Computer messed up, can't open any folders/lots of programs
Hey I'm having a huge problem with my computer where I can't open any folders when i double click on them, or even when trying open by right clicking. Also many of my programs just crash and don't work such as Windows Live Messenger and Internet Explorer. I'm using Firefox. Here's my Hijackthis log. Please help!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:26 AM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Aierter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\Ati2evx.exe
C:\Windows\System32\ati2svc.exe
C:\WINDOWS\system32\Brmfrmps.exe
c:\windows\Downloaded Program Files\dkservice.exe
C:\WINDOWS\system32\Dnscashe.exe
c:\Program Files\Intel\v14\engine.exe
C:\WINDOWS\ezuy.exe
C:\Program Files\Google\googletoolbar.exe
C:\Windows\system32\helpsvr.exe
C:\Windows\System32\ibmsvc.exe
C:\WINDOWS\system32\msimports.exe
c:\windows\system32\tservice.exe
C:\WINDOWS\system32\lrmon.exe
C:\WINDOWS\system32\MetDDE.exe
C:\WINDOWS\system32\Nessenger.exe
C:\Program Files\Team DND\nvclassic.exe
C:\Program Files\Team DND\nvmacc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\DivX\bin\nvsvc32.exe
C:\WINDOWS\system32\p2hib.exe
D:\Spyware Doctor\pctsAuxs.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\Spyware Doctor\pctsTray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svinfo.exe
C:\Program Files\Common Files\AOL\1159145214\ee\AOLSoftware.exe
C:\WINDOWS\system32\tp4srv.exe
C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\demonw.exe
C:\WINDOWS\system32\USP.exe
C:\WINDOWS\system32\hreaf.exe
C:\WINDOWS\system32\mintol.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\gmin90.exe
C:\WINDOWS\system32\atepia.exe
c:\windows\system32\webcilent.exe
C:\WINDOWS\system32\a6jpia.exe
C:\WINDOWS\system32\g6dn90.exe
C:\Program Files\Ahead\Nero\CDI\neroburn.exe
C:\Program Files\ESTsoft\ALZip\Banner\alzip.exe
C:\WINDOWS\system32\Demon.exe
C:\WINDOWS\Web\OpenClient.exe
C:\WINDOWS\system32\mfcans323.exe
C:\WINDOWS\system32\ntfls.exe
C:\WINDOWS\system32\ntsktp.exe
C:\Documents and Settings\Joseph\Application Data\rlvlw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Tepath\cices.exe
C:\WINDOWS\system32\tmp003ui\feoua.exe
C:\WINDOWS\system32\Tepath\acarmo2.exe
C:\WINDOWS\system32\xbukfcq.exe
C:\WINDOWS\system32\lvtdjyd.exe
C:\WINDOWS\system32\103843103843.exe
C:\WINDOWS\system32\rvadgknqtx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\bbbbbbbbbb.exe
C:\WINDOWS\system32\mmmmmmmmmm.exe
C:\windows\1051\ogk.exe
C:\windows\1346\xmainnf.exe
C:\windows\minidump\rbpclip.exe
C:\WINDOWS\system32\mmmmmmmmmm1.exe
C:\WINDOWS\system32\1038431038431.exe
C:\Program Files\Common Files\Microsoft Shared\James.exe
C:\windows\system32\1041\aijl.exe
C:\Program Files\Common Files\System\April2.exe
C:\windows\setupupd\temp\alsee.exe
C:\windows\4633\hurllnk.exe
C:\windows\system32\1042\pireg.exe
C:\WINDOWS\system32\dgjmqtwbfi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\hloruadgjn1.exe
C:\windows\system32\1037\almap.exe
C:\windows\system32\quicktime\yhmx\mcscript.exe
C:\WINDOWS\system32\usDBDGID.exe
C:\WINDOWS\system32\lpsvaehkor.exe
C:\windows\1488\backitup.exe
C:\WINDOWS\system32\ymksyst32.exe
C:\WINDOWS\system32\dltlqdl.exe
C:\WINDOWS\system32\nwdltlqdl.exe
C:\windows\system32\enswdb\ifk.exe
C:\WINDOWS\system32\igdys.exe
C:\windows\system32\log\qpr.exe
C:\windows\system32\logfiles\httperr\pbisch.exe
C:\windows\zsetup\boom.exe
C:\windows\system32\macromed\shockwave 10\xtras\csscan.exe
C:\WINDOWS\system32\wbholder.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\pss\psscontrol.exe
C:\WINDOWS\system32\lpsvbehkor.exe
C:\WINDOWS\system32\lorvadhknq.exe
C:\WINDOWS\system32\swbeilorva.exe
C:\WINDOWS\system32\eilorvadgk.exe
C:\Program Files\AD-Spider\autoUpdateEnt.exe
C:\WINDOWS\system32\psvaehknru.exe
C:\WINDOWS\system32\xcfjmpswbe.exe
C:\WINDOWS\system32\gknqtxcfim.exe
C:\WINDOWS\system32\mqtwbfilps.exe
C:\WINDOWS\system32\qtwbfilpsv.exe
C:\Windows\AppPatch\websvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ilpsvaehko.exe
C:\WINDOWS\system32\hknquxcfjm.exe
C:\WINDOWS\system32\ehkoruxdgj.exe
C:\WINDOWS\system32\hkoruxdgjm.exe
C:\WINDOWS\system32\hkoruxdgjm1.exe
C:\WINDOWS\system32\gjmqtwcfil.exe
C:\Documents and Settings\Joseph\Local Settings\ctsr.exe
C:\WINDOWS\system32\cfimpsvbeh.exe
C:\WINDOWS\system32\svbehkorua.exe
C:\WINDOWS\system32\vbehkoruad1.exe
C:\WINDOWS\system32\hkoruadgjn.exe
C:\WINDOWS\system32\koruadgjnq.exe
C:\WINDOWS\system32\svbehlorua.exe
C:\WINDOWS\system32\svbehlorua1.exe
C:\WINDOWS\system32\vbehloruad.exe
C:\WINDOWS\system32\vbehloruad1.exe
C:\WINDOWS\system32\wbeilosvad.exe
C:\Documents and Settings\Joseph\Templates\yjwj.exe
C:\Documents and Settings\Joseph\Local Settings\bjybn.exe
C:\WINDOWS\system32\beilorvadg.exe
C:\WINDOWS\system32\knquxcfjmp.exe
C:\WINDOWS\system32\psvbehloru.exe
C:\WINDOWS\system32\hloruadgjn.exe
C:\WINDOWS\system32\loruadgjnq1.exe
C:\WINDOWS\system32\uxcgjmptwb.exe
C:\WINDOWS\system32\naa2up.exe
C:\WINDOWS\system32\pswbeilorv.exe
C:\WINDOWS\system32\cfilpsvaeh.exe
C:\WINDOWS\system32\vbehkoruxd.exe
C:\WINDOWS\system32\103843103843.exe
C:\WINDOWS\system32\bbbbbbbbbb.exe
C:\Program Files\Regsys.exe
C:\WINDOWS\system32\mmmmmmmmmm.exe
C:\WINDOWS\system32\mmmmmmmmmm1.exe
C:\WINDOWS\system32\1038431038431.exe
C:\WINDOWS\system32\lpsvaehkor.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Common Files\Microsoft Shared\Mantos.exe
C:\Program Files\Common Files\System\April2.exe
C:\Program Files\Common Files\Microsoft Shared\James.exe
C:\WINDOWS\system32\winmonww.exe
C:\Program Files\Internet Explorer\SIGNUP\Gainis.exe
C:\WINDOWS\runedll37.exe
C:\WINDOWS\kdmgrvs.exe
C:\WINDOWS\msapps\th.exe
C:\WINDOWS\system32\enswdb\fu.exe
C:\WINDOWS\system32\dhcp\uaq.exe
C:\WINDOWS\system32\Setup\uu.exe
C:\WINDOWS\vi\cub.exe
C:\WINDOWS\MsImg\ikg.exe
C:\WINDOWS\Driver Cache\i386\kmm.exe
C:\WINDOWS\temp99\kk.exe
C:\WINDOWS\system32\tmppath\oka.exe
C:\WINDOWS\peernet\qbn.exe
C:\WINDOWS\system32\CatRoot\tat.exe
C:\WINDOWS\system32\CatRoot\tatqd.exe
C:\Program Files\Internet Explorer\SIGNUP\Gainis.exe
C:\Program Files\Internet Explorer\Connection Wizard\INIs.exe
C:\WINDOWS\system32\mknadoioem.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe,C:\WINDOWS\system32\wbholder.exe,
O2 - BHO: 3SP Module - {05DDC566-0691-4847-B9BB-248087DB3107} - C:\Program Files\P3SMini\S3PMini1007.dll
O2 - BHO: Direct8_VW.AUDIO_MonikerClass - {08903050-9116-4FD0-ABD6-7C5FAC9B067E} - C:\WINDOWS\system32\Direct8_VW.dll
O2 - BHO: (no name) - {0E5ABC98-FAFE-4FBC-8144-94293B8B3FE8} - C:\WINDOWS\system32\msbinderx.dll
O2 - BHO: (no name) - {109CB812-07FB-4175-BE9B-D9DC483E0C67} - C:\WINDOWS\system32\pdisn.dll
O2 - BHO: Project1.Class1 - {187431AF-7420-49DD-8B79-B543FB4AA28F} - C:\WINDOWS\system32\measypot.dll
O2 - BHO: (no name) - {2D376681-83D8-4F8C-95D4-A10390B7AB22} - C:\WINDOWS\system32\wkdig.dll
O2 - BHO: (no name) - {338B1483-EDE5-4CBB-A1C9-F09325344D0A} - C:\WINDOWS\system32\kmlxer.dll
O2 - BHO: (no name) - {37A7EC50-7AEC-4BE1-ADE1-DA5B741F7C49} - C:\WINDOWS\system32\grident2.dll
O2 - BHO: winsrcmg.Class1 - {4D7DC010-0FBA-49B0-9950-794BCDC8C87D} - C:\WINDOWS\system32\winsrcmg.dll
O2 - BHO: RSBar7BHO - {57317FFA-6567-47A7-8B90-EB466EE61C11} - C:\Program Files\rsbar2\RSBar7.dll
O2 - BHO: (no name) - {6559C2E0-4BA6-47D2-ACD5-48F9F5227EAE} - C:\WINDOWS\system32\miakmcl.dll
O2 - BHO: (no name) - {6EDB3B51-076A-4828-92D8-911AD7F3B3A5} - C:\WINDOWS\system32\naa2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Project1.KeywordSrc - {77180DBC-B02F-4A79-B1D5-A1D56C13CCFD} - C:\WINDOWS\system32\iesearchtre.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8053EC3E-A304-4323-BCF6-05DBD979151B} - C:\Program Files\ieshowpop\ShowPopup.dll (file missing)
O2 - BHO: (no name) - {83D60A33-656B-4929-882D-4711F018F7B7} - C:\WINDOWS\system32\axaltoc.dll
O2 - BHO: PotCtrl Class - {90005E7B-CD9B-481B-8D1D-BECCD9124675} - C:\WINDOWS\system32\easypot.dll
O2 - BHO: (no name) - {94B1E812-9BDB-4324-9DF7-49F6D26B55A3} - C:\WINDOWS\system32\yimwz.dll
O2 - BHO: (no name) - {956637CB-50AE-494C-B7E0-D247F4DC068B} - C:\WINDOWS\system32\amxqnd.dll
O2 - BHO: dcb Class - {B0B678D8-ECB3-4FD6-A8D7-9F0F6C03C5FF} - C:\WINDOWS\system32\dl07.dll
O2 - BHO: Project1.IEbottom - {E8FC1DDE-9DAA-4ECB-ADCB-61DEB21A6317} - C:\WINDOWS\system32\bttnsearch.dll
O2 - BHO: (no name) - {EA70655F-19A0-4F22-9F74-2C8D78544048} - C:\WINDOWS\system32\zkkei.dll
O2 - BHO: Project1.Keyword - {EA8165BA-9EC6-46E6-B9BD-E9E381597663} - C:\WINDOWS\system32\mswinkeyhp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NtSvcdm] C:\WINDOWS\system32\bp1.exe
O4 - HKLM\..\Run: [MUFreeQty] C:\Program Files\MUFree1\MUFreeQty.exe
O4 - HKLM\..\Run: [MUFree1] C:\Program Files\MUFree1\MUFree1UPDATER.exe START
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159145214\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [G2] $$$C:\Program Files\G2\G2Main.exe
O4 - HKLM\..\Run: [Cass Oxyion] $$$C:\WINDOWS\wizonbm.exe
O4 - HKLM\..\Run: [Bookmark] C:\Program Files\Bookmark\BookmarkInit.exe /u http://file.ezaddress.co.kr/app_com/bookmark/13 /m Bookmark.exe
O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKLM\..\Run: [Xweb] "C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe"
O4 - HKLM\..\Run: [demonw] C:\WINDOWS\system32\demonw.exe
O4 - HKLM\..\Run: [adodemaster] $$$C:\Program Files\adode\adodemaster.exe
O4 - HKLM\..\Run: [Toolbarmaster] $$$C:\Program Files\Windowsbar\Toolbarmaster.exe
O4 - HKLM\..\Run: [sysrun.exe] $$$C:\Program Files\Windowsbar\sysrun.exe
O4 - HKLM\..\Run: [hreaf] C:\WINDOWS\system32\hreaf.exe
O4 - HKLM\..\Run: [mscfg] $$$C:\WINDOWS\airplanebm.exe
O4 - HKLM\..\Run: [mintol] C:\WINDOWS\system32\mintol.exe
O4 - HKLM\..\Run: [mscandui] $$$C:\WINDOWS\ime\mscandui.exe
O4 - HKLM\..\Run: [spooler] $$$C:\WINDOWS\system32\spool\spooler.exe
O4 - HKLM\..\Run: [gmin90] C:\WINDOWS\system32\gmin90.exe
O4 - HKLM\..\Run: [atepia] C:\WINDOWS\system32\atepia.exe
O4 - HKLM\..\Run: [a6jpia] C:\WINDOWS\system32\a6jpia.exe
O4 - HKLM\..\Run: [g6dn90] C:\WINDOWS\system32\g6dn90.exe
O4 - HKLM\..\Run: [dff] C:\WINDOWS\system32\DllTempDirectory\bfa\dff.exe
O4 - HKLM\..\Run: [neroburn] "C:\Program Files\Ahead\Nero\CDI\neroburn.exe"
O4 - HKLM\..\Run: [alzip] "C:\Program Files\ESTsoft\ALZip\Banner\alzip.exe"
O4 - HKLM\..\Run: [floerq] $$$C:\WINDOWS\system32\floerq\floerq.exe
O4 - HKLM\..\Run: [uea] $$$C:\WINDOWS\system32\uea.exe
O4 - HKLM\..\Run: [dcooper] $$$C:\WINDOWS\system32\dcooper\dcooper.exe
O4 - HKLM\..\Run: [uptpht] $$$C:\WINDOWS\system32\phtupt.exe
O4 - HKLM\..\Run: [grapetd] $$$C:\WINDOWS\system32\grapetd\grapetd.exe
O4 - HKLM\..\Run: [sysure] $$$C:\WINDOWS\system32\sysure\sysure.exe
O4 - HKLM\..\Run: [enswdb] $$$C:\WINDOWS\system32\enswdb\enswdb.exe
O4 - HKLM\..\Run: [s3] C:\WINDOWS\system32\DllTempDirectory\q1\s3.exe
O4 - HKLM\..\Run: [imgscc] $$$C:\WINDOWS\system32\imgssc.exe
O4 - HKLM\..\Run: [imgssc] $$$C:\WINDOWS\system32\imgssc.exe
O4 - HKLM\..\Run: [XProtect] C:\windows\XProtect.exe
O4 - HKLM\..\Run: [NProtects] C:\Windows\AppPatch\NProtects.exe
O4 - HKLM\..\Run: [msdtcc] $$$C:\WINDOWS\system32\msdtcc.exe
O4 - HKLM\..\Run: [netmac] $$$C:\Windows\AppPatch\netmac.exe
O4 - HKLM\..\Run: [servicers] C:\windows\system32\servicers.exe
O4 - HKLM\..\Run: [svcshost] c:\windows\svcshost.exe
O4 - HKLM\..\Run: [ekub] C:\WINDOWS\ekubha.exe
O4 - HKLM\..\Run: [iexplot] $$$C:\WINDOWS\system32\iexplot.exe
O4 - HKLM\..\Run: [dnfavor3] $$$C:\WINDOWS\system32\unmask3.exe
O4 - HKLM\..\Run: [fanocean] $$$C:\WINDOWS\system32\fanocean\fanocean.exe
O4 - HKLM\..\Run: [tt1v1svmp] C:\WINDOWS\system32\ReinstallBackups\0015\1cjp1cjfs\tt1v1svmp.exe
O4 - HKLM\..\Run: [yxcm] C:\WINDOWS\system32\ReinstallBackups\0015\yy5s\yxcm.exe
O4 - HKLM\..\Run: [q6hww] C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\qhhbw\q6hww.exe
O4 - HKLM\..\Run: [sycalcu] $$$C:\WINDOWS\system32\sycalcu.exe
O4 - HKLM\..\Run: [btbt06sa] C:\WINDOWS\system32\Macromed\Director\slv06lta\btbt06sa.exe
O4 - HKLM\..\Run: [1urrna2] C:\WINDOWS\system32\Macromed\Director\13cn932\1urrna2.exe
O4 - HKLM\..\Run: [rtrxwptgp] C:\WINDOWS\system32\Macromed\Shockwave 10\Xtras\31tr1pwmp\3txx1gx3p\rtrxwptgp.exe
O4 - HKLM\..\Run: [v3hhp] C:\WINDOWS\system32\migate\rhm83\v3hhp.exe
O4 - HKLM\..\Run: [Tmp001] $$$C:\WINDOWS\system32\Tmp001.exe
O4 - HKLM\..\Run: [wincalcu] $$$C:\WINDOWS\system32\wincalcu.exe
O4 - HKLM\..\Run: [Sys0002] $$$C:\WINDOWS\system32\Sys0002.exe
O4 - HKLM\..\Run: [Demon] C:\WINDOWS\system32\Demon.exe
O4 - HKLM\..\Run: [aqeku] C:\WINDOWS\aqekudra.exe
O4 - HKLM\..\Run: [GongUbadaPlayerStart] $$$C:\Program Files\gongUbada\GBUpdate.exe
O4 - HKLM\..\Run: [lorvadgknq] C:\WINDOWS\system32\lorvadgknq.exe
O4 - HKLM\..\Run: [Pruda] C:\Windows\Config\Pruda.exe
O4 - HKLM\..\Run: [IEdoume] $$$C:\Program Files\OverHelpSite\iedoume.exe
O4 - HKLM\..\Run: [australia] $$$"C:\Program Files\Messenger\australia.exe"
O4 - HKLM\..\Run: [brazil] $$$"C:\WINDOWS\Web\brazil.exe"
O4 - HKLM\..\Run: [bagMRU] $$$c:\bagMRU.exe
O4 - HKLM\..\Run: [UIOE] $$$C:\WINDOWS\system32\Ukum\Uspss.exe
O4 - HKLM\..\Run: [dkservice4] $$$c:\Program Files\DacomAdapte\drv\40\dkservices.exe
O4 - HKLM\..\Run: [prtcache4] $$$c:\Program Files\Common Files\sec\Drive\40\prtcache.exe
O4 - HKLM\..\Run: [tube] C:\Program Files\Common Files\System\tube.exe
O4 - HKLM\..\Run: [LGT] C:\Program Files\LGT.exe
O4 - HKLM\..\Run: [Accepted] C:\Accepted.exe
O4 - HKLM\..\Run: [Demeter] c:\windows\Demeter.exe
O4 - HKLM\..\Run: [Mnset] C:\Program Files\Internet Explorer\MUI\Mnset.exe
O4 - HKLM\..\Run: [japan] "C:\WINDOWS\Web\OpenClient.exe"
O4 - HKLM\..\Run: [kuwait] $$$"C:\WINDOWS\pss\psscontrol.exe"
O4 - HKLM\..\Run: [WinDrvsos] $$$C:\WINDOWS\system32\drvsonis.exe
O4 - HKLM\..\Run: [lpsvbehkor] C:\WINDOWS\system32\lpsvbehkor.exe
O4 - HKLM\..\Run: [ServiceNet] c:\windows\servicenet.exe
O4 - HKLM\..\Run: [LGTs] C:\WINDOWS\LGTs.exe
O4 - HKLM\..\Run: [Sense] C:\Windows\Config\Sense.exe
O4 - HKLM\..\Run: [SearchSpy] $$$C:\SearchSpy.exe /tray
O4 - HKLM\..\Run: [IMECTRL] $$$C:\WINDOWS\system\msupdatesys.exe
O4 - HKLM\..\Run: [lorvadhknq] C:\WINDOWS\system32\lorvadhknq.exe
O4 - HKLM\..\Run: [WindowSystemInfo] $$$C:\WINDOWS\system32\wininfoupdate.exe
O4 - HKLM\..\Run: [lebanon] $$$"C:\Program Files\ESTsoft\ALUpdate\AZMains.exe"
O4 - HKLM\..\Run: [liberia] $$$"C:\Program Files\SoftForum\sofrum.exe"
O4 - HKLM\..\Run: [mexico] $$$"C:\Program Files\MSN Messenger\Device Manager\Loc\1051\msndevmen.exe"
O4 - HKLM\..\Run: [vcsys] $$$C:\WINDOWS\system32\Tepath\vcsys.exe
O4 - HKLM\..\Run: [okdemona] $$$C:\WINDOWS\system32\okdemona.exe
O4 - HKLM\..\Run: [msstc] $$$C:\WINDOWS\system32\Tepath\msstc.exe
O4 - HKLM\..\Run: [swbeilorva] C:\WINDOWS\system32\swbeilorva.exe
O4 - HKLM\..\Run: [eilorvadgk] C:\WINDOWS\system32\eilorvadgk.exe
O4 - HKLM\..\Run: [Search Update] $$$C:\Program Files\Esearch\SearchUpdate.exe
O4 - HKLM\..\Run: [mschrt330] mschrt330.exe
O4 - HKLM\..\Run: [niwide] $$$C:\WINDOWS\system32\ediwin\exwin.exe
O4 - HKLM\..\Run: [RegiProUpdate] $$$C:\Program Files\RegiPro\RegiProUpdate.exe
O4 - HKLM\..\Run: [Facial] C:\Windows\addins\Facial.exe
O4 - HKLM\..\Run: [pswbehlorv] C:\WINDOWS\system32\pswbehlorv.exe
O4 - HKLM\..\Run: [hyprthrb] $$$C:\WINDOWS\system32\tmpDirs\hyprthrb.exe
O4 - HKLM\..\Run: [uhizayequki] C:\WINDOWS\uhizayequkizen.exe
O4 - HKLM\..\Run: [redirw.exe] C:\Documents and Settings\Joseph\Local Settings\redirw.exe xps
O4 - HKLM\..\Run: [psvaehknru] C:\WINDOWS\system32\psvaehknru.exe
O4 - HKLM\..\Run: [xcfjmpswbe] C:\WINDOWS\system32\xcfjmpswbe.exe
O4 - HKLM\..\Run: [gknqtxcfim] C:\WINDOWS\system32\gknqtxcfim.exe
O4 - HKLM\..\Run: [icces] $$$C:\WINDOWS\system32\Tepath\icces.exe
O4 - HKLM\..\Run: [mqtwbfilps] C:\WINDOWS\system32\mqtwbfilps.exe
O4 - HKLM\..\Run: [qtwbfilpsv] C:\WINDOWS\system32\qtwbfilpsv.exe
O4 - HKLM\..\Run: [gsytm32b] $$$C:\WINDOWS\system32\tmppath\gsytm32b.exe
O4 - HKLM\..\Run: [hyprcla] C:\WINDOWS\system32\pTmpdir\hyprcla.exe
O4 - HKLM\..\Run: [ifjh] "c:\windows\1327\iior.exe"
O4 - HKLM\..\Run: [calisysa] $$$C:\WINDOWS\system32\tmppath\calisysa.exe
O4 - HKLM\..\Run: [itvwsao] C:\WINDOWS\system32\itvwsao.exe
O4 - HKLM\..\Run: [mfcans323] mfcans323.exe
O4 - HKLM\..\Run: [vjyalt] c:\windows\system32\vjyalt.exe vjyalt
O4 - HKLM\..\Run: [Nthost] C:\Program Files\Common Files\Microsoft Shared\MSInfo\Nthost.exe
O4 - HKLM\..\Run: [hkqakrngvq3i] $$$"c:\windows\hkqakrngvq3i.exe"
O4 - HKLM\..\Run: [msnger] C:\WINDOWS\msnger.exe
O4 - HKLM\..\Run: [Atomup] C:\Program Files\Atomup.exe
O4 - HKLM\..\Run: [ilpsvaehko] C:\WINDOWS\system32\ilpsvaehko.exe
O4 - HKLM\..\Run: [hknquxcfjm] C:\WINDOWS\system32\hknquxcfjm.exe
O4 - HKLM\..\Run: [ehkoruxdgj] C:\WINDOWS\system32\ehkoruxdgj.exe
O4 - HKLM\..\Run: [hkoruxdgjm] C:\WINDOWS\system32\hkoruxdgjm.exe
O4 - HKLM\..\Run: [hkoruxdgjm1] C:\WINDOWS\system32\hkoruxdgjm1.exe
O4 - HKLM\..\Run: [gjmqtwcfil] C:\WINDOWS\system32\gjmqtwcfil.exe
O4 - HKLM\..\Run: [tmnakgd] C:\WINDOWS\system32\tmnakgd.exe
O4 - HKLM\..\Run: [rrbjqp] "c:\windows\servicepackfiles\ouh.exe"
O4 - HKLM\..\Run: [cialnn] "c:\windows\1873\tsf.exe"
O4 - HKLM\..\Run: [ectmdc] "c:\windows\system32\fms.exe"
O4 - HKLM\..\Run: [fstp] "c:\windows\system32\grapetd\temp\jol.exe"
O4 - HKLM\..\Run: [ophgbr] "c:\windows\system32\nwproc\elbpc.exe"
O4 - HKLM\..\Run: [pjem] "c:\windows\system32\nwproc\idgh.exe"
O4 - HKLM\..\Run: [urmt] "c:\windows\vi\hcp.exe"
O4 - HKLM\..\Run: [chbi] "c:\windows\nview\rfap.exe"
O4 - HKLM\..\Run: [cru] "c:\windows\system32\tepath\bsah.exe"
O4 - HKLM\..\Run: [nacqlo] "c:\windows\connection wizard\gjcbk.exe"
O4 - HKLM\..\Run: [Winsrv] C:\Program Files\Common Files\Microsoft Shared\MSInfo\Winsrv.exe
O4 - HKLM\..\Run: [svrcmd] $$$C:\WINDOWS\system32\svrcmd.exe
O4 - HKLM\..\Run: [gxgt.exe] "C:\WINDOWS\system32\gxgt.exe" start
O4 - HKLM\..\Run: [ctsr.exe] "C:\Documents and Settings\Joseph\Local Settings\ctsr.exe" ddo4
O4 - HKLM\..\Run: [sidii] "c:\windows\system32\catroot2\pmvv3\mnd.exe"
O4 - HKLM\..\Run: [jrgt] "c:\windows\system32\wins\s1\tulc.exe"
O4 - HKLM\..\Run: [cfimpsvbeh] C:\WINDOWS\system32\cfimpsvbeh.exe
O4 - HKLM\..\Run: [svbehkorua] C:\WINDOWS\system32\svbehkorua.exe
O4 - HKLM\..\Run: [vbehkoruad1] C:\WINDOWS\system32\vbehkoruad1.exe
O4 - HKLM\..\Run: [hkoruadgjn] C:\WINDOWS\system32\hkoruadgjn.exe
O4 - HKLM\..\Run: [koruadgjnq] C:\WINDOWS\system32\koruadgjnq.exe
O4 - HKLM\..\Run: [mmlcbg] "c:\windows\1345\php.exe"
O4 - HKLM\..\Run: [ncrsfn] "c:\windows\system32\drivers\etc\jmi.exe"
