Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pos temp files all over my documents and my computer [CLOSED]


  • This topic is locked This topic is locked

#1
raj_mca

raj_mca

    Member

  • Member
  • PipPip
  • 13 posts
hello.. i am new to this forum.. my computer is very very slow and has 1000s of pos files in my documents and C: which i am not able to delete too... please help..

raj
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Before I can help I need to see what you have

Download & Run HijackThis.exe

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  • 0

#3
raj_mca

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thank you so much... i did what u said and heres what i got....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:00 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\kgfhkncq.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Suraj\MYDOCU~1\FNTS~1\wuaclt.exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe
C:\Program Files\Common Files\F?nts\n?lookup.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"
O4 - HKLM\..\Run: [1cdb080b] rundll32.exe "C:\WINDOWS\system32\dbgeijtw.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Suraj\MYDOCU~1\FNTS~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Qbqzpxuj] "C:\Program Files\Common Files\F?nts\n?lookup.exe"
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192962184796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192962171453
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\kgfhkncq.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\xuwueqigy.html

--
End of file - 8642 bytes
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the dog can see the rabbit lets start the hunt

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"
O4 - HKLM\..\Run: [1cdb080b] rundll32.exe "C:\WINDOWS\system32\dbgeijtw.dll",b
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Suraj\MYDOCU~1\FNTS~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [Qbqzpxuj] "C:\Program Files\Common Files\F?nts\n?lookup.exe"
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\kgfhkncq.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\xuwueqigy.html

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\QdrPack
    C:\Program Files\Zango
    C:\Program Files\RcvSystem
    C:\WINDOWS\system32\kgfhkncq.exe
    C:\Program Files\Network Monitor\netmon.exe 
    C:\WINDOWS\system32\dbgeijtw.dll
    C:\Program Files\MSN\xuwueqigy.html
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Common Files\F?nts\n?lookup.exe
    C:\DOCUME~1\Suraj\MYDOCU~1\FNTS~1
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

@echo off
sc stop DomainService
sc stop Network Monitor
sc delete DomainService
sc delete Network Monitor
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file Posted Image

Then run fix.bat by double clicking you may see a black box appear this is normal

FINALLY FOR NOW

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Logs required : OTMoveit and Combofix
  • 0

#5
raj_mca

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thanks a million for ur reply.. i am following ur reply to each word... i am a hr prof and i dont know much of computers.. sorry.. but in ur previous reply i didnt understand the last part.. there was something called "quote" .. hmm.. i didnt follow the reply after that.. can u explain please... sorry for the trouble...

raj
  • 0

#6
raj_mca

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i have done the OTMoveit as u said and heres what i got...

C:\Program Files\QdrPack moved successfully.
C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions\plugins moved successfully.
C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions\components moved successfully.
C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions moved successfully.
C:\Program Files\Zango\bin\10.1.181.0\firefox moved successfully.
C:\Program Files\Zango\bin\10.1.181.0 moved successfully.
C:\Program Files\Zango\bin moved successfully.
C:\Program Files\Zango moved successfully.
C:\Program Files\RcvSystem moved successfully.
C:\WINDOWS\system32\kgfhkncq.exe moved successfully.
File/Folder C:\Program Files\Network Monitor\netmon.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dbgeijtw.dll
C:\WINDOWS\system32\dbgeijtw.dll NOT unregistered.
C:\WINDOWS\system32\dbgeijtw.dll moved successfully.
File/Folder C:\Program Files\MSN\xuwueqigy.html not found.
[Custom Input]
< C:\Program Files\Common Files\F?nts\n?lookup.exe >
File/Folder C:\Program Files\Common Files\F?nts\n?lookup.exe not found.
< C:\DOCUME~1\Suraj\MYDOCU~1\FNTS~1 >
C:\DOCUME~1\Suraj\MYDOCU~1\Fοnts\FNTS~1 moved successfully.
C:\DOCUME~1\Suraj\MYDOCU~1\Fοnts moved successfully.

OTMoveIt2 v1.0.20 log created on 02152008_225425
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem what it is a a small batch file to delete two malware services, what I will do is make it a downloadable zip file to make it easier to use :)

Download the attached zip file.
Unzip to your desktop and you will then have a service.bat file
Double click this file and you are done

TO CONTINUE

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#8
raj_mca

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here is the log which i got after running combofix....

