Friday, July 30, 2010

unknown process

Type: adware

Description: Unknown Process is a process that is usually generated with a random name and is used to download more trojans and spyware and also shows ads. Unknown Process is a malicious process should be removed from your system.

Malware Threat

unknown process

Warning: An spy-ware software uses certain rules for detection and removal of spy-ware, malware, ad-ware and trojan from your PC; thus providing 99.99% accuracy. ScanSpyware.Net provides this information "AS IS" without warranty of any kind. Your use of this information is at your own risk. We strictly restrict you from using this information if you are not sure about what you are doing.

Recommendation 1: We recommend you to take a backup of Windows Registry before following these manual spyware removal instructions to fix your PC. You can do this by either creating a Restore Point using System Restore Utility in Windows System Tools or using the Export feature of regedit.exe.

Recommendation 2: By trying to remove spy-ware from your PC without getting any help from an expert may produce unexpected results. In case you suspect that your PC is infected with some spy-ware, ad-ware, malware or virus, just follow the instructions available at http://how-to.scanspyware.net/diagnose-and-fix.html to contact us for abolutely FREE help.

Directories

C:\Windows\System32\rMa01yy
C:\Windows\System32\rMa02yy
C:\Program Files\Axqk
C:\Program Files\saar
C:\Program Files\Twean

