialization Service] initsvc.exe O4 - HKLM\..\Run: [Microsoft Initialization Services] initserv.exe O4 - HKLM\..\Run: [Microsoft Kinetik Svc] msftksvc.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] svcchost.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] svcchost.exe O4 - HKLM\..\Run: [Microsoft Update] enule.exe O4 - HKLM\..\RunServices: [Microsoft Update] enule.exe O4 - HKLM\..\Run: [mshujsys] C:\WINDOWS\system32\mshujsys.exe O4 - HKLM\..\Run: [MSN Messages] msnmessgs.exe O4 - HKLM\..\Run: [MSN Messenger Inbox Loader] msninbox.exe O4 - HKLM\..\Run: [MSN Messenger Live Login] msnmessengerlive.exe O4 - HKLM\..\Run: [MSN Messenger Service Startup] msnservice.exe O4 - HKLM\..\Run: [MSN Router] msnrouter.exe O4 - HKLM\..\Run: [MSN Servicer] msnservicer.exe O4 - HKLM\..\Run: [Services DLL Loader] srvdll.exe O4 - HKLM\..\Run: [Smss Host] smhost.exe O4 - HKLM\..\Run: [SND Volumes] sndvolumes.exe O4 - HKLM\..\Run: [Srv Host] srvhost.exe O4 - HKCU\..\Run: [SYSTEM] C:\WINDOWS\SystemFile.exe O4 - HKLM\..\Run: [System IP] systemip.exe O4 - HKLM\..\Run: [System Task Manager] taskmrg.exe O4 - HKLM\..\RunServices: [System Task Manager] taskmrg.exe O4 - HKLM\..\Run: [Win Config] winconfig.exe O4 - HKLM\..\Run: [Windows Genuine Validate] C:\WINDOWS\system32\winservicessss.exe O4 - HKLM\..\Run: [Windows Helper] wsctnfy.exe O4 - HKLM\..\RunServices: [Windows Helper] wsctnfy.exe O4 - HKLM\..\Run: [Windows Local ISP] winthcr.exe O4 - HKLM\..\Run: [Windows Messenger Live Startup] windowslivemsn.exe O4 - HKLM\..\Run: [Win Security] winsecure.exe O4 - HKLM\..\Run: [Windows Temperate Services] wintmp.exe O4 - HKLM\..\Run: [XP Loader] loaderxp.exe O4 - HKLM\..\Run: [XP System] systemxp.exe O23 - Service: AOL Antivirus Update Service (RandomName) - Unknown owner - C:\WINDOWS\system32\(RandomName).exe O23 - Service: Asset Management Daemon (RandomName) - Unknown owner - C:\WINDOWS\System32\(RandomName).exe O23 - Service: Backbone Service (RandomName) - Unknown owner - C:\WINDOWS\system32\(RandomName).exe O23 - Service: BsHelpCS (RandomName) - Unknown owner - C:\WINDOWS\System32\(RandomName).exe O23 - Service: SmartLinkService (RandomName) - Unknown owner - C:\WINDOWS\system32\(RandomName).exe O23 - Service: Websense CPM Report Scheduler (RandomName) - Unknown owner - C:\WINDOWS\system32\(RandomName).exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2bf41072-b2b1-21c1-b5c1-0305f4155515} C:\WINDOWS\system32\winservicessss.exe glok+*-*.sys v1.206 (17/07/08) O2 - BHO: C:\WINDOWS\system32\(RandomName).dll - {C5AF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(RandomName).dll O2 - BHO: IE.SpamFilter - {DB055111-4F4F-4730-ADC5-C40EBBFF6E67} - C:\WINDOWS\system32\(Random Name).dll O4 - HKLM\..\Run: [MSN6.1 Auto-Updater] v6msn.exe O4 - HKLM\..\Run: [MSN File Configuration] msnfilecfg.exe O4 - HKLM\..\Run: [MSN File Sharing Wizard] msnsharewiz.exe O4 - HKLM\..\Run: [System Updates] (Random 4 Letter).exe O4 - HKLM\..\RunServices: [System Updates] (Random 4 Letter).exe O4 - HKCU\..\Run: [System Updates] (Random 4 Letter).exe O4 - HKCU\..\RunServices: [System Updates] (Random 4 Letter).exe O4 - HKLM\..\Run: [Windows Services] winsysdll.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\msnsa32.exe O21 - SSODL: evgratsm - {********-****-****-****-************} - C:\WINDOWS\evgratsm.dll O21 - SSODL: kvxqmtre - {********-****-****-****-************} - C:\WINDOWS\kvxqmtre.dll O22 - SharedTaskScheduler: (RandomName) - {C5AF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\(RandomName).dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635615} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635618} C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe msliksurserv.sys v1.205 (15/07/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\service.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Media\csrss.exe F3 - REG:win.ini: load=C:\WINDOWS\soundmgr.