TROJ_AGENT_027348.TOMB

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan drops the following copies of itself into the affected system:

• %System Root%\Documents and Settings\wjcyl.exe
• %Windows%\msapps\xa.exe
• %Program Files%\Movie Maker\MUI\0409\daqlgp.scr
• %System Root%\System Volume Information\qx.scr
• %System Root%\System Volume Information\qxuda.scr
• %Program Files%\WinPcap\wq.scr
• %System Root%\Documents and Settings\jqvspj.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdab.exe
• %System Root%\System Volume Information\qxudab.scr
• %System Root%\System Volume Information\qxu.scr
• %Start Menu%\lnuryw.scr
• %System Root%\RECYCLER\urtd.scr
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdab.scr
• %Windows%\java\trustlib\jfas.scr
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabw.exe
• %Windows%\Media\daa.exe
• %System Root%\System Volume Information\qxu.exe
• %Program Files%\NetMeeting\ytx.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gda.scr
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdaiad.scr
• %System Root%\System Volume Information\qxud.exe
• %User Profile%\History.IE5\myheqq.scr
• %System Root%\ulr.scr
• %User Profile%\Local Settings\tbqnk.scr
• %Program Files%\iubgvp.exe
• %User Profile%\Cookies\ovgdae.exe
• %User Profile%\Cookies\dayv.exe
• %Program Files%\Outlook Express\daql.exe
• %Windows%\ukasfqw.exe
• %Program Files%\Internet Explorer\SIGNUP\vcwsf.scr
• %System Root%\RECYCLER\urtdada.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvd.scr
• %Windows%\Media\xaas.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdai.exe
• %User Profile%\Cookies\tbqnky.scr
• %Program Files%\Outlook Express\da.exe
• %Program Files%\Outlook Express\daql.scr
• %System Root%\ul.scr
• %Windows%\Downloaded Program Files\qpasfwp.scr
• %System Root%\System Volume Information\qxudabh.exe
• %Program Files%\Internet Explorer\Connection Wizard\ytxpj.exe
• %Temporary Internet Files%\Content.IE5\SMCZPN4M\ifjg.exe
• %System Root%\ulrnf.exe
• %Program Files%\microsoft frontpage\version3.0\bin\lmcdak.exe
• %Program Files%\NetMeeting\yt.scr
• %Windows%\msagent\chars\wuasf.scr
• %System Root%\System Volume Information\qxud.scr
• %User Profile%\S-1-5-19\wjcylgf.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdaia.exe
• %Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\lmcda.exe
• %Windows%\Downloaded Program Files\qp.scr
• %Windows%\pss\uk.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gda.exe
• %Windows%\pchealth\UploadLB\Config\qpas.exe
• %Windows%\twain_32\daa.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gd.scr
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabwks.scr
• %Program Files%\WindowsUpdate\qhmxpkh.exe
• %Windows%\pchealth\helpctr\Config\Cache\vpasfxu.exe
• %Windows%\twain_32\daasfna.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvda.exe
• %Windows%\inf\ukasfuo.scr
• %User Profile%\Cookies\tbqnkyk.exe
• %Program Files%\daq.exe
• %Windows%\Provisioning\Schemas\tfas.exe
• %System Root%\ulrnfx.scr
• %System Root%\System Volume Information\qx.exe
• %Windows%\Media\daasf.scr
• %Program Files%\MSN Gaming Zone\Windows\vcwsfkh.exe
• %System Root%\ulrnfx.exe
• %Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\rua.exe
• %Program Files%\daqlgp.exe
• %System Root%\RECYCLER\urtdad.scr
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yv.scr
• %Application Data%\Identities\{736CCBC7-ECC5-4A94-8856-77115D1B5FF1}\Microsoft\Outlook Express\rer.scr
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabwk.scr
• %User Profile%\Cookies\lnuryw.exe
• %Windows%\PeerNet\iaa.exe
• %Windows%\Tasks\daa.scr
• %Windows%\SoftwareDistribution\EventCache\vpasfw.exe
• %Program Files%\Windows Media Player\Sample Playlists\ytxpj.scr
• %User Profile%\Themes\vxpmtmp.scr
• %System Root%\ulrn.scr
• %Windows%\Offline Web Pages\qpas.exe
• %System Root%\System Volume Information\qxuda.exe
• %Program Files%\xerox\nwwia\qhmxpk.scr
• %Program Files%\Movie Maker\Shared\Profiles\tynutf.exe
• %User Profile%\Application Data\ln.exe
• %Program Files%\Windows NT\Accessories\aipocur.scr
• %Program Files%\ComPlus Applications\daql.scr
• %Program Files%\Movie Maker\Shared\Profiles\tynutfc.exe
• %Program Files%\xerox\nwwia\qhm.exe
• %Favorites%\Links\tbqn.scr
• %User Profile%\Cookies\tb.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yv.exe
• %Windows%\repair\xaasfc.exe
• %User Profile%\tbqnkyk.scr
• %User Profile%\CTLs\ifjgxpu.exe
• %User Profile%\NetHood\dayvnu.exe
• %Program Files%\microsoft frontpage\daqlgp.exe
• %System Root%\Documents and Settings\wjcylgf.scr
• %Windows%\Fonts\daasfw.scr
• %System Root%\ulr.exe
• %Windows%\Driver Cache\tf.scr
• %Windows%\repair\daas.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvda.scr
• %System Root%\System Volume Information\qxudab.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabw.scr
• %Program Files%\Movie Maker\MUI\0409\daql.scr
• %Windows%\Resources\Themes\Luna\Shell\NormalColor\lpa.scr
• %Windows%\Driver Cache\i386\qpasfda.exe
• %User Profile%\Media Player\htwt.scr
• %Windows%\srchasst\chars\jfasfd.scr
• %Program Files%\Internet Explorer\Connection Wizard\ytxpj.scr
• %Application Data%\ifjgxp.exe
• %User Profile%\Media Player\htwtgv.scr
• %Program Files%\daq.scr
• %Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\ruasf.exe
• %Program Files%\MSN\MSNCoreFiles\OOBE\da.scr
• %Program Files%\NetMeeting\ytxp.exe
• %Program Files%\Windows Media Player\Icons\fd.scr
• %Windows%\ukasfq.scr
• %Windows%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\iaasfkf.exe
• %Windows%\Registration\CRMLog\qpasfc.scr
• %Windows%\Config\iaasfwn.scr
• %Windows%\Tasks\xaasf.scr
• %Program Files%\Common Files\Services\daqlgpm.scr
• %Program Files%\Online Services\daqlgpm.scr
• %Start Menu%\Programs\Accessories\Entertainment\tbqnky.exe
• %Desktop%\phspr.exe
• %User Profile%\Recent\ygbxu.exe
• %Program Files%\WindowsUpdate\qhmxpk.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gd.exe
• %Program Files%\ComPlus Applications\daqlgpm.exe
• %User Profile%\Cookies\tbqnk.scr
• %Program Files%\Uninstall Information\daqlg.exe
• %Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe
• %Windows%\Fonts\daas.scr
• %Program Files%\WindowsUpdate\qh.scr
• %User Profile%\Application Data\tbqnky.exe
• %User Profile%\Application Data\tbqnkyk.exe
• %Program Files%\Movie Maker\MUI\0409\da.scr
• %Windows%\ukasf.scr
• %Windows%\SoftwareDistribution\DataStore\Logs\tfasf.exe
• %Windows%\Connection Wizard\qpasfwp.scr
• %User Profile%\Application Data\gikho.exe
• %Windows%\security\logs\wuas.exe
• %User Profile%\SendTo\ygbxu.scr
• %User Profile%\Cookies\day.scr
• %Favorites%\tbqnkyk.exe
• %User Profile%\dayvn.exe
• %Windows%\SoftwareDistribution\SelfUpdate\vp.scr
• %Favorites%\Links\tbqnky.exe
• %Windows%\mui\uk.exe
• %Program Files%\Internet Explorer\PLUGINS\vcwsf.scr
• %System Root%\ulrnf.scr
• %Windows%\Cursors\xaas.exe
• %Program Files%\MSN\MSNCoreFiles\daqlgp.scr
• %System Root%\ulrnfxp.exe
• %Program Files%\Online Services\da.exe
• %System Root%\ulrn.exe
• %Program Files%\MSN Gaming Zone\Windows\vcw.scr
• %User Profile%\qsfcjr.exe
• %Program Files%\Windows Media Player\Skins\fdajr.exe
• %Windows%\Config\iaasfw.exe
• %User Profile%\Themes\vx.exe
• %User Profile%\Templates\lnur.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdaia.scr
• %Program Files%\Movie Maker\Shared\Profiles\tynut.exe
• %Windows%\Cursors\daa.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvd.exe
• %Desktop%\ygbxutk.scr
• %Favorites%\Links\gikhocp.scr
• %User Profile%\History.IE5\wjcylg.exe
• %User Profile%\Templates\tbqn.scr
• %User Temp%\tb.scr
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabwk.exe
• %Program Files%\Windows Media Player\Icons\fda.exe
• %Windows%\ukasf.exe
• %User Profile%\Microsoft\my.exe
• %User Profile%\Templates\lnu.exe
• %Windows%\srchasst\mui\0409\qpas.exe
• %Windows%\inf\ukas.scr
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdai.scr
• %Program Files%\Uninstall Information\daqlgp.exe
• %User Profile%\Microsoft\myh.scr
• %User Profile%\DRM\nktqiku.exe
• %Windows%\PeerNet\xaa.scr
• %Windows%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\iaasfk.scr
• %Windows%\SoftwareDistribution\EventCache\vpasfwe.exe
• %Program Files%\Messenger\jjsf.exe
• %Windows%\Web\printers\images\qpas.exe
• %User Profile%\Cookies\tbqn.exe
• %User Profile%\Media Player\vxpmtm.exe
• %User Profile%\History.IE5\wjcy.scr
• %Windows%\PeerNet\iaasfcl.exe
• %Windows%\AppPatch\daas.scr
• %Windows%\Provisioning\Schemas\tf.exe
• %Program Files%\Outlook Express\daq.exe
• %System Root%\RECYCLER\ur.scr
• %Program Files%\Common Files\qhmx.scr
• %Windows%\Help\Tours\WindowsMediaPlayer\Img\Btn\lpasfcn.scr
• %Program Files%\microsoft frontpage\version3.0\bin\lmc.exe
• %Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\ruasfu.scr
• %System Root%\ulrnfxp.scr
• %Program Files%\Common Files\Microsoft Shared\Web Folders\lmcdak.exe
• %Program Files%\microsoft frontpage\version3.0\bin\lmcd.exe
• %Program Files%\Common Files\MSSoap\Binaries\Resources\1033\ty.exe
• %Program Files%\ComPlus Applications\daqlg.exe
• %Windows%\pchealth\UploadLB\qpasfx.scr
• %Program Files%\xf.exe
• %System Root%\System Volume Information\qxudabh.scr
• %Program Files%\xf.scr
• %Program Files%\Common Files\Microsoft Shared\Web Folders\lmcda.exe
• %Temp%\Cookies\tfasf.scr
• %Program Files%\Common Files\SpeechEngines\Microsoft\Lexicon\1033\mbt.exe
• %Windows%\msapps\msinfo\wuasf.exe
• %Windows%\twain_32\daa.scr
• %Favorites%\Links\gikho.scr
• %User Profile%\Recent\tbq.exe
• %Program Files%\WinPcap\jjsfofc.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabwks.exe
• %System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdaiad.exe
• %Program Files%\Windows NT\Accessories\aipocur.exe
• %Temp%\History\tfasfc.scr
• %Program Files%\MSN\tynu.exe
• %User Profile%\CRLs\dayvnu.exe
• %User Profile%\MSHist012010122820101229\gik.exe
• %System Root%\ul.exe
• %Program Files%\MSN Gaming Zone\Windows\vcws.exe
• %System Root%\Documents and Settings\spe.scr
• %User Profile%\NetHood\day.scr
• %Desktop%\ovgda.exe
• %Windows%\java\classes\tfas.exe
• %User Profile%\Cookies\tbqnkyk.scr
• %Windows%\Config\iaas.exe
• %Windows%\ukasfqw.scr
• %Program Files%\WinPcap\sk.scr
• %User Profile%\Templates\gikhocp.exe
• %Windows%\Resources\Themes\Luna\Shell\NormalColor\lpas.exe
• %Program Files%\Common Files\ODBC\Data Sources\oeda.exe
• %Program Files%\Windows NT\Accessories\aipo.scr
• %User Profile%\PrintHood\gi.scr
• %Program Files%\Windows Media Player\Skins\fdaj.scr
• %Windows%\Connection Wizard\qp.scr
• %User Profile%\Cookies\tbqnk.exe
• %Windows%\java\classes\tf.exe
• %Program Files%\xfgqqpm.scr
• %Program Files%\Outlook Express\daqlgpm.exe
• %Start Menu%\Programs\Accessories\System Tools\vx.scr
• %User Profile%\Media Player\vxpmt.scr
• %Program Files%\Online Services\daq.scr
• %Favorites%\Links\gikhocp.exe
• %Program Files%\Windows NT\Accessories\aipo.exe
• %Windows%\addins\daasfa.exe
• %Program Files%\Common Files\Services\daq.scr
• %Windows%\Fonts\xaas.scr
• %System Root%\Documents and Settings\wjcylg.exe
• %User Profile%\S-1-5-19\wjcyl.scr
• %Program Files%\MSN Gaming Zone\Windows\vcwsf.scr
• %Program Files%\Internet Explorer\PLUGINS\vcw.scr
• %Start Menu%\Programs\Accessories\Entertainment\vxpmtmp.scr
• %Desktop%\fwxu.exe
• %Program Files%\ComPlus Applications\daqlg.scr
• %User Profile%\Recent\tbqn.scr
• %Windows%\Media\xaasfc.exe
• %Program Files%\Messenger\skvvbp.scr
• %Windows%\uk.exe
• %User Profile%\Cookies\lnurywp.exe
• %Desktop%\yg.scr
• %System Root%\RECYCLER\urtdad.exe
• %Program Files%\Windows NT\Pinball\qh.scr
• %Windows%\mui\uka.exe
• %User Profile%\Cookies\tbq.scr
• %Windows%\Help\Tours\htmlTour\qpas.exe
• %Program Files%\WindowsUpdate\qhmx.scr
• %Desktop%\tb.exe
• %Program Files%\ComPlus Applications\daqlgp.scr
• %System%\Setup\wuas.scr
• %Windows%\Provisioning\Schemas\tfa.scr
• %User Profile%\Local Settings\yg.scr
• %Windows%\twain_32\daas.scr
• %Windows%\Cursors\iaasfj.scr
• %User Profile%\Templates\lnuryw.scr
• %System Root%\RECYCLER\urtda.scr
• %Temp%\DF51.tmp\sa.exe
• %Program Files%\MSN\MSNCoreFiles\OOBE\daqlg.exe
• %Program Files%\iu.exe
• %User Temp%\lnury.scr
• %Windows%\Web\Wallpaper\wuas.exe
• %Windows%\Offline Web Pages\qpasf.exe
• %System Root%\Documents and Settings\spebsf.scr
• %Temporary Internet Files%\Content.IE5\SMCZPN4M\day.exe
• %System%\iaasfry.scr
• %User Profile%\Address Book\tbq.scr
• %User Temp%\lnur.scr
• %Program Files%\Messenger\skvvbpm.scr
• %Program Files%\Common Files\ODBC\Data Sources\psuywu.scr
• %Windows%\PeerNet\iaas.scr
• %User Profile%\Media Player\ht.scr
• %Windows%\ehome\xaasf.scr
• %Windows%\security\Database\qpas.exe
• %User Profile%\qs.scr
• %Program Files%\xerox\mbtcs.exe
• %User Profile%\Microsoft\myheq.exe
• %Windows%\ime\imkr6_1\dicts\qpa.scr
• %Windows%\Driver Cache\i386\qpa.scr
• %Program Files%\xfgqq.exe
• %Program Files%\xfgqqp.exe
• %Windows%\Config\iaa.exe
• %Application Data%\Identities\{736CCBC7-ECC5-4A94-8856-77115D1B5FF1}\Microsoft\Outlook Express\rerob.exe
• %Windows%\PeerNet\xa.scr
• %User Profile%\{736CCBC7-ECC5-4A94-8856-77115D1B5FF1}\my.scr
• %Program Files%\microsoft frontpage\version3.0\bin\lmcda.exe
• %Windows%\msapps\msinfo\wuasff.scr
• %Program Files%\WindowsUpdate\qhmxp.scr
• %User Profile%\SendTo\ygbxut.scr
