Is Your System Infected with a Virus / Spyware / Adware / Trojan?



HOW TO POST:

If your system is running very slow or giving random problems, there are chances that its infected with a virus. Download HijackThis from the link given below and scan your system with it. It'll generate a log file, copy the content of the log file and post here.

Download HijackThis Installer

Download HijackThis Zip

Download HijackThis Executable

HOW TO FIX:

To fix the suggested entries, Boot your Windows in Safe Mode by pressing “F8″ key at system startup and select "Safe Mode" option. Run HijackThis again. Then select the entries and click on “Fix checked” button.

http://img.photobucket.com/albums/v374/vishaal_here/HijackThis.png

Also don't forget to scan your system with a good anti-virus and anti-spyware.

You can also visit following tutorials to speedup your Windows:

Master Tutorial to Make Your Windows XP Super Fast

Master Tutorial to Make Your Windows VISTA Super Fast

Master Tutorial to Make Your Windows 7 Super Fast



This article was posted in Security Zone, Troubleshooting.

Subscribe to RSS Feed | Email Newsletter | More Articles

Related Articles

Popular Articles



787 Comments

1 2 3 4 5 ... 79

  • Karthikeyan

    Thanks VG for ur support

  • Senthil

    Hi vishal
    Pls have look at my log

    Thanks

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:28:30 PM, on 2/19/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\SYSROOT\System32\smss.exe
    C:\SYSROOT\system32\winlogon.exe
    C:\SYSROOT\system32\services.exe
    C:\SYSROOT\system32\lsass.exe
    C:\SYSROOT\system32\svchost.exe
    C:\SYSROOT\System32\svchost.exe
    C:\SYSROOT\system32\svchost.exe
    C:\SYSROOT\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\SYSROOT\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\SYSROOT\System32\CCM\CcmExec.exe
    C:\SYSROOT\Explorer.exe
    C:\SYSROOT\system32\SysMax\postgres.exe
    C:\SYSROOT\system32\SysMax\postmaster.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\SYSROOT\System32\hkcmd.exe
    C:\SYSROOT\System32\igfxpers.exe
    C:\Program Files\CA\eTrustITM\realmon.exe
    C:\SYSROOT\system32\taskswitch.exe
    D:\Program Files\Process Lasso\processlasso.exe
    D:\Program Files\Process Lasso\processgovernor.exe
    C:\SYSROOT\system32\ctfmon.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Office Communicator\communicator.exe
    C:\Program Files\Messenger\msmsgs.exe
    F:\firefox-3.1b2pre\firefox.exe
    C:\SYSROOT\System32\svchost.exe
    C:\Program Files\CA\eTrustITM\InoRT.exe
    C:\Program Files\CA\eTrustITM\InoTask.exe
    C:\Program Files\CA\eTrustITM\InoRpc.exe
    C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
    C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
    C:\Documents and Settings\senthil_212122\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://sparsh/kec.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.66.184.115:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=Explorer.exe C:\SYSROOT\system32\SysMax\postgres.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4D69DC20-C453-4679-81EC-DB52BD736259} - C:\SYSROOT\system32\jgpl400d.dll
    O2 - BHO: (no name) - {61D75B23-E2A5-0727-63D8-044BE1E59EC8} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\SYSROOT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\SYSROOT\System32\igfxpers.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
    O4 - HKLM\..\Run: [CoolSwitch] C:\SYSROOT\system32\taskswitch.exe
    O4 - HKLM\..\Run: [ProcessSupervisorGUI] D:\Program Files\Process Lasso\processlasso.exe
    O4 - HKLM\..\Run: [ProcessGovernor] D:\Program Files\Process Lasso\processgovernor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSROOT\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1935655697-838170752-725345543-1003\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O20 - Winlogon Notify: AutorunsDisabled - C:\SYSROOT\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
    O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
    O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 6834 bytes

  • The Champ

    Hey but u didn't tell me how to remove that search engine YOOG from IE8 and Firefox b'coz
    it also didn't gets removed in safe mode,i've previously asked about it but u said to post logfile and now u says its clean which i knows already b'coz of previous checkings.So can u pls. look after the problem b'coz its very irretating in browsers.
    well,Thank u for checking that LOG.

  • SteveB

    Any help?