O4 - HKLM\..\Run: [iul] "c:\windows\system32\apaimf.exe"
O4 - HKLM\..\Run: [Report] C:\Windows\Config\Report.exe
O4 - HKLM\..\Run: [bqg] "c:\windows\rkrstp.exe"
O4 - HKLM\..\Run: [kkerk] "c:\windows\1088\krs.exe"
O4 - HKLM\..\Run: [svbehlorua] C:\WINDOWS\system32\svbehlorua.exe
O4 - HKLM\..\Run: [svbehlorua1] C:\WINDOWS\system32\svbehlorua1.exe
O4 - HKLM\..\Run: [vbehloruad] C:\WINDOWS\system32\vbehloruad.exe
O4 - HKLM\..\Run: [vbehloruad1] C:\WINDOWS\system32\vbehloruad1.exe
O4 - HKLM\..\Run: [cices] C:\WINDOWS\system32\Tepath\cices.exe
O4 - HKLM\..\Run: [phwinm] $$$C:\WINDOWS\system32\phwinm.exe
O4 - HKLM\..\Run: [wside13] c:\Program Files\wside13.exe
O4 - HKLM\..\Run: [lekvd.exe] "C:\WINDOWS\system32\lekvd.exe" start
O4 - HKLM\..\Run: [hsyc.exe] "C:\WINDOWS\system32\hsyc.exe" start
O4 - HKLM\..\Run: [oqjm.exe] "C:\WINDOWS\system32\oqjm.exe" start
O4 - HKLM\..\Run: [vhws.exe] "C:\WINDOWS\vhws.exe" start
O4 - HKLM\..\Run: [gst] "c:\windows\pchealth\gqmcl.exe"
O4 - HKLM\..\Run: [Cashup] $$$C:\Program Files\Internet Explorer\MUI\Cashup.exe
O4 - HKLM\..\Run: [feoua] C:\WINDOWS\system32\tmp003ui\feoua.exe
O4 - HKLM\..\Run: [wbeilosvad] C:\WINDOWS\system32\wbeilosvad.exe
O4 - HKLM\..\Run: [qmat] "c:\windows\ime\menisf.exe"
O4 - HKLM\..\Run: [yjwj.exe] "C:\Documents and Settings\Joseph\Templates\yjwj.exe" j385
O4 - HKLM\..\Run: [omm] "c:\windows\1022\tnl.exe"
O4 - HKLM\..\Run: [bjybn.exe] "C:\Documents and Settings\Joseph\Local Settings\bjybn.exe" xi66m
O4 - HKLM\..\Run: [qfcn] "c:\windows\system\adobe\gtt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DCB07] $$$C:\WINDOWS\system32\DCB\ex07.exe
O4 - HKLM\..\Run: [rlvlw.exe] "C:\Documents and Settings\Joseph\Application Data\rlvlw.exe" q3hl
O4 - HKLM\..\Run: [Cashonupdate] $$$C:\Program Files\CashOn\bin\CashOnUpdate02100720.exe
O4 - HKLM\..\Run: [beilorvadg] C:\WINDOWS\system32\beilorvadg.exe
O4 - HKLM\..\Run: [knquxcfjmp] C:\WINDOWS\system32\knquxcfjmp.exe
O4 - HKLM\..\Run: [psvbehloru] C:\WINDOWS\system32\psvbehloru.exe
O4 - HKLM\..\Run: [hloruadgjn] C:\WINDOWS\system32\hloruadgjn.exe
O4 - HKLM\..\Run: [loruadgjnq1] C:\WINDOWS\system32\loruadgjnq1.exe
O4 - HKLM\..\Run: [uxcgjmptwb] C:\WINDOWS\system32\uxcgjmptwb.exe
O4 - HKLM\..\Run: [AHNSDA] $$$C:\WINDOWS\system32\sysepro.exe
O4 - HKLM\..\Run: [RegViuum] $$$C:\Program Files\RegViuum\ViuumUp.exe
O4 - HKLM\..\Run: [actres] C:\WINDOWS\system32\actresource.exe
O4 - HKLM\..\Run: [atapu] C:\WINDOWS\system32\atapu.exe
O4 - HKLM\..\Run: [qsu] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [gkqbie] "c:\windows\system32\icsxml\hm\qnm.exe"
O4 - HKLM\..\Run: [acarmo2] C:\WINDOWS\system32\Tepath\acarmo2.exe
O4 - HKLM\..\Run: [Series] C:\Series.exe
O4 - HKLM\..\Run: [COMMTZ] $$$C:\WINDOWS\system32\commtz.exe
O4 - HKLM\..\Run: [pdgcin] "c:\windows\1328\jhtt.exe"
O4 - HKLM\..\Run: [fjqcho] "c:\windows\1328\jhtt.exe"
O4 - HKLM\..\Run: [WhiteV] $$$C:\Program Files\whitevaccine\VaccineZRD.exe
O4 - HKLM\..\Run: [gdena] "c:\windows\resources\themes\hlrmph.exe"
O4 - HKLM\..\Run: [ttk] "c:\windows\system32\icsxml\hm\qnm.exe"
O4 - HKLM\..\Run: [bna] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [pswbeilorv] C:\WINDOWS\system32\pswbeilorv.exe
O4 - HKLM\..\Run: [cfilpsvaeh] C:\WINDOWS\system32\cfilpsvaeh.exe
O4 - HKLM\..\Run: [lqunhk] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [ibjn] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [thhg] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [symc820] C:\WINDOWS\system32\symc820.exe
O4 - HKLM\..\Run: [TINTSETLS] $$$C:\windows\paris.exe
O4 - HKLM\..\Run: [arqlth] "c:\windows\system\adobe\uuqm.exe"
O4 - HKLM\..\Run: [xbukfcq] C:\WINDOWS\system32\xbukfcq.exe
O4 - HKLM\..\Run: [pbsms] "c:\windows\system32\up\lon.exe"
O4 - HKLM\..\Run: [opqjb] "c:\windows\system32\ime\ghslks.exe"
O4 - HKLM\..\Run: [sufu] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [ossj] "c:\windows\ime\menisf.exe"
O4 - HKLM\..\Run: [aoj] "c:\windows\1766\eqb.exe"
O4 - HKLM\..\Run: [cra] "c:\windows\system32\up\lon.exe"
O4 - HKLM\..\Run: [rge] "c:\windows\system32\ime\ghslks.exe"
O4 - HKLM\..\Run: [bgh] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [bhmdm] "c:\windows\1766\eqb.exe"
O4 - HKLM\..\Run: [jdm] "c:\windows\pchealth\uploadlb\config\rhq.exe"
O4 - HKLM\..\Run: [mdmkak] "c:\windows\system32\1054\gcobp.exe"
O4 - HKLM\..\Run: [lsdr] "c:\windows\contera\jmtj.exe"
O4 - HKLM\..\Run: [suerui] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [MsgSpool] $$$C:\WINDOWS\system32\MsgSpool.exe
O4 - HKLM\..\Run: [ybdji] C:\WINDOWS\system32\ybdji.exe
O4 - HKLM\..\Run: [update Common flashLank] $$$C:\Program Files\Common Files\Adobe\rks\rank.exe
O4 - HKLM\..\Run: [sndca] "c:\windows\system32\1054\gcobp.exe"
O4 - HKLM\..\Run: [kmlb] "c:\windows\pchealth\uploadlb\config\rhq.exe"
O4 - HKLM\..\Run: [comdialg] C:\WINDOWS\system32\comdialg.exe
O4 - HKLM\..\Run: [qkdjn] "c:\windows\1766\eqb.exe"
O4 - HKLM\..\Run: [freeupd] C:\windows\system32\freeupd.exe
O4 - HKLM\..\Run: [vbehkoruxd] C:\WINDOWS\system32\vbehkoruxd.exe
O4 - HKLM\..\Run: [lvtdjyd] C:\WINDOWS\system32\lvtdjyd.exe
O4 - HKLM\..\Run: [synkui] C:\WINDOWS\system32\synkui.exe
O4 - HKLM\..\Run: [hsjuhr] "c:\windows\system32\1054\gcobp.exe"
O4 - HKLM\..\Run: [olk] "c:\windows\ie7updates\sahrbo.exe"
O4 - HKLM\..\Run: [rbqph] "c:\windows\ie7updates\sahrbo.exe"
O4 - HKLM\..\Run: [kafghg] "c:\windows\system32\1054\gcobp.exe"
O4 - HKLM\..\Run: [nkafgh] "c:\windows\pchealth\uploadlb\config\rhq.exe"
O4 - HKLM\..\Run: [toa] "c:\windows\system32\ime\ghslks.exe"
O4 - HKLM\..\Run: [kan] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [utkd] "c:\windows\ie7updates\sahrbo.exe"
O4 - HKLM\..\Run: [fch] "c:\windows\system32\export\m3\chkupd.exe"
O4 - HKLM\..\Run: [devm] C:\WINDOWS\system32\devmqr.exe
O4 - HKLM\..\Run: [blih] "c:\windows\ime\menisf.exe"
O4 - HKLM\..\Run: [InSHelp] $$$C:\Program Files\InSideBar\sidehlp.exe
O4 - HKLM\..\Run: [WinKeyProtect32] $$$C:\WINDOWS\system32\kbmodrv16.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [slbc] $$$C:\WINDOWS\system32\slbc.exe
O4 - HKLM\..\Run: [Roll] C:\Program Files\Common Files\Microsoft Shared\MSInfo\Roll.exe
O4 - HKLM\..\Run: [kims] C:\Windows\addins\kims.exe
O4 - HKLM\..\Run: [SHelp] $$$C:\Program Files\SideHelp\sidehp.exe
O4 - HKLM\..\Run: [jemp] "c:\windows\system32\com\dpso.exe"
O4 - HKLM\..\Run: [hccr] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [compros] C:\WINDOWS\system32\compros.exe
O4 - HKLM\..\Run: [nugqec] "c:\windows\microsoft.net\ecjkdj.exe"
O4 - HKLM\..\Run: [103843103843] C:\WINDOWS\system32\103843103843.exe
O4 - HKLM\..\Run: [easypots] $$$C:\WINDOWS\system32\easypotmn.exe
O4 - HKLM\..\Run: [imekrmigse] $$$C:\WINDOWS\system32\rmigse.exe
O4 - HKLM\..\Run: [rvadgknqtx] C:\WINDOWS\system32\rvadgknqtx.exe
O4 - HKLM\..\Run: [oakqg] "c:\windows\microsoft.net\ecjkdj.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SPUpdate] $$$C:\Program Files\SPoint\bin\SPUpdate02121843.exe
O4 - HKLM\..\Run: [uct] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [bbbbbbbbbb] C:\WINDOWS\system32\bbbbbbbbbb.exe
O4 - HKLM\..\Run: [eirobi] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [jrme] "c:\windows\system32\com\dpso.exe"
O4 - HKLM\..\Run: [pjpj] "c:\windows\system32\com\dpso.exe"
O4 - HKLM\..\Run: [mmmmmmmmmm] C:\WINDOWS\system32\mmmmmmmmmm.exe
O4 - HKLM\..\Run: [lpjp] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [gabgun] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [fqh] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [llrnrd] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [qgp] "c:\windows\microsoft.net\ecjkdj.exe"
O4 - HKLM\..\Run: [jka] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [akep] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [ceomr] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [pakepu] "c:\windows\system32\com\dpso.exe"
O4 - HKLM\..\Run: [mmmmmmmmmm1] C:\WINDOWS\system32\mmmmmmmmmm1.exe
O4 - HKLM\..\Run: [1038431038431] C:\WINDOWS\system32\1038431038431.exe
O4 - HKLM\..\Run: [James] C:\Program Files\Common Files\Microsoft Shared\James.exe
O4 - HKLM\..\Run: [qkqk] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [slj] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [rlrlgp] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [spmhtk] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [April2] C:\Program Files\Common Files\System\April2.exe
O4 - HKLM\..\Run: [ftriri] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ckhl] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [cco] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [rkiui] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [jag] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ktub] $$$C:\WINDOWS\system32\ktub.exe
O4 - HKLM\..\Run: [etbbe] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [auhodf] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [CDj] $$$C:\WINDOWS\system32\CDjen.exe
O4 - HKLM\..\Run: [systf] C:\WINDOWS\system32\systfim.exe
O4 - HKLM\..\Run: [nnh] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qfhib] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [adnp] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [foo] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [dgjmqtwbfi] C:\WINDOWS\system32\dgjmqtwbfi.exe
O4 - HKLM\..\Run: [ics] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [muc] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [rdic] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [sejdio] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [pjnp] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [ujpsrt] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [msdr] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [adbr] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [mug] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [rlgb] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [qoppi] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [qhf] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [sith] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [iplgrh] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [mri] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qafrj] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [mnfur] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [mfgaq] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [fmjbpl] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [qklgnd] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [rlmh] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [etu] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [eblk] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [mhldbi] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [aqaqom] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [bjb] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [ochcq] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hlmtq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [iup] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [qtn] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [dfsjbb] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [gcjcta] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pls] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [gdmsb] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [gpr] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [entcn] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [jtotmr] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hqsuk] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ttij] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [uqnhc] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hdkd] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [dpjhn] "c:\windows\system32\3com_dmi\temp\ttm.exe"
O4 - HKLM\..\Run: [iprr] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [hjjtb] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [sbfr] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [kqat] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [shi] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ecu] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [nfjnef] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [gii] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [dgs] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [dasq] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [lqsfp] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [besfqd] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [glogp] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [esle] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [aer] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [fofg] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [aoff] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [tognei] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [jpe] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [aki] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [slq] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [bljnj] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [sdjdld] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [oscnj] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [jtra] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [kulpg] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [qipg] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [ftktse] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [fuc] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [idrcic] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ugs] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [trkb] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [uiheft] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [mfl] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [cqi] "c:\windows\system32\4875\cntpet.exe"
O4 - HKLM\..\Run: [lmc] "c:\windows\hbvjqc\bmhu.exe"
O4 - HKLM\..\Run: [hloruadgjn1] C:\WINDOWS\system32\hloruadgjn1.exe
O4 - HKLM\..\Run: [SOVbar] $$$C:\Program Files\Sovbars\sovbar.exe
O4 - HKLM\..\Run: [jid] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [sysi] $$$C:\WINDOWS\system32\sysi.exe
O4 - HKLM\..\Run: [soegj] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [eblgr] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [dpgj] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [hcts] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [cbhhgp] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [bpmus] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [mlsmhq] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [usDBDGIDr] C:\WINDOWS\system32\usDBDGID.exe
O4 - HKLM\..\Run: [iid] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [irrnd] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [pqphqi] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [els] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ukmpb] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [gfhq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [kct] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [tceec] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [moftka] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [srdq] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [plu] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [jdcmo] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [joa] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [jpniu] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [rqfaq] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [kndqml] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [rotdc] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pfah] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [jtpl] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [fucf] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [htfsnb] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qmprci] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [qmqt] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [dmm] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [rfco] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ifden] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [smddtc] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [qfdbh] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [lus] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [anfcri] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [kpdl] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ceb] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [rlrjqb] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [upnh] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [heoac] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [cunf] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [hhlqgd] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [npqn] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hkifdc] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [iskhqs] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ublkus] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [qsnk] "c:\windows\1345\write.exe"
O4 - HKLM\..\Run: [fibulb] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [kgdr] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [lnibdg] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ffcs] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [dorrqr] "c:\windows\1345\write.exe"
O4 - HKLM\..\Run: [ktp] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [qdfks] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [bug] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [uohdfc] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [abpstc] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [bgtbb] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [tghqo] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [rcj] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [iinst] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ett] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ipmqb] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gtf] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [gsgt] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ulpb] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [skrsnf] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [nrn] "c:\windows\1345\write.exe"