• %Windows%\ukasfq.exe
• %Windows%\Tasks\iaasft.scr
• %Windows%\mui\uk.scr
• %Windows%\Cursors\iaa.scr
• %User Profile%\Default Pictures\dayv.scr
• %Windows%\addins\xaasfak.exe
• %Program Files%\Common Files\qhmxp.scr
• %Windows%\repair\xa.scr
• %User Profile%\SendTo\tb.exe
• %Program Files%\Online Services\daqlgp.scr
• %Program Files%\Online Services\daql.scr
• %Program Files%\Common Files\MSSoap\Binaries\Resources\gr.scr
• %System%\xaasfry.scr
• %Program Files%\ComPlus Applications\daqlgpm.scr
• %Program Files%\Online Services\daql.exe
• %Windows%\Offline Web Pages\qpasf.scr
• %Program Files%\MSN Gaming Zone\Windows\vc.exe
• %User Profile%\History.IE5\myh.exe
• %Windows%\msagent\chars\saa.exe
• %Windows%\addins\iaasfa.scr
• %Windows%\Resources\Themes\Luna\Shell\Metallic\pkasfco.exe
• %Program Files%\Windows Media Player\Sample Playlists\ytxpjfc.scr
• %User Profile%\Media Index\wjcyl.scr
• %User Profile%\My Music\myh.exe
• %User Profile%\PrintHood\arnkm.exe
• %System Root%\Documents and Settings\sp.exe
• %Program Files%\Common Files\qhmxpkh.scr
• %Windows%\Offline Web Pages\qpasfei.scr
• %User Profile%\vx.scr
• %Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\lmcdak.scr
• %Windows%\inf\uk.exe
• %Windows%\msapps\msinfo\wuasffy.exe
• %Program Files%\Internet Explorer\SIGNUP\vcwsf.exe
• %User Profile%\Cookies\ygbxu.scr
• %Desktop%\dayv.scr
• %User Profile%\dayvnuu.scr
• %User Profile%\Cookies\lnury.exe
• %System Root%\Documents and Settings\wj.scr
• %Windows%\SoftwareDistribution\EventCache\vpas.exe
• %Program Files%\xfgqqpm.exe
• %Windows%\ehome\da.exe
• %Desktop%\tbqnk.exe
• %User Profile%\SystemCertificates\tbqnky.scr
• %System%\ias\tfas.scr
• %User Profile%\Recent\dayvnu.scr
• %Program Files%\xerox\nwwia\qhmx.exe
• %User Profile%\PrintHood\arn.exe
• %Windows%\Driver Cache\i386\qpasfd.exe
• %User Profile%\Application Data\tbqn.scr
• %Windows%\msagent\chars\saasf.exe
• %Program Files%\Uninstall Information\daqlgpm.scr
• %Program Files%\MSN\MSNCoreFiles\OOBE\daq.scr
• %User Profile%\My Music\tbqnk.exe
• %Windows%\Media\xa.exe
• %User Profile%\Templates\gikhocp.scr
• %Program Files%\MSN Gaming Zone\Windows\vcwsfkh.scr
• %Favorites%\Links\ygbxutk.exe
• %Program Files%\Outlook Express\da.scr
• %User Profile%\Recent\tbq.scr
• %Program Files%\WindowsUpdate\qhmxpkh.scr
• %User Profile%\History.IE5\myhe.exe
• %Program Files%\ComPlus Applications\da.scr
• %Windows%\Web\printers\images\qpa.scr
• %Windows%\Prefetch\daa.exe
• %Program Files%\xerox\nwwia\qhmxpk.exe
• %Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\ruasfuw.exe
• %Program Files%\Messenger\skvvb.scr
• %Windows%\Media\xaasf.exe
• %Windows%\twain_32\daasf.scr
• %Start Menu%\Programs\lnury.exe
• %Program Files%\NetMeeting\ytxpjfc.exe
• %Windows%\Config\daas.scr
• %Program Files%\xerox\nwwia\qhmxpkh.scr
• %Program Files%\MSN Gaming Zone\Windows\vcw.exe
• %Program Files%\microsoft frontpage\daqlgp.scr
• %Program Files%\Internet Explorer\SIGNUP\vcwsfk.exe
• %Windows%\addins\daasf.exe
• %Windows%\SoftwareDistribution\EventCache\vpasfwe.scr
• %Program Files%\iub.scr
• %Windows%\Provisioning\Schemas\tfasfda.exe
• %User Profile%\MSHist012010121320101214\arnk.exe
• %User Profile%\Recent\tb.scr
• %Windows%\Resources\uk.scr
• %Windows%\Resources\Themes\Luna\Shell\Homestead\lpasfc.exe
• %User Temp%\lnu.scr
• %Program Files%\xerox\nwwia\qhm.scr
• %Favorites%\Links\tbqnkyk.exe
• %Windows%\java\trustlib\wua.exe
• %Program Files%\Uninstall Information\daql.scr
• %Program Files%\WindowsUpdate\qhm.scr
• %User Profile%\DRM\arnkm.scr
• %Windows%\msapps\msinfo\wuas.exe
• %User Profile%\{341F68BA-C841-4200-A7B4-3D5CFF202166}\lnurywp.scr
• %Windows%\ehome\xaa.exe
• %Program Files%\NetMeeting\ytxpjfc.scr
• %Windows%\PeerNet\xaasfcl.exe
• %Program Files%\xerox\nwwia\qhmx.scr
• %Windows%\ehome\xaasfiu.exe
• %Windows%\java\classes\tfasftc.scr
• %User Profile%\SendTo\ygbx.exe
• %User Profile%\Recent\dayv.exe
• %Temporary Internet Files%\tbq.exe
• %Windows%\Debug\UserMode\ukasfc.exe
• %System Root%\Documents and Settings\umdacsa.exe
• %Favorites%\tbq.scr
• %User Profile%\My Videos\gikh.exe
• %User Profile%\PrintHood\ln.exe
• %Program Files%\Movie Maker\MUI\0409\daq.scr
• %Program Files%\microsoft frontpage\version3.0\bin\lmcd.scr
• %Program Files%\xerox\nwwia\qh.scr
• %User Profile%\PrintHood\lnur.exe
• %Windows%\pchealth\UploadLB\Config\qpasf.scr
• %Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\ruasfuw.exe
• %Windows%\Tasks\xaa.scr
• %Windows%\Media\daas.exe
• %Program Files%\daql.exe
• %User Profile%\Templates\tbqnky.scr
• %User Profile%\NetHood\ygbxut.exe
• %Program Files%\Messenger\wqorx.scr
• %System%\iaas.exe
• %Program Files%\Windows Media Player\Visualizations\yt.exe
• %User Profile%\DRM\arnkm.exe

(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.. %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.. %Program Files% is the default Program Files folder, usually C:\Program Files.. %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Profiles\{user name}\Start Menu on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu on Windows NT and C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003.. %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT, and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.. %Application Data% is the current user's Application Data folder, which is usually C:\Windows\Profiles\{user name}\Application Data on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Application Data on Windows NT, and C:\Documents and Settings\{user name}\Local Settings\Application Data on Windows 2000, XP, and Server 2003.. %Favorites% is the current user's Favorites folder, which is usually C:\Windows\Favorites on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Favorites on Windows NT, and C:\Documents and Settings\{user name}\Favorites on Windows 2000, XP, and Server 2003.. %Desktop% is the current user's desktop, which is usually C:\Windows\Profiles\{user name}\Desktop on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Desktop on Windows NT, and C:\Documents and Settings\{User Name}\Desktop on Windows 2000, XP, and Server 2003.. %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.. %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.. %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)

Autostart Technique

This Trojan adds the following registry entries to enable its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "{malware path and file name}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "{malware path and file name}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "{malware path and file name}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "{malware path and file name}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "{malware path and file name}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "{malware path and file name}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\Documents and Settings\wjcyl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\Documents and Settings\wjcyl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\Documents and Settings\wjcyl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\Documents and Settings\wjcyl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\Documents and Settings\wjcyl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\Documents and Settings\wjcyl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\msapps\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\msapps\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\msapps\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\msapps\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\msapps\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\msapps\xa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "{malware path and file name}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\Documents and Settings\jqvspj.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\Documents and Settings\jqvspj.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\Documents and Settings\jqvspj.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\Documents and Settings\jqvspj.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\Documents and Settings\jqvspj.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\Documents and Settings\jqvspj.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Media\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Media\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Media\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Media\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Media\daa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\NetMeeting\ytx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\NetMeeting\ytx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\NetMeeting\ytx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\NetMeeting\ytx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\NetMeeting\ytx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdab.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdab.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\iubgvp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\iubgvp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\iubgvp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\iubgvp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\iubgvp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\iubgvp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\ovgdae.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\ovgdae.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Cookies\ovgdae.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\ovgdae.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\ovgdae.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Cookies\ovgdae.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\ovgdae.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Cookies\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Cookies\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\dayv.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Outlook Express\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Outlook Express\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Outlook Express\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Outlook Express\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Outlook Express\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Outlook Express\daql.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\ukasfqw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\ukasfqw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\ukasfqw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\ukasfqw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\ukasfqw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\ukasfqw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\ukasfqw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\RECYCLER\urtdada.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\urtdada.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\RECYCLER\urtdada.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\RECYCLER\urtdada.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\urtdada.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\RECYCLER\urtdada.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\RECYCLER\urtdada.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\RECYCLER\urtdada.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Media\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Media\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Media\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Media\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Media\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Media\xaas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdai.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdai.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Outlook Express\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Outlook Express\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Outlook Express\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Outlook Express\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Outlook Express\da.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Internet Explorer\Connection Wizard\ytxpj.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Internet Explorer\Connection Wizard\ytxpj.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Internet Explorer\Connection Wizard\ytxpj.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\ifjg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\ifjg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\ifjg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\ifjg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\ifjg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\ulrnf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\ulrnf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\ulrnf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\ulrnf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\ulrnf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\ulrnf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\microsoft frontpage\version3.0\bin\lmcdak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\microsoft frontpage\version3.0\bin\lmcdak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\microsoft frontpage\version3.0\bin\lmcdak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\microsoft frontpage\version3.0\bin\lmcdak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\microsoft frontpage\version3.0\bin\lmcdak.