    Thanks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:12:04 PM, on 2/19/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\TEMP\6DFE.tmp
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    C:\DOCUME~1\Esteban\LOCALS~1\Temp\winlognn.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Esteban\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MIT\KLP\klptray.exe
    C:\Program Files\Kerberos\krbcc32s.exe
    C:\Program Files\Kerberos\leash32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\DOCUME~1\Esteban\LOCALS~1\Temp\sf14lscvg7u1.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: C:\WINDOWS\system32\hsfd83jfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hsfd83jfdg.dll
    O3 - Toolbar: SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Esteban\LOCALS~1\Temp\winlognn.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Esteban\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun
    O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Esteban\LOCALS~1\Temp\winlognn.exe
    O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Esteban\LOCALS~1\Temp\csrssc.exe
    O4 - HKCU\..\Run: [bbtz3f6vfr8cyt9am] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ji0dn6r52dpec.exe
    O4 - HKCU\..\Run: [k0qlpjwkbecefhmwlw9d3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xoumoot4.exe
    O4 - HKCU\..\Run: [qcioywt3dvne3o2jrjo6pavxikbnliyleyvtdjq] C:\DOCUME~1\Esteban\LOCALS~1\Temp\e9uw7r.exe
    O4 - HKCU\..\Run: [mrojxdzp8vuk8whrwxnu08ovrotwl4mgqd63p5a0rqgjvdx] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ayxx07awfg7ou.exe
    O4 - HKCU\..\Run: [uosztqo9fd7s4purywiszedcuf50nkigj5gowwnk] C:\DOCUME~1\Esteban\LOCALS~1\Temp\cr7evh.exe
    O4 - HKCU\..\Run: [kwyukgyig2ofho3j81fpw36lmfvaz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\gtp5bdhb.exe
    O4 - HKCU\..\Run: [nku7hz8ioz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\btjew0.exe
    O4 - HKCU\..\Run: [g9ipd170ii5ifi9e4go239asmq2rxlw3w8j4yyy3vvd1b9wlcn] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mukct89g5hyby.exe
    O4 - HKCU\..\Run: [ty1qxnhf0yv] C:\DOCUME~1\Esteban\LOCALS~1\Temp\s56tstq06gz.exe
    O4 - HKCU\..\Run: [wv6gia9h07jf0cj75j8egp9bmh39acxnjdpg4yr52dptg0l667] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wxmgoki.exe
    O4 - HKCU\..\Run: [djn9jryoe3vlu1] C:\DOCUME~1\Esteban\LOCALS~1\Temp\coj47buq.exe
    O4 - HKCU\..\Run: [q5k9mflcdmfx2j4n9wu8y71k54vzaaoqv3rwplamu7nel1vd] C:\DOCUME~1\Esteban\LOCALS~1\Temp\uewe5qtn.exe
    O4 - HKCU\..\Run: [hqejjaa2jks8zk1ffheodw7xmgk7] C:\DOCUME~1\Esteban\LOCALS~1\Temp\eerm9zvw7rwt.exe
    O4 - HKCU\..\Run: [weillbxuxav92yzkegsbh6mh8] C:\DOCUME~1\Esteban\LOCALS~1\Temp\kli29l1h.exe
    O4 - HKCU\..\Run: [r381lj878dc20p44w] C:\DOCUME~1\Esteban\LOCALS~1\Temp\th2k4myh.exe
    O4 - HKCU\..\Run: [x5la2dkdt27nihg6vnii5iu3qrens6almtnzyl] C:\DOCUME~1\Esteban\LOCALS~1\Temp\baipev0dm.exe
    O4 - HKCU\..\Run: [i9vvlrkdtihjblhtycs1k73s3vi3mgg39f] C:\DOCUME~1\Esteban\LOCALS~1\Temp\v72mp1f.exe
    O4 - HKCU\..\Run: [xtt1z238tdmp14] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qcmz9v7z.exe
    O4 - HKCU\..\Run: [wverf8xr6p3rjwtnyl0tm001mj5] C:\DOCUME~1\Esteban\LOCALS~1\Temp\cmqn5e1k.exe
    O4 - HKCU\..\Run: [oupyen7jgtzx1hroxi2fndugzc2al28yb25hxnlncnliq37s6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zdtalc.exe
    O4 - HKCU\..\Run: [dp7ibkfbzde83ei52h53ccu32jckdwt4sgesqqwqey] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hnspqx6.exe
    O4 - HKCU\..\Run: [tyyyrhe7b8uspt3b8c4vtmrcsq] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ymh1xv.exe
    O4 - HKCU\..\Run: [sz3hm32x4ticx1ebd] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bij32rv1qvaf.exe
    O4 - HKCU\..\Run: [xqzsasf5e160qjgo7qpmeovjxvctqors] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ffiveu2.exe
    O4 - HKCU\..\Run: [co79gyx8356sraxria34sw9j] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bs5qw3.exe
    O4 - HKCU\..\Run: [y48yg1zpun6l3j4qv3zs44g5d5ij6tfq6dp5ri] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zc37vba2ws.exe
    O4 - HKCU\..\Run: [yoa0sx1xhchbuvdi2yka4behqowtyfdvj10cxtgp0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hgimz3bnhxm9j.exe
    O4 - HKCU\..\Run: [vcawmz4e3bwv7uc4okhblufhmhc9kyxbzog8uk] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pnf7jai.exe
    O4 - HKCU\..\Run: [qoaw2oy4xky1cep] C:\DOCUME~1\Esteban\LOCALS~1\Temp\on9sjsa2p.exe
    O4 - HKCU\..\Run: [asqi201oj5n0ewl69nkdt92d9jdnym] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ohf112i8g.exe
    O4 - HKCU\..\Run: [ofzpxa66wa13b54g8m0ro9kyn] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ep2sg4.exe
    O4 - HKCU\..\Run: [okf4299vftb1y13uo3pauhh5hhe8l6bkzeyckdyhuh2zox] C:\DOCUME~1\Esteban\LOCALS~1\Temp\t08zs4xx3qzek.exe
    O4 - HKCU\..\Run: [j9uic73hyx6lhl835opr8d73hul6it44mj00t0rmyj4xn] C:\DOCUME~1\Esteban\LOCALS~1\Temp\f9f0k7tu9q3x0.exe
    O4 - HKCU\..\Run: [hj58uk1ku4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rplamonlxh0.exe
    O4 - HKCU\..\Run: [k8mo0k9ooo63d34c3vmq2pkl7bfcq0mbrd9qxjjuciczylb] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sgxvf52iwp30v.exe
    O4 - HKCU\..\Run: [p6re5ekzd0rgq3cerlkto8fcm] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mfm753h4oyb9.exe
    O4 - HKCU\..\Run: [h84ndgpbmfklk84] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sene3wkk7z.exe
    O4 - HKCU\..\Run: [b4zjba9uprhvx5cdjr6827bau4lo9h8ubazubcqe] C:\DOCUME~1\Esteban\LOCALS~1\Temp\otc6eqwc8jjd.exe
    O4 - HKCU\..\Run: [tvibmpjihlgd8md82ck5xxw6x2o67rsudxc89m] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zoqz4nm36t.exe
    O4 - HKCU\..\Run: [ihty4prq6n4d6aov61d6u1hp6gbgrbagovnf6d0mh1i66259d] C:\DOCUME~1\Esteban\LOCALS~1\Temp\csrssy.exe
    O4 - HKCU\..\Run: [zltgwae67] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bl1ov0zs3niht.exe
    O4 - HKCU\..\Run: [ygzd1gtuw21r5dd8504u2o3n3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\isvfnowwa8l4.exe
    O4 - HKCU\..\Run: [boyykd0s7s07ehlhoxss4lnx4yeuuqxn2qk5d74p3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sdy9ir183tg.exe
    O4 - HKCU\..\Run: [q53smq35q5vj1kprjvxb7lhe3b9zodx] C:\DOCUME~1\Esteban\LOCALS~1\Temp\eolv4wg02n.exe
    O4 - HKCU\..\Run: [zw464x4e013e274q3lpc568oq4df46ssfrp0k2v4sc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vejd7hlvsfh.exe
    O4 - HKCU\..\Run: [wsulxs14pd1sqcpeqm4t3087ytjki] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rjulcvz6w.exe
    O4 - HKCU\..\Run: [pxrodejllq5mgbgiqfpage6sbihif] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ed6qbgqgg21y.exe
    O4 - HKCU\..\Run: [o6zl2h52jz3zf7qs6o3n5gq6fepkt79uyd59nvo3wfuop] C:\DOCUME~1\Esteban\LOCALS~1\Temp\i5tx0puh1b.exe
    O4 - HKCU\..\Run: [qek8094gw9ajm2dvitkodkavu0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wbpcoqf.exe
    O4 - HKCU\..\Run: [rh650c9mk8t] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o12mm5e.exe
    O4 - HKCU\..\Run: [mdgdeqn6hhlpdubuc7t4s31s96ty3f80lz7yo96hwti9df] C:\DOCUME~1\Esteban\LOCALS~1\Temp\q76zqwbrp7z.exe
    O4 - HKCU\..\Run: [z4508ex09u4301p1matnxf64o7u542nsbfdccgh9j531p] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y5kyvt7h0aj.exe
    O4 - HKCU\..\Run: [nt63m0ne97dqyh1qwn4o5b4k8njhj4kr5el80] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hw35wbyz.exe
    O4 - HKCU\..\Run: [awk3pot28m7ofe8meq4l4fraf8b2p4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zmxyuqgw.exe
    O4 - HKCU\..\Run: [kf1l30znna87] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mq563c6e.exe
    O4 - HKCU\..\Run: [yavfdymp1d1fs83sl9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\nugdt3yvo.exe
    O4 - HKCU\..\Run: [nu2npyczzaxcup] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mz2g4h3x6.exe
    O4 - HKCU\..\Run: [pnc2sc6vd4h8lt1rkhsbal] C:\DOCUME~1\Esteban\LOCALS~1\Temp\a0k8p08.exe
    O4 - HKCU\..\Run: [mxnf4kpevozt] C:\DOCUME~1\Esteban\LOCALS~1\Temp\kmyvhcongp.exe
    O4 - HKCU\..\Run: [om12xzlayvlpoc9d3zfc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rtsmsh4rn.exe
    O4 - HKCU\..\Run: [jt38z0yu9xoq24daasnqe6fe25j5hfrrdce9y8st] C:\DOCUME~1\Esteban\LOCALS~1\Temp\l7kz1htfqdib0.exe