O4 - HKLM\..\Run: [rjqslt] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [lrrsmt] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [eiecia] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [jcklci] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [qeimfo] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [euiru] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [snrkts] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [dmlsar] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [qbbg] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [ptau] "c:\windows\setupupd\sdho.exe"
O4 - HKLM\..\Run: [tba] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ihs] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [jigt] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hjus] "c:\windows\1345\write.exe"
O4 - HKLM\..\Run: [cleqi] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [jicrht] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [faujqo] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [bbect] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [snt] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [mdq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [kflj] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [ijfdo] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [abafl] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [tmu] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [jekioq] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [rreoa] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [hhudu] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [hhnr] "c:\windows\system32\wbem\autorecover\ogqsk.exe"
O4 - HKLM\..\Run: [otwssu] $$$C:\WINDOWS\otwssu.exe
O4 - HKLM\..\Run: [lpsvaehkor] C:\WINDOWS\system32\lpsvaehkor.exe
O4 - HKLM\..\Run: [kkao] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ltn] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [mkhcq] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [lapqr] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [ragdg] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [sqfgi] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [cjehtc] "c:\windows\system32\ras\alupdate.exe"
O4 - HKLM\..\Run: [csjpli] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [scmgr] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [umqjne] "c:\windows\system32\ras\alupdate.exe"
O4 - HKLM\..\Run: [rmbqrs] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [lipq] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ujff] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [tieeae] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [nsah] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [afi] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [oapkbk] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [nhco] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [aqd] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [crifa] "c:\windows\system32\ras\alupdate.exe"
O4 - HKLM\..\Run: [jpa] "c:\windows\system32\urttemp\ucjfau.exe"
O4 - HKLM\..\Run: [rbj] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [fljqf] "c:\windows\setup.pss\odjkr.exe"
O4 - HKLM\..\Run: [lggdlr] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [gedsrk] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [bso] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [noj] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [ffin] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [hmhud] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [anfpmh] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [qug] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [dodof] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [canu] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [erhofd] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [oknn] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [inimtc] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ffck] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [rahbc] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [bps] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [ipsi] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [lei] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [npies] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [ohdr] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pad] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [pgem] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [trmij] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [ejk] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [qnest] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [btbkgp] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ecbjua] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [geuq] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [bjcobo] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [aibn] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [jrkbj] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [giccl] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [beq] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [sgsf] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [soqkkt] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [iando] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [ibh] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [jean] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [sql] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [tcisu] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [bfdqtt] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [gtll] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [cucl] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [imsb] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [skuqm] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [fbacr] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [agkqfh] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [gjfhbb] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [btjla] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [nfbglt] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [sqr] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [jnldg] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [snteff] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qrqr] "c:\windows\system32\ncbtemp\ghnns.exe"
O4 - HKLM\..\Run: [qrcc] "c:\windows\7768\pireg.exe"
O4 - HKLM\..\Run: [bmu] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [mbtkdl] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [subhk] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ulheo] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [bto] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [rtjae] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [reesqt] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [qpadud] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [pssu] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [ist] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [capi] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [dcj] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [qlt] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [bfftkn] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qpohhl] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [rmqhha] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [tlsjrl] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [kidqq] "c:\windows\system32\tmppath\afquavw.exe"
O4 - HKLM\..\Run: [tijtop] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [hohf] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [fqdnl] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [esqi] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ftrjas] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [qee] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [araelh] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [tacnr] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [afsaml] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [egik] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [fsbs] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [haag] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [lkufud] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ijalu] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [hiu] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [thigcl] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [heqtc] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [undcg] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [dfu] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [tklsul] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ref] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [diqash] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [tqn] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [chuq] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [qlqojg] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [kmlio] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [gif] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [fts] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [lerdq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [aprqg] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [SvrWinProtect32] C:\WINDOWS\system32\ymksyst32.exe
O4 - HKLM\..\Run: [jrmgkm] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [hcje] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [uttj]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:26 AM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Aierter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\Ati2evx.exe
C:\Windows\System32\ati2svc.exe
C:\WINDOWS\system32\Brmfrmps.exe
c:\windows\Downloaded Program Files\dkservice.exe
C:\WINDOWS\system32\Dnscashe.exe
c:\Program Files\Intel\v14\engine.exe
C:\WINDOWS\ezuy.exe
C:\Program Files\Google\googletoolbar.exe
C:\Windows\system32\helpsvr.exe
C:\Windows\System32\ibmsvc.exe
C:\WINDOWS\system32\msimports.exe
c:\windows\system32\tservice.exe
C:\WINDOWS\system32\lrmon.exe
C:\WINDOWS\system32\MetDDE.exe
C:\WINDOWS\system32\Nessenger.exe
C:\Program Files\Team DND\nvclassic.exe
C:\Program Files\Team DND\nvmacc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\DivX\bin\nvsvc32.exe
C:\WINDOWS\system32\p2hib.exe
D:\Spyware Doctor\pctsAuxs.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\Spyware Doctor\pctsTray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svinfo.exe
C:\Program Files\Common Files\AOL\1159145214\ee\AOLSoftware.exe
C:\WINDOWS\system32\tp4srv.exe
C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\demonw.exe
C:\WINDOWS\system32\USP.exe
C:\WINDOWS\system32\hreaf.exe
C:\WINDOWS\system32\mintol.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\gmin90.exe
C:\WINDOWS\system32\atepia.exe
c:\windows\system32\webcilent.exe
C:\WINDOWS\system32\a6jpia.exe
C:\WINDOWS\system32\g6dn90.exe
C:\Program Files\Ahead\Nero\CDI\neroburn.exe
C:\Program Files\ESTsoft\ALZip\Banner\alzip.exe
C:\WINDOWS\system32\Demon.exe
C:\WINDOWS\Web\OpenClient.exe
C:\WINDOWS\system32\mfcans323.exe
C:\WINDOWS\system32\ntfls.exe
C:\WINDOWS\system32\ntsktp.exe
C:\Documents and Settings\Joseph\Application Data\rlvlw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Tepath\cices.exe
C:\WINDOWS\system32\tmp003ui\feoua.exe
C:\WINDOWS\system32\Tepath\acarmo2.exe
C:\WINDOWS\system32\xbukfcq.exe
C:\WINDOWS\system32\lvtdjyd.exe
C:\WINDOWS\system32\103843103843.exe
C:\WINDOWS\system32\rvadgknqtx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\bbbbbbbbbb.exe
C:\WINDOWS\system32\mmmmmmmmmm.exe
C:\windows\1051\ogk.exe
C:\windows\1346\xmainnf.exe
C:\windows\minidump\rbpclip.exe
C:\WINDOWS\system32\mmmmmmmmmm1.exe
C:\WINDOWS\system32\1038431038431.exe
C:\Program Files\Common Files\Microsoft Shared\James.exe
C:\windows\system32\1041\aijl.exe
C:\Program Files\Common Files\System\April2.exe
C:\windows\setupupd\temp\alsee.exe
C:\windows\4633\hurllnk.exe
C:\windows\system32\1042\pireg.exe
C:\WINDOWS\system32\dgjmqtwbfi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\hloruadgjn1.exe
C:\windows\system32\1037\almap.exe
C:\windows\system32\quicktime\yhmx\mcscript.exe
C:\WINDOWS\system32\usDBDGID.exe
C:\WINDOWS\system32\lpsvaehkor.exe
C:\windows\1488\backitup.exe
C:\WINDOWS\system32\ymksyst32.exe
C:\WINDOWS\system32\dltlqdl.exe
C:\WINDOWS\system32\nwdltlqdl.exe
C:\windows\system32\enswdb\ifk.exe
C:\WINDOWS\system32\igdys.exe
C:\windows\system32\log\qpr.exe
C:\windows\system32\logfiles\httperr\pbisch.exe
C:\windows\zsetup\boom.exe
C:\windows\system32\macromed\shockwave 10\xtras\csscan.exe
C:\WINDOWS\system32\wbholder.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\pss\psscontrol.exe
C:\WINDOWS\system32\lpsvbehkor.exe
C:\WINDOWS\system32\lorvadhknq.exe
C:\WINDOWS\system32\swbeilorva.exe
C:\WINDOWS\system32\eilorvadgk.exe
C:\Program Files\AD-Spider\autoUpdateEnt.exe
C:\WINDOWS\system32\psvaehknru.exe
C:\WINDOWS\system32\xcfjmpswbe.exe
C:\WINDOWS\system32\gknqtxcfim.exe
C:\WINDOWS\system32\mqtwbfilps.exe
C:\WINDOWS\system32\qtwbfilpsv.exe
C:\Windows\AppPatch\websvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ilpsvaehko.exe
C:\WINDOWS\system32\hknquxcfjm.exe
C:\WINDOWS\system32\ehkoruxdgj.exe
C:\WINDOWS\system32\hkoruxdgjm.exe
C:\WINDOWS\system32\hkoruxdgjm1.exe
C:\WINDOWS\system32\gjmqtwcfil.exe
C:\Documents and Settings\Joseph\Local Settings\ctsr.exe
C:\WINDOWS\system32\cfimpsvbeh.exe
C:\WINDOWS\system32\svbehkorua.exe
C:\WINDOWS\system32\vbehkoruad1.exe
C:\WINDOWS\system32\hkoruadgjn.exe
C:\WINDOWS\system32\koruadgjnq.exe
C:\WINDOWS\system32\svbehlorua.exe
C:\WINDOWS\system32\svbehlorua1.exe
C:\WINDOWS\system32\vbehloruad.exe
C:\WINDOWS\system32\vbehloruad1.exe
C:\WINDOWS\system32\wbeilosvad.exe
C:\Documents and Settings\Joseph\Templates\yjwj.exe
C:\Documents and Settings\Joseph\Local Settings\bjybn.exe
C:\WINDOWS\system32\beilorvadg.exe
C:\WINDOWS\system32\knquxcfjmp.exe
C:\WINDOWS\system32\psvbehloru.exe
C:\WINDOWS\system32\hloruadgjn.exe
C:\WINDOWS\system32\loruadgjnq1.exe
C:\WINDOWS\system32\uxcgjmptwb.exe
C:\WINDOWS\system32\naa2up.exe
C:\WINDOWS\system32\pswbeilorv.exe
C:\WINDOWS\system32\cfilpsvaeh.exe
C:\WINDOWS\system32\vbehkoruxd.exe
C:\WINDOWS\system32\103843103843.exe
C:\WINDOWS\system32\bbbbbbbbbb.exe
C:\Program Files\Regsys.exe
C:\WINDOWS\system32\mmmmmmmmmm.exe
C:\WINDOWS\system32\mmmmmmmmmm1.exe
C:\WINDOWS\system32\1038431038431.exe
C:\WINDOWS\system32\lpsvaehkor.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Common Files\Microsoft Shared\Mantos.exe
C:\Program Files\Common Files\System\April2.exe
C:\Program Files\Common Files\Microsoft Shared\James.exe
C:\WINDOWS\system32\winmonww.exe
C:\Program Files\Internet Explorer\SIGNUP\Gainis.exe
C:\WINDOWS\runedll37.exe
C:\WINDOWS\kdmgrvs.exe
C:\WINDOWS\msapps\th.exe
C:\WINDOWS\system32\enswdb\fu.exe
C:\WINDOWS\system32\dhcp\uaq.exe
C:\WINDOWS\system32\Setup\uu.exe
C:\WINDOWS\vi\cub.exe
C:\WINDOWS\MsImg\ikg.exe
C:\WINDOWS\Driver Cache\i386\kmm.exe
C:\WINDOWS\temp99\kk.exe
C:\WINDOWS\system32\tmppath\oka.exe
C:\WINDOWS\peernet\qbn.exe
C:\WINDOWS\system32\CatRoot\tat.exe
C:\WINDOWS\system32\CatRoot\tatqd.exe
C:\Program Files\Internet Explorer\SIGNUP\Gainis.exe
C:\Program Files\Internet Explorer\Connection Wizard\INIs.exe
C:\WINDOWS\system32\mknadoioem.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe,C:\WINDOWS\system32\wbholder.exe,
O2 - BHO: 3SP Module - {05DDC566-0691-4847-B9BB-248087DB3107} - C:\Program Files\P3SMini\S3PMini1007.dll
O2 - BHO: Direct8_VW.AUDIO_MonikerClass - {08903050-9116-4FD0-ABD6-7C5FAC9B067E} - C:\WINDOWS\system32\Direct8_VW.dll
O2 - BHO: (no name) - {0E5ABC98-FAFE-4FBC-8144-94293B8B3FE8} - C:\WINDOWS\system32\msbinderx.dll
O2 - BHO: (no name) - {109CB812-07FB-4175-BE9B-D9DC483E0C67} - C:\WINDOWS\system32\pdisn.dll
O2 - BHO: Project1.Class1 - {187431AF-7420-49DD-8B79-B543FB4AA28F} - C:\WINDOWS\system32\measypot.dll
O2 - BHO: (no name) - {2D376681-83D8-4F8C-95D4-A10390B7AB22} - C:\WINDOWS\system32\wkdig.dll
O2 - BHO: (no name) - {338B1483-EDE5-4CBB-A1C9-F09325344D0A} - C:\WINDOWS\system32\kmlxer.dll
O2 - BHO: (no name) - {37A7EC50-7AEC-4BE1-ADE1-DA5B741F7C49} - C:\WINDOWS\system32\grident2.dll
O2 - BHO: winsrcmg.Class1 - {4D7DC010-0FBA-49B0-9950-794BCDC8C87D} - C:\WINDOWS\system32\winsrcmg.dll
O2 - BHO: RSBar7BHO - {57317FFA-6567-47A7-8B90-EB466EE61C11} - C:\Program Files\rsbar2\RSBar7.dll
O2 - BHO: (no name) - {6559C2E0-4BA6-47D2-ACD5-48F9F5227EAE} - C:\WINDOWS\system32\miakmcl.dll
O2 - BHO: (no name) - {6EDB3B51-076A-4828-92D8-911AD7F3B3A5} - C:\WINDOWS\system32\naa2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Project1.KeywordSrc - {77180DBC-B02F-4A79-B1D5-A1D56C13CCFD} - C:\WINDOWS\system32\iesearchtre.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8053EC3E-A304-4323-BCF6-05DBD979151B} - C:\Program Files\ieshowpop\ShowPopup.dll (file missing)
O2 - BHO: (no name) - {83D60A33-656B-4929-882D-4711F018F7B7} - C:\WINDOWS\system32\axaltoc.dll
O2 - BHO: PotCtrl Class - {90005E7B-CD9B-481B-8D1D-BECCD9124675} - C:\WINDOWS\system32\easypot.dll
O2 - BHO: (no name) - {94B1E812-9BDB-4324-9DF7-49F6D26B55A3} - C:\WINDOWS\system32\yimwz.dll
O2 - BHO: (no name) - {956637CB-50AE-494C-B7E0-D247F4DC068B} - C:\WINDOWS\system32\amxqnd.dll
O2 - BHO: dcb Class - {B0B678D8-ECB3-4FD6-A8D7-9F0F6C03C5FF} - C:\WINDOWS\system32\dl07.dll
O2 - BHO: Project1.IEbottom - {E8FC1DDE-9DAA-4ECB-ADCB-61DEB21A6317} - C:\WINDOWS\system32\bttnsearch.dll
O2 - BHO: (no name) - {EA70655F-19A0-4F22-9F74-2C8D78544048} - C:\WINDOWS\system32\zkkei.dll
O2 - BHO: Project1.Keyword - {EA8165BA-9EC6-46E6-B9BD-E9E381597663} - C:\WINDOWS\system32\mswinkeyhp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NtSvcdm] C:\WINDOWS\system32\bp1.exe
O4 - HKLM\..\Run: [MUFreeQty] C:\Program Files\MUFree1\MUFreeQty.exe
O4 - HKLM\..\Run: [MUFree1] C:\Program Files\MUFree1\MUFree1UPDATER.exe START
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159145214\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [G2] $$$C:\Program Files\G2\G2Main.exe
O4 - HKLM\..\Run: [Cass Oxyion] $$$C:\WINDOWS\wizonbm.exe
O4 - HKLM\..\Run: [Bookmark] C:\Program Files\Bookmark\BookmarkInit.exe /u http://file.ezaddress.co.kr/app_com/bookmark/13 /m Bookmark.exe
O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKLM\..\Run: [Xweb] "C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe"
O4 - HKLM\..\Run: [demonw] C:\WINDOWS\system32\demonw.exe
O4 - HKLM\..\Run: [adodemaster] $$$C:\Program Files\adode\adodemaster.exe
O4 - HKLM\..\Run: [Toolbarmaster] $$$C:\Program Files\Windowsbar\Toolbarmaster.exe