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\S-1-5-19\wjcylgf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\S-1-5-19\wjcylgf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\S-1-5-19\wjcylgf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\S-1-5-19\wjcylgf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\S-1-5-19\wjcylgf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\S-1-5-19\wjcylgf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\S-1-5-19\wjcylgf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdaia.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdaia.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\lmcda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\pss\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\pss\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\pss\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\pss\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\pss\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\pss\uk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\pchealth\UploadLB\Config\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\pchealth\UploadLB\Config\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\pchealth\UploadLB\Config\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\pchealth\UploadLB\Config\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\pchealth\UploadLB\Config\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\pchealth\UploadLB\Config\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\pchealth\UploadLB\Config\qpas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\twain_32\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\twain_32\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\twain_32\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\twain_32\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\twain_32\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\twain_32\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\twain_32\daa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\WindowsUpdate\qhmxpkh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\WindowsUpdate\qhmxpkh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\WindowsUpdate\qhmxpkh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\WindowsUpdate\qhmxpkh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\WindowsUpdate\qhmxpkh.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\pchealth\helpctr\Config\Cache\vpasfxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\pchealth\helpctr\Config\Cache\vpasfxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\pchealth\helpctr\Config\Cache\vpasfxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\pchealth\helpctr\Config\Cache\vpasfxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\pchealth\helpctr\Config\Cache\vpasfxu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\twain_32\daasfna.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\twain_32\daasfna.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\twain_32\daasfna.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\twain_32\daasfna.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\twain_32\daasfna.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Cookies\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Cookies\tbqnkyk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\daq.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Provisioning\Schemas\tfas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Provisioning\Schemas\tfas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Provisioning\Schemas\tfas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Provisioning\Schemas\tfas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Provisioning\Schemas\tfas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Provisioning\Schemas\tfas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN Gaming Zone\Windows\vcwsfkh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\MSN Gaming Zone\Windows\vcwsfkh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN Gaming Zone\Windows\vcwsfkh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN Gaming Zone\Windows\vcwsfkh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\MSN Gaming Zone\Windows\vcwsfkh.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\ulrnfx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\ulrnfx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\ulrnfx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\ulrnfx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\ulrnfx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\ulrnfx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\rua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\rua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\rua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\rua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\rua.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\daqlgp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Cookies\lnuryw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Cookies\lnuryw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\lnuryw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Cookies\lnuryw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\lnuryw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\lnuryw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\PeerNet\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\PeerNet\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\PeerNet\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\PeerNet\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\PeerNet\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\PeerNet\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\PeerNet\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\PeerNet\iaa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\SoftwareDistribution\EventCache\vpasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\SoftwareDistribution\EventCache\vpasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\SoftwareDistribution\EventCache\vpasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\SoftwareDistribution\EventCache\vpasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\SoftwareDistribution\EventCache\vpasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\SoftwareDistribution\EventCache\vpasfw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Offline Web Pages\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Offline Web Pages\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Offline Web Pages\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Offline Web Pages\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Offline Web Pages\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Offline Web Pages\qpas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Movie Maker\Shared\Profiles\tynutf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Movie Maker\Shared\Profiles\tynutf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Movie Maker\Shared\Profiles\tynutf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Movie Maker\Shared\Profiles\tynutf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Movie Maker\Shared\Profiles\tynutf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Movie Maker\Shared\Profiles\tynutf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Movie Maker\Shared\Profiles\tynutf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Application Data\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Application Data\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Application Data\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Application Data\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Application Data\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Application Data\ln.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Movie Maker\Shared\Profiles\tynutfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Movie Maker\Shared\Profiles\tynutfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Movie Maker\Shared\Profiles\tynutfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Movie Maker\Shared\Profiles\tynutfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Movie Maker\Shared\Profiles\tynutfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Movie Maker\Shared\Profiles\tynutfc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\xerox\nwwia\qhm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\xerox\nwwia\qhm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\xerox\nwwia\qhm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\xerox\nwwia\qhm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\xerox\nwwia\qhm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\xerox\nwwia\qhm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xerox\nwwia\qhm.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Cookies\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Cookies\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yv.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\repair\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\repair\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\repair\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\repair\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\repair\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\repair\xaasfc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\CTLs\ifjgxpu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\CTLs\ifjgxpu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\CTLs\ifjgxpu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\CTLs\ifjgxpu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\NetHood\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\NetHood\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\NetHood\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\NetHood\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\NetHood\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\NetHood\dayvnu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\microsoft frontpage\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\microsoft frontpage\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\microsoft frontpage\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\microsoft frontpage\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\microsoft frontpage\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\microsoft frontpage\daqlgp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\ulr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\ulr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\ulr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\ulr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\ulr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\ulr.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\repair\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\repair\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\repair\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\repair\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\repair\daas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Driver Cache\i386\qpasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Driver Cache\i386\qpasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Driver Cache\i386\qpasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Driver Cache\i386\qpasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Driver Cache\i386\qpasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Driver Cache\i386\qpasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Driver Cache\i386\qpasfda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Application Data%\ifjgxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Application Data%\ifjgxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Application Data%\ifjgxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Application Data%\ifjgxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Application Data%\ifjgxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Application Data%\ifjgxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\ruasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\ruasf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\NetMeeting\ytxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\NetMeeting\ytxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\NetMeeting\ytxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\NetMeeting\ytxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\NetMeeting\ytxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\NetMeeting\ytxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\NetMeeting\ytxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\NetHood\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\NetHood\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\NetHood\dayvnu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Start Menu%\Programs\Accessories\Entertainment\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Start Menu%\Programs\Accessories\Entertainment\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Start Menu%\Programs\Accessories\Entertainment\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Start Menu%\Programs\Accessories\Entertainment\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Start Menu%\Programs\Accessories\Entertainment\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Start Menu%\Programs\Accessories\Entertainment\tbqnky.