    O4 - HKCU\..\Run: [x3bxrg46x106hrl6cdmgff0h] C:\DOCUME~1\Esteban\LOCALS~1\Temp\k5qacb5.exe
    O4 - HKCU\..\Run: [li3zdp89eysi] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mz0bcaqdg.exe
    O4 - HKCU\..\Run: [xf321vw8xi476ekw9qizhth51j2yusrx4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\epulappaq.exe
    O4 - HKCU\..\Run: [twcn4qatcq6658t2b] C:\DOCUME~1\Esteban\LOCALS~1\Temp\w62ikhl5d0dn7.exe
    O4 - HKCU\..\Run: [u2hgey2yda9sx2aln2vi2koeirc7wd91kas4z] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o1rsyvw5g9.exe
    O4 - HKCU\..\Run: [g868nno23ean1wpg13wvkju7inheis79ba3jud94mzry] C:\DOCUME~1\Esteban\LOCALS~1\Temp\w08hbcbtml.exe
    O4 - HKCU\..\Run: [c6d2vvs7jlhqhq97zw24totk0lby8z7o7c1iga0yfzde3tz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\v39s25zov.exe
    O4 - HKCU\..\Run: [cvfczfxl9x10exev87kocih7245uzjdpzn53uo4fs6k] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fnxivvi.exe
    O4 - HKCU\..\Run: [zl8gy1xxthnlmdghut2anosgmv2gj9t2o46hg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fh3rd5q.exe
    O4 - HKCU\..\Run: [yu6j7qimndfu937t9bfrng7vk5i] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zo1sabgt7hvq.exe
    O4 - HKCU\..\Run: [jeg9u4u6nzazy] C:\DOCUME~1\Esteban\LOCALS~1\Temp\utoz9wz.exe
    O4 - HKCU\..\Run: [p4bxf0hdwhfkatpg2pm1ne4aonjryplz2knnnj0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\aeop9me3o.exe
    O4 - HKCU\..\Run: [bc9z53ba5kht2jkaqjfs] C:\DOCUME~1\Esteban\LOCALS~1\Temp\enbwfcin.exe
    O4 - HKCU\..\Run: [t44xhh92zwjoj] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bll4cy07v.exe
    O4 - HKCU\..\Run: [qe9ug84q1dnavh0b9wp0nxl2hl7e2mf98] C:\DOCUME~1\Esteban\LOCALS~1\Temp\cpwb2psonz.exe
    O4 - HKCU\..\Run: [aoh9kazapo9nnxj0eu6af8edpenhq5pouju] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y4npaa72mtq.exe
    O4 - HKCU\..\Run: [up8k27u2qbgq4xn2sudul1cxk5j93dvtqaysjs] C:\DOCUME~1\Esteban\LOCALS~1\Temp\gl5etwoyuny.exe
    O4 - HKCU\..\Run: [pm3ld5840uwuu27j7ki442ogr8creyqlwthkzd3gd6xgoru0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\cgs7oif3ue1sm.exe
    O4 - HKCU\..\Run: [jj9c07wrlepjo8xtslew4tckijkmlicyy85wxp9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ulj4iujv.exe
    O4 - HKCU\..\Run: [tvfxrk9iod1jixatmevqqhhon4vc7vwc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ad5rc4h.exe
    O4 - HKCU\..\Run: [mlohx1qd13gz7f3jbizoo2yh6d4i4canzmc7cqjy9ft0p2lwq] C:\DOCUME~1\Esteban\LOCALS~1\Temp\far94q3v3s.exe
    O4 - HKCU\..\Run: [xzpvrsekypgomad3h4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\z68s35eoqhj.exe
    O4 - HKCU\..\Run: [yjitjpumgnghv91u6a3geyddcfe2dybnk5ld4i] C:\DOCUME~1\Esteban\LOCALS~1\Temp\jb9m0pncjeh.exe
    O4 - HKCU\..\Run: [dguaus7vgl9d0yp11g84jfdxt6oleyymsfdg4z56cez9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\v53n03kjaleg3.exe
    O4 - HKCU\..\Run: [muveesnlbd6qcywjy] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ctxxsrhnh60mo.exe
    O4 - HKCU\..\Run: [vbbwe2seigpieskmc31uki] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rw26srnh.exe
    O4 - HKCU\..\Run: [kky22iy9t] C:\DOCUME~1\Esteban\LOCALS~1\Temp\m1a353r9xet.exe
    O4 - HKCU\..\Run: [bxkksgivm2po9nu1zewdnymhj9t01h75] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y10yjcqr.exe
    O4 - HKCU\..\Run: [ec07oofspcvnfjp8nl8jgjmmzblg36] C:\DOCUME~1\Esteban\LOCALS~1\Temp\f8upbhn.exe
    O4 - HKCU\..\Run: [samcrtvfbmqv] C:\DOCUME~1\Esteban\LOCALS~1\Temp\h20at447uy.exe
    O4 - HKCU\..\Run: [cfem2tuuxozg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xeqzgwqz4ws.exe
    O4 - HKCU\..\Run: [b3i85ciagtnswn5769gxsmp03wy9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\h5f4hfjhyyt1.exe
    O4 - HKCU\..\Run: [i5hk7gxhxyek08o7twn5wl] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ie2b65nm92.exe
    O4 - HKCU\..\Run: [s1hurqj01d2iucjwt8bifyrfdcbt] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qsipfq.exe
    O4 - HKCU\..\Run: [nebc1c1ugj6hcr31kv7hz69n37ivq5u2y9usmywg6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\js0x4mi.exe
    O4 - HKCU\..\Run: [r2jmskhk2yi48r7wsjt61h91teem90h6yeu708swc6i] C:\DOCUME~1\Esteban\LOCALS~1\Temp\up5r7oerut.exe
    O4 - HKCU\..\Run: [z3gi81o4ofvvgniwoxuk6gnen3cyeixk0nt] C:\DOCUME~1\Esteban\LOCALS~1\Temp\l013yn0aaw74.exe
    O4 - HKCU\..\Run: [eb4ro8kviq6ugktxc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\d447vlyce7dk.exe
    O4 - HKCU\..\Run: [lbgupu53h9oqobujldaqsk79g19iqjaysawa8dow2yh768] C:\DOCUME~1\Esteban\LOCALS~1\Temp\dyagdv6iog6o.exe
    O4 - HKCU\..\Run: [uhp9ufwh04fr45sg3rr3ryodoqcm92rxoyqq1ph23rey2hg19] C:\DOCUME~1\Esteban\LOCALS~1\Temp\edu2lzcopid4.exe
    O4 - HKCU\..\Run: [s27o3lpkxfwyvvzcx9hablrin78x24] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lkotw49sw3z.exe
    O4 - HKCU\..\Run: [o8colgmav7hvs63pw] C:\DOCUME~1\Esteban\LOCALS~1\Temp\q12nrml2.exe
    O4 - HKCU\..\Run: [xbi90y0bgr0bi1vmsnaw49tm3z7a51gh6sjmaqx51dnuap67] C:\DOCUME~1\Esteban\LOCALS~1\Temp\x8wejri6.exe
    O4 - HKCU\..\Run: [hf8416yf9z222htku] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ejv6bo.exe
    O4 - HKCU\..\Run: [pnjnm6nx67o3q6touzi3gn9zjnnux77t080] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lqpx3t335aqoa.exe
    O4 - HKCU\..\Run: [kqb3jrn1ha4ur0ymtdgp2fn7rhfz041] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y1he74srzhbt.exe
    O4 - HKCU\..\Run: [ua8p44b6h75wrntyek5o49] C:\DOCUME~1\Esteban\LOCALS~1\Temp\f8boz98v6je.exe
    O4 - HKCU\..\Run: [vkggsuxlwl78tykh6pjkfuwjaz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ehzfsg5p1cwl3.exe
    O4 - HKCU\..\Run: [ogy0kcddbaw445yrik] C:\DOCUME~1\Esteban\LOCALS~1\Temp\l5t6kl2t8xzr.exe
    O4 - HKCU\..\Run: [je6e0p5frdhnu7ry] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bcivyg.exe
    O4 - HKCU\..\Run: [b7kcqqp885e3dppydalj8kd17at2i9bhbb706] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lyj6v0.exe
    O4 - HKCU\..\Run: [ffywbyh5hqlap] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xzyyu6uhwk18t.exe
    O4 - HKCU\..\Run: [ltvqr5zyenq06k6s50iazhdp] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y8l5jfh1hts.exe
    O4 - HKCU\..\Run: [anit14ihxabio86gils5pp8g8ti6rsta] C:\DOCUME~1\Esteban\LOCALS~1\Temp\b4noos8e.exe
    O4 - HKCU\..\Run: [k0im9qefr1y71qi8zk5puatd] C:\DOCUME~1\Esteban\LOCALS~1\Temp\with2p2eczv97.exe
    O4 - HKCU\..\Run: [gxxnb4iyk64jz3x39pgiqcl2en29622a55v69q9tm4966a] C:\DOCUME~1\Esteban\LOCALS~1\Temp\agb7xu4if.exe
    O4 - HKCU\..\Run: [csah257yl77xjvheuebct] C:\DOCUME~1\Esteban\LOCALS~1\Temp\prhx9uav.exe
    O4 - HKCU\..\Run: [nfaf1z4nc7l1lndlz9p69998obaj9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fa4gzmfnmh.exe
    O4 - HKCU\..\Run: [ukl56j8ybjqqfj0flwri5] C:\DOCUME~1\Esteban\LOCALS~1\Temp\q6a8n68mg8z.exe
    O4 - HKCU\..\Run: [fbxlcrv6cga9ff509hrcfoihl7] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bx5lzjab.exe
    O4 - HKCU\..\Run: [weqdqpe3uvxsce9bda0mbnm387t95zczno3rsnw1v] C:\DOCUME~1\Esteban\LOCALS~1\Temp\a0nwqty.exe
    O4 - HKCU\..\Run: [h4m6wpfazaake36thl] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qgoovv9bi8lfd.exe
    O4 - HKCU\..\Run: [y93mirjjyaqnn7q412anv0rrk2fpw2zanb4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qabxu5hhd79ae.exe
    O4 - HKCU\..\Run: [mo4dd16p65b] C:\DOCUME~1\Esteban\LOCALS~1\Temp\s1jt7dibz.exe
    O4 - HKCU\..\Run: [p6un0oanmhhou] C:\DOCUME~1\Esteban\LOCALS~1\Temp\opd1cn6.exe
    O4 - HKCU\..\Run: [ur796puv0d1hsozra7fsxu31iheqbbdb6mmtjfd6tw1o66j] C:\DOCUME~1\Esteban\LOCALS~1\Temp\yk4lhd.exe
    O4 - HKCU\..\Run: [ey21k4klkz2esxgwgl7dptmrdm] C:\DOCUME~1\Esteban\LOCALS~1\Temp\jgaumet.exe
    O4 - HKCU\..\Run: [h0ylq0b2v1tvuywe522psw8gxte6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qt67wg.exe
    O4 - HKCU\..\Run: [vjep92lyf3upitkp1pqvro1yrzrnh5n88cjejhq993] C:\DOCUME~1\Esteban\LOCALS~1\Temp\x9yu864.exe
    O4 - HKCU\..\Run: [i49kss9hgq6c2i2fze5b0j4p06nnhd70j4u2siit10j4z2tu74] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ldq1eda99f.exe
    O4 - HKCU\..\Run: [hjvwt8v6jbwwnh5z5p7q8a4skxmapcvxmg44j7jrgp] C:\DOCUME~1\Esteban\LOCALS~1\Temp\tupqxiro0u.exe
    O4 - HKCU\..\Run: [y08cbybz51ohp59ros4jhcktpsy6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\koxfxfai.exe