O4 - HKLM\..\Run: [sysrun.exe] $$$C:\Program Files\Windowsbar\sysrun.exe
O4 - HKLM\..\Run: [hreaf] C:\WINDOWS\system32\hreaf.exe
O4 - HKLM\..\Run: [mscfg] $$$C:\WINDOWS\airplanebm.exe
O4 - HKLM\..\Run: [mintol] C:\WINDOWS\system32\mintol.exe
O4 - HKLM\..\Run: [mscandui] $$$C:\WINDOWS\ime\mscandui.exe
O4 - HKLM\..\Run: [spooler] $$$C:\WINDOWS\system32\spool\spooler.exe
O4 - HKLM\..\Run: [gmin90] C:\WINDOWS\system32\gmin90.exe
O4 - HKLM\..\Run: [atepia] C:\WINDOWS\system32\atepia.exe
O4 - HKLM\..\Run: [a6jpia] C:\WINDOWS\system32\a6jpia.exe
O4 - HKLM\..\Run: [g6dn90] C:\WINDOWS\system32\g6dn90.exe
O4 - HKLM\..\Run: [dff] C:\WINDOWS\system32\DllTempDirectory\bfa\dff.exe
O4 - HKLM\..\Run: [neroburn] "C:\Program Files\Ahead\Nero\CDI\neroburn.exe"
O4 - HKLM\..\Run: [alzip] "C:\Program Files\ESTsoft\ALZip\Banner\alzip.exe"
O4 - HKLM\..\Run: [floerq] $$$C:\WINDOWS\system32\floerq\floerq.exe
O4 - HKLM\..\Run: [uea] $$$C:\WINDOWS\system32\uea.exe
O4 - HKLM\..\Run: [dcooper] $$$C:\WINDOWS\system32\dcooper\dcooper.exe
O4 - HKLM\..\Run: [uptpht] $$$C:\WINDOWS\system32\phtupt.exe
O4 - HKLM\..\Run: [grapetd] $$$C:\WINDOWS\system32\grapetd\grapetd.exe
O4 - HKLM\..\Run: [sysure] $$$C:\WINDOWS\system32\sysure\sysure.exe
O4 - HKLM\..\Run: [enswdb] $$$C:\WINDOWS\system32\enswdb\enswdb.exe
O4 - HKLM\..\Run: [s3] C:\WINDOWS\system32\DllTempDirectory\q1\s3.exe
O4 - HKLM\..\Run: [imgscc] $$$C:\WINDOWS\system32\imgssc.exe
O4 - HKLM\..\Run: [imgssc] $$$C:\WINDOWS\system32\imgssc.exe
O4 - HKLM\..\Run: [XProtect] C:\windows\XProtect.exe
O4 - HKLM\..\Run: [NProtects] C:\Windows\AppPatch\NProtects.exe
O4 - HKLM\..\Run: [msdtcc] $$$C:\WINDOWS\system32\msdtcc.exe
O4 - HKLM\..\Run: [netmac] $$$C:\Windows\AppPatch\netmac.exe
O4 - HKLM\..\Run: [servicers] C:\windows\system32\servicers.exe
O4 - HKLM\..\Run: [svcshost] c:\windows\svcshost.exe
O4 - HKLM\..\Run: [ekub] C:\WINDOWS\ekubha.exe
O4 - HKLM\..\Run: [iexplot] $$$C:\WINDOWS\system32\iexplot.exe
O4 - HKLM\..\Run: [dnfavor3] $$$C:\WINDOWS\system32\unmask3.exe
O4 - HKLM\..\Run: [fanocean] $$$C:\WINDOWS\system32\fanocean\fanocean.exe
O4 - HKLM\..\Run: [tt1v1svmp] C:\WINDOWS\system32\ReinstallBackups\0015\1cjp1cjfs\tt1v1svmp.exe
O4 - HKLM\..\Run: [yxcm] C:\WINDOWS\system32\ReinstallBackups\0015\yy5s\yxcm.exe
O4 - HKLM\..\Run: [q6hww] C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\qhhbw\q6hww.exe
O4 - HKLM\..\Run: [sycalcu] $$$C:\WINDOWS\system32\sycalcu.exe
O4 - HKLM\..\Run: [btbt06sa] C:\WINDOWS\system32\Macromed\Director\slv06lta\btbt06sa.exe
O4 - HKLM\..\Run: [1urrna2] C:\WINDOWS\system32\Macromed\Director\13cn932\1urrna2.exe
O4 - HKLM\..\Run: [rtrxwptgp] C:\WINDOWS\system32\Macromed\Shockwave 10\Xtras\31tr1pwmp\3txx1gx3p\rtrxwptgp.exe
O4 - HKLM\..\Run: [v3hhp] C:\WINDOWS\system32\migate\rhm83\v3hhp.exe
O4 - HKLM\..\Run: [Tmp001] $$$C:\WINDOWS\system32\Tmp001.exe
O4 - HKLM\..\Run: [wincalcu] $$$C:\WINDOWS\system32\wincalcu.exe
O4 - HKLM\..\Run: [Sys0002] $$$C:\WINDOWS\system32\Sys0002.exe
O4 - HKLM\..\Run: [Demon] C:\WINDOWS\system32\Demon.exe
O4 - HKLM\..\Run: [aqeku] C:\WINDOWS\aqekudra.exe
O4 - HKLM\..\Run: [GongUbadaPlayerStart] $$$C:\Program Files\gongUbada\GBUpdate.exe
O4 - HKLM\..\Run: [lorvadgknq] C:\WINDOWS\system32\lorvadgknq.exe
O4 - HKLM\..\Run: [Pruda] C:\Windows\Config\Pruda.exe
O4 - HKLM\..\Run: [IEdoume] $$$C:\Program Files\OverHelpSite\iedoume.exe
O4 - HKLM\..\Run: [australia] $$$"C:\Program Files\Messenger\australia.exe"
O4 - HKLM\..\Run: [brazil] $$$"C:\WINDOWS\Web\brazil.exe"
O4 - HKLM\..\Run: [bagMRU] $$$c:\bagMRU.exe
O4 - HKLM\..\Run: [UIOE] $$$C:\WINDOWS\system32\Ukum\Uspss.exe
O4 - HKLM\..\Run: [dkservice4] $$$c:\Program Files\DacomAdapte\drv\40\dkservices.exe
O4 - HKLM\..\Run: [prtcache4] $$$c:\Program Files\Common Files\sec\Drive\40\prtcache.exe
O4 - HKLM\..\Run: [tube] C:\Program Files\Common Files\System\tube.exe
O4 - HKLM\..\Run: [LGT] C:\Program Files\LGT.exe
O4 - HKLM\..\Run: [Accepted] C:\Accepted.exe
O4 - HKLM\..\Run: [Demeter] c:\windows\Demeter.exe
O4 - HKLM\..\Run: [Mnset] C:\Program Files\Internet Explorer\MUI\Mnset.exe
O4 - HKLM\..\Run: [japan] "C:\WINDOWS\Web\OpenClient.exe"
O4 - HKLM\..\Run: [kuwait] $$$"C:\WINDOWS\pss\psscontrol.exe"
O4 - HKLM\..\Run: [WinDrvsos] $$$C:\WINDOWS\system32\drvsonis.exe
O4 - HKLM\..\Run: [lpsvbehkor] C:\WINDOWS\system32\lpsvbehkor.exe
O4 - HKLM\..\Run: [ServiceNet] c:\windows\servicenet.exe
O4 - HKLM\..\Run: [LGTs] C:\WINDOWS\LGTs.exe
O4 - HKLM\..\Run: [Sense] C:\Windows\Config\Sense.exe
O4 - HKLM\..\Run: [SearchSpy] $$$C:\SearchSpy.exe /tray
O4 - HKLM\..\Run: [IMECTRL] $$$C:\WINDOWS\system\msupdatesys.exe
O4 - HKLM\..\Run: [lorvadhknq] C:\WINDOWS\system32\lorvadhknq.exe
O4 - HKLM\..\Run: [WindowSystemInfo] $$$C:\WINDOWS\system32\wininfoupdate.exe
O4 - HKLM\..\Run: [lebanon] $$$"C:\Program Files\ESTsoft\ALUpdate\AZMains.exe"
O4 - HKLM\..\Run: [liberia] $$$"C:\Program Files\SoftForum\sofrum.exe"
O4 - HKLM\..\Run: [mexico] $$$"C:\Program Files\MSN Messenger\Device Manager\Loc\1051\msndevmen.exe"
O4 - HKLM\..\Run: [vcsys] $$$C:\WINDOWS\system32\Tepath\vcsys.exe
O4 - HKLM\..\Run: [okdemona] $$$C:\WINDOWS\system32\okdemona.exe
O4 - HKLM\..\Run: [msstc] $$$C:\WINDOWS\system32\Tepath\msstc.exe
O4 - HKLM\..\Run: [swbeilorva] C:\WINDOWS\system32\swbeilorva.exe
O4 - HKLM\..\Run: [eilorvadgk] C:\WINDOWS\system32\eilorvadgk.exe
O4 - HKLM\..\Run: [Search Update] $$$C:\Program Files\Esearch\SearchUpdate.exe
O4 - HKLM\..\Run: [mschrt330] mschrt330.exe
O4 - HKLM\..\Run: [niwide] $$$C:\WINDOWS\system32\ediwin\exwin.exe
O4 - HKLM\..\Run: [RegiProUpdate] $$$C:\Program Files\RegiPro\RegiProUpdate.exe
O4 - HKLM\..\Run: [Facial] C:\Windows\addins\Facial.exe
O4 - HKLM\..\Run: [pswbehlorv] C:\WINDOWS\system32\pswbehlorv.exe
O4 - HKLM\..\Run: [hyprthrb] $$$C:\WINDOWS\system32\tmpDirs\hyprthrb.exe
O4 - HKLM\..\Run: [uhizayequki] C:\WINDOWS\uhizayequkizen.exe
O4 - HKLM\..\Run: [redirw.exe] C:\Documents and Settings\Joseph\Local Settings\redirw.exe xps
O4 - HKLM\..\Run: [psvaehknru] C:\WINDOWS\system32\psvaehknru.exe
O4 - HKLM\..\Run: [xcfjmpswbe] C:\WINDOWS\system32\xcfjmpswbe.exe
O4 - HKLM\..\Run: [gknqtxcfim] C:\WINDOWS\system32\gknqtxcfim.exe
O4 - HKLM\..\Run: [icces] $$$C:\WINDOWS\system32\Tepath\icces.exe
O4 - HKLM\..\Run: [mqtwbfilps] C:\WINDOWS\system32\mqtwbfilps.exe
O4 - HKLM\..\Run: [qtwbfilpsv] C:\WINDOWS\system32\qtwbfilpsv.exe
O4 - HKLM\..\Run: [gsytm32b] $$$C:\WINDOWS\system32\tmppath\gsytm32b.exe
O4 - HKLM\..\Run: [hyprcla] C:\WINDOWS\system32\pTmpdir\hyprcla.exe
O4 - HKLM\..\Run: [ifjh] "c:\windows\1327\iior.exe"
O4 - HKLM\..\Run: [calisysa] $$$C:\WINDOWS\system32\tmppath\calisysa.exe
O4 - HKLM\..\Run: [itvwsao] C:\WINDOWS\system32\itvwsao.exe
O4 - HKLM\..\Run: [mfcans323] mfcans323.exe
O4 - HKLM\..\Run: [vjyalt] c:\windows\system32\vjyalt.exe vjyalt
O4 - HKLM\..\Run: [Nthost] C:\Program Files\Common Files\Microsoft Shared\MSInfo\Nthost.exe
O4 - HKLM\..\Run: [hkqakrngvq3i] $$$"c:\windows\hkqakrngvq3i.exe"
O4 - HKLM\..\Run: [msnger] C:\WINDOWS\msnger.exe
O4 - HKLM\..\Run: [Atomup] C:\Program Files\Atomup.exe
O4 - HKLM\..\Run: [ilpsvaehko] C:\WINDOWS\system32\ilpsvaehko.exe
O4 - HKLM\..\Run: [hknquxcfjm] C:\WINDOWS\system32\hknquxcfjm.exe
O4 - HKLM\..\Run: [ehkoruxdgj] C:\WINDOWS\system32\ehkoruxdgj.exe
O4 - HKLM\..\Run: [hkoruxdgjm] C:\WINDOWS\system32\hkoruxdgjm.exe
O4 - HKLM\..\Run: [hkoruxdgjm1] C:\WINDOWS\system32\hkoruxdgjm1.exe
O4 - HKLM\..\Run: [gjmqtwcfil] C:\WINDOWS\system32\gjmqtwcfil.exe
O4 - HKLM\..\Run: [tmnakgd] C:\WINDOWS\system32\tmnakgd.exe
O4 - HKLM\..\Run: [rrbjqp] "c:\windows\servicepackfiles\ouh.exe"
O4 - HKLM\..\Run: [cialnn] "c:\windows\1873\tsf.exe"
O4 - HKLM\..\Run: [ectmdc] "c:\windows\system32\fms.exe"
O4 - HKLM\..\Run: [fstp] "c:\windows\system32\grapetd\temp\jol.exe"
O4 - HKLM\..\Run: [ophgbr] "c:\windows\system32\nwproc\elbpc.exe"
O4 - HKLM\..\Run: [pjem] "c:\windows\system32\nwproc\idgh.exe"
O4 - HKLM\..\Run: [urmt] "c:\windows\vi\hcp.exe"
O4 - HKLM\..\Run: [chbi] "c:\windows\nview\rfap.exe"
O4 - HKLM\..\Run: [cru] "c:\windows\system32\tepath\bsah.exe"
O4 - HKLM\..\Run: [nacqlo] "c:\windows\connection wizard\gjcbk.exe"
O4 - HKLM\..\Run: [Winsrv] C:\Program Files\Common Files\Microsoft Shared\MSInfo\Winsrv.exe
O4 - HKLM\..\Run: [svrcmd] $$$C:\WINDOWS\system32\svrcmd.exe
O4 - HKLM\..\Run: [gxgt.exe] "C:\WINDOWS\system32\gxgt.exe" start
O4 - HKLM\..\Run: [ctsr.exe] "C:\Documents and Settings\Joseph\Local Settings\ctsr.exe" ddo4
O4 - HKLM\..\Run: [sidii] "c:\windows\system32\catroot2\pmvv3\mnd.exe"
O4 - HKLM\..\Run: [jrgt] "c:\windows\system32\wins\s1\tulc.exe"
O4 - HKLM\..\Run: [cfimpsvbeh] C:\WINDOWS\system32\cfimpsvbeh.exe
O4 - HKLM\..\Run: [svbehkorua] C:\WINDOWS\system32\svbehkorua.exe
O4 - HKLM\..\Run: [vbehkoruad1] C:\WINDOWS\system32\vbehkoruad1.exe
O4 - HKLM\..\Run: [hkoruadgjn] C:\WINDOWS\system32\hkoruadgjn.exe
O4 - HKLM\..\Run: [koruadgjnq] C:\WINDOWS\system32\koruadgjnq.exe
O4 - HKLM\..\Run: [mmlcbg] "c:\windows\1345\php.exe"
O4 - HKLM\..\Run: [ncrsfn] "c:\windows\system32\drivers\etc\jmi.exe"
O4 - HKLM\..\Run: [iul] "c:\windows\system32\apaimf.exe"
O4 - HKLM\..\Run: [Report] C:\Windows\Config\Report.exe
O4 - HKLM\..\Run: [bqg] "c:\windows\rkrstp.exe"
O4 - HKLM\..\Run: [kkerk] "c:\windows\1088\krs.exe"
O4 - HKLM\..\Run: [svbehlorua] C:\WINDOWS\system32\svbehlorua.exe
O4 - HKLM\..\Run: [svbehlorua1] C:\WINDOWS\system32\svbehlorua1.exe
O4 - HKLM\..\Run: [vbehloruad] C:\WINDOWS\system32\vbehloruad.exe
O4 - HKLM\..\Run: [vbehloruad1] C:\WINDOWS\system32\vbehloruad1.exe
O4 - HKLM\..\Run: [cices] C:\WINDOWS\system32\Tepath\cices.exe
O4 - HKLM\..\Run: [phwinm] $$$C:\WINDOWS\system32\phwinm.exe
O4 - HKLM\..\Run: [wside13] c:\Program Files\wside13.exe
O4 - HKLM\..\Run: [lekvd.exe] "C:\WINDOWS\system32\lekvd.exe" start
O4 - HKLM\..\Run: [hsyc.exe] "C:\WINDOWS\system32\hsyc.exe" start
O4 - HKLM\..\Run: [oqjm.exe] "C:\WINDOWS\system32\oqjm.exe" start
O4 - HKLM\..\Run: [vhws.exe] "C:\WINDOWS\vhws.exe" start
O4 - HKLM\..\Run: [gst] "c:\windows\pchealth\gqmcl.exe"
O4 - HKLM\..\Run: [Cashup] $$$C:\Program Files\Internet Explorer\MUI\Cashup.exe
O4 - HKLM\..\Run: [feoua] C:\WINDOWS\system32\tmp003ui\feoua.exe
O4 - HKLM\..\Run: [wbeilosvad] C:\WINDOWS\system32\wbeilosvad.exe
O4 - HKLM\..\Run: [qmat] "c:\windows\ime\menisf.exe"
O4 - HKLM\..\Run: [yjwj.exe] "C:\Documents and Settings\Joseph\Templates\yjwj.exe" j385
O4 - HKLM\..\Run: [omm] "c:\windows\1022\tnl.exe"
O4 - HKLM\..\Run: [bjybn.exe] "C:\Documents and Settings\Joseph\Local Settings\bjybn.exe" xi66m
O4 - HKLM\..\Run: [qfcn] "c:\windows\system\adobe\gtt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DCB07] $$$C:\WINDOWS\system32\DCB\ex07.exe
O4 - HKLM\..\Run: [rlvlw.exe] "C:\Documents and Settings\Joseph\Application Data\rlvlw.exe" q3hl
O4 - HKLM\..\Run: [Cashonupdate] $$$C:\Program Files\CashOn\bin\CashOnUpdate02100720.exe
O4 - HKLM\..\Run: [beilorvadg] C:\WINDOWS\system32\beilorvadg.exe
O4 - HKLM\..\Run: [knquxcfjmp] C:\WINDOWS\system32\knquxcfjmp.exe
O4 - HKLM\..\Run: [psvbehloru] C:\WINDOWS\system32\psvbehloru.exe
O4 - HKLM\..\Run: [hloruadgjn] C:\WINDOWS\system32\hloruadgjn.exe
O4 - HKLM\..\Run: [loruadgjnq1] C:\WINDOWS\system32\loruadgjnq1.exe
O4 - HKLM\..\Run: [uxcgjmptwb] C:\WINDOWS\system32\uxcgjmptwb.exe
O4 - HKLM\..\Run: [AHNSDA] $$$C:\WINDOWS\system32\sysepro.exe
O4 - HKLM\..\Run: [RegViuum] $$$C:\Program Files\RegViuum\ViuumUp.exe
O4 - HKLM\..\Run: [actres] C:\WINDOWS\system32\actresource.exe
O4 - HKLM\..\Run: [atapu] C:\WINDOWS\system32\atapu.exe
O4 - HKLM\..\Run: [qsu] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [gkqbie] "c:\windows\system32\icsxml\hm\qnm.exe"
O4 - HKLM\..\Run: [acarmo2] C:\WINDOWS\system32\Tepath\acarmo2.exe
O4 - HKLM\..\Run: [Series] C:\Series.exe
O4 - HKLM\..\Run: [COMMTZ] $$$C:\WINDOWS\system32\commtz.exe
O4 - HKLM\..\Run: [pdgcin] "c:\windows\1328\jhtt.exe"
O4 - HKLM\..\Run: [fjqcho] "c:\windows\1328\jhtt.exe"
O4 - HKLM\..\Run: [WhiteV] $$$C:\Program Files\whitevaccine\VaccineZRD.exe
O4 - HKLM\..\Run: [gdena] "c:\windows\resources\themes\hlrmph.exe"
O4 - HKLM\..\Run: [ttk] "c:\windows\system32\icsxml\hm\qnm.exe"
O4 - HKLM\..\Run: [bna] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [pswbeilorv] C:\WINDOWS\system32\pswbeilorv.exe
O4 - HKLM\..\Run: [cfilpsvaeh] C:\WINDOWS\system32\cfilpsvaeh.exe
O4 - HKLM\..\Run: [lqunhk] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [ibjn] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [thhg] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [symc820] C:\WINDOWS\system32\symc820.exe
O4 - HKLM\..\Run: [TINTSETLS] $$$C:\windows\paris.exe
O4 - HKLM\..\Run: [arqlth] "c:\windows\system\adobe\uuqm.exe"
O4 - HKLM\..\Run: [xbukfcq] C:\WINDOWS\system32\xbukfcq.exe
O4 - HKLM\..\Run: [pbsms] "c:\windows\system32\up\lon.exe"
O4 - HKLM\..\Run: [opqjb] "c:\windows\system32\ime\ghslks.exe"
O4 - HKLM\..\Run: [sufu] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [ossj] "c:\windows\ime\menisf.exe"
O4 - HKLM\..\Run: [aoj] "c:\windows\1766\eqb.exe"
O4 - HKLM\..\Run: [cra] "c:\windows\system32\up\lon.exe"
O4 - HKLM\..\Run: [rge] "c:\windows\system32\ime\ghslks.exe"
O4 - HKLM\..\Run: [bgh] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [bhmdm] "c:\windows\1766\eqb.exe"
O4 - HKLM\..\Run: [jdm] "c:\windows\pchealth\uploadlb\config\rhq.exe"
O4 - HKLM\..\Run: [mdmkak] "c:\windows\system32\1054\gcobp.exe"
O4 - HKLM\..\Run: [lsdr] "c:\windows\contera\jmtj.exe"
O4 - HKLM\..\Run: [suerui] "c:\windows\webside\aoeoep.exe"
O4 - HKLM\..\Run: [MsgSpool] $$$C:\WINDOWS\system32\MsgSpool.exe
O4 - HKLM\..\Run: [ybdji] C:\WINDOWS\system32\ybdji.exe
O4 - HKLM\..\Run: [update Common flashLank] $$$C:\Program Files\Common Files\Adobe\rks\rank.exe
O4 - HKLM\..\Run: [sndca] "c:\windows\system32\1054\gcobp.exe"
O4 - HKLM\..\Run: [kmlb] "c:\windows\pchealth\uploadlb\config\rhq.exe"
O4 - HKLM\..\Run: [comdialg] C:\WINDOWS\system32\comdialg.exe
O4 - HKLM\..\Run: [qkdjn] "c:\windows\1766\eqb.exe"
O4 - HKLM\..\Run: [freeupd] C:\windows\system32\freeupd.exe
O4 - HKLM\..\Run: [vbehkoruxd] C:\WINDOWS\system32\vbehkoruxd.exe
O4 - HKLM\..\Run: [lvtdjyd] C:\WINDOWS\system32\lvtdjyd.exe
O4 - HKLM\..\Run: [synkui] C:\WINDOWS\system32\synkui.exe
O4 - HKLM\..\Run: [hsjuhr] "c:\windows\system32\1054\gcobp.exe"
O4 - HKLM\..\Run: [olk] "c:\windows\ie7updates\sahrbo.exe"
O4 - HKLM\..\Run: [rbqph] "c:\windows\ie7updates\sahrbo.exe"
O4 - HKLM\..\Run: [kafghg] "c:\windows\system32\1054\gcobp.exe"
O4 - HKLM\..\Run: [nkafgh] "c:\windows\pchealth\uploadlb\config\rhq.exe"
O4 - HKLM\..\Run: [toa] "c:\windows\system32\ime\ghslks.exe"
O4 - HKLM\..\Run: [kan] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [utkd] "c:\windows\ie7updates\sahrbo.exe"
O4 - HKLM\..\Run: [fch] "c:\windows\system32\export\m3\chkupd.exe"
O4 - HKLM\..\Run: [devm] C:\WINDOWS\system32\devmqr.exe
O4 - HKLM\..\Run: [blih] "c:\windows\ime\menisf.exe"
O4 - HKLM\..\Run: [InSHelp] $$$C:\Program Files\InSideBar\sidehlp.exe
O4 - HKLM\..\Run: [WinKeyProtect32] $$$C:\WINDOWS\system32\kbmodrv16.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [slbc] $$$C:\WINDOWS\system32\slbc.exe
O4 - HKLM\..\Run: [Roll] C:\Program Files\Common Files\Microsoft Shared\MSInfo\Roll.exe
O4 - HKLM\..\Run: [kims] C:\Windows\addins\kims.exe
O4 - HKLM\..\Run: [SHelp] $$$C:\Program Files\SideHelp\sidehp.exe
O4 - HKLM\..\Run: [jemp] "c:\windows\system32\com\dpso.exe"
O4 - HKLM\..\Run: [hccr] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [compros] C:\WINDOWS\system32\compros.exe
O4 - HKLM\..\Run: [nugqec] "c:\windows\microsoft.net\ecjkdj.exe"
O4 - HKLM\..\Run: [103843103843] C:\WINDOWS\system32\103843103843.exe
O4 - HKLM\..\Run: [easypots] $$$C:\WINDOWS\system32\easypotmn.exe
O4 - HKLM\..\Run: [imekrmigse] $$$C:\WINDOWS\system32\rmigse.exe
O4 - HKLM\..\Run: [rvadgknqtx] C:\WINDOWS\system32\rvadgknqtx.exe
O4 - HKLM\..\Run: [oakqg] "c:\windows\microsoft.net\ecjkdj.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SPUpdate] $$$C:\Program Files\SPoint\bin\SPUpdate02121843.exe
O4 - HKLM\..\Run: [uct] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [bbbbbbbbbb] C:\WINDOWS\system32\bbbbbbbbbb.exe
O4 - HKLM\..\Run: [eirobi] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [jrme] "c:\windows\system32\com\dpso.exe"
O4 - HKLM\..\Run: [pjpj] "c:\windows\system32\com\dpso.exe"
O4 - HKLM\..\Run: [mmmmmmmmmm] C:\WINDOWS\system32\mmmmmmmmmm.exe
O4 - HKLM\..\Run: [lpjp] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [gabgun] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [fqh] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [llrnrd] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [qgp] "c:\windows\microsoft.net\ecjkdj.exe"
O4 - HKLM\..\Run: [jka] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [akep] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [ceomr] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [pakepu] "c:\windows\system32\com\dpso.exe"
O4 - HKLM\..\Run: [mmmmmmmmmm1] C:\WINDOWS\system32\mmmmmmmmmm1.exe
O4 - HKLM\..\Run: [1038431038431] C:\WINDOWS\system32\1038431038431.exe
O4 - HKLM\..\Run: [James] C:\Program Files\Common Files\Microsoft Shared\James.exe
O4 - HKLM\..\Run: [qkqk] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [slj] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [rlrlgp] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [spmhtk] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [April2] C:\Program Files\Common Files\System\April2.exe
O4 - HKLM\..\Run: [ftriri] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ckhl] "c:\windows\tolk\fphlde.exe"
O4 - HKLM\..\Run: [cco] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [rkiui] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [jag] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ktub] $$$C:\WINDOWS\system32\ktub.exe
O4 - HKLM\..\Run: [etbbe] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [auhodf] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [CDj] $$$C:\WINDOWS\system32\CDjen.exe
O4 - HKLM\..\Run: [systf] C:\WINDOWS\system32\systfim.exe
O4 - HKLM\..\Run: [nnh] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qfhib] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [adnp] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [foo] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [dgjmqtwbfi] C:\WINDOWS\system32\dgjmqtwbfi.exe