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kgxmotap***.dll O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll O2 - BHO: NETWORK SERVICE - {3A4E6FF3-BF59-446E-9DC8-731BCE2F349A} - C:\WINDOWS\system32\msupdate.dll O2 - BHO: 750623 helper - {3CCCCEF1-D6D1-4BD0-84D3-BA6E364E7DCD} - C:\WINDOWS\system32\750623\750623.dll O2 - BHO: IEBlocker.Flt - {FFE59EC6-5491-4EF3-BA0D-77B0D895B4F7} - C:\WINDOWS\System32\(Random Name).dll O2 - BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE.Filter - {8B2AE9C0-1555-4C92-905A-531532F15698} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program FileS\Web Technologies\iebt.dll O3 - Toolbar: qndsfmao - {********-****-****-****-************} - C:\WINDOWS\qndsfmao.dll O3 - Toolbar: Internet Service - {1C56E97B-A95F-47B2-93C0-3FEED24479A7} - C:\Program Files\Web Technologies\iebr.dll O3 - Toolbar: Internet Service - {65742936-8079-408B-9F3C-874B78030A72} - C:\Program FileS\Web Technologies\iebr.dll O4 - HKCU\..\Run: [Antivirus] C:\Program Files\AAV\aav.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\AAV\aav.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe O4 - HKLM\..\Run: [asc32] "C:\Program Files\ASC 2.1\asc 2.1.exe" O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\ASC 2.1\asc 2.1.exe O4 - HKLM\..\Run: [Generic Host Process for Win Services] mscvs.exe O4 - HKLM\..\RunServices: [Generic Host Process for Win Services] mscvs.exe O4 - HKLM\..\RunOnce: [Generic Host Process for Win Services] mscvs.exe O4 - HKLM\..\Policies\Explorer\Run: [GT15J4R49V] C:\WINDOWS\cpuserv.exe O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean O4 - HKLM\..\Run: [Microsoft] svhost.exe O4 - HKLM\..\RunServices: [Microsoft] svhost.exe O4 - HKLM\..\Run: [MPatrolPRO] C:\Program Files\MPatrolPRO\MPatrolPRO.exe O4 - HKLM\..\Run: [MSN Communication Manager] msncommgr.exe O4 - HKLM\..\Run: [MSN RPC Manager] msnrpcmgr.exe O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe O4 - HKLM\..\Run: [Service Update Client] svcupdcli.exe O4 - HKCU\..\Run: [Services] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [Sys*.exe] C:\WINDOWS\Sys*.exe O4 - HKCU\..\Run: [Sys*.exe] C:\WINDOWS\Sys*.exe O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe O4 - HKLM\..\Policies\Explorer\Run: [win] C:\WINDOWS\winupdt.exe O4 - HKLM\..\Policies\Explorer\Run: [win aggior] C:\WINDOWS\winupdt.exe O4 - HKLM\..\Policies\Explorer\Run: [win aggiornamento] C:\WINDOWS\winupdate.exe O4 - HKLM\..\Run: [Windows] C:\WINDOWS\system32\spoovlss.exe O4 - HKLM\..\Run: [Windows Host Booter] hostbooter.exe O4 - HKLM\..\Run: [Windows MSN Live Messenger] winlivemsn.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogin.exe O4 - HKLM\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Services] service.exe O4 - HKLM\..\Run: [Windows Services] w32edus.exe O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\scrigz.exe O4 - HKLM\..\Run: [Windows WKS Services] wkssvr1.exe O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe O21 - SSODL: fdxbameg - {********-****-****-****-************} - C:\WINDOWS\fdxbameg.dll O21 - SSODL: fsrpknov - {********-****-****-****-************} - C:\WINDOWS\fsrpknov.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {10388970-0592-BCC4-1BCB-3147DA75A2F6} C:\WINDOWS\system32\Resource\wblinds.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {10388970-0592-BCC4-1BCB-3147DA75A2F6} C:\WINDOWS\system32\Resource\wga.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {712EFA19-5088-15E5-1990-B875C6D83C16} C:\WINDOWS\Resource\svchost.exe mickey32.sys v1.204 (09/07/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\wbxdpgfe***.dll O2 - BHO: IESiteBlocker.NavFilter - {1AB6932F-92FE-42E6-870C-544AE458EA78} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - C:\Program Files\ASC 2.1\ASCWarning32.dll O3 - Toolbar: sqvgnrpx - {********-****-****-****-************} - C:\WINDOWS\sqvgnrpx.dll O4 - HKLM\..\Run: [Service2] C:\WINDOWS\Drivers\Intel\Service2.exe -b C:\WINDOWS\Drivers\Intel\Sample.config O4 - HKLM\..\Run: [Windows Services] winlogon.exe O4 - HKLM\..