    O4 - HKCU\..\Run: [eszvkmb16zhz2lq956w7i8] C:\DOCUME~1\Esteban\LOCALS~1\Temp\c64jm16.exe
    O4 - HKCU\..\Run: [kdtyau96e] C:\DOCUME~1\Esteban\LOCALS~1\Temp\petylm3s2s0w.exe
    O4 - HKCU\..\Run: [n9syb6f13xzrj8s4gds3pnzo9c1zfdfgao53ik] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o4vkn4cb8bprr.exe
    O4 - HKCU\..\Run: [rszdpmgy7bed87rr] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hr7jd9.exe
    O4 - HKCU\..\Run: [zjnuhuxj5xu7f] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ne6tk1.exe
    O4 - HKCU\..\Run: [nuf13iipulh87kf1pkz8a1blv1ycajj8vf] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sun9oezf7.exe
    O4 - HKCU\..\Run: [rk0qq8m6ajivs6vj9rbjog86jh] C:\DOCUME~1\Esteban\LOCALS~1\Temp\n0pdaz7njnhui.exe
    O4 - HKCU\..\Run: [uzogkkq5gjukp] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bckgmp9gyb.exe
    O4 - HKCU\..\Run: [zposb6i4p57p8z42l9hfvdqp6n8wivs4bmsxf] C:\DOCUME~1\Esteban\LOCALS~1\Temp\iba1o13s.exe
    O4 - HKCU\..\Run: [utfwlcph3i73j6hyqyiggpl327cwqmpzmfmg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\jg0xt2thkkpj5.exe
    O4 - HKCU\..\Run: [ylq32dv873vkad3o4ncak1ul81awy4bgwbqvm] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fsh4yjw3l0.exe
    O4 - HKCU\..\Run: [tecn23ihz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\q654ou.exe
    O4 - HKCU\..\Run: [mp851o3r9hydm3euicij4291lromydfbyj5lstrpco] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ic78tfd1qc.exe
    O4 - HKCU\..\Run: [j89eeayrxtm293r9tftuww8lfh8woodqzfo4humc6w] C:\DOCUME~1\Esteban\LOCALS~1\Temp\b42a9itha0.exe
    O4 - HKCU\..\Run: [s36skaixmok7lbb] C:\DOCUME~1\Esteban\LOCALS~1\Temp\eexufy.exe
    O4 - HKCU\..\Run: [ffmm8kq037ipp0k3u] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sqbgrocriu1.exe
    O4 - HKCU\..\Run: [zxpgh87is8ygoxhc0q3eebff9y6hfeskwck] C:\DOCUME~1\Esteban\LOCALS~1\Temp\v5i0d35b46d2.exe
    O4 - HKCU\..\Run: [eagpvbm9kkimno6bdou] C:\DOCUME~1\Esteban\LOCALS~1\Temp\g26j3vv1.exe
    O4 - HKCU\..\Run: [wmakzq0byvd2phz1cqbhavl5303] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rvkmfleba62en.exe
    O4 - HKCU\..\Run: [jx1knk4hbnxb3udsx9i9oznzi9r8] C:\DOCUME~1\Esteban\LOCALS~1\Temp\gt862t.exe
    O4 - HKCU\..\Run: [x18yap8uykucft9zk1l7g20] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wk6iu1u050ek.exe
    O4 - HKCU\..\Run: [w2ovupzyquiyh5kkyi] C:\DOCUME~1\Esteban\LOCALS~1\Temp\b95udu.exe
    O4 - HKCU\..\Run: [zosynm3hqtd] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sr8nwj30ujkw5.exe
    O4 - HKCU\..\Run: [d5m07lbbktp95pa1tbsut37et9akrhayttp2e] C:\DOCUME~1\Esteban\LOCALS~1\Temp\iiqzlmsk.exe
    O4 - HKCU\..\Run: [cersa57xvu06ivkwidihgce30yrmjvjcdavvggb4zxajq14bcj] C:\DOCUME~1\Esteban\LOCALS~1\Temp\avl3u9rwkd.exe
    O4 - HKCU\..\Run: [rg0b1yhi8hcqdzfi7o8envsz3c5k57aycmuohfmin] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ekgl754r7jnf.exe
    O4 - HKCU\..\Run: [jh96yvhfr75f8ref3r0rm033c68mw5kz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ljn6q0y36v.exe
    O4 - HKCU\..\Run: [idicxm919hw3y4z64qh323ld] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ltptpfrv.exe
    O4 - HKCU\..\Run: [kqciqqhwv2zgo4vrgrbt464myarpk73awdochf5kp6uq] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rwkza0kucs513.exe
    O4 - HKCU\..\Run: [i2zcfu7wd4yhtt6lozj] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vho2t472a2y5x.exe
    O4 - HKCU\..\Run: [g984si5ngxixr3llvwt] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wc8tvpt7s.exe
    O4 - HKCU\..\Run: [c2hn8ry3q4dwiunv9wm4mhwci0whjbowedxrk1hpq3zx4me] C:\DOCUME~1\Esteban\LOCALS~1\Temp\r2745ob.exe
    O4 - HKCU\..\Run: [nuefg2bcqwoscywnxh4c1izlf60abc61lljgbjwns927r6d3ds] C:\DOCUME~1\Esteban\LOCALS~1\Temp\z1h46xn4.exe
    O4 - HKCU\..\Run: [bosmlwzcg15wleoq6bo] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zafwh4mrep.exe
    O4 - HKCU\..\Run: [gol3yz19kfya3fs3z5uhkv3cq9k681w6zchhohtuwixc9vy] C:\DOCUME~1\Esteban\LOCALS~1\Temp\kpjmcamq.exe
    O4 - HKCU\..\Run: [jveir5u0ko72s66h2dkoyou0nzfwdqa5iik18whu3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qxl9n5waf89cl.exe
    O4 - HKCU\..\Run: [g9t7c2vogsk22cqx3nzxxe] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o934nl25mx.exe
    O4 - HKCU\..\Run: [qoff9hl6ac0p054egoy30xfu69a11nlhxxw23y] C:\DOCUME~1\Esteban\LOCALS~1\Temp\w9t7mux9w91by.exe
    O4 - HKCU\..\Run: [qmkv35lfqmm4i3zsl8nxqg3fi6qunffnyd0to6da6w2] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fw9ytmconxz3p.exe
    O4 - HKCU\..\Run: [g3pbgalcqp4r9n1ghelj4hsh8n184r8sfgic] C:\DOCUME~1\Esteban\LOCALS~1\Temp\jllz6ip.exe
    O4 - HKCU\..\Run: [cl6neiaq3g9jgk] C:\DOCUME~1\Esteban\LOCALS~1\Temp\c8xyd8qz.exe
    O4 - HKCU\..\Run: [x1cwfwfy10abg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\m0sjsxi3.exe
    O4 - HKCU\..\Run: [q6dcz7qmrpzr4lig6au1r0m5y4c7gof1pf6sip] C:\DOCUME~1\Esteban\LOCALS~1\Temp\jhi3lfbems.exe
    O4 - HKCU\..\Run: [oebnb1oakpxq3xm6xfhc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qu64va0c2.exe
    O4 - HKCU\..\Run: [sj4oupb0g9hfj5f6i] C:\DOCUME~1\Esteban\LOCALS~1\Temp\jvgjcy60m9y.exe
    O4 - HKCU\..\Run: [lzeoppek22avtni] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bip7a1q25.exe
    O4 - HKCU\..\Run: [xxuku57qcb7tmhhfatayhy0xvl97k1acrayic1xz78kfonx] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bdd7u2ezcgy5.exe
    O4 - HKCU\..\Run: [y2oos2pd2al9r7vqhdevps61frlnopd] C:\DOCUME~1\Esteban\LOCALS~1\Temp\tqkra75qvary.exe
    O4 - HKCU\..\Run: [s0x1jbykgghvajh2iw1jbeeygbed7dlk0qj6btwj4pyxjiyz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\b9ubnbfhgajt.exe
    O4 - HKCU\..\Run: [x3h67rf58itfsc9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\u68xtv0b0h0.exe
    O4 - HKCU\..\Run: [onfu5epnhgjotes2] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fp8gz5l43z0p.exe
    O4 - HKCU\..\Run: [br6pq3lybreagh3chjrt7h] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ep557mb4l.exe
    O4 - HKCU\..\Run: [lmp55cc3ss9roa55ozy2df5hgbeovvfeuhk2hg2i1xozgc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hqlcchldxuy.exe
    O4 - HKCU\..\Run: [mlffkioxfwgbevliovcgekvowfq4u9nsf8vfqst8] C:\DOCUME~1\Esteban\LOCALS~1\Temp\c6i0nitll09.exe
    O4 - HKCU\..\Run: [wzzmgk3r1zcfdhdd2x3pr669tb9k0ujzwdlanwxf] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wixkewa653hsd.exe
    O4 - HKCU\..\Run: [r0y9r0st3zip3soozjnsdsbnz4sy8h] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hwl34of61.exe
    O4 - HKCU\..\Run: [qmqzwz9wgvrgp0j] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pbzu67.exe
    O4 - HKCU\..\Run: [tghr8u8jt2c] C:\DOCUME~1\Esteban\LOCALS~1\Temp\c93m6u8gtq99c.exe
    O4 - HKCU\..\Run: [bwmsa8v27hs9dxq1o01rrsbboceta2bngajt4higrp49l6w0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\g3h79q9.exe
    O4 - HKCU\..\Run: [iqflbpjdbfp80npf45r52zvflkrzemhiwe7wh3w0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\yz588v0.exe
    O4 - HKCU\..\Run: [oycfngbmjuel7h] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zmyd2me3ur.exe
    O4 - HKCU\..\Run: [hjxlzrolmn9eguvgiz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ssac98p5eym.exe
    O4 - HKCU\..\Run: [o1f7bh05g1yxf] C:\DOCUME~1\Esteban\LOCALS~1\Temp\jkspv8br84q.exe
    O4 - HKCU\..\Run: [sjj7s6o2kn] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xiwfqebqu.exe
    O4 - HKCU\..\Run: [opkl5jcgjuo4gyv] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hwakvohq.exe
    O4 - HKCU\..\Run: [liq78tpkhvjzdrwxkkk33af1qmt8r68qh42fo3vfbify0j] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lq55h1ze2.exe
    O4 - HKCU\..\Run: [rq33qehsftmktzrqxg35zp2s334qc05ds4j20j81pp47] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sd7qgc5tbhur.exe
    O4 - HKCU\..\Run: [zznp0d4k7y38dp7ci2hsbnn] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fnasoqu3.exe
    O4 - HKCU\..\Run: [he190358ns7hq4a95p6soquohi0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xjd39n05.exe
    O4 - HKCU\..\Run: [tkxukx657ylulvbg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\jmw828.exe
    O4 - HKCU\..\Run: [osh4n0u36wc9re8lqzua8j5] C:\DOCUME~1\Esteban\LOCALS~1\Temp\m1arrrpl7.exe