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Desktop%\phspr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Desktop%\phspr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Desktop%\phspr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Desktop%\phspr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Desktop%\phspr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Desktop%\phspr.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Recent\ygbxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Recent\ygbxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Recent\ygbxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Recent\ygbxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Recent\ygbxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Recent\ygbxu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gd.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\ComPlus Applications\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\ComPlus Applications\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\ComPlus Applications\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\ComPlus Applications\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\ComPlus Applications\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\ComPlus Applications\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\ComPlus Applications\daqlgpm.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Uninstall Information\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Uninstall Information\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Uninstall Information\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Uninstall Information\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Uninstall Information\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Uninstall Information\daqlg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Application Data\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Application Data\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Application Data\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Application Data\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Application Data\tbqnky.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Application Data\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Application Data\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Application Data\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Application Data\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Application Data\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Application Data\tbqnkyk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\SoftwareDistribution\DataStore\Logs\tfasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\SoftwareDistribution\DataStore\Logs\tfasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\SoftwareDistribution\DataStore\Logs\tfasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\SoftwareDistribution\DataStore\Logs\tfasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\SoftwareDistribution\DataStore\Logs\tfasf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Application Data\gikho.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Application Data\gikho.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Application Data\gikho.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Application Data\gikho.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Application Data\gikho.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\security\logs\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\security\logs\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\security\logs\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\security\logs\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\security\logs\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\security\logs\wuas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Startup%\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Startup%\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Startup%\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Startup%\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Startup%\ln.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Favorites%\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Favorites%\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Favorites%\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Favorites%\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Favorites%\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Favorites%\tbqnkyk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\dayvn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\dayvn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\dayvn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\dayvn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\dayvn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\dayvn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\dayvn.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Favorites%\Links\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Favorites%\Links\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Favorites%\Links\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Favorites%\Links\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Favorites%\Links\tbqnky.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Favorites%\Links\tbqnky.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\mui\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\mui\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\mui\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\mui\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\mui\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\mui\uk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Cursors\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Cursors\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Cursors\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Cursors\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Cursors\xaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Cursors\xaas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\ulrnfxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\ulrnfxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\ulrnfxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\ulrnfxp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Online Services\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Online Services\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Online Services\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Online Services\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Online Services\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Online Services\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Online Services\da.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\ulrn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\ulrn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\ulrn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\ulrn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\ulrn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\ulrn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\ulrn.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\qsfcjr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\qsfcjr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\qsfcjr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\qsfcjr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\qsfcjr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\qsfcjr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\qsfcjr.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Windows Media Player\Skins\fdajr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Windows Media Player\Skins\fdajr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Windows Media Player\Skins\fdajr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Windows Media Player\Skins\fdajr.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Windows Media Player\Skins\fdajr.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Config\iaasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Config\iaasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Config\iaasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Config\iaasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Config\iaasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Config\iaasfw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Themes\vx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Themes\vx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Themes\vx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Themes\vx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Themes\vx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Themes\vx.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Templates\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Templates\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Templates\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Templates\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Templates\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Templates\lnur.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Movie Maker\Shared\Profiles\tynut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Movie Maker\Shared\Profiles\tynut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Movie Maker\Shared\Profiles\tynut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Movie Maker\Shared\Profiles\tynut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Movie Maker\Shared\Profiles\tynut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Movie Maker\Shared\Profiles\tynut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Movie Maker\Shared\Profiles\tynut.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Cursors\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Cursors\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Cursors\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Cursors\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Cursors\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Cursors\daa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvd.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\History.IE5\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\History.IE5\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\History.IE5\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\History.IE5\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\History.IE5\wjcylg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdaia.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\ulrnfxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\ulrnfxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\ulrnfxp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabwk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabwk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Windows Media Player\Icons\fda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Windows Media Player\Icons\fda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Windows Media Player\Icons\fda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Windows Media Player\Icons\fda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Windows Media Player\Icons\fda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Windows Media Player\Icons\fda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\ukasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\ukasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\ukasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\ukasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\ukasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\ukasf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Microsoft\my.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Microsoft\my.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Microsoft\my.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Microsoft\my.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Microsoft\my.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Templates\lnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Templates\lnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Templates\lnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Templates\lnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Templates\lnu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\srchasst\mui\0409\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\srchasst\mui\0409\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\srchasst\mui\0409\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\srchasst\mui\0409\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\srchasst\mui\0409\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\srchasst\mui\0409\qpas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Uninstall Information\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Uninstall Information\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Uninstall Information\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Uninstall Information\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Uninstall Information\daqlgp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\DRM\nktqiku.