ComboFix 08-02-16.2 - Suraj 2008-02-16 12:35:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.156 [GMT 0:00]
Running from: C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\28EDBDKO\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iiffdde.dll
C:\WINDOWS\system32\vtsqq.dll
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Suraj\Application Data\AVSystemCare
C:\Documents and Settings\Suraj\Application Data\AVSystemCare\avtasks.dat
C:\Documents and Settings\Suraj\Application Data\AVSystemCare\Logs\av.log
C:\Documents and Settings\Suraj\Application Data\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Suraj\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Suraj\Application Data\DOBE~1
C:\Documents and Settings\Suraj\Application Data\ShoppingReport
C:\Documents and Settings\Suraj\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Suraj\Application Data\TSKS~1
C:\Documents and Settings\Suraj\Application Data\WinTouch
C:\Documents and Settings\Suraj\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Suraj\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Suraj\My Documents\SKS~1
C:\Documents and Settings\Suraj\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Suraj\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Suraj\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Suraj\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Suraj\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Suraj\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\fnts~1\n?lookup.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\gm3-24418.exe
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\kernel
C:\Program Files\kernel\kernel.exe
C:\Program Files\kernel\kernel.exe.lzma
C:\Program Files\Messenger\qucoja24418.dll
C:\Program Files\Messenger\qucoja83122.dll
C:\Program Files\MSN\tenacomi.dll
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\Router
C:\Program Files\Router\UnInstall.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\UGA6P
C:\WINDOWS\adaway.lic
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\racle~1
C:\WINDOWS\system32\aflkvetk.dll
C:\WINDOWS\system32\aghsgipj.ini
C:\WINDOWS\system32\akjmlqrl.exe
C:\WINDOWS\system32\akpogxne.dll
C:\WINDOWS\system32\aobrprrn.ini
C:\WINDOWS\system32\aokqsgwk.dll
C:\WINDOWS\system32\aotpjawq.ini
C:\WINDOWS\system32\artbtloy.exe
C:\WINDOWS\system32\atkcyumd.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\axwtcjol.dll
C:\WINDOWS\system32\baafkrhe.ini
C:\WINDOWS\system32\bcndrnhf.dll
C:\WINDOWS\system32\bdxhvwpl.ini
C:\WINDOWS\system32\bgiuolfm.dll
C:\WINDOWS\system32\bhegifsm.dll
C:\WINDOWS\system32\biajawxh.exe
C:\WINDOWS\system32\bknneylm.exe
C:\WINDOWS\system32\blxodcih.dll
C:\WINDOWS\system32\btojnaas.dll
C:\WINDOWS\system32\bvfgsumg.dll
C:\WINDOWS\system32\cakeqffl.dll
C:\WINDOWS\system32\cejlwoki.exe
C:\WINDOWS\system32\cfboxsjf.dll
C:\WINDOWS\system32\ciknesye.dll
C:\WINDOWS\system32\cimlvuml.exe
C:\WINDOWS\system32\cjuhoxgx.dll
C:\WINDOWS\system32\ckituwmu.exe
C:\WINDOWS\system32\clnwilvc.dll
C:\WINDOWS\system32\cntefqys.ini
C:\WINDOWS\system32\coohuumf.exe
C:\WINDOWS\system32\coxquflc.dll
C:\WINDOWS\system32\curjsmii.ini
C:\WINDOWS\system32\cwqdaiso.ini
C:\WINDOWS\system32\cyiqvmgw.dll
C:\WINDOWS\system32\cyyuqmcv.dll
C:\WINDOWS\system32\dbeuvymv.dll
C:\WINDOWS\system32\dhhbbegx.dll
C:\WINDOWS\system32\dhyipsxl.exe
C:\WINDOWS\system32\dkgtvpnp.dll
C:\WINDOWS\system32\dmfnmndl.dll
C:\WINDOWS\system32\dmuyckta.ini
C:\WINDOWS\system32\dnayillw.exe
C:\WINDOWS\system32\dnfjpedx.exe
C:\WINDOWS\system32\dntlepnk.dll
C:\WINDOWS\system32\dntlepnk.dllbox
C:\WINDOWS\system32\dpemysdi.ini
C:\WINDOWS\system32\dpslpqwd.exe
C:\WINDOWS\system32\drootkxw.ini
C:\WINDOWS\system32\drtyuncy.exe
C:\WINDOWS\system32\dxegsqax.dll
C:\WINDOWS\system32\ebujsfqt.dll
C:\WINDOWS\system32\edqnlkgs.ini
C:\WINDOWS\system32\ehrkfaab.dll
C:\WINDOWS\system32\eixxfoia.exe
C:\WINDOWS\system32\enwdgksy.ini
C:\WINDOWS\system32\enxgopka.ini
C:\WINDOWS\system32\eojyhguf.dll
C:\WINDOWS\system32\erryechj.dll
C:\WINDOWS\system32\etseqxtk.ini
C:\WINDOWS\system32\evthgusw.dll
C:\WINDOWS\system32\figerupa.dll
C:\WINDOWS\system32\fjhnwxbl.exe
C:\WINDOWS\system32\fjsxobfc.ini
C:\WINDOWS\system32\fkmnqdpy.dll
C:\WINDOWS\system32\flekhsvv.ini
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fohsdacq.dll
C:\WINDOWS\system32\fothtvvl.exe
C:\WINDOWS\system32\froyufxh.ini
C:\WINDOWS\system32\ftqioghh.dll
C:\WINDOWS\system32\fuufbtlb.dll