    O4 - HKCU\..\Run: [qbdsy77mdzc44k7c5pqctm7j64qxi9s3jof71dbcvojfu9s4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\v07y82zmfu.exe
    O4 - HKCU\..\Run: [c2ce1e3rrg0hcz05] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rq93ak8m4ue.exe
    O4 - HKCU\..\Run: [te1jhw8ku2t3kyygcs] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xhv55n.exe
    O4 - HKCU\..\Run: [pyy3lzf2r] C:\DOCUME~1\Esteban\LOCALS~1\Temp\aa98u3vgq7.exe
    O4 - HKCU\..\Run: [u8ggk8wzrljj] C:\DOCUME~1\Esteban\LOCALS~1\Temp\a6ncq0hujwo8o.exe
    O4 - HKCU\..\Run: [se60p1l4lnpcm971xvv9hd4uuv29apdkhvqv] C:\DOCUME~1\Esteban\LOCALS~1\Temp\gaa6qrp.exe
    O4 - HKCU\..\Run: [ccvomynoqhtjzsptd] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fhcsssh1.exe
    O4 - HKCU\..\Run: [wrzsaar8f7b6mgf36bibmry] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vdd77c7963.exe
    O4 - HKCU\..\Run: [vptn8hoz4zfrjc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\drkqx4.exe
    O4 - HKCU\..\Run: [sw4h3jbjt6vmd0xg7b8k5] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o2t4ek.exe
    O4 - HKCU\..\Run: [ctrbtilccsybmf1kj9s7] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ekd3j25.exe
    O4 - HKCU\..\Run: [j3bemdqevz0s20x6p] C:\DOCUME~1\Esteban\LOCALS~1\Temp\h5jxjcdmd.exe
    O4 - HKCU\..\Run: [lac2ogbxoelhlf171op1uvqg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rxl2r47ymcy.exe
    O4 - HKCU\..\Run: [t851rcchny9od3v27k0iv91mmsikpdpouy] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y667gw1reunsk.exe
    O4 - HKCU\..\Run: [ed8qpfqf9rzfolw] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qei8z2gf.exe
    O4 - HKCU\..\Run: [j3jqoy0joor] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ja3onqlb.exe
    O4 - HKCU\..\Run: [mscxaz6h8me2z8ied45mg739u1vs8y6z06lm] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ig5jt2mcz.exe
    O4 - HKCU\..\Run: [ywzorb9i4wphjhf0b8q8xnxi583ouqbsgd33i1qmjxhz3rct] C:\DOCUME~1\Esteban\LOCALS~1\Temp\tuc2juc2sd96d.exe
    O4 - HKCU\..\Run: [hxzjjyt1bedvycir3zb7nax9s3qdkus0kvamco4l1a1] C:\DOCUME~1\Esteban\LOCALS~1\Temp\oa9quv1rxjkdm.exe
    O4 - HKCU\..\Run: [g23yu54j7n] C:\DOCUME~1\Esteban\LOCALS~1\Temp\na6f2carfp.exe
    O4 - HKCU\..\Run: [pmifze86bjb3iruuard5vx0zssrpiyfae8cu6emca] C:\DOCUME~1\Esteban\LOCALS~1\Temp\cdpg5jdc.exe
    O4 - HKCU\..\Run: [mxvrpvgbk5ji0cpm78523kxk4gwjqa9n0g2] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vzlr7ai.exe
    O4 - HKCU\..\Run: [tk2ngdd7h270k2xx7stf256wra6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pb0sy5thu.exe
    O4 - HKCU\..\Run: [cc51izrjnkgsate8gslzq] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ihca5aljt8.exe
    O4 - HKCU\..\Run: [kshryvdbkkh0e5g0pppyu1zyyizttlz4adhhz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\z4i4bbe2u8mt9.exe
    O4 - HKCU\..\Run: [jx7kg87gp3gmckxn2gw6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\kskq7jl9x9sxc.exe
    O4 - HKCU\..\Run: [ta6u1yjcw1mhm9p9mi] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ylftj942cx.exe
    O4 - HKCU\..\Run: [x09q48k57zmcu065rp0m37051zzh3xhk109v] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wl9ozom0t9vg.exe
    O4 - HKCU\..\Run: [wlfo5vhtow] C:\DOCUME~1\Esteban\LOCALS~1\Temp\elzryxh.exe
    O4 - HKCU\..\Run: [yyk685284pqasto] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vcrhpk5.exe
    O4 - HKCU\..\Run: [q2nig8pp3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\uh06dhqvm.exe
    O4 - HKCU\..\Run: [vxpflilnvqsqe1cbnfht4sc66l5vh39uq3k295bguzey] C:\DOCUME~1\Esteban\LOCALS~1\Temp\n4c9ah9ivv.exe
    O4 - HKCU\..\Run: [eppetq62hpebq] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ev4vbq62es.exe
    O4 - HKCU\..\Run: [bop1dd4wy4ml70] C:\DOCUME~1\Esteban\LOCALS~1\Temp\em6ia5zu.exe
    O4 - HKCU\..\Run: [a0iluif0w148gzv] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wiu2qtql.exe
    O4 - HKCU\..\Run: [df7366497i7atoctvz4rtm] C:\DOCUME~1\Esteban\LOCALS~1\Temp\tuijaueinze.exe
    O4 - HKCU\..\Run: [pc8p5nq27fotpmrpvlu] C:\DOCUME~1\Esteban\LOCALS~1\Temp\a7pk3p3g3b.exe
    O4 - HKCU\..\Run: [xf1wgt5491tnn2roh8rw6l9ekyys92d6bx8455y] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hb85209ect9gj.exe
    O4 - HKCU\..\Run: [w0r468vy8ni83ia203yhda2b7k] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rvs4e4n.exe
    O4 - HKCU\..\Run: [dky9nxg0618jsz4oc3wi8rdvt8quh4oehaoqlwgaudet7] C:\DOCUME~1\Esteban\LOCALS~1\Temp\f767qb61vo02.exe
    O4 - HKCU\..\Run: [n1ojkf0wz0fvib8kd2syvg5q9y4pribgl] C:\DOCUME~1\Esteban\LOCALS~1\Temp\es692v.exe
    O4 - HKCU\..\Run: [t7a47ketsd8693x9geskwkgvmue7dnmh] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o2olwie8mc.exe
    O4 - HKCU\..\Run: [jhg258c6p2luq6x1ke5qtuu4rbgjmxiixhb] C:\DOCUME~1\Esteban\LOCALS~1\Temp\yzlqks147.exe
    O4 - HKCU\..\Run: [wuwig9q1b8q86lv862fqmjfoa37ldntw1ho8j] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vb9q4tp1eugn.exe
    O4 - HKCU\..\Run: [vcidplaepeq7w5ehj0mmm9aktyysodvanwtb] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pmr3qtbn8jk0.exe
    O4 - HKCU\..\Run: [vgbif9xhl2bq0r1q2a477ed6w4ef] C:\DOCUME~1\Esteban\LOCALS~1\Temp\dk5qshib.exe
    O4 - HKCU\..\Run: [p2e3f6lz1c5ie5mfp5] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o3o9yrk4q.exe
    O4 - HKCU\..\Run: [q3hsa1pyzd23ui6cooe9k5u19nqcfl4emb3r07b6t2smymi0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\z64z9wwp5wi7.exe
    O4 - HKCU\..\Run: [wh21l4l20vonr7prk] C:\DOCUME~1\Esteban\LOCALS~1\Temp\cq16ea.exe
    O4 - HKCU\..\Run: [iwjqnrartaxe8b1md836ohc612nt5jzrml1id] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qtacfx6.exe
    O4 - HKCU\..\Run: [m0rh62mcy4hebd3uudpbjtoeixj8ebj82cgq] C:\DOCUME~1\Esteban\LOCALS~1\Temp\su4ps9.exe
    O4 - HKCU\..\Run: [fj1y5ht0arljfec6nqf3pqzmb9r] C:\DOCUME~1\Esteban\LOCALS~1\Temp\g6ib4z8rwfq.exe
    O4 - HKCU\..\Run: [hgf8ngm88n088kms3p9e6z03eh8y4fj36tbm256fwc8dwmd] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xto5a0.exe
    O4 - HKCU\..\Run: [f2f6h5uy6f5q622s5b] C:\DOCUME~1\Esteban\LOCALS~1\Temp\dttckwg1nyj.exe
    O4 - HKCU\..\Run: [rqilxxloon838rnu0r0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rw5clj.exe
    O4 - HKCU\..\Run: [mo4yij3fnvt] C:\DOCUME~1\Esteban\LOCALS~1\Temp\z7j5m7vr39d.exe
    O4 - HKCU\..\Run: [e2o53t8hkvj7qt3tuxntaiy79fd7ku3f] C:\DOCUME~1\Esteban\LOCALS~1\Temp\d4u2hyqbe0w0e.exe
    O4 - HKCU\..\Run: [cx2nb8iklwhijdic9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\d7v2tjlf.exe
    O4 - HKCU\..\Run: [vwnjln7cy4rqsrw6simx79f11omexfgpl8c6ylrvlby] C:\DOCUME~1\Esteban\LOCALS~1\Temp\p9kw4hkkj2y52.exe
    O4 - HKCU\..\Run: [y2vz9xmfdtbv76mrb2md2t82r1jyaugnx6bddslkw3f] C:\DOCUME~1\Esteban\LOCALS~1\Temp\tpnhe3.exe
    O4 - HKCU\..\Run: [q6w0ku3mmz5vjmokzmuspo4mjepe3423f] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bwk2yalt.exe
    O4 - HKCU\..\Run: [alh49v9fl0iv5p8ncecgibxf0w3ubwe0vquervs2se162qsp] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ky1r3byrquoq.exe
    O4 - HKCU\..\Run: [j6fic60f4cdmlep7klg2emk9u1e743oa] C:\DOCUME~1\Esteban\LOCALS~1\Temp\q5s73x4c.exe
    O4 - HKCU\..\Run: [w3z3597p02g4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qcx0q8vfn6.exe
    O4 - HKCU\..\Run: [u4tqtlqrdzu6ds5hf16p1cbf9p26qeaekipc8i9b] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qlhdnf8gql07s.exe
    O4 - HKCU\..\Run: [xa4kptagun6iasahknrkrvtnw8j] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bwcbt1.exe
    O4 - HKCU\..\Run: [x1ddtswg6q7lv09020zbsh2m] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bqiksb.exe
    O4 - HKCU\..\Run: [nwo3ntp4tmucjvrzwhi9qyjdueazncwv] C:\DOCUME~1\Esteban\LOCALS~1\Temp\kh13cv057.exe
    O4 - HKCU\..\Run: [giuu59l2f8bpq33j3fy4ifg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\tki3yd.exe
    O4 - HKCU\..\Run: [ujmflt4o07d6kx6h39wozhldh8bfu5lu85s] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vdgxlc.exe
    O4 - HKCU\..\Run: [s38hs48xcf5] C:\DOCUME~1\Esteban\LOCALS~1\Temp\euzrku9d.exe
    O4 - HKCU\..\Run: [py2ysr4vnauajaq71q99pc5wsdifdivou6kkuf] C:\DOCUME~1\Esteban\LOCALS~1\Temp\j08lo3r.exe
    O4 - HKCU\..\Run: [v9brvrcn5ggp7vja4tiv15qxjji1zl] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zuyms57ga.exe