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\DRM\nktqiku.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\DRM\nktqiku.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\DRM\nktqiku.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\DRM\nktqiku.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\DRM\nktqiku.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\SoftwareDistribution\EventCache\vpasfwe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\SoftwareDistribution\EventCache\vpasfwe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\SoftwareDistribution\EventCache\vpasfwe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\SoftwareDistribution\EventCache\vpasfwe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\SoftwareDistribution\EventCache\vpasfwe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\SoftwareDistribution\EventCache\vpasfwe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\SoftwareDistribution\EventCache\vpasfwe.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Messenger\jjsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Messenger\jjsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Messenger\jjsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Messenger\jjsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Messenger\jjsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Messenger\jjsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Messenger\jjsf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Web\printers\images\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Web\printers\images\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Web\printers\images\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Web\printers\images\qpas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Cookies\tbqn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\tbqn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Cookies\tbqn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\tbqn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Cookies\tbqn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\tbqn.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Media Player\vxpmtm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Media Player\vxpmtm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Media Player\vxpmtm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Media Player\vxpmtm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Media Player\vxpmtm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Media Player\vxpmtm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Media Player\vxpmtm.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\PeerNet\iaasfcl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\PeerNet\iaasfcl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\PeerNet\iaasfcl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\PeerNet\iaasfcl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\PeerNet\iaasfcl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\WindowsUpdate\qhmxpk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Provisioning\Schemas\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Provisioning\Schemas\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Provisioning\Schemas\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Provisioning\Schemas\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Provisioning\Schemas\tf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Outlook Express\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Outlook Express\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Outlook Express\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Outlook Express\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Outlook Express\daq.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\microsoft frontpage\version3.0\bin\lmc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Common Files\Microsoft Shared\Web Folders\lmcdak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Common Files\Microsoft Shared\Web Folders\lmcdak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Common Files\Microsoft Shared\Web Folders\lmcdak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Common Files\Microsoft Shared\Web Folders\lmcdak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Common Files\Microsoft Shared\Web Folders\lmcdak.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\microsoft frontpage\version3.0\bin\lmcd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\microsoft frontpage\version3.0\bin\lmcd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\microsoft frontpage\version3.0\bin\lmcd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\microsoft frontpage\version3.0\bin\lmcd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\microsoft frontpage\version3.0\bin\lmcd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\microsoft frontpage\version3.0\bin\lmcd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\microsoft frontpage\version3.0\bin\lmcd.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\daqlgp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\daqlgp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Common Files\MSSoap\Binaries\Resources\1033\ty.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Common Files\MSSoap\Binaries\Resources\1033\ty.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Common Files\MSSoap\Binaries\Resources\1033\ty.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Common Files\MSSoap\Binaries\Resources\1033\ty.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\ComPlus Applications\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\ComPlus Applications\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\ComPlus Applications\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\ComPlus Applications\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\ComPlus Applications\daqlg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\xf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\xf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\xf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\xf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\xf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Common Files\Microsoft Shared\Web Folders\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Common Files\Microsoft Shared\Web Folders\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Common Files\Microsoft Shared\Web Folders\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Common Files\SpeechEngines\Microsoft\Lexicon\1033\mbt.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Common Files\SpeechEngines\Microsoft\Lexicon\1033\mbt.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\msapps\msinfo\wuasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\msapps\msinfo\wuasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\msapps\msinfo\wuasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\msapps\msinfo\wuasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\msapps\msinfo\wuasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\msapps\msinfo\wuasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\msapps\msinfo\wuasf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\dayvn.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Recent\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Recent\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Recent\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Recent\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Recent\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Recent\tbq.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\WinPcap\jjsfofc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\WinPcap\jjsfofc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\WinPcap\jjsfofc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\WinPcap\jjsfofc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\WinPcap\jjsfofc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\WinPcap\jjsfofc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\WinPcap\jjsfofc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabwks.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\yvdaiad.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Windows NT\Accessories\aipocur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Windows NT\Accessories\aipocur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Windows NT\Accessories\aipocur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Windows NT\Accessories\aipocur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Windows NT\Accessories\aipocur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Windows NT\Accessories\aipocur.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN\tynu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN\tynu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\MSN\tynu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN\tynu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\CRLs\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\CRLs\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\CRLs\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\CRLs\dayvnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\CRLs\dayvnu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\MSHist012010122820101229\gik.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\MSHist012010122820101229\gik.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\MSHist012010122820101229\gik.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\MSHist012010122820101229\gik.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\MSHist012010122820101229\gik.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\MSHist012010122820101229\gik.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\ul.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\ul.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\ul.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\ul.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\ul.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\MSN Gaming Zone\Windows\vcws.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN Gaming Zone\Windows\vcws.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN Gaming Zone\Windows\vcws.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\MSN Gaming Zone\Windows\vcws.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\MSN Gaming Zone\Windows\vcws.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\MSN Gaming Zone\Windows\vcws.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\MSN Gaming Zone\Windows\vcws.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Outlook Express\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Outlook Express\da.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Desktop%\ovgda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Desktop%\ovgda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Desktop%\ovgda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Desktop%\ovgda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Desktop%\ovgda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Desktop%\ovgda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\java\classes\tfas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\java\classes\tfas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\java\classes\tfas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\java\classes\tfas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Config\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Config\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Config\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Config\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Config\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Config\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Config\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Config\iaas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Templates\gikhocp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Templates\gikhocp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Templates\gikhocp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Templates\gikhocp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Templates\gikhocp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Resources\Themes\Luna\Shell\NormalColor\lpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Resources\Themes\Luna\Shell\NormalColor\lpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Resources\Themes\Luna\Shell\NormalColor\lpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Resources\Themes\Luna\Shell\NormalColor\lpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Resources\Themes\Luna\Shell\NormalColor\lpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Resources\Themes\Luna\Shell\NormalColor\lpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Resources\Themes\Luna\Shell\NormalColor\lpas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Common Files\ODBC\Data Sources\oeda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Common Files\ODBC\Data Sources\oeda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Common Files\ODBC\Data Sources\oeda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Common Files\ODBC\Data Sources\oeda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Common Files\ODBC\Data Sources\oeda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Common Files\ODBC\Data Sources\oeda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Cookies\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Cookies\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\tbqnk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\java\classes\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\java\classes\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\java\classes\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\java\classes\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\java\classes\tf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\java\classes\tf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gd.