Files

*.exe (md5:aa9c74e455ff4beddbda90...)
*.exe (md5:84e1b70662448865c0efae...)
*.exe (md5:f0ea82f989fe5bdcd9ef9c...)
*.exe (md5:e7c205ecdc45decb79477e...)
*.exe (md5:1f9f2c98016627359ab1cc...)
*.exe (md5:91db3399c55aaaea524c89...)
*.exe (md5:0a1834fc25a49b8e94afe5...)
*.exe (md5:97c424ab446ce4ac071995...)
*.exe (md5:a0b6b3ef45614115406dbf...)
*.exe (md5:ef11c6cdfd5c8ec50eb5c5...)
install01 (md5:787b6cc7c6d6da1d2a7cd8...)
C:\Windows\ntdev.exe
C:\Documents and Settings\user-account-name\Start Menu\Programs\Startup\ikowin32.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\w32NOFJCyliz5mm5R.exe
C:\Windows\System32\1042n.exe
C:\Windows\System32\2052x.exe
C:\Windows\System32\gside.exe
C:\Windows\System32\regvsc.exe
C:\Documents and Settings\user-account-name\gside.exe
C:\Windows\System32\iwrps32.dll
C:\Windows\System32\winrkp32.dll
C:\Windows\System32\winexz32.dll
C:\Windows\System32\kgsxwhlf.exe
C:\Windows\System32\vbpdtvdp.exe
C:\Windows\System32\winvercp.exe
C:\Windows\System32\dxcombin.exe
C:\Windows\System32\webcheck32.dll
C:\Documents and Settings\user-account-name\g2mdlhlpx.exe
C:\Windows\System32\Drivers\Sxc27.sys
C:\Windows\System32\spmsg.exe
C:\Program Files\saar\elat.exe
C:\Documents and Settings\user-account-name\Application Data\elat.exe
C:\Windows\System32\config\crack.lnk
C:\Windows\System32\t8\tycodllz83122.exe
C:\Windows\System32\101228u.exe
C:\Windows\pc-off.bat
C:\Windows\System32\weiyuan.exe
C:\bar311.exe
C:\Windows\bar311.exe
C:\bar311.exe
C:\arbfikac.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\stmhost.exe
C:\arbfikac.exe
C:\Windows\admgcx.dll
C:\Windows\System32\natmon.exe
C:\Windows\System32\winregdll.exe
3203016672.dat (md5:5e7e954d7eb504af49747a...)
C:\Program Files\Windows Media Player\siratic.exe
C:\Windows\System32\browselc.exe
C:\msyervice.exe
%fontsdir%\runsvc.exe
C:\Windows\System32\runsvc.exe
C:\Windows\addins\runsvc.exe
C:\Windows\System32\ENTERPRISE.dll
C:\Windows\System32\rxjddnvj.exe
C:\msyervice.exe
C:\Windows\resfix32v.exe
C:\Windows\System32\adsmsex.dll
C:\Windows\bck9.dat
C:\Windows\System32\ciserv.exe
C:\Windows\sygwin.exe
C:\Windows\System32\sol748.txt
C:\Windows\System32\qtfcsu.dll
C:\Windows\System32\tmp_4.dll
C:\Windows\System32\crehcjid.dll
C:\Windows\System32\msexplore.exe
C:\Windows\System32\cmd-bro-llx.exe
C:\Windows\System32\Down(1).exe
C:\Windows\System32\wpc2.exe
C:\Windows\System32\zxarps.exe
C:\Windows\System32\1SvTh.exe
wulte[1].exe (md5:ef9621798c92df1ec95ccb...)
dwipse10.exe (md5:ef9621798c92df1ec95ccb...)
1SvTh.exe (md5:ef9621798c92df1ec95ccb...)
C:\Windows\System32\3SvTh.exe
C:\Program Files\Internet Explorer\Intrwt.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEFILES.INI
smss.exe (md5:dad4a37c774e7e197ffe2f...)
C:\Windows\System32\gebywtu.dll
C:\Windows\System32\urqrrpn.dll
C:\Windows\System32\rMa01yy\rma01yy1065.exe
C:\Windows\System32\rMa02yy\rMa02yy1099.exe
C:\xfafasfgx.exe
C:\Windows\System32\apnsvc.exe
C:\Windows\System32\adsntb.exe
C:\xfafasfgx.exe
C:\Windows\System32\wvuvw.dll
C:\Windows\System32\wvuvw.bak1
C:\Windows\System32\j.exe
C:\Windows\wintimage.exe
reppor.exe (md5:3c5ef049598612fee0dc65...)
main_uninstaller.exe (md5:541a2d187ca3da6bb714ea...)
%sysytemdir%\DDE96A7B.exe
C:\Windows\wml.exe
C:\Windows\vxddsk.exe
C:\Windows\System32\vxddsk.exe
C:\Windows\System32\wml.exe
C:\Windows\System32\winadll.exe
C:\Windows\System32\jkkkllk.dll
C:\Windows\java\A3FB422C7D16.exe
C:\Windows\java\A3FB422C7D16.dll
gamanai.exe (md5:8e527eb50ceb37c5490172...)
C:\Windows\System32\ms32spool.exe
C:\Documents and Settings\All Users\Local Settings\jmrotsvu.exe
C:\Windows\System32\apycxt.exe
C:\Windows\System32\ntmsoprq.exe
C:\Program Files\Common Files\exfine.exe
C:\Documents and Settings\user-account-name\Application Data\aaea.exe
C:\Windows\System32\WinRDH.exe
C:\Windows\System32\mmcvwli.exe
C:\Windows\System32\sscmsslv.exe
c:\cqka.exe
c:\oops.dll
C:\Documents and Settings\user-account-name\Local Settings\Temp\ofig.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\Mced.exe
C:\Windows\System32\Mced.exe
C:\Windows\System32\sdra.dll
C:\Documents and Settings\user-account-name\Local Settings\Temp\13733\gm.exe
C:\Windows\System32\dbbsrcc.exe
C:\Windows\System32\home.exe.exe
C:\Windows\System32\wuweb32.dll
C:\Windows\System32\Cobhbk32.dll
C:\Windows\System32\winauq32.dll
C:\Windows\System32\browsewm32.dll
ythgtfer.exe (md5:3595b4024bcc2c9cbe3504...)
feddweer.exe (md5:315132bc645a764fa4f508...)
esagtrhtr.exe (md5:325e02aabc9f84dbe53b1a...)
downloader.exe (md5:6fb68f490d38036ad0d115...)
tahtyemkme.exe (md5:750364b3447ff71ea4ce7c...)
C:\Windows\System32\spooldr.ini
C:\Windows\System32\netffcka.exe
C:\Windows\System32\rdlqwaln.exe
C:\Windows\System32\cmdaaizy.exe
C:\Windows\System32\rdlseynb.exe
C:\Windows\System32\advtwsan.exe
C:\Windows\System32\igfdfwpi.exe
C:\Windows\System32\jdnems.exe
C:\Windows\System32\comnyrwc.exe
C:\Windows\System32\igfnxsvm.exe
C:\Windows\System32\depwmce.exe
C:\Windows\poke.exe
C:\Windows\S0kic.exe
C:\Windows\garcha.exe
C:\Windows\ohsvof.exe
C:\Windows\System32\mmspng.exe
C:\Windows\System32\mrdsregp.exe
C:\Windows\System32\winzrs32.exe
C:\Windows\ieod.exe
C:\Windows\System32\ieod.exe
C:\Windows\System32\WCPSVIT32.EXE
c:\d.exe
c:\ygucx.exe
c:\-1933359433
C:\Documents and Settings\user-account-name\Local Settings\Temp\A.BAT
C:\Windows\smsys.dat
C:\Documents and Settings\user-account-name\Local Settings\Temp\GOS4.BAT