    O4 - HKCU\..\Run: [qlk0aem4m1kf] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fdjyfv8lh2.exe
    O4 - HKCU\..\Run: [ixaastfbt] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bid6k93w.exe
    O4 - HKCU\..\Run: [x2vu51kht6px4r51e9qx5kzm32t6fmij4ct94eou52gpic2ho] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vmmh4psq.exe
    O4 - HKCU\..\Run: [b5sz66w5zb64] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lxvi8r8320e.exe
    O4 - HKCU\..\Run: [d1gd7k0hflg0hmgjqz80cb1ddvcoaqf12c66gslv5rw7tyv] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lwlqhsr.exe
    O4 - HKCU\..\Run: [aaqh660tim2262i1m7z1yk0pi39ekjduwwbjr9161] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lq8gz2z.exe
    O4 - HKCU\..\Run: [lbpuwhzxs6mej40po] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zcx4t5j3pe.exe
    O4 - HKCU\..\Run: [c4ahk238oi5i701cea9oc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\s7dsskxx0bp9.exe
    O4 - HKCU\..\Run: [jp3qxtd00o18ew8f3qs6pos7s6lct2vvtbig5] C:\DOCUME~1\Esteban\LOCALS~1\Temp\whg6ru4yqv.exe
    O4 - HKCU\..\Run: [l1jm0nv84rr67szytt5l] C:\DOCUME~1\Esteban\LOCALS~1\Temp\z0v3qrkp1.exe
    O4 - HKCU\..\Run: [csmoc553om914pra] C:\DOCUME~1\Esteban\LOCALS~1\Temp\dvyqj9yr8kfq.exe
    O4 - HKCU\..\Run: [ytxod47wcc6pv8uvhjg3vbcnrb5h0rzby0hbg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y06ndl2.exe
    O4 - HKCU\..\Run: [ypbtxwox2sl78z01qxk6fnc4l6ej35xllfvvq63fg5hcmlxh] C:\DOCUME~1\Esteban\LOCALS~1\Temp\whgjpwaw.exe
    O4 - HKCU\..\Run: [yxvgpubt1jet] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wkk5888amq.exe
    O4 - HKCU\..\Run: [n6vbi72c63ehr9g5n1zi] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pbuyfhs4f7.exe
    O4 - HKCU\..\Run: [qbxwce22v0z5hzr9cevw] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hamlehh9p6c3.exe
    O4 - HKCU\..\Run: [tljpjevbuevve2ich5ayno59x460p60l331r0lcvj7afff3cy] C:\DOCUME~1\Esteban\LOCALS~1\Temp\rhg959wj892m6.exe
    O4 - HKCU\..\Run: [jv4hudcnqf6tzi59g3k71n3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zodupg3.exe
    O4 - HKCU\..\Run: [wljuon9vo763puhcjtzh6jdw] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xaeo4svjwa.exe
    O4 - HKCU\..\Run: [fg9o57280d2c9vraj] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fhb9oz2nl6dw.exe
    O4 - HKCU\..\Run: [wtuk1j00dgx8mp2zcva1q9feqtr6hcnyp4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\i4kdvbvdjp.exe
    O4 - HKCU\..\Run: [fjgupipfnyv5bz07dj5a6piz15keambx9r] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pkt071ipbh6l.exe
    O4 - HKCU\..\Run: [x6e98x0jy293z64ucl25rz8kqtwxtt58c6ojj] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ucu3xojpt.exe
    O4 - HKCU\..\Run: [qpzapl60zsbm1ayim110ol5hai3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zu2yawj45.exe
    O4 - HKCU\..\Run: [s7uee5fs0kyiqpol3uws46zc77jrr] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lo348vvmip0b0.exe
    O4 - HKCU\..\Run: [gj3e01k27n69p] C:\DOCUME~1\Esteban\LOCALS~1\Temp\um54j2m1.exe
    O4 - HKCU\..\Run: [xppw1nr8o2aiy2n85] C:\DOCUME~1\Esteban\LOCALS~1\Temp\brpcukhnm0hg1.exe
    O4 - HKCU\..\Run: [f33o93ax672zqiuv0czj2dnp33gfbwbi7] C:\DOCUME~1\Esteban\LOCALS~1\Temp\clywldzx.exe
    O4 - HKCU\..\Run: [dk477qgjzceig0vsnia4a92526fexsthn3g5f6y5jcvn] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ix1ccass.exe
    O4 - HKCU\..\Run: [clowo4nv9ch2ysnjwklbm3csen] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mkmgsj8.exe
    O4 - HKCU\..\Run: [rxvqti5pngcp9q] C:\DOCUME~1\Esteban\LOCALS~1\Temp\r6x3zjt6sj.exe
    O4 - HKCU\..\Run: [pmjbgclm9km8mbzrsiztdts] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zduojq0thysb.exe
    O4 - HKCU\..\Run: [isv9x4fn85lspk8o34j37ks87cf7lcwa14y580qv0] C:\DOCUME~1\Esteban\LOCALS~1\Temp\bj1lc2sp.exe
    O4 - HKCU\..\Run: [f425bt5g1yzvp63cv09upxm0a9k0j4tnufa] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ach94x697.exe
    O4 - HKCU\..\Run: [xiuhm2f36d3aac11q76su62hsb4ff9bfmsuieyab8] C:\DOCUME~1\Esteban\LOCALS~1\Temp\h9pqj698.exe
    O4 - HKCU\..\Run: [fky5whh1z77ej3gfrusbcejya5v0xq1kdxwnhjopxh2xky] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pgms3dxvpbp.exe
    O4 - HKCU\..\Run: [mcvgo6o7y3niru4ebxknzx] C:\DOCUME~1\Esteban\LOCALS~1\Temp\d11pk1.exe
    O4 - HKCU\..\Run: [xntxtj8s3rspquwcpn71u99y9o6ykcn09oo7z8yd0t] C:\DOCUME~1\Esteban\LOCALS~1\Temp\eeasbuh84.exe
    O4 - HKCU\..\Run: [p07xqibgtw54vmkc1m8i9gpa13] C:\DOCUME~1\Esteban\LOCALS~1\Temp\gt3x0gg8.exe
    O4 - HKCU\..\Run: [svu982o0zepycpd77bl7brbqnf97s419kyj9r85le] C:\DOCUME~1\Esteban\LOCALS~1\Temp\h6x750j3hps.exe
    O4 - HKCU\..\Run: [bvlg67k6mi8becqiwcxy42] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zjxq6s4eehrb7.exe
    O4 - HKCU\..\Run: [ob3s4ntks81ie5ani4m] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y7gonglpe.exe
    O4 - HKCU\..\Run: [veh25cel1u3aylrka3mijkg0k2regd67o45h] C:\DOCUME~1\Esteban\LOCALS~1\Temp\j5a85a7io3.exe
    O4 - HKCU\..\Run: [cp2r9tir2g6x1adyy5y] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mzkfx3ofh72f.exe
    O4 - HKCU\..\Run: [fozz82c20m7ljqz0pwmo1rls7dzuzgnj921gw6iafttw1zl4mf] C:\DOCUME~1\Esteban\LOCALS~1\Temp\x3asmh3h3z.exe
    O4 - HKCU\..\Run: [so2nvqb2khwmyjthltloyck238cy49uc8qnar564ckrx1zib] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ptn2kwled2.exe
    O4 - HKCU\..\Run: [b2ym3i61v1z7ko1yowjzj44a2x7] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mf0n9ug.exe
    O4 - HKCU\..\Run: [ohwxi4mspv9zlqih4zift5md7tu2t2] C:\DOCUME~1\Esteban\LOCALS~1\Temp\uwzvsgg.exe
    O4 - HKCU\..\Run: [l6w8z729iclwmkzivzz094ekf] C:\DOCUME~1\Esteban\LOCALS~1\Temp\gn3r2su7l1q.exe
    O4 - HKCU\..\Run: [iaej21vyhv1bsegx0qqrk0ytj45zrrloggyr590rlw5o4np] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xidahm7.exe
    O4 - HKCU\..\Run: [xoqke3sjv4btc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mxa998hkcr.exe
    O4 - HKCU\..\Run: [hgtwi4xnhrav5clylrzy1mbxll91ne5zmjsdxg7lpfi1ua] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ewl0u0frc4frn.exe
    O4 - HKCU\..\Run: [hh2u7f6dtx2vqvf5tukevxzk6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xayxsa6.exe
    O4 - HKCU\..\Run: [uhaw23m86tfst] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fhvichdoe.exe
    O4 - HKCU\..\Run: [us5azmnq9t6su1fndseblldlalpij52ttz9g249doxao3kh4j4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\yn8g1c366h5.exe
    O4 - HKCU\..\Run: [izljkar94ipk18h2rqxz0xnwavk] C:\DOCUME~1\Esteban\LOCALS~1\Temp\fu27tlqo4n.exe
    O4 - HKCU\..\Run: [d9ia7t2btsrk] C:\DOCUME~1\Esteban\LOCALS~1\Temp\iraer3i1nyzw.exe
    O4 - HKCU\..\Run: [gvzgo3mtngfrmzs77ypnnsxo] C:\DOCUME~1\Esteban\LOCALS~1\Temp\acso9jo.exe
    O4 - HKCU\..\Run: [lyfwjnxw8tlrevauqui49te87gtouvc5mqb215c] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hq9yxhx.exe
    O4 - HKCU\..\Run: [qpyo6xpdnowt] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ylcxjthrq.exe
    O4 - HKCU\..\Run: [g4ie9c7ezzykkt5tlgww22qqryo] C:\DOCUME~1\Esteban\LOCALS~1\Temp\a5q46wsmpg.exe
    O4 - HKCU\..\Run: [vqlnufac6lp1pxk23ji7g252b3dbzhpet049vyvax] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zypsyr6pwc3.exe
    O4 - HKCU\..\Run: [w2lz9zk1otwea0v4akjfyyr0f09jw4] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vhjw0qssv.exe
    O4 - HKCU\..\Run: [fxt0hapq814atm93m8uqux] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vk41j2q63g6.exe
    O4 - HKCU\..\Run: [m39138fcefy13zdj8h59afwlmmi7n5p] C:\DOCUME~1\Esteban\LOCALS~1\Temp\l2e1tupqcd2.exe
    O4 - HKCU\..\Run: [kn2eoa4a7] C:\DOCUME~1\Esteban\LOCALS~1\Temp\yofc7xyeoa0.exe
    O4 - HKCU\..\Run: [tdgcjd22e0qnhk8x19hi6vizgshozshedfmr821eg608b] C:\DOCUME~1\Esteban\LOCALS~1\Temp\zqfynshcv.exe
    O4 - HKCU\..\Run: [gdcx51fti8lhatrb9ppsv1z1] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ofj4qbibj.exe
    O4 - HKCU\..\Run: [nih4jkeiilq3slz3m5fg] C:\DOCUME~1\Esteban\LOCALS~1\Temp\b8j8h8ms.exe
    O4 - HKCU\..\Run: [sxx9f73612] C:\DOCUME~1\Esteban\LOCALS~1\Temp\as1j81t6.exe
    O4 - HKCU\..\Run: [d2xkfp483w5eevsugbdhl8l1tayf025nkzimljq] C:\DOCUME~1\Esteban\LOCALS~1\Temp\aw3h1kw1.exe
    O4 - HKCU\..\Run: [i4wlb1ej7tpy91] C:\DOCUME~1\Esteban\LOCALS~1\Temp\i30jlr3568.exe