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Outlook Express\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Outlook Express\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Outlook Express\daqlgpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Outlook Express\daqlgpm.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Favorites%\Links\gikhocp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Favorites%\Links\gikhocp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Favorites%\Links\gikhocp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Favorites%\Links\gikhocp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Favorites%\Links\gikhocp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Windows NT\Accessories\aipo.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Windows NT\Accessories\aipo.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Windows NT\Accessories\aipo.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Windows NT\Accessories\aipo.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Windows NT\Accessories\aipo.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Windows NT\Accessories\aipo.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\addins\daasfa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\addins\daasfa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\addins\daasfa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\addins\daasfa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\addins\daasfa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\addins\daasfa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\addins\daasfa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\Documents and Settings\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\Documents and Settings\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\Documents and Settings\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\Documents and Settings\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\Documents and Settings\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\Documents and Settings\wjcylg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\Documents and Settings\wjcylg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\tb.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Desktop%\fwxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Desktop%\fwxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Desktop%\fwxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Desktop%\fwxu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Desktop%\fwxu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Media\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Media\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Media\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Media\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Media\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Media\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Media\xaasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Media\xaasfc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\uk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Cookies\lnurywp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Cookies\lnurywp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Cookies\lnurywp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\lnurywp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\lnurywp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\lnurywp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\urtdad.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\RECYCLER\urtdad.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\RECYCLER\urtdad.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\RECYCLER\urtdad.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\RECYCLER\urtdad.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\RECYCLER\urtdad.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\mui\uka.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\mui\uka.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\mui\uka.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\mui\uka.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\mui\uka.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\mui\uka.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Help\Tours\htmlTour\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Help\Tours\htmlTour\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Help\Tours\htmlTour\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Help\Tours\htmlTour\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Help\Tours\htmlTour\qpas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Desktop%\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Desktop%\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Desktop%\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Desktop%\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Desktop%\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Desktop%\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Desktop%\tb.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Temp%\DF51.tmp\sa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Temp%\DF51.tmp\sa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Temp%\DF51.tmp\sa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Temp%\DF51.tmp\sa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Temp%\DF51.tmp\sa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN\MSNCoreFiles\OOBE\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN\MSNCoreFiles\OOBE\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\MSN\MSNCoreFiles\OOBE\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN\MSNCoreFiles\OOBE\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\MSN\MSNCoreFiles\OOBE\daqlg.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\MSN\MSNCoreFiles\OOBE\daqlg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\iu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\iu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\iu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\iu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\iu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\iu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Web\Wallpaper\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Web\Wallpaper\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Web\Wallpaper\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Web\Wallpaper\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Web\Wallpaper\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Web\Wallpaper\wuas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Offline Web Pages\qpasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Offline Web Pages\qpasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Offline Web Pages\qpasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Offline Web Pages\qpasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Offline Web Pages\qpasf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\day.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\day.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\day.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\day.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\day.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\day.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\iubgvp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\iubgvp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\security\Database\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\security\Database\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\security\Database\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\security\Database\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\security\Database\qpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\gdabw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xerox\mbtcs.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\xerox\mbtcs.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\xerox\mbtcs.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\xerox\mbtcs.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\xerox\mbtcs.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\ulrnfxp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Microsoft\myheq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Microsoft\myheq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Microsoft\myheq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Microsoft\myheq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Microsoft\myheq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Microsoft\myheq.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xfgqq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\xfgqq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\xfgqq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xfgqq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\xfgqq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\xfgqq.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\xfgqqp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xfgqqp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\xfgqqp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\xfgqqp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\xfgqqp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\xfgqqp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\xfgqqp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Config\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Config\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Config\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Config\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Config\iaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Config\iaa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\microsoft frontpage\version3.0\bin\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\microsoft frontpage\version3.0\bin\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\microsoft frontpage\version3.0\bin\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\microsoft frontpage\version3.0\bin\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\microsoft frontpage\version3.0\bin\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\microsoft frontpage\version3.0\bin\lmcda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\microsoft frontpage\version3.0\bin\lmcda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\ukasfq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\ukasfq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\ukasfq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\ukasfq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\ukasfq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\ukasfq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\ukasfq.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\addins\xaasfak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\addins\xaasfak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\addins\xaasfak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\addins\xaasfak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\addins\xaasfak.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\addins\xaasfak.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\SendTo\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\SendTo\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\SendTo\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\SendTo\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\SendTo\tb.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\ulrn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\ulrn.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Online Services\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Online Services\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Online Services\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Online Services\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Online Services\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Online Services\daql.