C:\WINDOWS\system32\fvtfntma.ini
C:\WINDOWS\system32\fxopkmkf.ini
C:\WINDOWS\system32\gdijatbg.dll
C:\WINDOWS\system32\gdqvyoxc.ini
C:\WINDOWS\system32\ghenpifo.dll
C:\WINDOWS\system32\gkxvpewt.dll
C:\WINDOWS\system32\gldyuvbo.ini
C:\WINDOWS\system32\gsssdoup.ini
C:\WINDOWS\system32\gtuxwptc.dll
C:\WINDOWS\system32\hbbouoka.dll
C:\WINDOWS\system32\hegbcbix.exe
C:\WINDOWS\system32\helkuhor.dll
C:\WINDOWS\system32\hfpdolis.ini
C:\WINDOWS\system32\hpsuorpy.ini
C:\WINDOWS\system32\hqscamwv.exe
C:\WINDOWS\system32\hqwpoelg.dll
C:\WINDOWS\system32\htupbfxo.exe
C:\WINDOWS\system32\hywnruyo.ini
C:\WINDOWS\system32\iaabwhys.ini
C:\WINDOWS\system32\ichosypk.dll
C:\WINDOWS\system32\icksretu.dll
C:\WINDOWS\system32\icksretu.dll . . . . failed to delete
C:\WINDOWS\system32\icksretu.dllbox
C:\WINDOWS\system32\icpwmwbd.ini
C:\WINDOWS\system32\ihxgelco.dll
C:\WINDOWS\system32\iiffdde.dll
C:\WINDOWS\system32\inwehotp.exe
C:\WINDOWS\system32\iuckrlag.exe
C:\WINDOWS\system32\ivideaaf.dll
C:\WINDOWS\system32\ivuqviki.dll
C:\WINDOWS\system32\ixukmrdf.dll
C:\WINDOWS\system32\jffkcghn.ini
C:\WINDOWS\system32\jfstquvn.dll
C:\WINDOWS\system32\jgfvdfcj.dll
C:\WINDOWS\system32\jhkohnqi.dll
C:\WINDOWS\system32\jjmsopct.exe
C:\WINDOWS\system32\jjwkkpwi.exe
C:\WINDOWS\system32\jkkjiif.dll
C:\WINDOWS\system32\jknnyieh.exe
C:\WINDOWS\system32\jkpsibvd.dll
C:\WINDOWS\system32\jkwgrglh.ini
C:\WINDOWS\system32\jooqyvnj.dll
C:\WINDOWS\system32\jpabyebw.dll
C:\WINDOWS\system32\jqnprxvo.exe
C:\WINDOWS\system32\jsdxqowt.ini
C:\WINDOWS\system32\juheupxo.ini
C:\WINDOWS\system32\jujfvurv.ini
C:\WINDOWS\system32\jurtyeqe.dll
C:\WINDOWS\system32\jwvkyusq.dll
C:\WINDOWS\system32\kcuvycju.ini
C:\WINDOWS\system32\kgbgiumf.dll
C:\WINDOWS\system32\kjhmsljx.ini
C:\WINDOWS\system32\kjpnncql.ini
C:\WINDOWS\system32\knygqfyp.ini
C:\WINDOWS\system32\kogkphsy.dll
C:\WINDOWS\system32\krgpldmv.dll
C:\WINDOWS\system32\ksxrkaiv.ini
C:\WINDOWS\system32\lbhniccu.ini
C:\WINDOWS\system32\lcgbkyqx.ini
C:\WINDOWS\system32\lffqekac.ini
C:\WINDOWS\system32\ljcottcf.dll
C:\WINDOWS\system32\ljmjfllh.ini
C:\WINDOWS\system32\lojctwxa.ini
C:\WINDOWS\system32\lowvlgxv.dll
C:\WINDOWS\system32\lpjalirf.dll
C:\WINDOWS\system32\lpwvhxdb.dll
C:\WINDOWS\system32\lrmqjtsl.exe
C:\WINDOWS\system32\lwegfgmh.ini
C:\WINDOWS\system32\mccyxeng.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mihjkgfu.dll
C:\WINDOWS\system32\miylwfxj.ini
C:\WINDOWS\system32\mqfqxwpe.dll
C:\WINDOWS\system32\mrxqrjsk.exe
C:\WINDOWS\system32\msanevpk.dll
C:\WINDOWS\system32\mtgfsstl.ini
C:\WINDOWS\system32\musclxvl.exe
C:\WINDOWS\system32\mvvmgbli.exe
C:\WINDOWS\system32\mweakoyp.dll
C:\WINDOWS\system32\mwinxgto.dll
C:\WINDOWS\system32\mwmuuoqx.dll
C:\WINDOWS\system32\mybpglio.dll
C:\WINDOWS\system32\mygpmupy.dll
C:\WINDOWS\system32\myigtcud.dll
C:\WINDOWS\system32\myoileym.exe
C:\WINDOWS\system32\nboajray.dll
C:\WINDOWS\system32\nfikdagn.dll
C:\WINDOWS\system32\nfwfbyxk.dll
C:\WINDOWS\system32\nhgckffj.dll
C:\WINDOWS\system32\nlmocmxt.dll
C:\WINDOWS\system32\nnnkife.dll
C:\WINDOWS\system32\nunwdsjr.ini
C:\WINDOWS\system32\nwhcqyme.dll
C:\WINDOWS\system32\oiqpnrfn.dll
C:\WINDOWS\system32\okcmlqjc.dll
C:\WINDOWS\system32\osjigdxx.exe
C:\WINDOWS\system32\ouxocgbk.exe
C:\WINDOWS\system32\ovehrtok.dll
C:\WINDOWS\system32\oyurnwyh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pbfneqje.dll
C:\WINDOWS\system32\pcgocaew.dll
C:\WINDOWS\system32\pdeecahi.ini
C:\WINDOWS\system32\phpxhvye.exe
C:\WINDOWS\system32\phvgoxov.dll
C:\WINDOWS\system32\pjmyjalg.dll
C:\WINDOWS\system32\pjsyrhin.dll
C:\WINDOWS\system32\plqqkmyx.ini
C:\WINDOWS\system32\pmlegoup.dll
C:\WINDOWS\system32\pnypnuxl.ini
C:\WINDOWS\system32\prppvyko.dll
C:\WINDOWS\system32\psqjsoow.dll
C:\WINDOWS\system32\psujnqtw.ini
C:\WINDOWS\system32\pyokaewm.ini
C:\WINDOWS\system32\qagrnhus.ini
C:\WINDOWS\system32\qbxgcgwc.dll
C:\WINDOWS\system32\qgglfcae.ini
C:\WINDOWS\system32\qgrxxvbx.dll
C:\WINDOWS\system32\qhjougyt.dll
C:\WINDOWS\system32\qlrkfwyo.exe
C:\WINDOWS\system32\qmapmdny.dll
C:\WINDOWS\system32\qmrffokw.exe
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.tmp
C:\WINDOWS\system32\qsgjwvop.ini
C:\WINDOWS\system32\qwxkagwj.dll
C:\WINDOWS\system32\qxfpqseg.dll
C:\WINDOWS\system32\qyxasfnd.dll
C:\WINDOWS\system32\rcwpbvxi.dll
C:\WINDOWS\system32\rduvnhui.dll
C:\WINDOWS\system32\rfoglsio.dll
C:\WINDOWS\system32\rhjycofs.dll
C:\WINDOWS\system32\rjsdwnun.dll
C:\WINDOWS\system32\rkncqiww.dll
C:\WINDOWS\system32\rsbdkibw.dll