    O4 - HKCU\..\Run: [mm9v8pdun5r7opvodrduxrvu8fz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vxrw78rmhw.exe
    O4 - HKCU\..\Run: [b9tnxlex752gmq6po] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o6o0ep.exe
    O4 - HKCU\..\Run: [eaa53crcufuxnf8j7q6mjohulby7cjyqnkc0dvs] C:\DOCUME~1\Esteban\LOCALS~1\Temp\dnqtdulwi7.exe
    O4 - HKCU\..\Run: [jtf6ss0atcitat9q228eoutfrdfrf8yw3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\cqrl4n9r8.exe
    O4 - HKCU\..\Run: [pbzgaj0zpsei9onho11jlfso67rxi3vke4u] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pcdg5a4wfk.exe
    O4 - HKCU\..\Run: [lajvwjjoma0qbzqlxst5aczm] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pp4w1bxrm5.exe
    O4 - HKCU\..\Run: [o4116f4d9hotwwupedaps5ilmou5i61uzn2xph737u] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ese48g.exe
    O4 - HKCU\..\Run: [ox6y8t16zf8930] C:\DOCUME~1\Esteban\LOCALS~1\Temp\dlds0b9.exe
    O4 - HKCU\..\Run: [iuzb6r8djwl2hwf7iqy17g3sw7bgya9sno9dnfymt0zqjz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\o7xubrd.exe
    O4 - HKCU\..\Run: [y9g5ldkeizaojmibyti7ii104qe04ji914q44t0wi13wk5qec] C:\DOCUME~1\Esteban\LOCALS~1\Temp\w5wjudd.exe
    O4 - HKCU\..\Run: [jr1teo3scjgdohm40fqi5z4m9e6wl2] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mkzy2vqxdhg2.exe
    O4 - HKCU\..\Run: [lnh0jwk042vnk0bp6wprnnx2vhwbsr71lniq5o5n] C:\DOCUME~1\Esteban\LOCALS~1\Temp\t8tpu0n132j.exe
    O4 - HKCU\..\Run: [ogd7wj2c5yxwcyne9qc8ilt49x1pwcl34mocloqhtuskiqk8] C:\DOCUME~1\Esteban\LOCALS~1\Temp\k9jxv2.exe
    O4 - HKCU\..\Run: [qjiigced9kn8kisu] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ogwon74cnyt2n.exe
    O4 - HKCU\..\Run: [ky3acw1rqspv0t0l8e3ynk9j73bz2rgv6h7otiud7] C:\DOCUME~1\Esteban\LOCALS~1\Temp\yn3tyw8n705.exe
    O4 - HKCU\..\Run: [wkvytwxoex1fasgb5pt65ku21ryzhcp0ryiisqhgxgvb8m] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ucur85d7n9r.exe
    O4 - HKCU\..\Run: [svcczdbd8v0h] C:\DOCUME~1\Esteban\LOCALS~1\Temp\d4xg71xe1o.exe
    O4 - HKCU\..\Run: [zo79hejlrv6gu04sci1b1nsf2pok58phyk3qmezrm6sv0bq8] C:\DOCUME~1\Esteban\LOCALS~1\Temp\h189vxkdnzpc.exe
    O4 - HKCU\..\Run: [qtxe9uuvoecywnazd8qm3q5ssmxlk4819x] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ft5ch1.exe
    O4 - HKCU\..\Run: [mi9ed8nbee7lphiz54gx7j23mg44gz0h5yv] C:\DOCUME~1\Esteban\LOCALS~1\Temp\f2ppvp6nw.exe
    O4 - HKCU\..\Run: [pqhih03w90v8xxx0corlytko6fe1n3w0p] C:\DOCUME~1\Esteban\LOCALS~1\Temp\y7du41.exe
    O4 - HKCU\..\Run: [byoepf0dui] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xae5vussgwxg5.exe
    O4 - HKCU\..\Run: [va2wonpqlbuw91jxj6zioe9u8rm85ny5s1eouo6u] C:\WINDOWS\TEMP\puhcv7s.exe
    O4 - HKCU\..\Run: [ype5jzoj8n] C:\WINDOWS\TEMP\tu15hr6ocyws.exe
    O4 - HKCU\..\Run: [bqjewes4rkk26e1bdao8lwr6poaoyth] C:\WINDOWS\TEMP\p08jkx1l1.exe
    O4 - HKCU\..\Run: [m203wv40gbwax008bgbwsx7crz55pkqd89a] C:\WINDOWS\TEMP\w180uv6v.exe
    O4 - HKCU\..\Run: [m1e3nntyk] C:\DOCUME~1\Esteban\LOCALS~1\Temp\p2nijpwb.exe
    O4 - HKCU\..\Run: [edr7uve2zcxst1j219aj3wrb] C:\DOCUME~1\Esteban\LOCALS~1\Temp\feaqsm3gn1fm.exe
    O4 - HKCU\..\Run: [b818ia7nloekd4jc06] C:\DOCUME~1\Esteban\LOCALS~1\Temp\b7vr3ndevt1er.exe
    O4 - HKCU\..\Run: [wnshv5b04h] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qiiyfnjr2kbr.exe
    O4 - HKCU\..\Run: [cd56w2xurm6m64hxgcg2ekcn1skd0mgnqrs6hhrryk] C:\DOCUME~1\Esteban\LOCALS~1\Temp\cnae4kk.exe
    O4 - HKCU\..\Run: [gpsdu7hcvtpnuzutljik5oqdkndw44itdp] C:\DOCUME~1\Esteban\LOCALS~1\Temp\x2wvnt.exe
    O4 - HKCU\..\Run: [emsplekb30m5h6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\c4lufyet.exe
    O4 - HKCU\..\Run: [jffbk5nf3q8dozcst7n1x63gg13] C:\DOCUME~1\Esteban\LOCALS~1\Temp\qkhqfe5q8m.exe
    O4 - HKCU\..\Run: [st60haxpb3sffgmh7cnmu1jwggjv59uevi3c01opjfp08o3] C:\WINDOWS\TEMP\km7sihdzri.exe
    O4 - HKCU\..\Run: [lsorvchg5mhp8syanyvdprgodjiq327] C:\WINDOWS\TEMP\av7vne5bjbztv.exe
    O4 - HKCU\..\Run: [ozznuvnq5i] C:\DOCUME~1\Esteban\LOCALS~1\Temp\l2lv27sv.exe
    O4 - HKCU\..\Run: [w8sfonejmvxpvmd3xy1rq0y9tqvi] C:\DOCUME~1\Esteban\LOCALS~1\Temp\l5ph2jq9ep.exe
    O4 - HKCU\..\Run: [echsk1qnereng5lmz2jdduvyd6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\e3lpo04xb5uy.exe
    O4 - HKCU\..\Run: [lxm2eyn2e7j58cmkjjw04rvvr7p0sbhz8h5hojdio] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vjtq74j6i4gc.exe
    O4 - HKCU\..\Run: [c3lilsbjq1g0lit8gjop] C:\WINDOWS\TEMP\f8hy5iawbz.exe
    O4 - HKCU\..\Run: [cyl51ojdskwrsfnfwgo6dkhrb8ja9d8] C:\WINDOWS\TEMP\k7ne0v91u4z.exe
    O4 - HKCU\..\Run: [jv0vzz5x75cir358a7je7zfnj21n3rk7eav3tiwpedrwe3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\mhlp7l9uvkou.exe
    O4 - HKCU\..\Run: [nhoe3n8b8rlu8w5s59lippgkvo1w9nngjmavg5sl3582eja] C:\DOCUME~1\Esteban\LOCALS~1\Temp\e2mz81w.exe
    O4 - HKCU\..\Run: [wlbw97gai0mylntcgwpdr2d82hfheyw9xd783u5n6f5pfua] C:\WINDOWS\TEMP\t9q66ku3otg9.exe
    O4 - HKCU\..\Run: [i86wstzfjql3tmw9mg69h3ogchi5o0l0owx2k] C:\WINDOWS\TEMP\my1kv9ijl2pks.exe
    O4 - HKCU\..\Run: [u4cj2m073764r44cjxl71rd3xevo4raxuaqo0e2l9j8i] C:\DOCUME~1\Esteban\LOCALS~1\Temp\pzjqob4u5qkm.exe
    O4 - HKCU\..\Run: [uzr1ol3iajkvh9nzbrepy8kgre] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ojk1f4spemz.exe
    O4 - HKCU\..\Run: [ohysoq62dbjzey9n5bjpdb550nlf1xtjw6a6hik] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ixme1j2hs1ee.exe
    O4 - HKCU\..\Run: [sd318rtg9og4vny5kw1x5kc9ct61ya] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lpz758m75m0jj.exe
    O4 - HKCU\..\Run: [sll605qwbuk986vrnvahispfu3l8au8anqnd9dqjoy6n38zyw] C:\DOCUME~1\Esteban\LOCALS~1\Temp\iyhncem7x72q.exe
    O4 - HKCU\..\Run: [fssqql84csgvf598ik4ayqvhrrrnkmy27utpwfz] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ulsd8f.exe
    O4 - HKCU\..\Run: [mubi8w87knipkxgr6lm5kp4dup3sh9] C:\WINDOWS\TEMP\miikyck4.exe
    O4 - HKCU\..\Run: [ppa5wqyxscpq56p] C:\WINDOWS\TEMP\w7uk59kyhotf.exe
    O4 - HKCU\..\Run: [cu5mkk0t0hl7l5sg0d0221m69uyjbdhxfdq5dzuzr5has2a92] C:\DOCUME~1\Esteban\LOCALS~1\Temp\oyzpf25c.exe
    O4 - HKCU\..\Run: [bcn8hz2ayvt55bksm3wcitovk095] C:\DOCUME~1\Esteban\LOCALS~1\Temp\xp369sb7.exe
    O4 - HKCU\..\Run: [fxugmabbvdiomuoice4rcewlpalmbfsbd7dnav] C:\DOCUME~1\Esteban\LOCALS~1\Temp\t18f0ij.exe
    O4 - HKCU\..\Run: [qqj9f9fcudj74d] C:\DOCUME~1\Esteban\LOCALS~1\Temp\dn99xl9.exe
    O4 - HKCU\..\Run: [wcu09awn45px9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sr5gy3ctgawe.exe
    O4 - HKCU\..\Run: [y70wbuswvxzbczazgv8gc] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vuq2yf.exe
    O4 - HKCU\..\Run: [fx8ivjb0a2ur4n525ez0yb5kfdlmp05rg115nvy] C:\WINDOWS\TEMP\tn2fkdi.exe
    O4 - HKCU\..\Run: [kzkrda2ooho5ue59] C:\WINDOWS\TEMP\o59im01r.exe
    O4 - HKCU\..\Run: [odag9p8aod73d0629l] C:\DOCUME~1\Esteban\LOCALS~1\Temp\wu4tkvvz7fy.exe
    O4 - HKCU\..\Run: [lochf8i4r3yuzzj7j0iofq0p38yq38jp8oamf06h4kzci2i9] C:\DOCUME~1\Esteban\LOCALS~1\Temp\lwm32b.exe
    O4 - HKCU\..\Run: [b8j2ykpwa0d8nuzvs] C:\WINDOWS\TEMP\bq1lxd.exe
    O4 - HKCU\..\Run: [r0x5cbo1zvoo5nk0qfd] C:\WINDOWS\TEMP\nzyvxqxgeshp.exe
    O4 - HKCU\..\Run: [ozaxtskp3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\hkwz6j.exe
    O4 - HKCU\..\Run: [ufppcf1prxbglvwrazmbcnahjy36b78hxugt5x3] C:\DOCUME~1\Esteban\LOCALS~1\Temp\texo6i4.exe
    O4 - HKCU\..\Run: [o7xltpcr26burun5el6ai017tqwf74] C:\DOCUME~1\Esteban\LOCALS~1\Temp\ruy01nqm6j.exe
    O4 - HKCU\..\Run: [byou1pypwqm60fyk8f3iu89maph] C:\DOCUME~1\Esteban\LOCALS~1\Temp\vy24hwp9r.exe
    O4 - HKCU\..\Run: [afirvcqg6tn6dgjqmqa8furdro9wzpp625w0eydp6f4s] C:\DOCUME~1\Esteban\LOCALS~1\Temp\sf14lscvg7u1.exe
    O4 - HKCU\..\Run: [mgczhfusfcdar71qms7vw7tlaa99bwfdi6] C:\DOCUME~1\Esteban\LOCALS~1\Temp\nks1y4g.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
    O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program Files\Kerberos\leash32.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205555985076
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219813966209
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
    O20 - Winlogon Notify: yayxyaYp - yayxyaYp.dll (file missing)
    O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hsfd83jfdg.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