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Cookies\lnurywp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Cookies\lnurywp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\MSN Gaming Zone\Windows\vc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN Gaming Zone\Windows\vc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\MSN Gaming Zone\Windows\vc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN Gaming Zone\Windows\vc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\MSN Gaming Zone\Windows\vc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\MSN Gaming Zone\Windows\vc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\History.IE5\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\History.IE5\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\History.IE5\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\History.IE5\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\History.IE5\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\History.IE5\myh.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\msagent\chars\saa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\msagent\chars\saa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\msagent\chars\saa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\msagent\chars\saa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\msagent\chars\saa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\msagent\chars\saa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Resources\Themes\Luna\Shell\Metallic\pkasfco.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Resources\Themes\Luna\Shell\Metallic\pkasfco.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Resources\Themes\Luna\Shell\Metallic\pkasfco.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Resources\Themes\Luna\Shell\Metallic\pkasfco.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Resources\Themes\Luna\Shell\Metallic\pkasfco.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Resources\Themes\Luna\Shell\Metallic\pkasfco.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Resources\Themes\Luna\Shell\Metallic\pkasfco.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\My Music\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\My Music\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\My Music\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\My Music\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\My Music\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\My Music\myh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\My Music\myh.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\PrintHood\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\PrintHood\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\PrintHood\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\PrintHood\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\PrintHood\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\PrintHood\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\PrintHood\arnkm.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\Documents and Settings\sp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\Documents and Settings\sp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\Documents and Settings\sp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\Documents and Settings\sp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\Documents and Settings\sp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\Documents and Settings\sp.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\Documents and Settings\sp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\inf\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\inf\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\inf\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\inf\uk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\inf\uk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\msapps\msinfo\wuasffy.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\msapps\msinfo\wuasffy.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\msapps\msinfo\wuasffy.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\msapps\msinfo\wuasffy.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Internet Explorer\SIGNUP\vcwsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Internet Explorer\SIGNUP\vcwsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Internet Explorer\SIGNUP\vcwsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Internet Explorer\SIGNUP\vcwsf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Internet Explorer\SIGNUP\vcwsf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Cookies\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Cookies\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Cookies\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\Cookies\lnury.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\SoftwareDistribution\EventCache\vpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\SoftwareDistribution\EventCache\vpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\SoftwareDistribution\EventCache\vpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\SoftwareDistribution\EventCache\vpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\SoftwareDistribution\EventCache\vpas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\SoftwareDistribution\EventCache\vpas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xfgqqpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xfgqqpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\xfgqqpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\xfgqqpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\xfgqqpm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\xfgqqpm.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\ehome\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\ehome\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\ehome\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\ehome\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\ehome\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\ehome\da.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\ehome\da.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Desktop%\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Desktop%\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Desktop%\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Desktop%\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Desktop%\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Desktop%\tbqnk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Templates\lnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Templates\lnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Templates\lnu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Templates\lnu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\xerox\nwwia\qhmx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xerox\nwwia\qhmx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\xerox\nwwia\qhmx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\xerox\nwwia\qhmx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\xerox\nwwia\qhmx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\xerox\nwwia\qhmx.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\PrintHood\arn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\PrintHood\arn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\PrintHood\arn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\PrintHood\arn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\PrintHood\arn.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\PrintHood\arn.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Driver Cache\i386\qpasfd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Driver Cache\i386\qpasfd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Driver Cache\i386\qpasfd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Driver Cache\i386\qpasfd.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Driver Cache\i386\qpasfd.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\msagent\chars\saasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\msagent\chars\saasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\msagent\chars\saasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\msagent\chars\saasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\msagent\chars\saasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\msagent\chars\saasf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\My Music\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\My Music\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\My Music\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\My Music\tbqnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\My Music\tbqnk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Media\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Media\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Media\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Media\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Media\xa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Media\xa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Favorites%\Links\ygbxutk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Favorites%\Links\ygbxutk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Favorites%\Links\ygbxutk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Favorites%\Links\ygbxutk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Favorites%\Links\ygbxutk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Favorites%\Links\ygbxutk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\History.IE5\myhe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\History.IE5\myhe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\History.IE5\myhe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\History.IE5\myhe.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\History.IE5\myhe.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Prefetch\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Prefetch\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Prefetch\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Prefetch\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Prefetch\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Prefetch\daa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Prefetch\daa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\xerox\nwwia\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\xerox\nwwia\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\xerox\nwwia\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\xerox\nwwia\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\xerox\nwwia\qhmxpk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\xerox\nwwia\qhmxpk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\SoftwareDistribution\EventCache\vpasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\SoftwareDistribution\EventCache\vpasfw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\ruasfuw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\ruasfuw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Media\xaasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Media\xaasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Media\xaasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Media\xaasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Media\xaasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Media\xaasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Media\xaasf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Start Menu%\Programs\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Start Menu%\Programs\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Start Menu%\Programs\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Start Menu%\Programs\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Start Menu%\Programs\lnury.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Start Menu%\Programs\lnury.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\NetMeeting\ytxpjfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\NetMeeting\ytxpjfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\NetMeeting\ytxpjfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\NetMeeting\ytxpjfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\NetMeeting\ytxpjfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\NetMeeting\ytxpjfc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN Gaming Zone\Windows\vcw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\MSN Gaming Zone\Windows\vcw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\MSN Gaming Zone\Windows\vcw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN Gaming Zone\Windows\vcw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\MSN Gaming Zone\Windows\vcw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\MSN Gaming Zone\Windows\vcw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Internet Explorer\SIGNUP\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Internet Explorer\SIGNUP\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Internet Explorer\SIGNUP\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Internet Explorer\SIGNUP\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Internet Explorer\SIGNUP\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Internet Explorer\SIGNUP\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Internet Explorer\SIGNUP\vcwsfk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\addins\daasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\addins\daasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\addins\daasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\addins\daasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\addins\daasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\addins\daasf.