O4 - HKLM\..\Run: [ics] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [muc] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [rdic] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [sejdio] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [pjnp] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [ujpsrt] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [msdr] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [adbr] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [mug] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [rlgb] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [qoppi] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [qhf] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [sith] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [iplgrh] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [mri] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qafrj] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [mnfur] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [mfgaq] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [fmjbpl] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [qklgnd] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [rlmh] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [etu] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [eblk] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [mhldbi] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [aqaqom] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [bjb] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [ochcq] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hlmtq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [iup] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [qtn] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [dfsjbb] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [gcjcta] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pls] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [gdmsb] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [gpr] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [entcn] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [jtotmr] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hqsuk] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ttij] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [uqnhc] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hdkd] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [dpjhn] "c:\windows\system32\3com_dmi\temp\ttm.exe"
O4 - HKLM\..\Run: [iprr] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [hjjtb] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [sbfr] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [kqat] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [shi] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ecu] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [nfjnef] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [gii] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [dgs] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [dasq] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [lqsfp] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [besfqd] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [glogp] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [esle] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [aer] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [fofg] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [aoff] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [tognei] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [jpe] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [aki] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [slq] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [bljnj] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [sdjdld] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [oscnj] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [jtra] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [kulpg] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [qipg] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [ftktse] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [fuc] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [idrcic] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ugs] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [trkb] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [uiheft] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [mfl] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [cqi] "c:\windows\system32\4875\cntpet.exe"
O4 - HKLM\..\Run: [lmc] "c:\windows\hbvjqc\bmhu.exe"
O4 - HKLM\..\Run: [hloruadgjn1] C:\WINDOWS\system32\hloruadgjn1.exe
O4 - HKLM\..\Run: [SOVbar] $$$C:\Program Files\Sovbars\sovbar.exe
O4 - HKLM\..\Run: [jid] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [sysi] $$$C:\WINDOWS\system32\sysi.exe
O4 - HKLM\..\Run: [soegj] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [eblgr] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [dpgj] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [hcts] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [cbhhgp] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [bpmus] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [mlsmhq] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [usDBDGIDr] C:\WINDOWS\system32\usDBDGID.exe
O4 - HKLM\..\Run: [iid] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [irrnd] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [pqphqi] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [els] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ukmpb] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [gfhq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [kct] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [tceec] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [moftka] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [srdq] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [plu] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [jdcmo] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [joa] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [jpniu] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [rqfaq] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [kndqml] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [rotdc] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pfah] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [jtpl] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [fucf] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [htfsnb] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qmprci] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [qmqt] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [dmm] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [rfco] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ifden] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [smddtc] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [qfdbh] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [lus] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [anfcri] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [kpdl] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ceb] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [rlrjqb] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [upnh] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [heoac] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [cunf] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [hhlqgd] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [npqn] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hkifdc] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [iskhqs] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ublkus] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [qsnk] "c:\windows\1345\write.exe"
O4 - HKLM\..\Run: [fibulb] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [kgdr] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [lnibdg] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ffcs] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [dorrqr] "c:\windows\1345\write.exe"
O4 - HKLM\..\Run: [ktp] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [qdfks] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [bug] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [uohdfc] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [abpstc] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [bgtbb] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [tghqo] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [rcj] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [iinst] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ett] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ipmqb] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gtf] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [gsgt] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ulpb] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [skrsnf] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [nrn] "c:\windows\1345\write.exe"
O4 - HKLM\..\Run: [rjqslt] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [lrrsmt] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [eiecia] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [jcklci] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [qeimfo] "c:\windows\sun\java\deployment\alsong.exe"
O4 - HKLM\..\Run: [euiru] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [snrkts] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [dmlsar] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [qbbg] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [ptau] "c:\windows\setupupd\sdho.exe"
O4 - HKLM\..\Run: [tba] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ihs] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [jigt] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [hjus] "c:\windows\1345\write.exe"
O4 - HKLM\..\Run: [cleqi] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [jicrht] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [faujqo] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [bbect] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [snt] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [mdq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [kflj] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [ijfdo] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [abafl] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [tmu] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [jekioq] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [rreoa] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [hhudu] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [hhnr] "c:\windows\system32\wbem\autorecover\ogqsk.exe"
O4 - HKLM\..\Run: [otwssu] $$$C:\WINDOWS\otwssu.exe
O4 - HKLM\..\Run: [lpsvaehkor] C:\WINDOWS\system32\lpsvaehkor.exe
O4 - HKLM\..\Run: [kkao] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ltn] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [mkhcq] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [lapqr] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [ragdg] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [sqfgi] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [cjehtc] "c:\windows\system32\ras\alupdate.exe"
O4 - HKLM\..\Run: [csjpli] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [scmgr] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [umqjne] "c:\windows\system32\ras\alupdate.exe"
O4 - HKLM\..\Run: [rmbqrs] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [lipq] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ujff] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [tieeae] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [nsah] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [afi] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [oapkbk] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [nhco] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [aqd] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [crifa] "c:\windows\system32\ras\alupdate.exe"
O4 - HKLM\..\Run: [jpa] "c:\windows\system32\urttemp\ucjfau.exe"
O4 - HKLM\..\Run: [rbj] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [fljqf] "c:\windows\setup.pss\odjkr.exe"
O4 - HKLM\..\Run: [lggdlr] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [gedsrk] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [bso] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [noj] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [ffin] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [hmhud] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [anfpmh] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [qug] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [dodof] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [canu] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [erhofd] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [oknn] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [inimtc] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ffck] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [rahbc] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [bps] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [ipsi] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [lei] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [npies] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [ohdr] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pad] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [pgem] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [trmij] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [ejk] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [qnest] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [btbkgp] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ecbjua] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [geuq] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [bjcobo] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [aibn] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [jrkbj] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [giccl] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [beq] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [sgsf] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [soqkkt] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [iando] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [ibh] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [jean] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [sql] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [tcisu] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [bfdqtt] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [gtll] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [cucl] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [imsb] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [skuqm] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [fbacr] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [agkqfh] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [gjfhbb] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [btjla] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [nfbglt] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [sqr] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [jnldg] "c:\windows\1973\rtlrack.exe"
O4 - HKLM\..\Run: [snteff] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qrqr] "c:\windows\system32\ncbtemp\ghnns.exe"
O4 - HKLM\..\Run: [qrcc] "c:\windows\7768\pireg.exe"
O4 - HKLM\..\Run: [bmu] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [mbtkdl] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [subhk] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ulheo] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [bto] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [rtjae] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [reesqt] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [qpadud] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [pssu] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [ist] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [capi] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [dcj] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [qlt] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [bfftkn] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [qpohhl] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [rmqhha] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [tlsjrl] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [kidqq] "c:\windows\system32\tmppath\afquavw.exe"
O4 - HKLM\..\Run: [tijtop] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [hohf] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [fqdnl] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [esqi] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ftrjas] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [qee] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [araelh] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [tacnr] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [afsaml] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [egik] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [fsbs] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [haag] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [lkufud] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ijalu] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [hiu] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [thigcl] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [heqtc] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [undcg] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [dfu] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [tklsul] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ref] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [diqash] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [tqn] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [chuq] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [qlqojg] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [kmlio] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [gif] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [fts] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [lerdq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [aprqg] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [SvrWinProtect32] C:\WINDOWS\system32\ymksyst32.exe
O4 - HKLM\..\Run: [jrmgkm] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [hcje] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [uttj]
0
This discussion has been closed.