\Run: [Windows Services] winudp.exe O23 - Service: Client Server Runtime Counter - Unknown owner - C:\WINDOWS\system32\crssc.exe v1.203 (07/07/08) O2 - BHO: VideoCodec Class - {284AAAD9-FDF9-49A3-93ED-9CAE4AA26805} - C:\WINDOWS\system32\AswBHO.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\PCTotalDefender\Tools\pblock.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\PCTotalDefender\Tools\sbiebho.dll O2 - BHO: EpsonToolBandKicker Class - {87FD33C2-7891-45D5-ACD1-7935F9AEA26B} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dll O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - C:\Program Files\IE Extensions\cj.v5.dll O2 - BHO: rmd - {DE5F80FD-8A16-4E53-A670-25EDD1152274} - C:\WINDOWS\system32\rmd.dll O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\PCTotalDefender\bm.exe" dm=ht*p://pctotaldefender.com ad=ht*p://pctotaldefender.com sd=ht*p://loginst.pctotaldefender.com O4 - HKLM\..\Run: [Boot Client] bootcli.exe O4 - HKCU\..\Run: [msserv] C:\WINDOWS\msserv.exe O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\PCTotalDefender\pgs.exe" /empty O4 - HKLM\..\Run: [pctdf.exe] C:\WINDOWS\pctdf.exe O4 - HKLM\..\Run: [PCTotalDefender] C:\Program Files\PCTotalDefender\pgs.exe O4 - HKLM\..\Run: [Service Client] winsvcli.exe O4 - HKLM\..\Run: [sprof] C:\Program Files\sprof\sprof.exe O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\PCTOTA~1\ugac.exe" -start O4 - HKLM\..\Run: [UPD Client] updclient.exe O4 - HKLM\..\Run: [WinAntispyware2008] "C:\Program Files\WinAntispyware2008\WinAntispyware2008.exe" /hide O4 - HKLM\..\Run: [Windows Firewall] rundll32.exe O4 - HKLM\..\RunServices: [Windows Firewall] rundll32.exe O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe v1.202 (06/07/08) O2 - BHO: 778670 helper - {1B12F639-CBA9-45DD-89FE-9FA7D4340716} - C:\WINDOWS\system32\778670\778670.dll O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {784CE1EA-4109-4D9E-BAD0-6E022808EEAE} - C:\Program Files\SpyGuarder\redir.dll O2 - BHO: (no name) - {83798BB2-00CD-4CF4-84CC-D814DC7A510F} - C:\Program Files\SpyGuarder\redir.dll O2 - BHO: (no name) - {C40624B4-CCDB-4F00-8888-7896032D234A} - %AppData%\redir.dll O2 - BHO: (no name) - {E37D4210-1D22-437A-96B6-977EC202869E} - %AppData%\redir.dll O2 - BHO: (no name) - {F3642B57-3EA8-4EEA-A643-9DE138381A57} - C:\Program Files\WinX Security Center\redir.dll O4 - HKLM\..\Run: [MSN Update Cfg] msnupdbt.exe O4 - HKCU\..\Run: [SpyGuarder] C:\Program Files\SpyGuarder\SpyGuarder.exe O4 - HKLM\..\Run: [Windows Driver Sup] windvrhost.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe O4 - HKCU\..\Run: [WinX Security Center] C:\Program Files\WinX Security Center\WinX Security Center.exe v1.201 (03/07/08) O2 - BHO: Microsoft Shared Library Object Version - {0000AC13-3487-1583-C4BE-BE6A839DB000} - C:\WINDOWS\system32\mfc42dx1.dll O2 - BHO: Rmn plugin - {00EBB3B3-DEAD-4440-B1F8-B09DDDB89EF3} - lbbd32.dll O2 - BHO: 734914 helper - {0BD071A6-C989-49E8-9B8E-80F92A868E26} - C:\WINDOWS\system32\734914\734914.dll O2 - BHO: WarningBHO Class - {9989F1F6-70DE-4244-AC9F-6672983681A0} - C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll O2 - BHO: XTTBPos00 - {E014A78F-34DC-4BE5-83BB-58CA12E384B6} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll O4 - HKLM\..\Run: [AntiSpyCheck 2.1] "C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe" O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe O4 - HKLM\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\RunServices: [Ms System Config] xplsass.exe O4 - HKCU\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\system32\systems.exe O4 - HKLM\..\Run: [MSN Auto-Updater] msnaupdater.exe O4 - HKLM\..\Run: [MSN Update Client] msnupdcli.exe O4 - HKLM\..\Run: [OS Boot Loader] bootloader.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe O4 - HKLM\..\Run: [Windows ARP Detectioncx] winlogon.exe O4 - HKLM\..\Run: [Windows Messenger User Agent] msnmsrg.exe O4 - HKLM\..