C:\WINDOWS\system32\rslyqybf.dll
C:\WINDOWS\system32\rsrpscou.ini
C:\WINDOWS\system32\rxhcrsqp.exe
C:\WINDOWS\system32\rysnmfwy.exe
C:\WINDOWS\system32\sfelwded.dll
C:\WINDOWS\system32\sjdwdyfh.dll
C:\WINDOWS\system32\skflvcwm.ini
C:\WINDOWS\system32\skpxtxmf.dll
C:\WINDOWS\system32\smduelbg.dll
C:\WINDOWS\system32\sphiurhk.dll
C:\WINDOWS\system32\spyjpuko.dll
C:\WINDOWS\system32\stmnreap.exe
C:\WINDOWS\system32\strvswnl.exe
C:\WINDOWS\system32\syfkrjcv.dll
C:\WINDOWS\system32\syhwbaai.dll
C:\WINDOWS\system32\tehsfiqd.dll
C:\WINDOWS\system32\tioihdgr.dll
C:\WINDOWS\system32\tjqfafyv.ini
C:\WINDOWS\system32\tlhvuylk.dll
C:\WINDOWS\system32\tmowdpwi.dll
C:\WINDOWS\system32\tofylgjg.dll
C:\WINDOWS\system32\tpfsddgi.ini
C:\WINDOWS\system32\tqfsjube.ini
C:\WINDOWS\system32\trcyyfat.dll
C:\WINDOWS\system32\trwhgrhp.dll
C:\WINDOWS\system32\u2g.f
C:\WINDOWS\system32\uevgtprc.ini
C:\WINDOWS\system32\ugxxvdch.exe
C:\WINDOWS\system32\ujtdgkbo.dll
C:\WINDOWS\system32\umqltiim.dll
C:\WINDOWS\system32\umrafmgm.dll
C:\WINDOWS\system32\urxmyckq.ini
C:\WINDOWS\system32\uutxwgiy.exe
C:\WINDOWS\system32\uviawmdq.exe
C:\WINDOWS\system32\uxixuvrk.ini
C:\WINDOWS\system32\uycybphp.exe
C:\WINDOWS\system32\uyuclkdw.exe
C:\WINDOWS\system32\vciuixcn.exe
C:\WINDOWS\system32\vekrbmxq.dll
C:\WINDOWS\system32\vhlhksly.dll
C:\WINDOWS\system32\vmdlpgrk.ini
C:\WINDOWS\system32\vovlipnf.ini
C:\WINDOWS\system32\voxogvhp.ini
C:\WINDOWS\system32\vpvvadxa.exe
C:\WINDOWS\system32\vruvfjuj.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vudrdkxt.ini
C:\WINDOWS\system32\vufntvwa.ini
C:\WINDOWS\system32\vuyxmohh.exe
C:\WINDOWS\system32\vviejymg.dll
C:\WINDOWS\system32\vyfafqjt.dll
C:\WINDOWS\system32\vykyolmb.dll
C:\WINDOWS\system32\wbeybapj.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wlymfbak.exe
C:\WINDOWS\system32\wnluxhbg.ini
C:\WINDOWS\system32\wnsintisv.exe
C:\WINDOWS\system32\woosjqsp.ini
C:\WINDOWS\system32\wphudbqi.ini
C:\WINDOWS\system32\wubfjbat.exe
C:\WINDOWS\system32\xaqsgexd.ini
C:\WINDOWS\system32\xbvxxrgq.ini
C:\WINDOWS\system32\xhyaceys.exe
C:\WINDOWS\system32\xkihngdb.dll
C:\WINDOWS\system32\xkqeldtt.ini
C:\WINDOWS\system32\xnrruyfd.dll
C:\WINDOWS\system32\xpgfliqg.exe
C:\WINDOWS\system32\xpifdrbb.dll
C:\WINDOWS\system32\xpmrbasv.ini
C:\WINDOWS\system32\xqykbgcl.dll
C:\WINDOWS\system32\xtrwkjcw.exe
C:\WINDOWS\system32\xxhlloog.exe
C:\WINDOWS\system32\xybqeuef.dll
C:\WINDOWS\system32\yfwppbgy.ini
C:\WINDOWS\system32\ygbjptgv.dll
C:\WINDOWS\system32\ygbppwfy.dll
C:\WINDOWS\system32\yifyscph.dll
C:\WINDOWS\system32\ykuklvoe.dll
C:\WINDOWS\system32\ymxwlrmy.ini
C:\WINDOWS\system32\ypedsxbu.dll
C:\WINDOWS\system32\yprhnrhw.dll
C:\WINDOWS\system32\yprousph.dll
C:\WINDOWS\system32\yrqpwtqy.ini
C:\WINDOWS\system32\ytohpvjw.dll
C:\WINDOWS\system32\yujccxng.dll
C:\WINDOWS\system32\yvuhgyhb.exe
C:\WINDOWS\system32\yxllvkxx.exe
C:\WINDOWS\system32\yxwpthbv.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 13:33 . 2008-02-16 13:37 19,054 ---hs---- C:\WINDOWS\system32\icksretu.dllbox
2008-02-15 22:54 . 2008-02-15 22:54 <DIR> d-------- C:\_OTMoveIt
2008-02-15 21:58 . 2008-02-15 21:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 21:49 . 2008-02-15 21:49 294 --ahs---- C:\WINDOWS\system32\wtjiegbd.ini
2008-02-15 13:17 . 2008-02-15 13:17 <DIR> d-------- C:\VundoFix Backups
2008-02-14 16:53 . 2008-02-16 13:29 163,904 --a------ C:\WINDOWS\system32\icksretu.dll
2008-02-14 13:24 . 2008-02-14 13:24 53,312 --a------ C:\WINDOWS\system32\uuafvyhl.exe
2008-02-14 09:47 . 2008-02-14 09:47 53,312 --a------ C:\WINDOWS\system32\ggyrfnvb.exe
2008-02-13 20:01 . 2008-02-13 20:01 53,312 --a------ C:\WINDOWS\system32\vtywsjrv.exe
2008-02-13 09:02 . 2008-02-13 09:02 53,312 --a------ C:\WINDOWS\system32\prbfwxth.exe
2008-02-12 21:02 . 2008-02-12 21:02 53,312 --a------ C:\WINDOWS\system32\lvexblmu.exe
2008-02-12 13:39 . 2008-02-12 13:39 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-02-12 13:30 . 2008-02-12 13:30 53,312 --a------ C:\WINDOWS\system32\ahftfqie.exe
2008-02-11 20:06 . 2008-02-11 20:06 53,312 --a------ C:\WINDOWS\system32\pyhiveyo.exe
2008-02-11 13:02 . 2008-02-11 13:02 53,312 --a------ C:\WINDOWS\system32\cstmkumb.exe
2008-02-10 14:12 . 2008-02-10 14:12 53,312 --a------ C:\WINDOWS\system32\uqgxkffy.exe
2008-02-10 10:33 . 2008-02-10 10:33 53,312 --a------ C:\WINDOWS\system32\vhhdiubd.exe
2008-02-10 10:23 . 2008-02-10 10:23 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-02-10 10:22 . 2008-02-10 10:22 53,312 --a------ C:\WINDOWS\system32\chlnumbg.exe