Comments
O4 - HKLM\..\Run: [uscr] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [jsejuf] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [rcd] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [hflaf] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [maf] "c:\windows\1488\naiavfin.exe"
O4 - HKLM\..\Run: [ifor] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [pjf] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [jfjks] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [gkgkl] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [qhsgcj] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [ceo] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [eecmp] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [adcqgb] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [qjhg] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [iem] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [rjhnfo] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [qigm] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [nrfht] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [dog] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [kqi] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [sgiuti] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ajosa] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [anee] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [borr] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [ogjjh] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [borfh] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [eju] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [rcioim] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [nqeged] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [hhq] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [omdmgc] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [oasjts] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [dbul] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [tmefp] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [hnhl] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [jjc] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [dltlqdlfjs] C:\WINDOWS\system32\dltlqdl.exe
O4 - HKLM\..\Run: [sqolq] "c:\windows\4977\onji.exe"
O4 - HKLM\..\Run: [busb] "c:\windows\system32\servcies\azh3w\almap.exe"
O4 - HKLM\..\Run: [jgjbi] "c:\windows\system32\export\m3\dlnptp.exe"
O4 - HKLM\..\Run: [kag] "c:\windows\cache\icij.exe"
O4 - HKLM\..\Run: [dce] "c:\windows\temp99\usnsvc.exe"
O4 - HKLM\..\Run: [aufq] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [uhdpf] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [aif] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [ruegc] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [tdmb] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [nbjbsj] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [slmo] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [epokqq] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [gfb] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [gdqk] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [elg] "c:\windows\system32\servcies\azh3w\almap.exe"
O4 - HKLM\..\Run: [taokig] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [hue] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [htqik] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [siurjl] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [rdpnfb] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [pqgm] "c:\windows\system32\servcies\azh3w\almap.exe"
O4 - HKLM\..\Run: [huk] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [hhqi] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [kuj] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [efjoeu] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [aqsin] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [hkesto] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ogih] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [isg] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [cckgj] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [etr] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [sgkql] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [snps] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [oupii] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [jticcu] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [umiko] "c:\windows\1340\amtc.exe"
O4 - HKLM\..\Run: [kbha] "c:\windows\free-link\wmplayer.exe"
O4 - HKLM\..\Run: [aog] "c:\windows\connection wizard\kcudi.exe"
O4 - HKLM\..\Run: [kiq] "c:\windows\system32\servcies\azh3w\almap.exe"
O4 - HKLM\..\Run: [oesgr] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [pur] "c:\windows\1488\pofrhl.exe"
O4 - HKLM\..\Run: [bbdb] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [utt] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [tsgm] "c:\windows\system32\servcies\azh3w\almap.exe"
O4 - HKLM\..\Run: [ttgb] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [tdfo] "c:\windows\free-link\wmplayer.exe"
O4 - HKLM\..\Run: [ual] "c:\windows\system32\servcies\azh3w\almap.exe"
O4 - HKLM\..\Run: [jofdal] "c:\windows\system32\1037\almap.exe"
O4 - HKLM\..\Run: [jipqj] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [qcd] "c:\windows\free-link\wmplayer.exe"
O4 - HKLM\..\Run: [leag] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pfn] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [qdb] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [ftphei] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [air] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [gftd] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [aujd] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [acrf] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [iofh] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ueocig] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [irom] "c:\windows\system32\servcies\azh3w\almap.exe"
O4 - HKLM\..\Run: [apknlo] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [thpch] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [tgdm] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [utqb] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [qhks] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [ldgp] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [kkcl] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [qlf] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [qbg] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [tkej] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pbjhqh] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [sibmhb] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [muju] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [bqlo] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [okcson] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [khhfn] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [pinaka] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [kmi] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [thfnf] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [fmt] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [icki] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [leme] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [nffti] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [hujtr] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [nwdltlqdlfjs] C:\WINDOWS\system32\nwdltlqdl.exe
O4 - HKLM\..\Run: [csclo] "c:\windows\ebestsite\afquavw.exe"
O4 - HKLM\..\Run: [ief] "c:\windows\system32\bits\usnsvc.exe"
O4 - HKLM\..\Run: [joqi] "c:\windows\free-link\wmplayer.exe"
O4 - HKLM\..\Run: [ssebd] "c:\windows\system32\servcies\azh3w\almap.exe"
O4 - HKLM\..\Run: [IEinside] C:\Program Files\IEInsides\ieinside.exe
O4 - HKLM\..\Run: [buaph] "c:\windows\free-link\wmplayer.exe"
O4 - HKLM\..\Run: [ijlmmk] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [rjrj] "c:\windows\system32\1041\aijl.exe"
O4 - HKLM\..\Run: [uig] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [bas] "c:\windows\4633\hurllnk.exe"
O4 - HKLM\..\Run: [fohtoe] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [lmh] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [rathfi] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [jgk] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [kreasypot] C:\WINDOWS\system32\easypotup.exe
O4 - HKLM\..\Run: [imekrmmcl] C:\WINDOWS\system32\mtkrtool.exe
O4 - HKLM\..\Run: [girjk] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [kmeub] "c:\windows\winsafe\notepad.exe"
O4 - HKLM\..\Run: [mhg] "c:\windows\free-link\wmplayer.exe"
O4 - HKLM\..\Run: [igsk] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [ode] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [hlti] "c:\windows\zerovirus\blastcln.exe"
O4 - HKLM\..\Run: [dpsm] "c:\windows\winsafe\notepad.exe"
O4 - HKLM\..\Run: [akebu] C:\WINDOWS\akebump4.exe
O4 - HKLM\..\Run: [alnk] "c:\windows\setupupd\temp\alsee.exe"
O4 - HKLM\..\Run: [kiirdt] "c:\windows\ehome\naprdmgr.exe"
O4 - HKLM\..\Run: [nsofc] "c:\windows\system32\tmp003ui\tracert6.exe"
O4 - HKLM\..\Run: [searchupguideupdater] C:\Program Files\SearchupGuide\searchupguideupdater.exe
O4 - HKLM\..\Run: [sepq] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [kkr] "c:\windows\system32\tmp003ui\tracert6.exe"
O4 - HKLM\..\Run: [hih] "c:\windows\system32\winmgnt\temp\1912uc2\khsem.exe"
O4 - HKLM\..\Run: [mngo] "c:\windows\system32\winmgnt\temp\1912uc2\ghdr.exe"
O4 - HKLM\..\Run: [ksfrs] "c:\windows\system32\enswdb\ifk.exe"
O4 - HKLM\..\Run: [higdy] C:\WINDOWS\system32\igdys.exe
O4 - HKLM\..\Run: [eerqfb] "c:\windows\system32\quicktime\yhmx\mcscript.exe"
O4 - HKLM\..\Run: [kdlfa] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [pbq] "c:\windows\system32\1042\pireg.exe"
O4 - HKLM\..\Run: [qmnh] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [winmanagers] C:\WINDOWS\system32\winsrcmg.exe
O4 - HKLM\..\Run: [mcr] "c:\windows\1488\backitup.exe"
O4 - HKLM\..\Run: [djun] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [crqg] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [bahbs] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [amrki] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [luehoa] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [mdeqb] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ollb] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [jmbam] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [ppkfup] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [erot] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [citmga] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ros] "c:\windows\minidump\rbpclip.exe"
O4 - HKLM\..\Run: [gar] "c:\windows\1051\ogk.exe"
O4 - HKLM\..\Run: [ujuq] "c:\windows\1346\xmainnf.exe"
O4 - HKLM\..\Run: [oga] "c:\windows\system32\1033\aakkk.exe"
O4 - HKLM\..\Run: [iecomq] "c:\windows\system32\config\systemprofile\desktop\write.exe"
O4 - HKLM\..\Run: [orpa] "c:\windows\system32\tmp003ui\tracert6.exe"
O4 - HKLM\..\Run: [easypotm] C:\WINDOWS\system32\easypotupm.exe
O4 - HKLM\..\Run: [ISTray] "D:\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ISTray] "D:\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [runner1] $$$C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [kb8272032] C:\WINDOWS\system32\kb8272032.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [tresu] "c:\windows\twain_32\zr65_w\eplgk.exe"
O4 - HKLM\..\Run: [mdpkf] "c:\windows\cbboor\notepad.exe"
O4 - HKLM\..\Run: [fdaf] "c:\windows\system32\log\qpr.exe"
O4 - HKLM\..\Run: [ptkk] "c:\windows\system32\logfiles\httperr\pbisch.exe"
O4 - HKLM\..\Run: [kiahm] "c:\windows\zsetup\boom.exe"
O4 - HKLM\..\Run: [sumqsh] "c:\windows\system32\urttemp\naprdmgr.exe"
O4 - HKLM\..\Run: [hlj] "c:\windows\system32\macromed\shockwave 10\xtras\csscan.exe"
O4 - HKLM\..\Run: [winnsds] $$$C:\WINDOWS\system32\winnsdsset.exe
O4 - HKLM\..\Run: [ADSpider] "C:\Program Files\AD-Spider\ADSpider.exe" /boot
O4 - HKLM\..\RunOnce: [USBCONN Init] C:\WINDOWS\system32\wbholder.exe /init
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [windowuip.exe] C:\WINDOWS\system32\windowuip.exe
O4 - HKCU\..\Run: [snproc] $$$C:\Program Files\snproc\snproc.exe
O4 - HKCU\..\Run: [NeedWeb] $$$C:\Program Files\NeedWeb\NeedWeb.exe
O4 - HKCU\..\Run: [FlashPlayer] $$$C:\Program Files\FlashPlayer\FlashPlayer.exe /WS
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKCU\..\Run: [Xweb] "C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe"
O4 - HKCU\..\Run: [neroburn] "C:\Program Files\Ahead\Nero\CDI\neroburn.exe"
O4 - HKCU\..\Run: [compx32] C:\WINDOWS\system32\compx32.exe
O4 - HKCU\..\Run: [DIFxApp] C:\Program Files\Common Files\Microsoft Shared\Windows Live\DIFxApp.exe
O4 - HKCU\..\Run: [rcggqn] "C:\WINDOWS\4633\qpe.exe"
O4 - HKCU\..\Run: [australia] $$$"C:\Program Files\Messenger\australia.exe"
O4 - HKCU\..\Run: [brazil] $$$"C:\WINDOWS\Web\brazil.exe"
O4 - HKCU\..\Run: [alzip] "C:\Program Files\ESTsoft\ALZip\Banner\alzip.exe"
O4 - HKCU\..\Run: [winqFkIT] C:\WINDOWS\system32\winqFkIT.exe
O4 - HKCU\..\Run: [japan] $$$"C:\WINDOWS\Web\OpenClient.exe"
O4 - HKCU\..\Run: [kuwait] "C:\WINDOWS\pss\psscontrol.exe"
O4 - HKCU\..\Run: [lpsvbehkor] C:\WINDOWS\system32\lpsvbehkor.exe
O4 - HKCU\..\Run: [lorvadhknq] C:\WINDOWS\system32\lorvadhknq.exe
O4 - HKCU\..\Run: [WindowSystemInfo] $$$C:\WINDOWS\system32\wininfoupdate.exe
O4 - HKCU\..\Run: [lebanon] $$$"C:\Program Files\ESTsoft\ALUpdate\AZMains.exe"
O4 - HKCU\..\Run: [liberia] $$$"C:\Program Files\SoftForum\sofrum.exe"
O4 - HKCU\..\Run: [mexico] $$$"C:\Program Files\MSN Messenger\Device Manager\Loc\1051\msndevmen.exe"
O4 - HKCU\..\Run: [swbeilorva] C:\WINDOWS\system32\swbeilorva.exe
O4 - HKCU\..\Run: [eilorvadgk] C:\WINDOWS\system32\eilorvadgk.exe
O4 - HKCU\..\Run: [Getoas] C:\Program Files\Internet Explorer\Custom\Getoas.exe
O4 - HKCU\..\Run: [doua3up] $$$C:\WINDOWS\system32\doua3up.exe
O4 - HKCU\..\Run: [redirw.exe] C:\Documents and Settings\Joseph\Local Settings\redirw.exe xps
O4 - HKCU\..\Run: [uhue] "C:\WINDOWS\system32\1031\gd.exe"
O4 - HKCU\..\Run: [psvaehknru] C:\WINDOWS\system32\psvaehknru.exe
O4 - HKCU\..\Run: [oioitr] "C:\WINDOWS\system32\CatRoot2\pmvv3\bq.exe"
O4 - HKCU\..\Run: [dlj] "C:\WINDOWS\EHome\emo.exe"
O4 - HKCU\..\Run: [armmi] "C:\WINDOWS\system32\winmgnt\Temp\1912uc2\maa.exe"
O4 - HKCU\..\Run: [bct] "C:\WINDOWS\srchasst\por.exe"
O4 - HKCU\..\Run: [krqjju] "C:\WINDOWS\1356\snk.exe"
O4 - HKCU\..\Run: [fno] "C:\WINDOWS\1356\em.exe"
O4 - HKCU\..\Run: [cfuhic] "C:\WINDOWS\msapps\jc.exe"
O4 - HKCU\..\Run: [ggae] "C:\WINDOWS\system32\Setup\lo.exe"
O4 - HKCU\..\Run: [copbu] "C:\WINDOWS\MsImg\oo.exe"
O4 - HKCU\..\Run: [sgskm] "C:\WINDOWS\addins\ded.exe"
O4 - HKCU\..\Run: [bmbk] "C:\WINDOWS\system32\servcies\azh3w\dbd.exe"
O4 - HKCU\..\Run: [flutn] "C:\WINDOWS\system32\dcooper\fd.exe"
O4 - HKCU\..\Run: [xcfjmpswbe] C:\WINDOWS\system32\xcfjmpswbe.exe
O4 - HKCU\..\Run: [gknqtxcfim] C:\WINDOWS\system32\gknqtxcfim.exe
O4 - HKCU\..\Run: [sdhi] "C:\WINDOWS\system32\temp2\ihg.exe"
O4 - HKCU\..\Run: [stbk] "C:\WINDOWS\sevencasino\ogu.exe"
O4 - HKCU\..\Run: [lopp] "C:\WINDOWS\system32\drivers\ii.exe"
O4 - HKCU\..\Run: [nkrh] "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\iia.exe"
O4 - HKCU\..\Run: [kumo] "C:\WINDOWS\system32\winmgnt\mtt.exe"
O4 - HKCU\..\Run: [jkum] "C:\WINDOWS\vi\rje.exe"
O4 - HKCU\..\Run: [amup] "C:\WINDOWS\repair\iu.exe"
O4 - HKCU\..\Run: [csed] "C:\WINDOWS\system32\Macromed\Director\jbl.exe"