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\addins\daasf.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Provisioning\Schemas\tfasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Provisioning\Schemas\tfasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Provisioning\Schemas\tfasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Provisioning\Schemas\tfasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Provisioning\Schemas\tfasfda.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Provisioning\Schemas\tfasfda.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\MSHist012010121320101214\arnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\MSHist012010121320101214\arnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\MSHist012010121320101214\arnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\MSHist012010121320101214\arnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\MSHist012010121320101214\arnk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\MSHist012010121320101214\arnk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Resources\Themes\Luna\Shell\Homestead\lpasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Resources\Themes\Luna\Shell\Homestead\lpasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Resources\Themes\Luna\Shell\Homestead\lpasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Resources\Themes\Luna\Shell\Homestead\lpasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Resources\Themes\Luna\Shell\Homestead\lpasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Resources\Themes\Luna\Shell\Homestead\lpasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Resources\Themes\Luna\Shell\Homestead\lpasfc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Favorites%\Links\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Favorites%\Links\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Favorites%\Links\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Favorites%\Links\tbqnkyk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Favorites%\Links\tbqnkyk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\java\trustlib\wua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\java\trustlib\wua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\java\trustlib\wua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\java\trustlib\wua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\java\trustlib\wua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\java\trustlib\wua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\java\trustlib\wua.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\java\trustlib\wua.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\msapps\msinfo\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\msapps\msinfo\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\msapps\msinfo\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\msapps\msinfo\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\msapps\msinfo\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\msapps\msinfo\wuas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\msapps\msinfo\wuas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\ehome\xaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\ehome\xaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\ehome\xaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\ehome\xaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\ehome\xaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\ehome\xaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\ehome\xaa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\ehome\xaa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\PeerNet\xaasfcl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\PeerNet\xaasfcl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\PeerNet\xaasfcl.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\PeerNet\xaasfcl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\ehome\xaasfiu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\ehome\xaasfiu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\ehome\xaasfiu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\ehome\xaasfiu.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\ehome\xaasfiu.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\SendTo\ygbx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\SendTo\ygbx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\SendTo\ygbx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\SendTo\ygbx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\SendTo\ygbx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\SendTo\ygbx.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Recent\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\Recent\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\Recent\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\Recent\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\Recent\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\Recent\dayv.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\Recent\dayv.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\SendTo\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\SendTo\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\SendTo\tb.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\SendTo\tb.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Temporary Internet Files%\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Temporary Internet Files%\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Temporary Internet Files%\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Temporary Internet Files%\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Temporary Internet Files%\tbq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Temporary Internet Files%\tbq.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\xerox\nwwia\qhmx.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\xerox\nwwia\qhmx.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Debug\UserMode\ukasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Debug\UserMode\ukasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Debug\UserMode\ukasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Debug\UserMode\ukasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Debug\UserMode\ukasfc.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Debug\UserMode\ukasfc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\MSN Gaming Zone\Windows\vcw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\MSN Gaming Zone\Windows\vcw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\Documents and Settings\umdacsa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System Root%\Documents and Settings\umdacsa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%System Root%\Documents and Settings\umdacsa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\Documents and Settings\umdacsa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\Documents and Settings\umdacsa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System Root%\Documents and Settings\umdacsa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System Root%\Documents and Settings\umdacsa.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\MSN Gaming Zone\Windows\vcwsfk.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\My Videos\gikh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\My Videos\gikh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\My Videos\gikh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\My Videos\gikh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\My Videos\gikh.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\My Videos\gikh.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\PrintHood\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\PrintHood\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\PrintHood\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\PrintHood\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\PrintHood\ln.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\PrintHood\ln.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\PrintHood\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\PrintHood\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\PrintHood\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\PrintHood\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\PrintHood\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\PrintHood\lnur.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\PrintHood\lnur.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Outlook Express\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Outlook Express\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Program Files%\Outlook Express\daq.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\Outlook Express\daq.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\ruasfuw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\ruasfuw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\ruasfuw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\ruasfuw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System Root%\RECYCLER\urtdad.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System Root%\RECYCLER\urtdad.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System Root%\RECYCLER\urtdad.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Windows%\Media\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Windows%\Media\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Windows%\Media\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Windows%\Media\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Windows%\Media\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%Windows%\Media\daas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Windows%\Media\daas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%Program Files%\daql.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\daql.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\NetHood\ygbxut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\NetHood\ygbxut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\NetHood\ygbxut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%User Profile%\NetHood\ygbxut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%User Profile%\NetHood\ygbxut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%User Profile%\NetHood\ygbxut.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%User Profile%\NetHood\ygbxut.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%System%\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%System%\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%System%\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%System%\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%System%\iaas.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
NTFS backup service. = "%System%\iaas.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Windows Media Player\Visualizations\yt.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Mirosoft Windows Explorer tweaker = "%Program Files%\Windows Media Player\Visualizations\yt.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%Program Files%\Windows Media Player\Visualizations\yt.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
System Cleaner = "%Program Files%\Windows Media Player\Visualizations\yt.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%Program Files%\Windows Media Player\Visualizations\yt.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Scheduled Tasks. = "%Program Files%\Windows Media Player\Visualizations\yt.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\DRM\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
COM+ Server Host Process = "%User Profile%\DRM\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
MSN Messenger service spawner. = "%User Profile%\DRM\arnkm.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Color Palette loader = "%User Profile%\DRM\arnkm.exe"

Dropping Routine

This Trojan drops the following files:

• %Common Startup%\gikho.scr
• %User Startup%\myheqqf.scr
• %User Startup%\ln.exe

(Note: %Common Startup% is the system's shared Startup folder, which is usually C:\Windows\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\All Users\Programs\Startup on Windows NT, and C:\Documents and Settings\All Users\Start Menu\Programs\Startup on Windows 2000, XP, and Server 2003.. %User Startup% is the current user's Startup folder, which is usually C:\Windows\Profiles\{user name}\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu\Programs\Startup on Windows NT, and C:\Documents and Settings\{User name}\Start Menu\Programs\Startup.)

This report is generated via an automated analysis system.