2008-02-10 00:04 . 2008-02-14 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-09 23:42 . 2008-02-09 23:45 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-09 23:41 . 2008-02-14 23:11 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-09 23:40 . 2008-02-14 23:11 <DIR> d-------- C:\Program Files\McAfee
2008-02-09 19:04 . 2008-02-09 19:04 53,312 --a------ C:\WINDOWS\system32\omomrexk.exe
2008-02-09 12:30 . 2008-02-09 12:30 53,312 --a------ C:\WINDOWS\system32\yojkmhgp.exe
2008-02-08 20:31 . 2008-02-08 20:31 53,312 --a------ C:\WINDOWS\system32\rqoyabpi.exe
2008-02-08 20:13 . 2008-02-08 20:13 53,312 --a------ C:\WINDOWS\system32\yuoquntp.exe
2008-02-08 16:31 . 2008-02-08 16:31 53,312 --a------ C:\WINDOWS\system32\crxtbxfn.exe
2008-02-08 12:16 . 2008-02-08 12:16 53,312 --a------ C:\WINDOWS\system32\jnwjxdup.exe
2008-02-08 11:35 . 2008-02-08 11:35 53,312 --a------ C:\WINDOWS\system32\aoxolfvc.exe
2008-02-08 11:33 . 2008-02-15 21:23 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-07 17:37 . 2008-02-07 17:37 53,312 --a------ C:\WINDOWS\system32\kkfeqmvh.exe
2008-02-07 09:57 . 2008-02-07 09:57 53,312 --a------ C:\WINDOWS\system32\nqqkjpbb.exe
2008-02-06 16:11 . 2008-02-06 16:11 53,312 --a------ C:\WINDOWS\system32\psbmohup.exe
2008-02-06 12:56 . 2008-02-06 12:56 53,312 --a------ C:\WINDOWS\system32\pmgioirq.exe
2008-02-06 09:58 . 2008-02-06 09:58 53,312 --a------ C:\WINDOWS\system32\quhxggoi.exe
2008-02-05 14:10 . 2008-02-05 14:10 90,688 --a------ C:\WINDOWS\system32\ltssfgtm.dll
2008-02-05 14:05 . 2008-02-05 14:05 53,312 --a------ C:\WINDOWS\system32\nwxeisqn.exe
2008-02-05 09:53 . 2008-02-05 09:53 53,312 --a------ C:\WINDOWS\system32\fpwyegls.exe
2008-02-04 14:20 . 2008-02-04 14:20 53,312 --a------ C:\WINDOWS\system32\qqmvnrrm.exe
2008-02-04 08:50 . 2008-02-04 08:50 53,312 --a------ C:\WINDOWS\system32\fheuvstn.exe
2008-02-03 19:31 . 2008-02-03 19:31 <DIR> d-------- C:\Documents and Settings\Suraj\Application Data\Zango
2008-02-03 19:31 . 2008-02-03 19:31 <DIR> d-------- C:\Documents and Settings\Suraj\Application Data\WeatherDPA
2008-02-03 19:31 . 2008-02-15 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-02-03 19:31 . 2008-02-06 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-02-03 19:11 . 2008-02-03 19:11 53,312 --a------ C:\WINDOWS\system32\rojhxkpv.exe
2008-02-03 18:09 . 2008-02-03 18:09 53,312 --a------ C:\WINDOWS\system32\rqqghtpt.exe
2008-02-03 10:31 . 2008-02-03 10:31 53,312 --a------ C:\WINDOWS\system32\dnvdiflf.exe
2008-02-02 19:09 . 2008-02-02 19:09 53,312 --a------ C:\WINDOWS\system32\rtdpsdtw.exe
2008-02-02 11:41 . 2008-02-02 11:41 53,312 --a------ C:\WINDOWS\system32\hyjubscp.exe
2008-02-02 09:30 . 2008-02-02 09:30 53,312 --a------ C:\WINDOWS\system32\yligsmuf.exe
2008-02-01 10:10 . 2008-02-01 10:10 53,312 --a------ C:\WINDOWS\system32\xdenvhtv.exe
2008-01-31 21:42 . 2008-01-31 21:42 53,312 --a------ C:\WINDOWS\system32\dgevbqir.exe
2008-01-31 13:25 . 2008-01-31 13:25 53,312 --a------ C:\WINDOWS\system32\rthvdqbt.exe
2008-01-31 09:22 . 2008-01-31 09:22 53,312 --a------ C:\WINDOWS\system32\vmwjkqsx.exe
2008-01-30 20:55 . 2008-01-30 20:55 53,312 --a------ C:\WINDOWS\system32\hgodoyil.exe
2008-01-30 13:04 . 2008-01-30 13:04 53,312 --a------ C:\WINDOWS\system32\uwfllbvp.exe
2008-01-30 11:01 . 2008-01-30 11:01 53,312 --a------ C:\WINDOWS\system32\kefwixix.exe
2008-01-30 10:49 . 2008-01-30 10:50 <DIR> d-------- C:\Program Files\O2
2008-01-30 10:41 . 2008-01-30 10:42 468 --a------ C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
2008-01-30 10:37 . 2008-01-30 10:37 53,312 --a------ C:\WINDOWS\system32\xqcqefgn.exe
2008-01-30 10:22 . 2008-02-14 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-30 09:52 . 2008-01-30 10:10 1,494 --ahs---- C:\WINDOWS\system32\ngkuhsxc.ini
2008-01-27 10:11 . 2008-01-30 09:46 1,374 --ahs---- C:\WINDOWS\system32\ljfkxbgu.ini
2008-01-27 07:40 . 2008-01-27 09:59 1,254 --ahs---- C:\WINDOWS\system32\xpxmijrf.ini
2008-01-26 22:21 . 2008-01-26 22:21 <DIR> d-------- C:\Program Files\CONEXANT
2008-01-26 22:20 . 2004-06-17 15:55 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2008-01-26 22:20 . 2004-06-17 15:55 685,056 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-01-26 22:20 . 2004-06-17 15:57 200,064 --a------ C:\WINDOWS\system32\drivers\HSFHWICH.sys
2008-01-26 22:20 . 2004-06-08 08:28 129,291 --a------ C:\WINDOWS\system32\drivers\del5422.cty