C:\d.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\win*.tmp.exe
C:\Windows\System32\1137182ld.exe
C:\ygucx.exe
C:\Windows\System32\winvaj32.dll
C:\-1933359433
readme.bat (md5:e46306598c5f687b8afe6a...)
install.exe (md5:29643f9868df0a886611fe...)
C:\Windows\System32\ir32_32.exe
C:\Windows\System32\wekls4.exe
C:\Windows\System32\graped.exe
C:\Windows\System32\winntify.exe
C:\Windows\System32\Cache\BlazeVCM7.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\Rav.exe
C:\Windows\System32\oppmk.dll
C:\Windows\System32\wmvdmod.exe
C:\Windows\System32\vwsrv.exe
C:\Windows\System32\wifeman.exe
C:\Windows\XtTb.exe
C:\Windows\wsrv32.exe
C:\Windows\wscsvc.exe
C:\Windows\System32\p432.dll
C:\Windows\System32\banc.exe
C:\Windows\System32\wzdmg.exe
C:\Windows\System32\faube.exe
C:\Windows\System32\wunit32.exe
C:\Windows\System32\nrcheck.exe
C:\Windows\System32\hjiet35.exe
C:\Windows\System32\c_ibrkr.exe
C:\Windows\System32\system43.exe
C:\Windows\System32\rad*****.tmp
C:\Windows\System32\winipsec.exe
C:\Windows\System32\registr32.exe
C:\Windows\System32\netcom2ix.exe
C:\Windows\System32\msifirewall.exe
C:\Windows\kq92.exe
C:\Windows\next06.exe
C:\Windows\elitepop06.exe
C:\Windows\System32\mwinrpes.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\svcmm32.exe
C:\Windows\Temp\svcmm32.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\ICD4.tmp\svcmm32.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\ICD1.tmp\svcmm32.exe
c:\nwnmff_e27.exe
C:\nwnmff_e27.exe
C:\Program Files\Axqk\Iwhdeej.exe
C:\Program Files\WIZZ\dazzler.exe
C:\Windows\System32\hnmyo.exe
C:\Windows\System32\ptqqv.exe
C:\Windows\System32\wrwdjqzf.exe
C:\Windows\System32\klvhzabn.exe
C:\Windows\jawa32.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\ytH1UE.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\3vyvWyM.exe
C:\Windows\System32\netsg.exe
C:\Windows\System32\p08j0.exe
C:\Windows\System32\rpcss_pl.exe
C:\Program Files\Twean\coea.exe
C:\Windows\System32\Tgs89m24.exe
C:\Windows\System32\yxjktvzr.exe
C:\Windows\System32\mssign32482f.exe
C:\Windows\System32\inoldapw.exe
C:\Windows\System32\atacqzx.exe
C:\Windows\System32\Bin9.exe
C:\Windows\System32\xytjhj.exe
C:\Windows\rffgv.exe
C:\Windows\tjqaf.exe
C:\Windows\hutqtkt.exe
C:\Windows\System32\mskflb.exe
C:\Windows\System32\jfdtjji.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\BowJ.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\e7bibE.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\tB.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\i3J.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\ybgt.exe
C:\Windows\System32\viyiwy.exe
C:\Windows\System32\uftmiq.exe
C:\Windows\System32\ktafn.exe
C:\Windows\System32\etasdwsa.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\me.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\H.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\nO3Uq.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\2smbkL.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\xVqG1Ui.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\JDmgtjjs.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\KAug.exe
C:\Windows\System32\browser5.exe
C:\Windows\System32\PgpXP.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\VXfYpmWMt.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\Brj.exe
C:\Windows\System32\MSNL.EXE
C:\Windows\System32\kd1ace.exe
C:\Documents and Settings\user-account-name\Application Data\pa?e.exe
C:\Windows\System32\kvi4c32.exe
C:\Windows\kjberup.exe
C:\Windows\temp\hlFjwf.exe
C:\Windows\temp\uTAK.exe
C:\Windows\System32\qosname6.exe
C:\Windows\System32\pcdceng.exe
C:\Windows\System32\dinxdgps.exe
C:\Windows\System32\dptxce.exe
C:\Windows\System32\syspx.exe
C:\Windows\System32\xahalitz.exe
C:\Windows\anshql.exe
C:\Windows\System32\ebohiw.exe
C:\Windows\temp\OGt.exe
C:\Windows\System32\ukzauq.exe
C:\Windows\System32\yqjjvc.exe
C:\Windows\System32\hdawyaa.exe
C:\Windows\System32\Explorer .exe
C:\Windows\WINLOGON .exe
C:\Windows\System32\mircvu.exe
C:\Windows\System32\iihlic.exe
C:\Windows\System32\ohaxiv.exe
C:\Windows\System32\snmmsp.exe
C:\Windows\litmus\SVCHOSTÿ.exe
C:\Windows\System32\spmn30.exe
C:\Windows\System32\avvbbjz.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\djebmm350.exe
C:\Windows\System32\kniaxd.exe
C:\Windows\System32\yppeal.exe
C:\Windows\System32\f5db8.exe
C:\Windows\System32\rellrjd.exe
C:\Windows\System32\CRTG.EXE
C:\Windows\System32\CRDZ.EXE
C:\Windows\APPHE.EXE
C:\Windows\ATLNY.EXE
C:\Windows\IEWF.EXE
C:\Windows\System32\D3OE32.EXE
C:\Windows\System32\NETIP32.EXE
C:\Windows\MFCJX32.EXE
C:\Windows\System32\MSSB32.EXE
C:\Windows\System32\CRNR.EXE
C:\Windows\MSTR32.EXE
C:\Windows\D3FE32.EXE
C:\Windows\System32\susp.exe
C:\Windows\System32\SDKUM32.EXE
C:\Windows\SYSNW32.EXE
C:\Windows\System32\MSHR32.EXE
C:\Windows\System32\whji.exe
C:\Windows\System32\djcamf.exe
C:\Windows\zwx.exe
C:\Windows\System32\nddeapi.exe
C:\Windows\System32\winxig32.exe
C:\Windows\System32\swbxdt.exe
C:\Documents and Settings\user-account-name\Application Data\rthd.exe
C:\Windows\System32\noffaf.exe
C:\Windows\System32\xmgwkl.exe
C:\Windows\msvcad.exe
%fontsdir%\jpegsys.exe
C:\Windows\repair\basvss.exe
C:\Windows\Registration\jpeg.exe
C:\Windows\system\cmdcr.exe
C:\Windows\Registration\cxml.exe
C:\Windows\System32\utimine.exe
%fontsdir%\font.exe