O4 - HKCU\..\Run: [rkfi] C:\WINDOWS\system32\Setup\iu.exe
O4 - HKCU\..\Run: [qspo] "C:\WINDOWS\system32\atapi\tj.exe"
O4 - HKCU\..\Run: [eonl] "C:\WINDOWS\system32\export\m3\uef.exe"
O4 - HKCU\..\Run: [dsod] "C:\WINDOWS\srchasst\chars\jqc.exe"
O4 - HKCU\..\Run: [otgd] "C:\WINDOWS\4977\cub.exe"
O4 - HKCU\..\Run: [mqtwbfilps] C:\WINDOWS\system32\mqtwbfilps.exe
O4 - HKCU\..\Run: [qtwbfilpsv] C:\WINDOWS\system32\qtwbfilpsv.exe
O4 - HKCU\..\Run: [dobiex] $$$C:\WINDOWS\system32\dobiex.exe
O4 - HKCU\..\Run: [ttisi] "C:\WINDOWS\system32\up\qkp.exe"
O4 - HKCU\..\Run: [rsq] "C:\WINDOWS\moviekorea\oln.exe"
O4 - HKCU\..\Run: [gnlb] "C:\WINDOWS\1673\tbt.exe"
O4 - HKCU\..\Run: [rfo] "C:\WINDOWS\system32\ShellExt\1319unr\uqd.exe"
O4 - HKCU\..\Run: [aigdl] "C:\WINDOWS\system32\1031\hprbmdl.exe"
O4 - HKCU\..\Run: [websvc] C:\Windows\AppPatch\websvc.exe
O4 - HKCU\..\Run: [jaef] "C:\WINDOWS\system32\enswdb\jd.exe"
O4 - HKCU\..\Run: [hedr] "C:\WINDOWS\sevencasino\dni.exe"
O4 - HKCU\..\Run: [sljm] "C:\WINDOWS\system32\4875\kp.exe"
O4 - HKCU\..\Run: [caei] "C:\WINDOWS\vi\bfgptiq.exe"
O4 - HKCU\..\Run: [ilpsvaehko] C:\WINDOWS\system32\ilpsvaehko.exe
O4 - HKCU\..\Run: [hknquxcfjm] C:\WINDOWS\system32\hknquxcfjm.exe
O4 - HKCU\..\Run: [ehkoruxdgj] C:\WINDOWS\system32\ehkoruxdgj.exe
O4 - HKCU\..\Run: [hkoruxdgjm] C:\WINDOWS\system32\hkoruxdgjm.exe
O4 - HKCU\..\Run: [hkoruxdgjm1] C:\WINDOWS\system32\hkoruxdgjm1.exe
O4 - HKCU\..\Run: [gjmqtwcfil] C:\WINDOWS\system32\gjmqtwcfil.exe
O4 - HKCU\..\Run: [websys] C:\Program Files\Common Files\Microsoft Shared\Windows Live\websys.exe
O4 - HKCU\..\Run: [ffkb] "C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\kkp.exe"
O4 - HKCU\..\Run: [lohjjl] "C:\WINDOWS\Cursors\efr.exe"
O4 - HKCU\..\Run: [mfghu] "C:\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1\jfh.exe"
O4 - HKCU\..\Run: [lsip] "C:\WINDOWS\system32\IME\dik.exe"
O4 - HKCU\..\Run: [ftut] "C:\WINDOWS\1766\uju.exe"
O4 - HKCU\..\Run: [mfsuj] "C:\WINDOWS\Sun\Java\Deployment\giohdjm.exe"
O4 - HKCU\..\Run: [bclta] "C:\WINDOWS\system32\mui\dj.exe"
O4 - HKCU\..\Run: [flfqhi] "C:\WINDOWS\WBEM\ga.exe"
O4 - HKCU\..\Run: [bolc] "C:\WINDOWS\system32\fanocean\Temp\ufj.exe"
O4 - HKCU\..\Run: [sfka] "C:\WINDOWS\system32\Com\hlt.exe"
O4 - HKCU\..\Run: [ghhgbt] "C:\WINDOWS\1328\jkl.exe"
O4 - HKCU\..\Run: [tjr] "C:\WINDOWS\system32\appmgmt\qk.exe"
O4 - HKCU\..\Run: [ktcqbq] "C:\WINDOWS\Help\mail\jn.exe"
O4 - HKCU\..\Run: [cbj] "C:\WINDOWS\TOLK\au.exe"
O4 - HKCU\..\Run: [swddd] c:\windows\swddd.exe
O4 - HKCU\..\Run: [nmfu] C:\WINDOWS\ime\imejp98\fp.exe
O4 - HKCU\..\Run: [iimi] "C:\WINDOWS\TOLK\hfi.exe"
O4 - HKCU\..\Run: [acrc] "C:\WINDOWS\system32\IME\ha.exe"
O4 - HKCU\..\Run: [UPIs] C:\Windows\addins\UPIs.exe
O4 - HKCU\..\Run: [fqoi] "C:\WINDOWS\system32\IME\ha.exe"
O4 - HKCU\..\Run: [drtr] "C:\WINDOWS\system32\ReinstallBackups\qlq.exe"
O4 - HKCU\..\Run: [kmus] "C:\WINDOWS\SoftwareDistribution\DataStore\cik.exe"
O4 - HKCU\..\Run: [ujrb] "C:\WINDOWS\system32\IME\ha.exe"
O4 - HKCU\..\Run: [rjuc] "C:\WINDOWS\system32\floerq\gntgd.exe"
O4 - HKCU\..\Run: [pbjl] "C:\WINDOWS\system32\DirectX\except\mm.exe"
O4 - HKCU\..\Run: [lbii] "C:\WINDOWS\Semtool\pd.exe"
O4 - HKCU\..\Run: [qssg] "C:\WINDOWS\system32\_temp\$$temp$$03\bd.exe"
O4 - HKCU\..\Run: [pmth] "C:\WINDOWS\system32\winmgnt\Temp\bg.exe"
O4 - HKCU\..\Run: [jlea] "C:\WINDOWS\system32\servcies\mmb.exe"
O4 - HKCU\..\Run: [imie] "C:\WINDOWS\1088\ac.exe"
O4 - HKCU\..\Run: [flep] "C:\WINDOWS\system32\MsDtc\Trace\mahn8\pb.exe"
O4 - HKCU\..\Run: [pmbich] "C:\WINDOWS\1488\krl.exe"
O4 - HKCU\..\Run: [arakht] "C:\WINDOWS\system32\1054\oqp.exe"
O4 - HKCU\..\Run: [msbume] "C:\WINDOWS\system32\2052\rq.exe"
O4 - HKCU\..\Run: [dfto] "C:\WINDOWS\sevencasino\nqd.exe"
O4 - HKCU\..\Run: [logeso] "C:\WINDOWS\1068\uf.exe"
O4 - HKCU\..\Run: [lcerdo] "C:\WINDOWS\twain_32\ZR65_W\gcg.exe"
O4 - HKCU\..\Run: [gxgt.exe] "C:\WINDOWS\system32\gxgt.exe" start
O4 - HKCU\..\Run: [ctsr.exe] "C:\Documents and Settings\Joseph\Local Settings\ctsr.exe" ddo4
O4 - HKCU\..\Run: [uofn] C:\WINDOWS\Semtool\hs.exe
O4 - HKCU\..\Run: [emmc] "C:\WINDOWS\system32\pTmpdir\lie.exe"
O4 - HKCU\..\Run: [mpge] "C:\WINDOWS\1355\dsk.exe"
O4 - HKCU\..\Run: [sfjl] "C:\WINDOWS\system32\3com_dmi\Temp\juu.exe"
O4 - HKCU\..\Run: [ijnu] "C:\WINDOWS\1355\dsk.exe"
O4 - HKCU\..\Run: [Detre] c:\windows\system32\Detre.exe
O4 - HKCU\..\Run: [CINTLGNTs] C:\Windows\addins\CINTLGNTs.exe
O4 - HKCU\..\Run: [oksb] "C:\WINDOWS\system32\bits\dm.exe"
O4 - HKCU\..\Run: [cmjo] "C:\WINDOWS\system32\Macromed\update\bs.exe"
O4 - HKCU\..\Run: [Monkey3Saver] C:\Program Files\MK3Saver\Monkey3_Saver_Manager.exe
O4 - HKCU\..\Run: [ghin] "C:\WINDOWS\system32\Macromed\update\bs.exe"
O4 - HKCU\..\Run: [nugj] "C:\WINDOWS\system32\bits\dm.exe"
O4 - HKCU\..\Run: [ooau] "C:\WINDOWS\system32\bits\dm.exe"
O4 - HKCU\..\Run: [unon] "C:\WINDOWS\system32\Macromed\update\bs.exe"
O4 - HKCU\..\Run: [cfimpsvbeh] C:\WINDOWS\system32\cfimpsvbeh.exe
O4 - HKCU\..\Run: [svbehkorua] C:\WINDOWS\system32\svbehkorua.exe
O4 - HKCU\..\Run: [vbehkoruad1] C:\WINDOWS\system32\vbehkoruad1.exe
O4 - HKCU\..\Run: [hkoruadgjn] C:\WINDOWS\system32\hkoruadgjn.exe
O4 - HKCU\..\Run: [koruadgjnq] C:\WINDOWS\system32\koruadgjnq.exe
O4 - HKCU\..\Run: [svbehlorua] C:\WINDOWS\system32\svbehlorua.exe
O4 - HKCU\..\Run: [svbehlorua1] C:\WINDOWS\system32\svbehlorua1.exe
O4 - HKCU\..\Run: [vbehloruad] C:\WINDOWS\system32\vbehloruad.exe
O4 - HKCU\..\Run: [vbehloruad1] C:\WINDOWS\system32\vbehloruad1.exe
O4 - HKCU\..\Run: [Winsrv] C:\Windows\addins\Winsrv.exe
O4 - HKCU\..\Run: [winreg] C:\Program Files\Internet Explorer\Custom\winreg.exe
O4 - HKCU\..\Run: [dgt] "C:\WINDOWS\1377\gq.exe"
O4 - HKCU\..\Run: [nfhjpc] "C:\WINDOWS\system32\Restore\mpm.exe"
O4 - HKCU\..\Run: [erctpm] "C:\WINDOWS\system32\migate\off.exe"
O4 - HKCU\..\Run: [msk] "C:\WINDOWS\setupupd\temp\rln.exe"
O4 - HKCU\..\Run: [brdo] "C:\WINDOWS\1488\iq.exe"
O4 - HKCU\..\Run: [gjig] "C:\WINDOWS\system32\1033\nf.exe"
O4 - HKCU\..\Run: [qthc] "C:\WINDOWS\8857\ghtlnnp.exe"
O4 - HKCU\..\Run: [fekol] "C:\WINDOWS\system32\dcooper\Temp\5y5m\bel.exe"
O4 - HKCU\..\Run: [bmnnm] "C:\WINDOWS\system32\sysure\os.exe"
O4 - HKCU\..\Run: [jqlnku] "C:\WINDOWS\system32\LogFiles\HTTPERR\rcu.exe"
O4 - HKCU\..\Run: [ebob] "C:\WINDOWS\Debug\ojt.exe"
O4 - HKCU\..\Run: [glh] "C:\WINDOWS\system32\config\except\usk.exe"
O4 - HKCU\..\Run: [dusakd] "C:\WINDOWS\daum\pa.exe"
O4 - HKCU\..\Run: [iefu] "C:\WINDOWS\system32\CatRoot\qm.exe"
O4 - HKCU\..\Run: [rmte] "C:\WINDOWS\sevencasino\snr.exe"
O4 - HKCU\..\Run: [dljr] "C:\WINDOWS\system32\spool\prtprocs\nif.exe"
O4 - HKCU\..\Run: [aaih] "C:\WINDOWS\system32\inetsrv\fch.exe"
O4 - HKCU\..\Run: [oruh] "C:\WINDOWS\mui\ib.exe"
O4 - HKCU\..\Run: [djju] "C:\WINDOWS\ZeroVirus\on.exe"
O4 - HKCU\..\Run: [plde] "C:\WINDOWS\system32\grapetd\Temp\bept.exe"
O4 - HKCU\..\Run: [iiae] "C:\WINDOWS\system32\servcies\nns.exe"
O4 - HKCU\..\Run: [iocr] "C:\WINDOWS\system32\tmpDirs\qm.exe"
O4 - HKCU\..\Run: [ldkl] "C:\WINDOWS\1365\mmg.exe"
O4 - HKCU\..\Run: [jddj] "C:\WINDOWS\system32\Quicktime\yhmx\mpl.exe"
O4 - HKCU\..\Run: [bebl] C:\WINDOWS\system32\1028\pdt.exe
O4 - HKCU\..\Run: [qtkp] "C:\WINDOWS\system32\Tepath\mbt.exe"
O4 - HKCU\..\Run: [lekvd.exe] "C:\WINDOWS\system32\lekvd.exe" start
O4 - HKCU\..\Run: [hsyc.exe] "C:\WINDOWS\system32\hsyc.exe" start
O4 - HKCU\..\Run: [oqjm.exe] "C:\WINDOWS\system32\oqjm.exe" start
O4 - HKCU\..\Run: [vhws.exe] "C:\WINDOWS\vhws.exe" start
O4 - HKCU\..\Run: [tgmbo] "C:\WINDOWS\1356\rsu.exe"
O4 - HKCU\..\Run: [bqk] "C:\WINDOWS\Microsoft.NET\qji.exe"
O4 - HKCU\..\Run: [ichnmk] "C:\WINDOWS\Downloaded Installations\{55217A7A-DBAD-4DAD-BE64-0099B735FEF4}\ie.exe"
O4 - HKCU\..\Run: [mfrnu] "C:\WINDOWS\system32\wbem\mof\ifp.exe"
O4 - HKCU\..\Run: [rsbejs] "C:\WINDOWS\system32\temp2\hwzw3\uc.exe"
O4 - HKCU\..\Run: [klidno] "C:\WINDOWS\system32\migate\rhm83\ige.exe"
O4 - HKCU\..\Run: [unak] "C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\db.exe"
O4 - HKCU\..\Run: [irleef] "C:\WINDOWS\ZeroVirus\rum.exe"
O4 - HKCU\..\Run: [beu] "C:\WINDOWS\system32\icsxml\hm\kgl.exe"
O4 - HKCU\..\Run: [sgdb] "C:\WINDOWS\system32\export\m3\kc.exe"
O4 - HKCU\..\Run: [padbfb] "C:\WINDOWS\1033\dj.exe"
O4 - HKCU\..\Run: [nujqt] "C:\WINDOWS\system32\dhcp\kbut.exe"
O4 - HKCU\..\Run: [hcsns] "C:\WINDOWS\vi\jai.exe"
O4 - HKCU\..\Run: [pmpr] "C:\WINDOWS\Minidump\na.exe"
O4 - HKCU\..\Run: [peq] "C:\WINDOWS\system32\3076\mua.exe"
O4 - HKCU\..\Run: [wbeilosvad] C:\WINDOWS\system32\wbeilosvad.exe
O4 - HKCU\..\Run: [rqfd] "C:\WINDOWS\system32\qsearch\kim.exe"
O4 - HKCU\..\Run: [mrlf] "C:\WINDOWS\system32\qsearch\kim.exe"
O4 - HKCU\..\Run: [sqgf] "C:\WINDOWS\sevencasino\sip.exe"
O4 - HKCU\..\Run: [nlbh] "C:\WINDOWS\system32\inetsrv\utl.exe"
O4 - HKCU\..\Run: [ukae] "C:\WINDOWS\nview\qu.exe"
O4 - HKCU\..\Run: [plme] "C:\WINDOWS\system32\npp\iks.exe"
O4 - HKCU\..\Run: [tnnq] "C:\WINDOWS\provisioning\schemas\jd.exe"
O4 - HKCU\..\Run: [hane] "C:\WINDOWS\1433\hj.exe"
O4 - HKCU\..\Run: [laeu] "C:\WINDOWS\system32\qsearch\kim.exe"
O4 - HKCU\..\Run: [tchc] "C:\WINDOWS\1098\niq.exe"
O4 - HKCU\..\Run: [jmef] "C:\WINDOWS\1022\mue.exe"
O4 - HKCU\..\Run: [hlui] C:\WINDOWS\system32\winmgnt\Temp\un.exe
O4 - HKCU\..\Run: [qatj] "C:\WINDOWS\3457\purhn.exe"
O4 - HKCU\..\Run: [ofii] "C:\WINDOWS\system32\spool\drivers\color\sm.exe"
O4 - HKCU\..\Run: [pnha] "C:\WINDOWS\1346\dla.exe"
O4 - HKCU\..\Run: [kthm] "C:\WINDOWS\system32\1042\eb.exe"
O4 - HKCU\..\Run: [lnnl] "C:\WINDOWS\AppPatch\lq.exe"
O4 - HKCU\..\Run: [yjwj.exe] "C:\Documents and Settings\Joseph\Templates\yjwj.exe" j385
O4 - HKCU\..\Run: [nql] "C:\WINDOWS\system32\tmppath\fg.exe"
O4 - HKCU\..\Run: [hbgkhb] "C:\WINDOWS\system32\qsearch\hfa.exe"
O4 - HKCU\..\Run: [gfmdun] "C:\WINDOWS\system32\servcies\azh3w\fff.exe"
O4 - HKCU\..\Run: [bjybn.exe] "C:\Documents and Settings\Joseph\Local Settings\bjybn.exe" xi66m
O4 - HKCU\..\Run: [rnchkq] "C:\WINDOWS\system32\3com_dmi\Temp\afl.exe"
O4 - HKCU\..\Run: [bqrln] "C:\WINDOWS\sevencasino\hl.exe"
O4 - HKCU\..\Run: [nffij] "C:\WINDOWS\Driver Cache\i386\ctb.exe"
O4 - HKCU\..\Run: [rbscjm] "C:\WINDOWS\system32\1031\tc.exe"
O4 - HKCU\..\Run: [omc] "C:\WINDOWS\system32\Tepath\no.exe"
O4 - HKCU\..\Run: [tnrco] "C:\WINDOWS\1345\qo.exe"
O4 - HKCU\..\Run: [rlvlw.exe] "C:\Documents and Settings\Joseph\Application Data\rlvlw.exe" q3hl
O4 - HKCU\..\Run: [beilorvadg] C:\WINDOWS\system32\beilorvadg.exe
O4 - HKCU\..\Run: [knquxcfjmp] C:\WINDOWS\system32\knquxcfjmp.exe
O4 - HKCU\..\Run: [psvbehloru] C:\WINDOWS\system32\psvbehloru.exe
O4 - HKCU\..\Run: [hloruadgjn] C:\WINDOWS\system32\hloruadgjn.exe
O4 - HKCU\..\Run: [dia] "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\cf.exe"
O4 - HKCU\..\Run: [loruadgjnq1] C:\WINDOWS\system32\loruadgjnq1.exe
O4 - HKCU\..\Run: [uxcgjmptwb] C:\WINDOWS\system32\uxcgjmptwb.exe
O4 - HKCU\..\Run: [tgnqee] "C:\WINDOWS\system32\up\gk.exe"
O4 - HKCU\..\Run: [naa2up] C:\WINDOWS\system32\naa2up.exe
O4 - HKCU\..\Run: [pswbeilorv] C:\WINDOWS\system32\pswbeilorv.exe
O4 - HKCU\..\Run: [cfilpsvaeh] C:\WINDOWS\system32\cfilpsvaeh.exe
O4 - HKCU\..\Run: [wiznavi toolbar] $$$C:\Program Files\wiznavi\updatewiznavibar.exe
O4 - HKCU\..\Run: [scftcs] "C:\WINDOWS\winsafe\rq.exe"
O4 - HKCU\..\Run: [nrmcb] "C:\WINDOWS\pcradio\ork.exe"
O4 - HKCU\..\Run: [ssps] "C:\WINDOWS\system32\2052\ks.exe"
O4 - HKCU\..\Run: [mpmkh] "C:\WINDOWS\Config\oa.exe"
O4 - HKCU\..\Run: [iekcf] "C:\WINDOWS\1098\kl.exe"
O4 - HKCU\..\Run: [conis] "C:\WINDOWS\system32\bits\bl.exe"
O4 - HKCU\..\Run: [ute] "C:\WINDOWS\Registration\ich.exe"
O4 - HKCU\..\Run: [cci] "C:\WINDOWS\system32\URTTemp\hc.exe"
O4 - HKCU\..\Run: [qmesbl] "C:\WINDOWS\Cache\ma.exe"
O4 - HKCU\..\Run: [uubrdk] "C:\WINDOWS\system32\appmgmt\qnc.exe"
O4 - HKCU\..\Run: [dbtajb] "C:\WINDOWS\system32\CatRoot2\pmvv3\nha.exe"
O4 - HKCU\..\Run: [jjoo] "C:\WINDOWS\system32\Ukum\ddn.exe"
O4 - HKCU\..\Run: [qrq] "C:\WINDOWS\system32\wbem\gdsspb.exe"
O4 - HKCU\..\Run: [slmusf] "C:\WINDOWS\1365\fcg.exe"
O4 - HKCU\..\Run: [Nthost] C:\Windows\addins\Nthost.exe
O4 - HKCU\..\Run: [OPQ] C:\Program Files\Common Files\Microsoft Shared\MSInfo\OPQ.exe
O4 - HKCU\..\Run: [tiqp] "C:\WINDOWS\system32\tmpDirs\so.exe"
O4 - HKCU\..\Run: [kbhg] "C:\WINDOWS\system32\oobe\kl.exe"
O4 - HKCU\..\Run: [asda] "C:\WINDOWS\system32\4875\nmt.exe"
O4 - HKCU\..\Run: [ooor] "C:\WINDOWS\ebestsite\pc.exe"
O4 - HKCU\..\Run: [iqes] C:\WINDOWS\ebestsite\uc.exe
O4 - HKCU\..\Run: [sqhl] "C:\WINDOWS\system32\4875\nmt.exe"
O4 - HKCU\..\Run: [geul] "C:\WINDOWS\ebestsite\pc.exe"
O4 - HKCU\..\Run: [uktm] "C:\WINDOWS\system32\4875\nmt.exe"
O4 - HKCU\..\Run: [iaam] "C:\WINDOWS\system32\oobe\kl.exe"
O4 - HKCU\..\Run: [odur] C:\WINDOWS\ebestsite\uc.exe
O4 - HKCU\..\Run: [nrel] "C:\WINDOWS\ebestsite\pc.exe"
O4 - HKCU\..\Run: [pscm] "C:\WINDOWS\system32\tmpDirs\so.exe"
O4 - HKCU\..\Run: [aknt] "C:\WINDOWS\system32\4875\nmt.exe"
O4 - HKCU\..\Run: [fugh] "C:\WINDOWS\ebestsite\pc.exe"
O4 - HKCU\..\Run: [gmud] C:\WINDOWS\ebestsite\uc.exe
O4 - HKCU\..\Run: [liqc] "C:\WINDOWS\system32\4875\nmt.exe"
O4 - HKCU\..\Run: [rceo] "C:\WINDOWS\ebestsite\pc.exe"
O4 - HKCU\..\Run: [cgul] "C:\WINDOWS\system32\4875\nmt.exe"
O4 - HKCU\..\Run: [befn] C:\WINDOWS\ebestsite\uc.exe
O4 - HKCU\..\Run: [orft] "C:\WINDOWS\ebestsite\pc.exe"
O4 - HKCU\..\Run: [noch] "C:\WINDOWS\system32\4875\nmt.exe"
O4 - HKCU\..\Run: [pfel] "C:\WINDOWS\vi\ub.exe"
O4 - HKCU\..\Run: [buke] "C:\WINDOWS\SoftwareDistribution\emb.exe"
O4 - HKCU\..\Run: [rqsq] "C:\WINDOWS\mui\kl.exe"
O4 - HKCU\..\Run: [lkjo] "C:\WINDOWS\system32\servcies\except\cp.exe"
O4 - HKCU\..\Run: [khgb] C:\WINDOWS\ebestsite\uc.exe
O4 - HKCU\..\Run: [pblt] "C:\WINDOWS\ebestsite\pc.exe"
O4 - HKCU\..\Run: [iaik] "C:\WINDOWS\4977\bon.exe"
O4 - HKCU\..\Run: [pdgh] "C:\WINDOWS\provisioning\schemas\nr.exe"
O4 - HKCU\..\Run: [nsbj] "C:\WINDOWS\system32\1041\a229ac1\3gxxwrwwr\kjg.exe"
O4 - HKCU\..\Run: [fahb] "C:\WINDOWS\system32\dcooper\jddkk.exe"
O4 - HKCU\..\Run: [inco] "C:\WINDOWS\1433\ocj.exe"
O4 - HKCU\..\Run: [dmsmatma] $$$C:\WINDOWS\system32\dmsmatma.exe
O4 - HKCU\..\Run: [kmlxeru] $$$C:\WINDOWS\system32\kmlxeru.exe
O4 - HKCU\..\Run: [vbehkoruxd] C:\WINDOWS\system32\vbehkoruxd.exe
O4 - HKCU\..\Run: [poims2] $$$C:\WINDOWS\system32\poims2.exe
O4 - HKCU\..\Run: [lndowsp3] $$$C:\WINDOWS\system32\lndowsp3.exe
O4 - HKCU\..\Run: [imsoe] $$$C:\WINDOWS\system32\imsoe.exe
O4 - HKCU\..\Run: [103843103843] C:\WINDOWS\system32\103843103843.exe
O4 - HKCU\..\Run: [owsp] $$$C:\WINDOWS\system32\linealer.exe
O4 - HKCU\..\Run: [bbbbbbbbbb] C:\WINDOWS\system32\bbbbbbbbbb.exe
O4 - HKCU\..\Run: [Regsys] c:\Program Files\Regsys.exe
O4 - HKCU\..\Run: [svcmon] $$$C:\Program Files\Internet Explorer\SIGNUP\svcmon.exe
O4 - HKCU\..\Run: [mmmmmmmmmm] C:\WINDOWS\system32\mmmmmmmmmm.exe
O4 - HKCU\..\Run: [wlndowsp2] $$$C:\WINDOWS\system32\wlndowsp2.exe
O4 - HKCU\..\Run: [mmmmmmmmmm1] C:\WINDOWS\system32\mmmmmmmmmm1.exe
O4 - HKCU\..\Run: [obe] "C:\WINDOWS\Debug\ah.exe"
O4 - HKCU\..\Run: [ikl] "C:\WINDOWS\1358\hgb.exe"
O4 - HKCU\..\Run: [1038431038431] C:\WINDOWS\system32\1038431038431.exe
O4 - HKCU\..\Run: [lpsvaehkor] C:\WINDOWS\system32\lpsvaehkor.exe
O4 - HKCU\..\Run: [Mantos] C:\Program Files\Common Files\Microsoft Shared\Mantos.exe
O4 - HKCU\..\Run: [Getos] C:\Program Files\Internet Explorer\Custom\Getos.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [April2] C:\Program Files\Common Files\System\April2.exe
O4 - HKCU\..\Run: [James] C:\Program Files\Common Files\Microsoft Shared\James.exe