2008-01-26 22:20 . 2004-03-17 12:00 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-01-26 22:20 . 2004-06-16 15:23 33,818 --a------ C:\WINDOWS\system32\HSFCI010.dll
2008-01-26 22:20 . 2004-03-17 12:04 13,059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-01-26 22:14 . 2008-01-27 07:40 1,134 --ahs---- C:\WINDOWS\system32\annskeqo.ini
2008-01-26 22:09 . 2008-01-26 22:09 <DIR> d-------- C:\RESOURCE_CD (E)
2008-01-26 21:30 . 2008-01-26 22:08 834 --ahs---- C:\WINDOWS\system32\ayigwfdn.ini
2008-01-26 20:33 . 2008-01-26 21:30 714 --ahs---- C:\WINDOWS\system32\migbutsh.ini
2008-01-26 19:03 . 2008-01-26 20:23 594 --ahs---- C:\WINDOWS\system32\raygehrd.ini
2008-01-26 19:00 . 2008-01-26 19:01 414 --ahs---- C:\WINDOWS\system32\nomcqmxt.ini
2008-01-26 19:00 . 2008-01-26 19:00 354 --ahs---- C:\WINDOWS\system32\xuxfmfci.ini
2008-01-26 17:58 . 2008-01-26 17:58 294 --ahs---- C:\WINDOWS\system32\ovjaicqs.ini
2008-01-26 10:48 . 2008-01-26 17:33 2,214 --ahs---- C:\WINDOWS\system32\blevwywu.ini
2008-01-25 21:26 . 2008-01-26 10:44 2,094 --ahs---- C:\WINDOWS\system32\rwtbssad.ini
2008-01-25 20:53 . 2008-01-25 21:26 1,974 --ahs---- C:\WINDOWS\system32\iotfnohd.ini
2008-01-24 21:37 . 2008-01-25 20:45 1,854 --ahs---- C:\WINDOWS\system32\vfjtltxo.ini
2008-01-24 21:14 . 2008-01-24 21:37 1,734 --ahs---- C:\WINDOWS\system32\hfgxkuyq.ini
2008-01-23 21:26 . 2008-01-23 21:26 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-23 21:23 . 2008-01-24 21:10 1,614 --ahs---- C:\WINDOWS\system32\ffshegta.ini
2008-01-23 20:29 . 2008-01-23 21:16 1,494 --ahs---- C:\WINDOWS\system32\cibquiux.ini
2008-01-23 19:58 . 2008-01-23 20:25 1,374 --ahs---- C:\WINDOWS\system32\mpoophxe.ini
2008-01-23 19:55 . 2008-01-23 19:58 1,254 --ahs---- C:\WINDOWS\system32\vxjsqbfs.ini
2008-01-20 14:07 . 2008-01-23 19:53 1,194 --ahs---- C:\WINDOWS\system32\qidphbga.ini
2008-01-20 10:54 . 2008-01-20 14:04 954 --ahs---- C:\WINDOWS\system32\xpwaxxfo.ini
2008-01-20 09:50 . 2008-01-20 09:50 834 --ahs---- C:\WINDOWS\system32\hlqeeexh.ini
2008-01-19 19:24 . 2008-01-20 09:50 774 --ahs---- C:\WINDOWS\system32\ienpmoar.ini
2008-01-19 18:24 . 2008-01-19 19:24 654 --ahs---- C:\WINDOWS\system32\sdddfbou.ini
2008-01-19 18:05 . 2008-01-19 18:18 594 --ahs---- C:\WINDOWS\system32\lduuowlq.ini
2008-01-19 11:20 . 2008-01-19 17:55 474 --ahs---- C:\WINDOWS\system32\gsruyivi.ini
2008-01-17 22:07 . 2008-01-19 11:11 354 --ahs---- C:\WINDOWS\system32\yupgglaq.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 19:31 --------- d-----w C:\Program Files\DivX
2008-02-15 02:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-15 02:33 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-02-14 23:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 23:24 --------- d-----w C:\Program Files\Dell
2008-02-14 23:10 --------- d-----w C:\Program Files\Google
2008-02-14 23:04 --------- d-----w C:\Program Files\Skype
2008-02-14 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-14 17:23 --------- d-----w C:\Documents and Settings\Suraj\Application Data\skypePM
2008-02-13 13:10 --------- d-----w C:\Program Files\Common Files\uuqq
2008-01-02 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-01 18:17 --------- d-----w C:\Program Files\Pacman
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-08 21:54 10 ----a-w C:\Program Files\.autoreg
2007-12-08 13:39 39,936 ----a-w C:\WINDOWS\system32\vtuursr.dll
2007-12-07 21:47 39,936 ----a-w C:\WINDOWS\system32\pmnmkhh.dll
2007-12-07 21:45 39,936 ----a-w C:\WINDOWS\system32\vtuvusp.dll
2007-12-07 00:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-30 21:07 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-11 12:00 200 ----a-w C:\Documents and Settings\Suraj\HiScores.dat
2006-12-29 10:13 560 ----a-w C:\Documents and Settings\Suraj\Application Data\ViewerApp.dat
2006-02-20 00:07 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}]
C:\Program Files\NewDotNet\newdotnet7_48.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93D68F49-38AF-3D0A-8C5A-4DE670F35BB0}]
C:\WINDOWS\system32\ynngi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2FBBF41-159B-0F38-A11E-09CB41B176F4}]
C:\WINDOWS\system32\ynngi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-16 13:29 163904 --a------ C:\WINDOWS\system32\icksretu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BACF55-35E1-4E47-9247-2D48660E5545}]
C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E1BACF55-35E1-4E47-9247-2D48660E5545}