\Run: [Windows Networking Monitor] C:\WINDOWS\system32\mdm.exe O4 - HKCU\..\Run: [Windows Networking Monitor] C:\WINDOWS\system32\mdm.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {D49F8938-7BA6-108A-3377-03D18C391234} C:\WINDOWS\system32\systems.exe v1.200 (02/07/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\Spool.exe O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kgqfwelt***.dll O2 - BHO: Microsoft Shared Library Object Version - {0000AC13-3487-1583-C4BE-BE6A839DB000} - C:\WINDOWS\system32\mfc42dx1.dll O2 - BHO: Rmn plugin - {0de68a8a-8158-4bde-8f5f-849f00af31fb} - bsndcom.dll O2 - BHO: Rmn plugin - {0de68a8a-8158-4bde-8f5f-849f00af31fb} - sndcom.dll O2 - BHO: Rmn plugin - {096059fd-99ab-41eb-9e55-59aeb0a3b444} - roadmap16.dll O2 - BHO: 459849 helper - {2839B753-1D7A-4C28-8F8D-86CEFFE5F205} - C:\WINDOWS\system32\459849\459849.dll O2 - BHO: scriptproxy - {6D0386B3-FD72-488E-9740-90355AE21735} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WarningBHO Class - {9989F1F6-70DE-4244-AC9F-6672983681A0} - C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\Windows\system32\(Random Name).dll O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - C:\Program Files\Web Technologies\iebt.dll O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll O3 - Toolbar: nqgpedlr - {********-****-****-****-************} - C:\WINDOWS\nqgpedlr.dll O4 - HKLM\..\Run: [AntiSpyCheck 2.1] "C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe" O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe O4 - HKLM\..\Run: [Intranet] schost.exe O4 - HKLM\..\RunServices: [Intranet] schost.exe O4 - HKLM\..\Run: [java] system.exe O4 - HKLM\..\RunServices: [java] system.exe O4 - HKLM\..\Run: [Microsoft Security Monitor Process] service.exe O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] service.exe O4 - HKLM\..\Run: [Microsoft Update] rundll32.dll O4 - HKLM\..\RunServices: [Microsoft Update] rundll32.dll O4 - HKLM\..\Run: [Microsoft Update Machine] systemi.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemi.exe O4 - HKCU\..\Run: [Microsoft Update Machine] systemi.exe O4 - HKLM\..\Run: [Microsoft Windows Express] Microsoft Update O4 - HKLM\..\RunServices: [Microsoft Windows Express] Microsoft Update O4 - HKLM\..\Run: [Microsoft Windows Sound] svuhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svuhost.exe O4 - HKLM\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\RunServices: [Ms System Config] xplsass.exe O4 - HKCU\..\Run: [Ms System Config] xplsass.exe O4 - HKLM\..\Run: [MSN] C:\WINDOWS\lsass32.exe O4 - HKLM\..\Run: [MSN Auto-Updater] msnupdates.exe O4 - HKLM\..\Run: [MSN CNF Manager] msncnfmgr.exe O4 - HKLM\..\Run: [MSN File & Folder Sharing App] msnfileshare.exe O4 - HKLM\..\Run: [MSN P2P Manager] msnp2pmgr.exe O4 - HKLM\..\Run: [MSN Rx Manager] msnrxmgr.exe O4 - HKLM\..\Run: [MSN Update Client] msnupdater.exe O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe O4 - HKLM\..\Run: [OS Boot Loader] bootloader.exe O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe O4 - HKLM\..\Run: [Registry System] Regsys.exe O4 - HKLM\..\RunServices: [Registry System] Regsys.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\System Doctor\dcmon.exe" dm=ht*p://systemdoctor.com ad=ht*p://systemdoctor.com sd=ht*p://log.systemdoctor.com/ O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min O4 - HKLM\..\Run: [System Doctor Free] C:\Program Files\System Doctor Free\systemdoc.exe -scan O4 - HKLM\..\Run: [Task managebrkb] taskmg.exe O4 - HKLM\..\RunServices: [Task managebrkb] taskmg.exe O4 - HKCU\..\Run: [Task managebrkb] taskmg.exe O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe O4 - HKLM\..\Run: [VistaUpgrade] C:\WINDOWS\System32\vistaupgrade.exe O4 - HKLM\..\Run: [Windows Messenger User Agent] msnmsrg.exe O4 - HKLM\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe O4 - HKCU\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe O4 - HKLM\..\Run: [Windows Services] avsrv32.exe O4 - HKLM\..