C:\Windows\Registration\wavetapi.exe
C:\Windows\System32\3COM_DMI\cattask.exe
C:\Windows\rasvb.exe
C:\Windows\Driver Cache\nutimg.exe
C:\Windows\security\LOGS\nutmain.exe
C:\Windows\harddoc.exe
C:\Windows\System32\vcdads.exe
C:\Documents and Settings\user-account-name\Application data\mrur.exe
C:\Documents and Settings\user-account-name\Application data\DRIVEA~1\Upload cake tick.exe
C:\Windows\System32\mjpulc.exe
C:\Windows\System32\xmzlzzlr.exe
C:\Windows\System32\safupgrd.exe
C:\Windows\System32\exemsft.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\RECOVE~1.EXE
C:\Documents and Settings\user-account-name\Local Settings\Temp\FPBF.DAT
C:\Windows\System32\OCCAL.EXE
C:\Windows\System32\NTDRATE.EXE
C:\Windows\mycomputer.exe
C:\Windows\System32\arucab.exe
C:\Windows\System32\tsbvcs.exe
C:\Windows\System32\udhkui.exe
C:\Windows\odshon.exe
C:\Windows\System32\ifdccvt.exe
C:\Windows\System32\rbdtbv.exe
C:\Windows\System32\rxqlpnn.exe
C:\Windows\xcopy.exe
c:\CIPVCFMGM.exe
C:\CIPVCFMGM.exe
c:\EPMZH.exe
C:\EPMZH.exe
C:\Windows\System32\osxbfvo.exe
C:\Windows\otypef.exe
C:\Windows\RMTBPGU.exe
C:\Windows\ozyxst.exe
C:\Windows\ikfbfnne.exe
C:\Windows\jhsvbiup.exe
C:\Windows\zdzthm.exe
C:\Windows\aqadcup.exe
C:\Windows\hhmelb.exe
C:\Windows\sbwqosy.exe
C:\Windows\eljr.exe
C:\Windows\bruzmoh.exe
C:\Windows\gkgc.exe
C:\Windows\ruzgpsx.exe
C:\Windows\klirgt.exe
C:\Windows\WINXQ.EXE
C:\Windows\System32\tapiperf.exe
C:\Windows\System32\??rvices.exe
C:\Windows\System32\??plorer.exe
C:\Windows\System32\capapEWMD.exe
C:\Windows\System32\helrows.exe
C:\Windows\System32\mplapx.exe
C:\Windows\System32\?ttrib.exe
C:\Windows\System32\eqrdww.exe
C:\Windows\System32\jmcxmc.exe
C:\Windows\System32\zdhwmgof.exe
C:\Windows\System32\oidwcc.exe
C:\Windows\System32\SOEACCTM.exe
C:\Windows\System32\ssnrew.exe
C:\Windows\System32\pprrbc.exe
C:\Windows\System32\osixp.exe
C:\Windows\System32\winmonv.exe
C:\Windows\System32\hzemdl.exe
C:\Windows\System32\qxvewzjv.exe
C:\Windows\System32\yygdlnoq.exe
C:\Windows\System32\sjcptzl.exe
C:\Windows\System32\vbimnx.exe
C:\Windows\System32\xtcttnh.exe
C:\Windows\System32\aubm.exe
C:\Windows\System32\qzocprd.exe
C:\Windows\System32\Juah0.exe
C:\Windows\System32\obcefohn.exe
C:\Windows\System32\mpninc.exe
C:\Windows\System32\MSZR32.EXE
C:\Windows\System32\qvgftc.exe
C:\Windows\System32\tpjhcc.exe
C:\Windows\System32\efdajnaw.exe
C:\Windows\System32\tzwlhmm.exe
C:\Windows\System32\gkvtxc.exe
C:\Windows\System32\hwxmbl.exe
C:\Windows\System32\ipkb.exe
C:\Windows\System32\hueeqq.exe
C:\Windows\System32\vfmslc.exe
C:\Windows\System32\pidole32.exe
C:\Windows\System32\shmgraph.exe
C:\Windows\System32\soltsess.exe
C:\Windows\System32\ntbav.exe
C:\Windows\System32\pjlupdll.exe
C:\Windows\System32\asydmod.exe
C:\Windows\System32\wjvmrt32.exe
C:\Windows\System32\neracm.exe
C:\Windows\System32\vbaplwiz.exe
C:\Windows\System32\mmucmn.exe
C:\Windows\System32\mdmwoa.exe
C:\Windows\System32\ds3fr.exe
C:\Windows\System32\tftsatq.exe
C:\Windows\System32\myclog.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\PfFNza.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\LQ2r.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\updater.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\z8c4.exe
C:\Windows\System32\chk_hp.exe
C:\Windows\System32\cewda.exe
C:\Windows\System32\gklgtoir.exe
C:\Windows\System32\yppdyc.exe
C:\Windows\System32\frjfkc.exe
C:\Windows\System32\m?iexec.exe
C:\Windows\System32\mdqkwo.exe
C:\Windows\System32\edldbc10.exe
C:\Windows\System32\dpwsock5.exe
C:\Windows\System32\Wdj7.exe
C:\Windows\System32\jpthhn.exe
C:\Windows\System32\lprgr1.exe
C:\Windows\System32\yllwisni.exe
C:\Windows\System32\audiosrv.exe
C:\Windows\System32\wucmdmsp.exe
C:\Windows\System32\wsets.exe
C:\Windows\System32\delxp.exe
C:\Windows\System32\DllHandler.exe
C:\Windows\System32\rpcxtf.exe
C:\Program Files\microsoft hardware\dnetc.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\fMGJh.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\UR9mw.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\Gip2.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\FW1D.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\uJQ.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\ipx32d56.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\NiVZ.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\q4o3BqUg.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\Y0.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\1h9JrcY6.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\l.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\dj.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\Saz1Crd.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\WW5j.exe
C:\Windows\pwfivol.exe
C:\Windows\arnrdf.exe
C:\Windows\swjibe.exe
C:\Documents and Settings\user-account-name\Application Data\ebus.exe
C:\Documents and Settings\user-account-name\Application Data\coea.exe
C:\Documents and Settings\user-account-name\Application Data\irru.exe
C:\Windows\System32\exp.exe
C:\Windows\System32\exp
C:\Windows\System32\asn.exe
C:\Windows\ttupt.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\sysnet.exe
C:\Windows\System32\WinSound1.exe
C:\Windows\System32\Pop2.exe
C:\Windows\System32\ativtmxx.exe
C:\Windows\System32\cfgmgr32.exe
C:\Windows\System32\cmdial32.exe
C:\Windows\System32\CABVIEW4.exe