O4 - HKCU\..\Run: [winmonww] C:\WINDOWS\system32\winmonww.exe
O4 - HKCU\..\Run: [winmonpc] C:\WINDOWS\system32\winmonpc.exe
O4 - HKCU\..\Run: [kflnoh] "C:\WINDOWS\system32\wbem\mof\fi.exe"
O4 - HKCU\..\Run: [bdjoo] "C:\WINDOWS\addins\sn.exe"
O4 - HKCU\..\Run: [jqca] "C:\WINDOWS\system32\export\m3\ros.exe"
O4 - HKCU\..\Run: [loflos] "C:\WINDOWS\system32\Setup\ji.exe"
O4 - HKCU\..\Run: [inf] "C:\WINDOWS\srchasst\ktb.exe"
O4 - HKCU\..\Run: [fimqr] "C:\WINDOWS\srchasst\ktbdi.exe"
O4 - HKCU\..\Run: [lbltq] "C:\WINDOWS\system32\drivers\Temp\hce.exe"
O4 - HKCU\..\Run: [bjj] "C:\WINDOWS\system32\MsDtc\js.exe"
O4 - HKCU\..\Run: [qlrs] "C:\WINDOWS\system32\icsxml\hm\rkj.exe"
O4 - HKCU\..\Run: [Ms320] C:\WINDOWS\sundcrt.exe
O4 - HKCU\..\Run: [intr] "C:\WINDOWS\srchasst\ktb.exe"
O4 - HKCU\..\Run: [smrf] "C:\WINDOWS\system32\Setup\ji.exe"
O4 - HKCU\..\Run: [aieg] "C:\WINDOWS\system32\Setup\ji.exe"
O4 - HKCU\..\Run: [kgak] "C:\WINDOWS\system32\Setup\ji.exe"
O4 - HKCU\..\Run: [mleio] C:\WINDOWS\system32\mleio1.exe
O4 - HKCU\..\Run: [mqg] "C:\WINDOWS\system32\winmgnt\dd.exe"
O4 - HKCU\..\Run: [hitclj] "C:\WINDOWS\java\inf\cur.exe"
O4 - HKCU\..\Run: [runedll37] C:\WINDOWS\runedll37.exe
O4 - HKCU\..\Run: [mtlo] "C:\WINDOWS\srchasst\ktb.exe"
O4 - HKCU\..\Run: [rbil] "C:\WINDOWS\system32\MsDtc\js.exe"
O4 - HKCU\..\Run: [ljfu] "C:\WINDOWS\system32\MsDtc\js.exe"
O4 - HKCU\..\Run: [gtsb] "C:\WINDOWS\system32\MsDtc\js.exe"
O4 - HKCU\..\Run: [kdmgrvs] C:\WINDOWS\kdmgrvs.exe
O4 - HKCU\..\Run: [rteh] "C:\WINDOWS\daum\die.exe"
O4 - HKCU\..\Run: [odts] "C:\WINDOWS\Ksetup\mh.exe"
O4 - HKCU\..\Run: [anoel] "C:\WINDOWS\peernet\mjh.exe"
O4 - HKCU\..\Run: [cigl] "C:\WINDOWS\system32\kyle\ci.exe"
O4 - HKCU\..\Run: [pgtk] "C:\WINDOWS\msapps\th.exe"
O4 - HKCU\..\Run: [tjiiq] "C:\WINDOWS\system32\enswdb\fu.exe"
O4 - HKCU\..\Run: [nhsnt] "C:\WINDOWS\system32\export\m3\ujl.exe"
O4 - HKCU\..\Run: [ihneij] "C:\WINDOWS\system32\dhcp\uaq.exe"
O4 - HKCU\..\Run: [bmel] "C:\WINDOWS\system32\Setup\uu.exe"
O4 - HKCU\..\Run: [rjkl] "C:\WINDOWS\vi\cub.exe"
O4 - HKCU\..\Run: [gffce] "C:\WINDOWS\MsImg\ikg.exe"
O4 - HKCU\..\Run: [ejuos] "C:\WINDOWS\Driver Cache\i386\kmm.exe"
O4 - HKCU\..\Run: [dqji] "C:\WINDOWS\temp99\kk.exe"
O4 - HKCU\..\Run: [oohd] "C:\WINDOWS\system32\tmppath\oka.exe"
O4 - HKCU\..\Run: [cqejoh] "C:\WINDOWS\peernet\qbn.exe"
O4 - HKCU\..\Run: [dkbp] "C:\WINDOWS\system32\CatRoot\tat.exe"
O4 - HKCU\..\Run: [bpn] "C:\WINDOWS\system32\CatRoot\tatqd.exe"
O4 - HKCU\..\Run: [Gainis] C:\Program Files\Internet Explorer\SIGNUP\Gainis.exe
O4 - HKCU\..\Run: [INIs] C:\Program Files\Internet Explorer\Connection Wizard\INIs.exe
O4 - HKCU\..\Run: [ult] "C:\WINDOWS\system32\atapi\rbj.exe"
O4 - HKCU\..\Run: [carqo] "C:\WINDOWS\WBEM\dbs.exe"
O4 - HKCU\..\Run: [lbo] "C:\WINDOWS\system32\1042\gak.exe"
O4 - HKCU\..\Run: [ignd] "C:\WINDOWS\system32\Log\jah.exe"
O4 - HKCU\..\Run: [eolmfp] "C:\WINDOWS\1365\fu.exe"
O4 - HKCU\..\Run: [mqlhm] "C:\WINDOWS\mui\jmq.exe"
O4 - HKCU\..\Run: [mlpt] "C:\WINDOWS\mui\jmqrmql.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\stdrun6.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ggamans] C:\WINDOWS\ggamans.exe /WS (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Caros] c:\windows\system32\Caros.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SpeedApi] C:\Program Files\Internet Explorer\SIGNUP\SpeedApi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Controls] c:\windows\system32\Controls.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Policies] c:\windows\Policies.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Control] C:\Windows\AppPatch\Control.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATIxx] C:\Program Files\Internet Explorer\SIGNUP\ATIxx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [pswbehlorv] C:\WINDOWS\system32\pswbehlorv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bvde] c:\windows\bvde.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [minipopup] C:\Program Files\minipopup\minipopup_update.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Skra] C:\Program Files\Skra\Skra.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ggamans] C:\WINDOWS\ggamans.exe /WS (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Shop-Point - {23108DD8-FC22-4568-BE7A-7D081D772BA4} - C:\PROGRA~1\SPoint\bin\PSPBUT~1.DLL
O9 - Extra button: ¹U·I°¡±a - {3F9FECB3-1191-4938-A4C8-E43EF7D0C712} - http://cafe.naver.com/minigigiya.cafe (file missing)
O9 - Extra 'Tools' menuitem: ¹I´I±a±a AA¾Æ! A≪Æa ¹U·I°¡±a - {3F9FECB3-1191-4938-A4C8-E43EF7D0C712} - http://cafe.naver.com/minigigiya.cafe (file missing)
O9 - Extra button: Auction - {47906380-0DDC-46f4-98B4-DB9107C2CA01} - C:\WINDOWS\system32\gc_auc.dll (file missing)
O9 - Extra button: G¸¶AI ¹U·I°¡±a - {52144B91-4415-463d-9A93-4918AA37DE24} - http://click.linkprice.com/click.php?m=gmarket&a=A100232791&l=0000 (file missing)
O9 - Extra 'Tools' menuitem: G¸¶AI ¹U·I°¡±a - {52144B91-4415-463d-9A93-4918AA37DE24} - http://click.linkprice.com/click.php?m=gmarket&a=A100232791&l=0000 (file missing)
O9 - Extra button: ¿A¼C ¹U·I°¡±a - {52144B91-4415-463d-9A93-4918AA37DE25} - http://click.clickstory.co.kr/?vanilla=QTFLTGZxOTEvSjBGSWwxMGFma0hqclNiWW51Mzk3RWxEMUkwSktyOG9GNTdmSG1U&turl= (file missing)
O9 - Extra 'Tools' menuitem: ¿A¼C ¹U·I°¡±a - {52144B91-4415-463d-9A93-4918AA37DE25} - http://click.clickstory.co.kr/?vanilla=QTFLTGZxOTEvSjBGSWwxMGFma0hqclNiWW51Mzk3RWxEMUkwSktyOG9GNTdmSG1U&turl= (file missing)
O9 - Extra button: ¾EÆнº - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Program Files\ESTsoft\ALPass\ALPass.exe
O9 - Extra 'Tools' menuitem: ¾EÆнº - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Program Files\ESTsoft\ALPass\ALPass.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: G¸¶AI - {A56CBA02-B75A-47C6-B260-324CA5278D15} - http://event.go.co.kr/nbarcon/gm.php?bncode=wiznavi (file missing)
O9 - Extra 'Tools' menuitem: G¸¶AI - {A56CBA02-B75A-47C6-B260-324CA5278D15} - http://event.go.co.kr/nbarcon/gm.php?bncode=wiznavi (file missing)
O9 - Extra button: ³o¼o≫eE¨¼iCI - {A8B2997A-C2D3-491C-A723-A2E394B252BF} - http://event.go.co.kr/nbarcon/n.php?bncode=wiznavi (file missing)
O9 - Extra 'Tools' menuitem: ³o¼o≫eE¨¼iCI - {A8B2997A-C2D3-491C-A723-A2E394B252BF} - http://event.go.co.kr/nbarcon/n.php?bncode=wiznavi (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ¿A¼C - {AF9BB638-BBA0-46D6-8773-CC8855378726} - http://event.go.co.kr/nbarcon/au.php?bncode=wiznavi (file missing)
O9 - Extra 'Tools' menuitem: ¿A¼C - {AF9BB638-BBA0-46D6-8773-CC8855378726} - http://event.go.co.kr/nbarcon/au.php?bncode=wiznavi (file missing)
O9 - Extra button: ¿A°¡°O - {BBB79C5F-73A2-4B50-BDEA-294CDBF3680B} - http://event.go.co.kr/nbarcon/o.php?bncode=wiznavi (file missing)
O9 - Extra 'Tools' menuitem: ¿A°¡°O - {BBB79C5F-73A2-4B50-BDEA-294CDBF3680B} - http://event.go.co.kr/nbarcon/o.php?bncode=wiznavi (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: ¿A¼C ¹U·I°¡±a - {E12F04D9-FEDF-4381-99EC-BEF85FD44D6F} - http://click.linkprice.com/click.php?m=auction&a=A100232791&l=0000 (file missing)
O9 - Extra 'Tools' menuitem: ¿A¼C ¹U·I°¡±a - {E12F04D9-FEDF-4381-99EC-BEF85FD44D6F} - http://click.linkprice.com/click.php?m=auction&a=A100232791&l=0000 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: CJMall - {E40EB83D-4E9F-4FC2-8508-B269BCE8A997} - http://event.go.co.kr/nbarcon/c.php?bncode=wiznavi (file missing)
O9 - Extra 'Tools' menuitem: CJMall - {E40EB83D-4E9F-4FC2-8508-B269BCE8A997} - http://event.go.co.kr/nbarcon/c.php?bncode=wiznavi (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: 11¹ø°¡ ¹U·I°¡±a - {F542C4A3-CE14-46bd-8112-4BF3B8E172F9} - http://click.linkprice.com/click.php?m=11st&a=A100232791&l=0000 (file missing)
O9 - Extra 'Tools' menuitem: 11¹ø°¡ ¹U·I°¡±a - {F542C4A3-CE14-46bd-8112-4BF3B8E172F9} - http://click.linkprice.com/click.php?m=11st&a=A100232791&l=0000 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: GPplayerActiveXCAB - http://music.godpeople.com/gpplayer/GPplayerActiveXCAB.CAB
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Risk\Images\stg_drm.ocx
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/135p/html/gtdownlr.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {573C73DE-DD0A-4FDF-B0AD-7E60E7026A79} (FileUploader) - http://mailimg.hanmail.net/pie/static/activex/FileUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.kr/gogsweb/gogsweb.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140974454217
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140974686561
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.05.19.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://ebank.keb.co.kr/XecureObject/xw_install.cab
O16 - DPF: {8491A278-7773-4E63-B6F1-6E1EAC39920A} (NpBankInstall Control) - http://update.nprotect.net/BankInstall/npBankInstall.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {93F79C47-F414-4EEE-95C5-A0F0ACE59A0E} (ALDx Class) - http://www.altools.co.kr/ALDX.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://music.godpeople.com/MagicLockOCX.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B47ED597-51F0-4FCE-8DD0-A6B212B9E49C} (ThepleDisk Control) - http://easyinstall.icons.com.ne.kr/easyinstall/ocx/newver1007/ThepleDisk.cab
O16 - DPF: {B7F6F3B0-F5D3-4C9D-A610-1619059CF55A} (ClickPopWeb Control) - http://activexdown.paran.com/paranactivex/data/ClickPop2.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} (DamoimBGMPlayerX Control) - http://bgm.iple.com/Cab/SMMusicPlayerX.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - http://shared.live.com/0AWo70tq93pEHO1WfbbTIA/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Risk\Images\armhelper.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos.com/component/QbicUpdate.CAB
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos.com/component/Qbic.CAB
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/sis/BTDownloadCtrl.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/8201-b499h/rnl/java/RntX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FF0CD5DC-60A6-4668-AB80-1ACF40ED9CB8} (HitPlus Control) - http://www.haduri.com/hadurishutcut/HitPlus.cab
O20 - Winlogon Notify: afNotify - C:\WINDOWS\SYSTEM32\afNotify.dll
O23 - Service: Windows acromo2 Services (acromo2) - Unknown owner - C:\WINDOWS\system32\acromo2.exe (file missing)
O23 - Service: Local Network Servicess (admin) - Unknown owner - C:\WINDOWS\system32\admin.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ahncd - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Alerter (Aierter) - Unknown owner - C:\WINDOWS\system32\Aierter.exe
O23 - Service: ajehu - Unknown owner - C:\WINDOWS\ajehu.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: aqeeuwija - Unknown owner - C:\WINDOWS\aqeeuwija.exe
O23 - Service: Ati HotKey Poller (Atl HotKey Poller) - Unknown owner - C:\Windows\System32\Ati2evx.exe
O23 - Service: Ati HotKey Service (Atl HotKey Puller) - Unknown owner - C:\Windows\System32\ati2svc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: codecsnd13 - Unknown owner - c:\Program Files\Codec Pack\v13\codecsnd.exe (file missing)
O23 - Service: Net Pass Services (cypack) - Unknown owner - C:\WINDOWS\system32\cypack.exe
O23 - Service: dkservice_ - Unknown owner - c:\windows\Downloaded Program Files\dkservice.exe
O23 - Service: DNS Client (Dnscashe) - Unknown owner - C:\WINDOWS\system32\Dnscashe.exe
O23 - Service: eafmssvcs - Unknown owner - C:\WINDOWS\system32\eafmssvcs.exe (file missing)
O23 - Service: enginev14 - Unknown owner - c:\Program Files\Intel\v14\engine.exe
O23 - Service: ezuy - Unknown owner - C:\WINDOWS\ezuy.exe
O23 - Service: Google Toolbar Service (Google Toolbar Puller) - Unknown owner - C:\Program Files\Google\googletoolbar.exe
O23 - Service: Help and Support (heipsvr) - Unknown owner - C:\Windows\system32\helpsvr.exe
O23 - Service: IBM Service Manager (IBM HotKey Puller) - Unknown owner - C:\Windows\System32\ibmsvc.exe
O23 - Service: idahezuyiv - Unknown owner - C:\WINDOWS\system32\idahezuyiv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Import Legacy Manager (importmang) - Unknown owner - C:\WINDOWS\system32\msimports.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ldn.ha - Unknown owner - c:\windows\system32\tservice.exe
O23 - Service: Infrared Monitor (lrmon) - Unknown owner - C:\WINDOWS\system32\lrmon.exe
O23 - Service: Network DDE (MetDDE) - Unknown owner - C:\WINDOWS\system32\MetDDE.exe
O23 - Service: MultiMedia Files Connect Control (Mmspushs) - Unknown owner - C:\WINDOWS\system32\mmspushs.exe
O23 - Service: Win defined service (modura) - Unknown owner - C:\WINDOWS\system32\modura.exe
O23 - Service: mprsvc - Unknown owner - C:\WINDOWS\system32\mprsvc.exe (file missing)
O23 - Service: Messenger (Nessenger) - Unknown owner - C:\WINDOWS\system32\Nessenger.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: nVidia Classic 1.2 - Unknown owner - C:\Program Files\Team DND\nvclassic.exe
O23 - Service: nVidia Movie Accelerator - nVidia (tm) - C:\Program Files\Team DND\nvmacc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: nvsvc32_ - Unknown owner - c:\Program Files\DivX\bin\nvsvc32.exe
O23 - Service: Phase 2L Hibernation (p2hib) - Unknown owner - C:\WINDOWS\system32\p2hib.exe
O23 - Service: Windows Consol Managers (partner01) - Unknown owner - C:\WINDOWS\system32\partner01.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Spyware Doctor\pctsSvc.exe
O23 - Service: Service_ - Unknown owner - c:\windows\system\adobe\svchost.exe (file missing)
O23 - Service: svinfo - Unknown owner - C:\WINDOWS\system32\svinfo.exe
O23 - Service: TrackPoint Service (tp4srv) - Unknown owner - C:\WINDOWS\system32\tp4srv.exe
O23 - Service: Uninterruptible Power Supply (USP) - Unknown owner - C:\WINDOWS\system32\USP.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WebClient (WebCilent) - Unknown owner - c:\windows\system32\webcilent.exe
O23 - Service: Windows holder services (wholder) - Unknown owner - C:\WINDOWS\system32\wholder.exe
O23 - Service: Windows NT Security Discovery Local Service Inspection - Unknown owner - C:\WINDOWS\system32\ntfls.exe
O23 - Service: Windows NT Security Discovery Service - Unknown owner - C:\WINDOWS\system32\ntapl.exe (file missing)
O23 - Service: Windows NT Security Discovery Service Inspection - Unknown owner - C:\WINDOWS\system32\ntapli.exe (file missing)
O23 - Service: Windows NT Security Discovery SKT Service Inspection - Unknown owner - C:\WINDOWS\system32\ntsktp.exe
O23 - Service: windows me svc (winmess) - Unknown owner - C:\WINDOWS\system32\winmess.exe
O23 - Service: Local security servi (winnsds) - Unknown owner - C:\WINDOWS\system32\winnsds.exe
O23 - Service: Windows mappings services (wmpping) - Unknown owner - C:\WINDOWS\system32\wmpping.exe
--
End of file - 103843 bytes
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
I'm amazed that you can even start that machine.
The surprising thing is that some of those are supposed to be there.
I am not even going to look through all that, If you ever do online banking or shopping then I suggest that you reformat.
If you want to try and clean, then please do the following.
No Antivirus
I can see no indication of any Antivirus software.
Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list ( Home users only)
Avira AntiVir
Avast
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Antivirus is a MUST
Download and Run SD Fix
Please download SDFix( by andymanchesta ) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.