\Run: [Windows TaskManager] tskmngr.exe O4 - HKLM\..\RunServices: [Windows TaskManager] tskmngr.exe O4 - HKLM\..\Run: [WPSVC Services] wpnsc.exe O18 - Filter hijack: text/html - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\twain_16.dll O18 - Filter hijack: text/html - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\xmlmimefilter.dll O21 - SSODL: axrfgvek - {********-****-****-****-************} - C:\WINDOWS\axrfgvek.dll O21 - SSODL: okmdepgb - {********-****-****-****-************} - C:\WINDOWS\okmdepgb.dll O23 - Service: Spool SubSystem App - Unknown owner - C:\WINDOWS\system\Spool.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {15CDF7EC-751B-46aa-AD69-4005FE080DE8} C:\Windows\system32\netservs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {88ABC5C0-4FCB-11BB-AAX5-81CX1C635612} c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe v1.199 (30/06/08) O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avrscan.exe clbdriver.sys v1.198 (28/06/08) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe, O2 - BHO: QuickTalk 2.1 - {A34FA88D-8437-4634-8A60-E913011EF2E5} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Abobe BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BHO toolbar - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: BhoApp Class - {28F51CDA-3BD1-4F06-8F7B-2A881411983F} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: ProAct - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WinGold - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\(Random Name).dll O2 - BHO: Xena toolbar - {2FF811E6-8925-4084-A649-C159955E67E8}} - C:\WINDOWS\system32\(Random Name).dll O4 - HKCU\..\Run: [InstallProgram] %Temp%\lprn32.exe O4 - HKCU\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avscan.exe O4 - HKLM\..\Run: [Windows Service Controller Agent] taksmgr.exe O4 - HKLM\..\Run: [Windows Services] w32services.exe v1.197 (26/06/08) O2 - BHO: 788877 helper - {7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B} - C:\WINDOWS\system32\788877\788877.dll O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - C:\WINDOWS\system32\931928\931928.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\gfetqaxs***.dll O3 - Toolbar: gxvpsafm - {********-****-****-****-************} - C:\WINDOWS\gxvpsafm.dll O3 - Toolbar: Internet Service - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - C:\Program Files\Web Technologies\iebr.dll O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKCU\..\Run: [Antivirus2008y] C:\Program Files\Antivirus2008y\antvrs.exe O4 - HKLM\..\Run: [MSN Client Manager] msnclimgr.exe O4 - HKLM\..\Run: [secdrive.exe] C:\WINDOWS\pchealth\helpctr\binaries\secdrive.exe O4 - HKLM\..\Run: [system.exe] C:\WINDOWS\pchealth\helpctr\binaries\system.exe O4 - HKLM\..\Run: [Windows Services] w32service.exe O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\McAfee3.exe O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKLM\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto O4 - HKCU\..\Run: [WinXProtector] C:\Program Files\WinXProtector\WinXProtector.exe O21 - SSODL: pntqkflv - {********-****-****-****-************} - C:\WINDOWS\pntqkflv.dll O21 - SSODL: qegbdmwf - {********-****-****-****-************} - C:\WINDOWS\qegbdmwf.dll O23 - Service: TCP/IP NetBIOS (NetBS) - Unknown owner - C:\WINDOWS\system32\netbios.exe v1.196 (23/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\MSVCRT.exe O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jkcom32.dll O2 - BHO: 441465 helper - {D311C486-7D5F-4D73-B791-EE56C47D3B2E} - C:\WINDOWS\system32\441465\441465.dll O4 - HKLM\..\Run: [GP Updater] gpupdater.exe O4 - HKLM\..\Run: [kiss] %ProgramFiles%\dfsdfsd\pingy.exe O4 - HKLM\..\Run: [Microsoft Manage Services] schost.exe O4 - HKLM\..\Run: [Microsoft SQL Services] scvhost.exe O4 - HKCU\..\Run: [MicrosoftUpdate] C:\WINDOWS\RBuilder.exe O4 - HKLM\..\Run: [Microsoft Update] SetPoints.exe O4 - HKLM\..\RunServices: [Microsoft Update] SetPoints.