C:\Windows\System32\CMPROPS2.exe
C:\Windows\System32\cabinet8.exe
C:\Windows\System32\cabinet6.exe
C:\Windows\System32\asycfilt.exe
C:\Windows\System32\cdfview6.exe
C:\Windows\System32\clbcatq9.exe
C:\Windows\System32\catsrvps.exe
C:\Windows\System32\clbcatq1.exe
C:\Windows\sfee.exe
C:\Windows\eree.exe
C:\Windows\htt.exe
C:\Windows\System32\iesn.exe
C:\Windows\Temp\edow_as2.exe
C:\Windows\System32\if01.exe
C:\Windows\System32\UpdInstall.exe
C:\Windows\SStb.exe
C:\Windows\System32\aaupdt.exe
C:\Windows\System32\winxpdll32.exe
C:\Windows\System32\grwinsthlp.exe
C:\Windows\unadbeh.exe
C:\Windows\stop.00009_4.exe
C:\Windows\HLInstaller3.exe
C:\Windows\System32\HyperLinker2.exe
C:\Windows\System32\mfcov32.exe
C:\Windows\System32\mxbkup.exe
C:\Windows\System32\greenstd.exe
C:\Windows\System32\kwdstd.exe
C:\Windows\System32\autodrop.exe
C:\Windows\System32\avmeter2.exe
C:\Windows\System32\avmeter5.exe
C:\Windows\System32\Cache\us4.0-2.exe
C:\Windows\System32\Cache\BlazeVCM.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\all_files8.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\ei.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\0aug.exe
C:\Windows\System32\Abu.exe
C:\Windows\crcl.exe
C:\Windows\System32\ncsvc32.exe
C:\Windows\d3ey.exe
C:\Windows\Tiu.exe
C:\Windows\javaqt.exe
C:\Windows\Inr.exe
C:\Windows\Iju.exe
C:\Windows\Nmn.exe
C:\Windows\ipso.exe
C:\Windows\ATLEF32.EXE
C:\Windows\System32\Tiu.exe
C:\Windows\System32\Rfq.exe
C:\Windows\System32\Nmn.exe
C:\Windows\System32\Era.exe
C:\Windows\System32\ipce.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\rfq.exe
C:\dist006.exe
C:\Windows\System32\Cache\dist006.exe
C:\Windows\System32\loadadv64
C:\Windows\System32\loadadv64.exe
C:\Windows\bp_bg.exe
C:\Windows\System32\Cache\VCMnet7 updated 030905.exe
C:\Windows\System32\200.exe
C:\Windows\System32\AOREGSVR512.EXE
C:\Documents and Settings\user-account-name\Local Settings\Temp\isearch.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\sexgame.exe
C:\Documents and Settings\user-account-name\Desktop\isearch.exe
C:\Windows\Temp\isearch.exe
C:\Program Files\System\Misc\istinstall_zazzer.exe
C:\Windows\System32\mgmtapi.exe
%fontsdir%\syscnfg.exe
%fontsdir%\font2\syscnfg.exe
C:\Windows\System32\taskmin.exe
C:\Windows\System32\shellmon.exe
C:\Windows\System32\dllcache\lxmstart.exe
C:\Windows\System32\MSB****.TMP
C:\Windows\System32\t8gk5.exe
C:\Windows\System32\qgxsre.exe
C:\Windows\System32\msnexplore.exe
C:\Windows\System32\ptmg1v.dll
C:\Windows\System32\Winregs9.exe
C:\Program Files\Common Files\system\rreg.exe
C:\Windows\System32\stp68_2007.dll
C:\Windows\Temp\EIp3pyqn2.exe
C:\Windows\System32\autosys.exe
C:\Windows\System32\systoan.exe
C:\Windows\System32\taskbar.svc
C:\Windows\System32\ysbinstall_1
C:\Windows\clun.exe
C:\Windows\System32\fao.dll
C:\Windows\System32\desbyhdw.exe
C:\Windows\System32\hzlygch.dll
C:\Windows\System32\19aetcqi.exe
C:\Windows\System32\ntosatx.exe
C:\Windows\System32\R35iD3NTS.exe
C:\Windows\System32\sp1fix.exe
C:\Windows\ss3unstl.exe
C:\Windows\System32\winrid32.dll
C:\Windows\System32\cxmdxcs.exe
C:\Windows\System32\sdmmlmn.exe
C:\Windows\wmx_win.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\RAVWM.EXE
C:\Documents and Settings\user-account-name\Local Settings\Temp\RAVWL.EXE
C:\Windows\System32\RAVWM.EXE
C:\Windows\System32\RAVWL.EXE
C:\Documents and Settings\user-account-name\Local Settings\Temp\iexp10re.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\explorei.exe
C:\Windows\System32\RAVWM425.dll
C:\Windows\Temp\RAVWM.EXE
C:\Windows\System32\pmnllmm.dll
C:\Windows\System32\tcpQ32.dll
C:\Windows\svslogon.exe
C:\Windows\System32\scchk32.exe
C:\Documents and Settings\All Users\Local Settings\vajmfsjo.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\thinksnet.exe
C:\Windows\Temp\win***.tmp.exe
C:\Windows\Temp\win****.tmp.exe
C:\Documents and Settings\All Users\Local Settings\hwfutczk.exe
C:\Documents and Settings\All Users\Local Settings\lmxyzwhq.exe
C:\Windows\System32\winusx32.dll
C:\Windows\wpcjmd.log
C:\Windows\sfgefge.exe
C:\Windows\thregreewe.exe
C:\Windows\system32REQF.00*
C:\Windows\system32REQF.exe
C:\Windows\144.exe
C:\Documents and Settings\user-account-name\Local Settings\Temp\rjsduf.exe
C:\Windows\System32\ldcdx.exe
c:\ewtc.exe
c:\a.exe
C:\a.exe
C:\ewtc.exe
C:\Windows\System32\adviypul.exe
C:\Documents and Settings\user-account-name\Desktop\Click to Find and Fix Errors.url
C:\Windows\System32\ClickToFindandFixErrors_Intl.ico
C:\Windows\System32\1055529641.dll
C:\Windows\System32\cliegytg.exe
C:\Windows\System32\cmduttio.exe
C:\Windows\System32\conbttjn.exe
C:\Windows\System32\gmc.exe.exe
C:\Windows\System32\mfsysnv.exe
C:\Windows\System32\wapiicomsv32.exe
C:\Windows\System32\drivers\old26.tmp
C:\Windows\System32\drivers\wcy36.sys
taskmgr.exe (md5:6f22e559fed124e792ee16...)
C:\Windows\System32\ASDJHWEQ.EXE
C:\Windows\rispac.exe
YN2n.exe (md5:f873241052f629edde8dc6...)
basewwtve32.dll (md5:cacd00959b41d724293174...)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msupd***************.exe (md5:b6bbba07ee333dd3ad07f2...)
C:\RECYCLER\crack.exe
C:\RECYCLER\crack2.exe
%fontsdir%\Setup.exe
C:\Windows\System32\javk.exe
C:\RECYCLER\ADAPT_Installer.exe
*.jpg (md5:7aa7b6f08a729690c4d530...)
*.exe (md5:38e5d89c94f2bbf5320480...)
*.exe (md5:01e068bafee973aac0c517...)
messagemanager.exe (md5:70e67f921a9ae7c84eecf9...)