[HKEY_CLASSES_ROOT\clsid\{e1bacf55-35e1-4e47-9247-2d48660e5545}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"WeatherDPA"="C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 23:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 23:50 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-03-16 11:33 127037]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 23:24 684032]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 22:21 294912]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-01 03:17 180269]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 04:46 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 04:47 385024]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-20 01:48 32881]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 17:50 155648]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2006-01-17 19:03 53248]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 22:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 23:49 94208]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-07-07 15:04 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 14:12 843776]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22 3739648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 16:52 218232]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:35:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\icksretu]
icksretu.dll 2008-02-16 13:29 163904 C:\WINDOWS\system32\icksretu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-23 04:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhffg]

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2007-11-25 12:37]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\Rajesh\Software\VCdRom.sys [2001-12-19 11:45]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-16 04:41]
S3 USB_NDIS_51;USB NDIS DSL Router Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\install.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-19 10:53:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 13:36:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\icksretu.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\icksretu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-02-16 13:39:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 13:39:19
.
2008-02-16 09:21:50 --- E O F ---


AND THIS IS THE LOG OF HIJACKTHIS..... i didnt run hijackthis again.. it is the same log i posted in the previous reply...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:00 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\kgfhkncq.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Suraj\MYDOCU~1\FNTS~1\wuaclt.exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe
C:\Program Files\Common Files\F?nts\n?lookup.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"
O4 - HKLM\..\Run: [1cdb080b] rundll32.exe "C:\WINDOWS\system32\dbgeijtw.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Suraj\MYDOCU~1\FNTS~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Qbqzpxuj] "C:\Program Files\Common Files\F?nts\n?lookup.exe"
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192962184796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192962171453
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\kgfhkncq.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\xuwueqigy.html