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svghost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svghost.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svrhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svrhost.exe O4 - HKLM\..\Run: [Microsoft Windows Sound] svshost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svshost.exe O4 - HKLM\..\Run: [MSN] C:\Windows\SexyMama.JPG.exe O4 - HKLM\..\Run: [Network maneger] C:\WINDOWS\system\svchost.exe O4 - HKCU\..\Run: [Network maneger] C:\WINDOWS\system\svchost.exe O4 - HKLM\..\Run: [Srv32Win] C:\Program Files\csrss.exe O4 - HKLM\..\Run: [Windows Anti Virus Control Center] winavscan.exe O4 - HKLM\..\Run: [Windows Update] livesrvs.exe O4 - HKLM\..\RunServices: [Windows Update] livesrvs.exe O4 - HKCU\..\Run: [Windows Update] livesrvs.exe O4 - HKCU\..\RunServices: [Windows Update] livesrvs.exe O23 - Service: Microsoft Visual Basic - Unknown owner - C:\WINDOWS\system\MSVCRT.exe v1.195 (20/06/08) O2 - BHO: 238044 helper - {C0F371D7-926D-4700-B65E-63BFF1197205} - C:\WINDOWS\system32\238044\238044.dll O2 - BHO: 349168 helper - {72B76B57-6F12-4931-9910-B04B5E8A8268} - C:\WINDOWS\system32\349168\349168.dll O2 - BHO: 371186 helper - {27D351C5-4044-4C42-B3FE-33C57B9459C0} - C:\WINDOWS\system32\371186\371186.dll O2 - BHO: 689371 helper - {9710AFD1-B321-4B6A-B2A7-E9001B5E894B} - C:\WINDOWS\system32\689371\689371.dll O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll O2 - BHO: Editor plugin - {3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C} - winbios1.dll O2 - BHO: H - {6A2432C9-F515-40c4-A5C7-402A0EC7A9C3} - s1df23e_.dll O2 - BHO: Gamburg provider - {937A3F9C-6D70-483f-804F-BB6C118FE760} - natkssn.dll O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\WINDOWS\system32\iebt.dll O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\Program Files\Web Technologies\iebt.dll O2 - BHO: H - {B1FBF2E1-C164-4ebe-AB04-B839655CC927} - sffer2222.dll O2 - BHO: Flash Module - {B7A4FE11-BF1A-467b-9E24-C4CF9CFC74AF} - stylem1.dll O2 - BHO: H - {CC9BC69C-F035-46bc-A67B-353B8BAE61CD} - fgwsqe_.dll O2 - BHO: H - {D3992FA1-7712-49ae-A6D5-927FE2F17632} - marasm.dll O2 - BHO: Editor plugin - {D8BF9488-4F5C-41f7-8EE5-358FA79C5092} - nuid1.dll O2 - BHO: Editor plugin - {E4B4FEAA-FC1B-488d-9AA4-EDD924EAA809} - flashm1.dll O2 - BHO: Gamburg provider - {FFFFFFFF-6D70-483f-804F-BB6C118FE760} - resnm16 O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:\Program Files\Web Technologies\iebr.dll O4 - HKLM\..\Run: [MSN] C:\Windows\wkssvrs.exe O4 - HKLM\..\Run: [mssysif] C:\WINDOWS\system32\(Random Name).exe O4 - HKLM\..\Run: [mssysif] C:\WINDOWS\system32\(Random Name).tmp O4 - HKCU\..\Run: [msvupdater] C:\WINDOWS\msvupdater.exe O4 - HKLM\..\Run: [Sys*.exe] C:\Sys*.exe O4 - HKCU\..\Run: [Sys*.exe] C:\Sys*.exe O4 - HKLM\..\Run: [Windows svchost] avserv.exe O4 - HKLM\..\Run: [Winsock2 driver] CFTMON.EXE O4 - HKCU\..\RunOnce: [Winsock2 driver] CFTMON.EXE pqasghjd.sys v1.194 (17/06/08) F2 - REG:system.ini: Shell=C:\WINDOWS\system32\drivers\services.exe Explorer.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googlecb.dll O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googleci.dll O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\ksendlbt***.dll O2 - BHO: 214075 helper - {8E96D546-8096-42B2-8EBF-16AC5A119A59} - C:\WINDOWS\system32\214075\214075.dll O2 - BHO: 851174 helper - {CC021A21-6AC0-4BDA-A503-68F041A7EAD2} - C:\WINDOWS\system32\851174\851174.dll O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jzcom32.dll O3 - Toolbar: vrmdtneg - {********-****-****-****-************} - C:\WINDOWS\vrmdtneg.dll O4 - Startup: userinit.exe O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe O4 - HKLM\..\Run: [Image Remote Players] sysvn.exe O4 - HKLM\..\Run: [Windows Acer Service ] acersv.exe O4 - HKLM\..\Run: [Windows svchost] ctfmon32.exe O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgrs.exe O4 - HKLM\..\Run: [Windows svchost] servicean.exe O4 - HKLM\..\Run: [winlogon] %userprofile%\svchost.exe O4 - HKCU\..