    --
    End of file - 54409 bytes

  • VG

    @The Champ
    Please follow the instructions given at following links:

    For Firefox: http://forums.mozillazine.org/viewtopic.php?f=38&t=1001235&start=0&st=0&sk=t&sd=a
    For IE: http://www.360n.com/remove_yoog.htm

    @Senthil
    Fix following:

    F2 - REG:system.ini: Shell=Explorer.exe C:\SYSROOT\system32\SysMax\postgres.exe

    @jay and Lubana
    Your logfile is clean.

  • Dave

    I should not have an spy ware or viruses as I am extra careful but from what I read I guess I am not careful enough. Let me know if it seems I am infected please and thanks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:05:05 PM, on 19/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Users\Aka Gambit\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Windows\System32\notepad.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Aka Gambit\Downloads\utorrent.exe
    C:\Users\AKAGAM~1\AppData\Local\Temp\winleyybm.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
    C:\Users\Aka Gambit\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\explorer.exe
    C:\Users\Aka Gambit\Downloads\!Done\HiJackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
    O1 - Hosts: 87.118.118.162 update.nprotect.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Aka Gambit\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1173674663-4235749962-3703880784-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrator')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: WinMySQLadmin.lnk = C:\xampplite\mysql\bin\winmysqladmin.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O13 - Gopher Prefix:
    O15 - Trusted IP range: http://192.168.0.1
    O15 - ESC Trusted IP range: http://192.168.0.1
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - https://bill.netgame.com/mglaunch_USAv1002.cab
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
    O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampplite\service.exe

    --
    End of file - 8895 bytes

  • Ramanathan

    ^^ Please help my computer. My system has lot of virus.

  • Senthil

    Thanks very much VG

  • Lubana

    Thanks VG !!
    Sometimes I Wonder This Site And "VG" Has Helped Me A Lot
    How Can I Ever Repay You...? :)

  • VG

    @Dave
    Your registry editor is disabled. If you didnt disable it intentionally, then fix following entry to enable it:

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

1 2 3 4 5 ... 79

Add a Comment

NOTE: If you can't see your comment, please be patient. It'll appear as soon as we approve it.


Create an avatar that will appear with your comment.