Registry Keys

HKEY_CLASSES_ROOT\CLSID\{094496E7-EA40-DEF5-1F00-06BF2949F021}
HKEY_CLASSES_ROOT\CLSID\{6C953C91-C63F-963B-12DA-D0F27FE0A11A}
HKEY_CLASSES_ROOT\CLSID\{6C956547-C63F-CFED-D3F1-A23E7FE0B575}
HKEY_CLASSES_ROOT\CLSID\{E5FDB321-7CAD-4F2B-9C8C-3545A8F471C2}
HKEY_CLASSES_ROOT\CLSID\{E24E45A7-DFE9-4D4A-B8CD-E7632898D6E1}
HKEY_CLASSES_ROOT\Clsid\{30039A09-5DB1-2765-EE9E-513081D6DE9E}
HKEY_CLASSES_ROOT\Clsid\{002EAA7F-70F4-1124-C3AC-671DC293F3AD}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{094496E7-EA40-DEF5-1F00-06BF2949F021}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6C953C91-C63F-963B-12DA-D0F27FE0A11A}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6C956547-C63F-CFED-D3F1-A23E7FE0B575}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E24E45A7-DFE9-4D4A-B8CD-E7632898D6E1}
HKEY_LOCAL_MACHINE\software\classes\Clsid\{30039A09-5DB1-2765-EE9E-513081D6DE9E}
HKEY_LOCAL_MACHINE\software\classes\Clsid\{002EAA7F-70F4-1124-C3AC-671DC293F3AD}
HKEY_LOCAL_MACHINE\software\classes\Clsid\{E5FDB321-7CAD-4F2B-9C8C-3545A8F471C2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuvw
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\oppmk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\p4reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iwrps32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrkp32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crehcjid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winexz32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\webcheck32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ENTERPRISE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\stp68_2007
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AdminDebug
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E24E45A7-DFE9-4D4A-B8CD-E7632898D6E1}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{094496E7-EA40-DEF5-1F00-06BF2949F021}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{21LYYSYS-9421-2126-L2Y1-L2Y1Y1S3Y1S4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{21LYYSYS-9421-2126-L2Y1-L2Y1Y1S3Y1S4}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E24E45A7-DFE9-4D4A-B8CD-E7632898D6E1}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{094496E7-EA40-DEF5-1F00-06BF2949F021}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SXC27
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SXC27
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SXC27
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SXC27
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SXC27
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SXC27
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DirectX multi version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX multi version
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX multi version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DirectX_multi_version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DirectX_multi_version
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DirectX_multi_version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSSWebClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VSSWebClient
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSSWebClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VSSWebClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSSWebClient
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSSWebClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\APPLMSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APPLMSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APPLMSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_APPLMSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_APPLMSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPLMSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSATXCTRL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSATXCTRL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSATXCTRL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSATXCTRL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSATXCTRL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSATXCTRL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VWSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VWSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VWSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VWSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VWSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VWSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winipsec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winipsec
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winipsec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_winipsec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_winipsec
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_winipsec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RPCSS+
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RPCSS+
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCSS+
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCSS+
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RPCSS+
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RPCSS+
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kq92
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kq92
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kq92
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_kq92
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_kq92
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_kq92
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinWMServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinWMServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinWMServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WinWMServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WinWMServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WinWMServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinWLServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinWLServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinWLServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WinWLServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WinWLServiceNow
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WinWLServiceNow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnllmm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpQ32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVSLOG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVSLOG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SVSLOG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVSLOG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVSLOG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVSLOG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WINNOTIFY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WINNOTIFY
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WINNOTIFY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINNOTIFY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINNOTIFY
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINNOTIFY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\greenstdsystem32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\greenstdsystem32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\greenstdsystem32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_greenstdsystem32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_greenstdsystem32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_greenstdsystem32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ir32_32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ir32_32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ir32_32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ir32_32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ir32_32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ir32_32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BROWSEWM32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BROWSEWM32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BROWSEWM32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BROWSEWM32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BROWSEWM32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSEWM32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUWEB32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WUWEB32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WUWEB32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WUWEB32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WUWEB32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WUWEB32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DDE96A7B
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DDE96A7B
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DDE96A7B
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DDE96A7B
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DDE96A7B
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DDE96A7B
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DDE96A7B
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DDE96A7B
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gutyedf
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gutyedf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gutyedf
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_gutyedf
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_gutyedf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_gutyedf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebywtu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrrpn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkllk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winvaj32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winauq32
HKEY_LOCAL_MACHINE\Software\microsoft\shared tools\msconfig\startupreg\drmsrv32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows sharing object
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows sharing object
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows sharing object
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_Windows_sharing_object
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_Windows_sharing_object
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows_sharing_object
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDEV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NTDEV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDEV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTDEV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NTDEV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTDEV

Registry Values

HKEY_CURRENT_USER\Software\ASProtect\svchost connection monitor
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\j
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Lerm
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSSMSGS
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\j
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\j.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\j.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\j.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\j.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\j.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\j.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\blwquest
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\jsispsl
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wdcmdis
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\vrsmem
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\opdbcs
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ted
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Skaesh
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPQFile
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\bBsERTa5T
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\H0x6RgM4l
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Lscu
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\nddeapi
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\bB7sRSHml
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Y357RXH6g
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Mnvslim
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ciivqn
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Brab
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ClockWarn
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Pqiayp
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\winxpdll32.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Nvidia CTRL Panel
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mssign32482f.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\x3nX37O
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\g047RXiml
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ldoc
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ewkremmb
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ipx32d56
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Wcz
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\You6RVctT
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Eprc
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ahch
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Uejb
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\dz47RVKqR
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\audiosrv
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DELXP Protocol
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ouoc
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ko2mRhb7R
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Djtska
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\tapiperf
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\c0t7RhY6h
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Y37pRQZsg
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\cz56RRZFj
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ccexbea
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Qlh
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FD61D55B
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CEF64BEB
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mplapx
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Dofp
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Lo3nRObtX
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\eB22RkfsU
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Yzq7RjG8e
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Lw0qRSHpg
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\d04FRkbsl
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\bB43RUanX
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Sound System
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\cmdial32
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\asycfilt
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSDLL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mgmtapi
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Jawa322
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Tlv
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Vil
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Jawa32
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ModularConfig
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSPQFile
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\p08j0.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\AOLRegKey32
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\Nvidia CTRL Panel
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Jawa322
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Y37pRQZsg
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\uidenhiufgsduiazghs
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Registry Checkup System9 Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\blwquest
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\jsispsl
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wdcmdis
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\vrsmem
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\opdbcs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Skaesh
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\XtTb.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wzdmg
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WIZZ
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wsrv32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wnddrv
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wscsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WinUpgrader
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\winipsec
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Netunit32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NetReach
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\1pop06apelt2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Xexodlre
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Atnc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\kSt]wXmab
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\elky_wRxakN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\loadadv64
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CY_BG
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SStb.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Nvidia CTRL Panel
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ytH1UE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\3vyvWyM
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\netsg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\crcl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\2P6WFAX43ZHE7C
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\vhqfyxh
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Windows USBD
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\x3nX37O
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\g047RXiml
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\gqexsr
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\yppdyc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\frjfkc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Windows Update Files
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\fMGJh
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\UR9mw
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\42XR7P63WW2AT3
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FW1D
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\uJQ
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ipx32d56
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\pwfivol
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NiVZ
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\q4o3BqUg
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\tcclheaafid
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Y0.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\1h9JrcY6.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\l.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\64fae523f94e
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\4Q4JJYX42Y3TTA
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\fwrjzzikkavn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qkhjiy
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\e80c19c28c15
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\2LRX2W83X2T3MQ
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\vFEP37T
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Windows System Drive
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DELXP Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Dll Handler
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Rpcx Tutorial File
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\1HRg7bBl
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\inoldapw
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wbxfpzrlmewz
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hanbkpq
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\fkbng
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wueacvd
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hutqtkt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\bpujhywvewk
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\pbuulrb
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BowJ
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\e7bibE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\tB
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\i3J
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ybgt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\nfknhejfhle
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\xaeyklpxhti
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\tgzpbzta
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\me
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\H
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\nO3Uq
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\2smbkL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\xVqG1Ui
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\JDmgtjjs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\KAug
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\59a3b841ae18
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\2N85L533MR#GJT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\VXfYpmWMt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Brj
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\5Ftg3nX
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hoadgbw
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hlFjwf
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\uTAK
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\09cf5262b0b2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qsoi32j
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\vcllpd
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\syspx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\whnlecqzroo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\anshql
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qvkzynhggz
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OGt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ebyczsxz
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\yqjjvc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hdawyaa
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\sdqbfnldcmxbc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\iihlic
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ohaxiv
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\p4mX37j
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\uonxmqxn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hrgydq
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\sarzznmim
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\f5db8.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\arqtivlxf
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wumxsfytu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\zwx
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\nbgsiyaqlnqk
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ufpsvq
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\rvmmczscxrqhj
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\msvcad
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*msvcad
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*jpegsys
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*basvss
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*jpeg
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*cmdcr
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*cxml
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\03EW3mg
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*font
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*wavetapi
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*cattask
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*rasvb
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*nutimg
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*nutmain
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\*harddoc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mjpulc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\htfffpiezzo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\t32X3nU
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RecoverFromReboot
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\cyberfree.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\p4of34V
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qrmhvridzwjne
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\t8mW35V
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\odshon
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hvzycropngxsx
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\xrcurspjco
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\xyiussz
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CIPVCFMGM
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\EPMZH
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\djndohjerx
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\otypef
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RMTBPGU
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ozyxst
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\%windir%\gkgc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\%windir%\eljr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\%windir%\ikfbfnne.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Pau0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ooQ0tJ
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\aqadcup
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ilfslbd
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\yvlxmdn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Yantert
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ruzgpsx
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\klirgt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\fwsceez
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\jmcxmc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\rcolinuwjjmtv
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\oidwcc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SOEACCTM
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\nsljoeblmz
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\pprrbc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\osixp
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\uoobaa
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\fisluev
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wdvfurhu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\zebgjefk
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wfemkzyox
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\utfyin
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hnukjmcq
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mxwr
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ypyecai
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\bjiedwkket
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mavgeotup
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mpninc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CEF64BEB
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FD61D55B
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSNL.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qvgftc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\aoqfez
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ozsmuai
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\himofqn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\gkvtxc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\jfcmxu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ipkb.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\yxnvgyy
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\vfmslc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\4Fsh3EX
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\vstS3qT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\47rk32j
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\s3nP3qX
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qsnT38W
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PfFNza.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\USB controller
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\LQ2r
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\updater.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\z8c4.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Sound System
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Win32 USB2 service
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ina
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\iesn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\746d60e6e290
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\962c925eb967
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\962f925ab967
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\sdkmh.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Tlv
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Vil
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\abu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Jawa32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\cof.updit
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hnmyo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\dll services
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\exp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AOLRegKey32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hins
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hsim
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Jawa322
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Ms
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\system43.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSCORE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MicrosoftValue
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MMB2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mload
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qgxsre
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ailydvgl
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PTRGMYGK
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\rreg
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Sustem
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WIN32SNDS
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS REGISTER EDIT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSN Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\istinstall_zazzer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Registry Checkup System9 Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\crjw32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\wintg32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\appvn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\t8gk5.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\crcl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\netsg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\atlef32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ipso.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ipce.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\*harddoc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\djebmm350.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\Nvidia CTRL Panel
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Skaesh
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Windows USBD
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Netunit32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\CRTG.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\CRDZ.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\APPHE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ATLNY.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\IEWF.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\D3OE32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\NETIP32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\MFCJX32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\MSSB32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\CRNR.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\MSTR32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\D3FE32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\SDKUM32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\SYSNW32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\MSHR32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Dll Handler
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\WINXQ.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\MSZR32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\RunDLL34
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\cof.updit
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\atlef32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\dll services
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Sound System
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\DELXP Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Microsofts Update
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Nvidia CTRL Panel
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Win32 USB2 service
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\WINDOWS REGISTER EDIT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\MSN Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Registry Checkup System9 Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\EIp3pyqn2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AutoSys
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Systoan32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Taskbar Service
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Systoan32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ttupt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ysbinstall_1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\windows sockets start up 32
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\windows sockets start up 32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wifeman
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\clun
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qq9X36l
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{30039A09-5DB1-2765-EE9E-513081D6DE9E}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{002EAA7F-70F4-1124-C3AC-671DC293F3AD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{30039A09-5DB1-2765-EE9E-513081D6DE9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{002EAA7F-70F4-1124-C3AC-671DC293F3AD}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\exp
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\19aetcqi
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hzlygch.dll
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSR35ID3NTS
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\MSR35ID3NTS
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Windows Sp1 Fix
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Windows Sp1 Fix
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Windows Sp1 Fix
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\csmhtop
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\wmvdmod
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\csmhtop
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\csmhtop
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ApachInc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WinMail32SpoolSrv
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\vajmfsjo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\lmxyzwhq.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\hwfutczk.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\plmer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msqbrun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fwddls
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lsitdm
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mplaut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Ucqfl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Nakf
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Rhbb
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\kmvstat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\system32REQF Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ir32_32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IEOD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunONCE\IEOD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunSERVICES\IEOD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\htmamx
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ControlDiskTsk
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ControlDiskTsk
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ohsvof
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ohsvof
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ohsvof
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ohsvof
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ohsvof
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ohsvof
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\SysKabs
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\upWinsystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winauq32
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\lvcdmsys
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Win7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kejTCHGxqG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%systemdir%\comnyrwc.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%systemdir%\comnyrwc.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%systemdir%\comnyrwc.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%systemdir%\comnyrwc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%systemdir%\comnyrwc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%systemdir%\comnyrwc.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%systemdir%\igfdfwpi.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%systemdir%\igfdfwpi.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%systemdir%\igfdfwpi.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%systemdir%\igfdfwpi.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%systemdir%\igfdfwpi.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%systemdir%\igfdfwpi.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\mdwinllm3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemOptimizer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost connection monitor
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RUNSERVICES\svchost connection monitor
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Remote Desktop Help Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Remote Desktop Help Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RUNSERVICES\Remote Desktop Help Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\exfine
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ntmsoprq
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\smikdttbtzw
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\apycxt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\apycxt
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\apycxt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\apycxt
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\apycxt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\apycxt
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\jmrotsvu.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Microsoft Critical Services Loader
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Microsoft Critical Services Loader
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Microsoft Critical Services Loader
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\Microsoft Critical Services Loader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E5FDB321-7CAD-4F2B-9C8C-3545A8F471C2}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SearchIndexer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\sygwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Memory Allocation Server
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Microsoft Explorer Service
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\resfixmsi
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\I am not Ranky. I am eTunnel!
HKEY_CURRENT_USER\Software\Microsoft\OLE\runsvc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\runsvc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\runsvc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Running Windows Service
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WMSRC
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Windows Registry DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\admgcx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Natmon Service
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\drmsrv32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\weiyuan
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\iebaru
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CRACK
HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CRACK
HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CRACK
HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CRACK
HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CRACK
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\spmsg