\Run: [winlogon] %userprofile%\svchost.exe O21 - SSODL: wpvmqosg - {********-****-****-****-************} - C:\WINDOWS\wpvmqosg.dll O21 - SSODL: xvorfwbd - {********-****-****-****-************} - C:\WINDOWS\xvorfwbd.dll O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe v1.193 (16/06/08) O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - C:\WINDOWS\system32\763444\763444.dll O4 - HKLM\..\Run: [] fada.exe O4 - HKLM\..\RunServices: [] fada.exe O4 - HKCU\..\Run: [] fada.exe O4 - HKLM\..\Run: [{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}] "C:\WINDOWS\sysqyzwud.exe" O4 - HKLM\..\Run: [{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}] "C:\WINDOWS\sysqkmwfedz.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\Windows\sysawpbkvnq.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\Windows\sxpgknrwva.exe" O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\WINDOWS\sysavxjgdu.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\sxjecknqhu.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\syssfzvakqg.exe" O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\Windows\syspyukrazv.exe" O4 - HKLM\..\Run: [{7DD4A7AC-A3F1-4495-884A-7947C5B89108}] "C:\WINDOWS\sysahbecjh.exe" O4 - HKLM\..\Run: [{9754B85A-3B34-4969-BE1F-CD03227E9470}] "C:\WINDOWS\sysatjsicj.exe" O4 - HKLM\..\Run: [{9754B85A-3B34-4969-BE1F-CD03227E9470}] "C:\WINDOWS\syszweuas.exe" O4 - HKLM\..\Run: [{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}] "C:\WINDOWS\sxnwhbvrzc.exe" O4 - HKLM\..\Run: [{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}] "C:\WINDOWS\sysqrnxstju.exe" O4 - HKLM\..\Run: [{B081DB1F-4EE6-4021-9DD4-8B300F0D636D}] "C:\WINDOWS\syssngbeh.exe" O4 - HKLM\..\Run: [{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}] "C:\WINDOWS\sysawechod.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysabmpmfr.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysnxcphmgy.exe" O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\Windows\sysutrnez.exe" O4 - HKLM\..\Run: [{E4785213-3EFE-4c26-A9B4-332440E31F6F}] "C:\WINDOWS\sysrxmfdksp.exe" O4 - HKLM\..\Run: [{F758F78B-0885-490e-AA3C-4A38D28B0240}] "C:\Windows\sxpjbwvahn.exe" O4 - HKLM\..\Run: [1234klsjdc uiar924c af] "C:\WINDOWS\sxgnsvuxct.exe" O4 - HKLM\..\Run: [1234klsjdc uiar924c af] "C:\WINDOWS\sysvtypkbjx.exe" O4 - HKLM\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe O4 - HKCU\..\Run: [eMessenger] C:\WINDOWS\system32\emsn.exe O4 - HKCU\..\Run: [GetModule*] "C:\Program Files\GetModule\GetModule*.exe" O4 - HKCU\..\Run: [GetPack*] "C:\Program Files\GetPack\GetPack*.exe" O4 - HKLM\..\Run: [icccomp] (Random 8 Letter).exe O4 - HKCU\..\Run: [icccomp] (Random 8 Letter).exe O4 - HKLM\..\Run: [idlesam] (Random 8 Letter).exe O4 - HKCU\..\Run: [idlesam] (Random 8 Letter).exe O4 - HKLM\..\Run: [kdmsx] (Random 8 Letter).exe O4 - HKCU\..\Run: [kdmsx] (Random 8 Letter).exe O4 - HKLM\..\Run: [mceipww] (Random 8 Letter).exe O4 - HKCU\..\Run: [mceipww] (Random 8 Letter).exe O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe O4 - HKLM\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\system32\wuaclt.exe O4 - HKCU\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\system32\wuaclt.exe O4 - HKLM\..\Run: [msdefender] C:\WINDOWS\system32\msdefender.exe O4 - HKCU\..\Run: [msmacro32] C:\WINDOWS\msmacro32.exe O4 - HKLM\..\Run: [reszrv] (Random 8 Letter).exe O4 - HKCU\..\Run: [reszrv] (Random 8 Letter).exe O4 - HKLM\..\Run: [rfcsx] (Random 8 Letter).exe O4 - HKCU\..\Run: [rfcsx] (Random 8 Letter).exe O4 - HKLM\..\Run: [runservices] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [spoolvs] C:\WINDOWS\system32\spoolvs.exe O4 - HKLM\..\Run: [System32] C:\WINDOWS\system32\winds32.exe O4 - HKLM\..\Run: [Winamp Media Player] winamap.exe O4 - HKLM\..\RunServices: [Winamp Media Player] winamap.exe O4 - HKCU\..\Run: [Winamp Media Player] winamap.exe O4 - HKLM\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Microsoft Services] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Network Service] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Office Monitor] C:\WINDOWS\system32\emdm.exe O4 - HKCU\..\Run: [Windows Office Monitor] C:\WINDOWS\system32\emdm.exe O4 - HKLM\..\Run: [Windows Service alge] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Service alge] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Service alge] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Sound] svdhost.exe O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe O4 - HKLM\..\Run: [Windows USB Control Driver] iexplore.exe O4 - HKLM\..\Run: [xswdmse] (Random 8 Letter).exe O4 - HKCU\..\Run: [xswdmse] (Random 8 Letter).exe v1.192 (14/06/08) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system\svchost.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\cftmon.exe O2 - BHO: Google Accelerator! - {********-****-****-****-************} - %SystemRoot%\system32\googlech.dll O2 - BHO: (no name) - {BB604754-D031-4D2E-AB6C-BF3D367F6944} - %AppData%\redir.dll O4 - HKCU\..\Run: [biglow] C:\WINDOWS\biglow.exe O4 - HKCU\..\Run: [fastsmell] C:\WINDOWS\fastsmell.exe O4 - HKCU\..\Run: [grinders] C:\WINDOWS\grinders.exe O4 - HKCU\..\Run: [helloserv] C:\WINDOWS\helloserv.exe O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc.exe O4 - HKLM\..\Run: [Microsoft Anti Virus Controller] msavc32.exe O4 - HKLM\..\Run: [Microsoft NotePad] NOTEPAD.EXE O4 - HKLM\..\RunServices: [Microsoft NotePad] NOTEPAD.EXE O4 - HKLM\..\Run: [Microsoft Update] C:\windows\system32\msupdate.exe O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe O4 - HKLM\..\RunOnce: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe O4 - HKLM\..\Run: [MSN] C:\Windows\msscomd.exe O4 - HKCU\..\Run: [msupdater] C:\WINDOWS\msupdater.exe O4 - HKCU\..\Run: [SpyGuarder] %AppData%\spyguarder.exe O4 - HKLM\..\Run: [Winamp Media Player] winamp.exe O4 - HKLM\..\Run: [Wind32] C:\WINDOWS\System32\Wind32.exe O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogon.exe O4 - HKLM\..\Run: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKLM\..\RunServices: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKCU\..\Run: [Windows Microsoft Service] (Random 8 Letter).exe O4 - HKLM\..\Run: [Windows Service Agent] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [Windows Service Agent] (Random 6 Letter).exe O4 - HKCU\..\Run: [Windows Service Agent] (Random 6 Letter).exe O20 - Winlogon Notify: WinNt64 - C:\WINDOWS\SYSTEM32\WinNt64.dll O20 - Winlogon Notify: upsctl - C:\WINDOWS\SYSTEM32\upsctl.dll O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe O23 - Service: Host Process for Win32 Services - Unknown owner - C:\WINDOWS\system\svchost.exe O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\shvhost.exe O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe O23 - Service: wksscvs - Unknown owner - C:\WINDOWS\system\wksscvs.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}] C:\WINDOWS\system32:winsock32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ {15DA01DC-1327-AEEA-0003-020004040303} C:\WINDOWS\wlnlogon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {59BB1731-822C-95A7-55E2-A6A4CF791D97} C:\WINDOWS\System32\Wind32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} %ProgramFiles%\Services.exe narqwe.sys upscr.sys v1.191 (11/06/08) O2 - BHO: QXK Olive - {********-****-****-****-************} - C:\WINDOWS\kvsdpfea***.dll O2 - BHO: Std plugin - {096059FD-99AB-41eb-9E55-59AEB0A3B444} - haskel32.dll O2 - BHO: 514852 helper - {9420D9C5-E151-4D83-B9A6-27DE1A7A0E5F} - C:\WINDOWS\system32\514852\514852.dll O3 - Toolbar: rtsplgob - {********-****-****-****-************} - C:\WINDOWS\rtsplgob.dll O4 - HKLM\..\Run: [DRam prosessor] (Random 6 Letter).exe O4 - HKLM\..\RunServices: [DRam prosessor] (Random 6 Letter).exe O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\wins.exe O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\system32\wins.exe O4 - HKLM\..\Run: [MicroSoft Legal Syst3m32]