Registry Data

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\Autorun, (REG_SZ:%windir%\pc-off.bat), (REG_SZ:)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit, (REG_SZ:%systemdir%\rxjddnvj.exe), (REG_SZ:)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit, (REG_SZ:bar311.exe), (REG_SZ:)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs, (REG_SZ:qtfcsu.dll), (REG_SZ:)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs, (REG_MULTI_SZ:wuweb32), (REG_MULTI_SZ:)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs, (REG_MULTI_SZ:browsewm32), (REG_MULTI_SZ:)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit, (REG_SZ:%systemdir%\vbpdtvdp.exe), (REG_SZ:)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit, (REG_SZ:%systemdir%\rxjddnvj.exe), (REG_SZ:)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs, (REG_SZ:%systemdir%\tmp_4.dll), (REG_SZ:)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell, (REG_SZ:%systemdir%\cmd-bro-llx.exe), (REG_SZ:cmd.exe)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs, (REG_SZ:%systemdir%\sol748.txt), (REG_SZ:)

Clsids

{E24E45A7-DFE9-4D4A-B8CD-E7632898D6E1}
{094496E7-EA40-DEF5-1F00-06BF2949F021}
{30039A09-5DB1-2765-EE9E-513081D6DE9E}
{002EAA7F-70F4-1124-C3AC-671DC293F3AD}
{E5FDB321-7CAD-4F2B-9C8C-3545A8F471C2}

- xema.258560Xema.258560 is a downloader trojan that downloads the files from internet and execute them without user's permission.
- xema.29184Xema.29184 is a downloader trojan that downloads the files from internet and execute them without user's permission.
- xema.311296Xema.311296 is a backdoor worm that spreads through network shares and allows attackers to access and gives full control over infected computer.
- xema.389120Xema.389120 is a trojan that allows hackers to access and full control over infected computer.
- xema.43912Xema.43912 is a downloader trojan that downloads the files from internet and execute them without user's permission.
- xema.45843Xema.45843 is a trojan that allows hackers to access and gives full control over infected computer.
- xema.57344Xema.57344 is stealth software that works as a hidden process after it gets installed. Spyware steals all important information from your PC. You won't know that your bank account, credit card or other secrecy is stolen.

unknown process

ACROSS THE GLOBE

ACROSS THE GLOBE

IN United States

FROM United States