--
End of file - 8642 bytes


thanks...
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok there are still a lot of nasties there

Download the attached text file to your desktop

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#10
raj_mca

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i am not able to run combofix now.. am getting a prompt saying it is not a valid win32 application...
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try this instead

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the log. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
  • 0

#12
raj_mca

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thats the log... my computer is definitely faster now than yesterday... thanks... it would be great if we could remove all the viruses worms eating it... great site....

[code=auto:0]WinPFind35 logfile created on: 2/16/2008 4:11:30 PM
WinPFind35U Version Beta51 Folder = C:\Documents and Settings\Suraj\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 251.08 Mb Available Physical Memory | 49.88% Memory free
1.20 Gb Paging File | 0.93 Gb Available in Paging File | 77.94% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 38.12 Gb Free Space | 68.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SURAJ
Current User Name: Suraj
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 86016 bytes | Modified Date = 7/23/2005 4:40:54 AM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 372809 bytes | Modified Date = 7/23/2005 4:43:46 AM | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 2, 11 | Size = 225353 bytes | Modified Date = 7/23/2005 4:52:30 AM | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 401408 bytes | Modified Date = 7/23/2005 4:46:52 AM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 139264 bytes | Modified Date = 7/23/2005 4:40:16 AM | Attr = ]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 11:46:34 PM | Attr = ]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 11:50:30 PM | Attr = ]
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127037 bytes | Modified Date = 3/16/2005 11:33:00 AM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 5:33:20 PM | Attr = ]
support.exe -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 0, 0, 34 | Size = 294912 bytes | Modified Date = 10/7/2003 10:21:10 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 2/1/2006 3:17:26 AM | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 385024 bytes | Modified Date = 7/23/2005 4:47:12 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/20/2003 1:48:14 AM | Attr = ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 1/17/2006 7:03:06 PM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 10:50:18 PM | Attr = ]
vsnpstd3.exe -> %SystemRoot%\vsnpstd3.exe -> [Ver = 1, 0, 6, 0 | Size = 843776 bytes | Modified Date = 9/18/2006 2:12:12 PM | Attr = ]
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 9:22:02 PM | Attr = ]
notifyalert.exe -> %ProgramFiles%\Dell\Support\Alert\bin\NotifyAlert.exe -> [Ver = 2.1.0.72 | Size = 352256 bytes | Modified Date = 10/7/2003 10:20:18 PM | Attr = ]
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 159744 bytes | Modified Date = 10/14/2005 11:46:24 PM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 8/19/2004 3:40:08 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 9 | Size = 70656 bytes | Modified Date = 3/19/2007 12:44:44 PM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 86016 bytes | Modified Date = 7/23/2005 4:40:54 AM | Attr = ]
(MSControlService) Microsoft cache control [Win32_Own | On_Demand | Stopped] -> -> File not found
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 139264 bytes | Modified Date = 7/23/2005 4:40:16 AM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 372809 bytes | Modified Date = 7/23/2005 4:43:46 AM | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 2, 11 | Size = 225353 bytes | Modified Date = 7/23/2005 4:52:30 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 5:33:20 PM | Attr = ]
dla -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127037 bytes | Modified Date = 3/16/2005 11:33:00 AM | Attr = ]
DwlClient -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 0, 0, 34 | Size = 294912 bytes | Modified Date = 10/7/2003 10:21:10 PM | Attr = ]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 9:22:02 PM | Attr = ]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 11:46:34 PM | Attr = ]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 11:50:30 PM | Attr = ]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 11:49:46 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 385024 bytes | Modified Date = 7/23/2005 4:47:12 AM | Attr = ]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 401408 bytes | Modified Date = 7/23/2005 4:46:52 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 10:50:42 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 10:50:18 PM | Attr = ]
mmtask -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 1/17/2006 7:03:06 PM | Attr = ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 5:50:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ]
snpstd3 -> %SystemRoot%\vsnpstd3.exe -> [Ver = 1, 0, 6, 0 | Size = 843776 bytes | Modified Date = 9/18/2006 2:12:12 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/20/2003 1:48:14 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 2/1/2006 3:17:26 AM | Attr = ]
tsnpstd3 -> %SystemRoot%\tsnpstd3.exe -> [Ver = 1, 1, 3, 6 | Size = 262144 bytes | Modified Date = 7/7/2006 3:04:56 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 12:09:36 PM | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> File not found
WeatherDPA -> %ProgramFiles%\Zango\bin\10.1.181.0\Weather.exe -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Suraj Startup Folder > -> C:\Documents and Settings\Suraj\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
icksretu -> %SystemRoot%\system32\icksretu.dll -> [Ver = | Size = 163904 bytes | Modified Date = 2/16/2008 1:29:08 PM | Attr = ]
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 11:45:38 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 110592 bytes | Modified Date = 7/23/2005 4:46:56 AM | Attr = ]
jkkhffg -> -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> <local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. ->
7 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 10:17:44 PM | Attr = ]
{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NewDotNet\newdotnet7_48.dll [URLLink] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 3/16/2005 11:33:00 AM | Attr = ]
{93D68F49-38AF-3D0A-8C5A-4DE670F35BB0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ynngi.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{A2FBBF41-159B-0F38-A11E-09CB41B176F4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ynngi.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{A95B2816-1D7E-4561-A202-68C0DE02353A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\icksretu.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 163904 bytes | Modified Date = 2/16/2008 1:29:08 PM | Attr = ]
{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive8.dll [Internet Speed Monitor] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{35EB99CF-D760-4E11-84A3-6975C1103155} -> () ->
{63F6E284-626E-4E36-9562-5D9825332DAC} -> (1394 Net Adapter) ->
{974A9020-EA0C-43A2-8220-D859E9B6B5A1} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{9A82ED9C-84B8-4C17-8EDE-7C102B03243C} -> (Broadcom 440x 10/100 Integrated Controller) ->
{AB85FCB7-63BC-43F2-8D18-0AA9DA4C6073} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}[HKEY_LOCAL_MACHINE] -> http://dl.tvunetworks.com/TVUAx.cab[CTVUAxCtrl Object] ->
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www1.snapfish.co.uk/SnapfishUKActivia.cab[Snapfish Activia] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192962184796[WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192962171453[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] ->
{C5E28B9D-0A68-4B50-94E9-E8F6B4697514}[HKEY_LOCAL_MACHINE] -> http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab[NsvPlayX Control] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 5:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 2:21:15 PM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 4:37:50 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 648 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11483 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi raj_mca I did not get the full log so I can only do a partial fix. After you run this one could you re-run Winpfind and Attach the log to your next post. That way I will get it all


Start WinPFind35. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> icksretu -> %SystemRoot%\system32\icksretu.dll
YY -> jkkhffg ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NewDotNet\newdotnet7_48.dll [URLLink]
YY -> {93D68F49-38AF-3D0A-8C5A-4DE670F35BB0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ynngi.dll [Reg Error: Value does not exist or could not be read.]
YY -> {A2FBBF41-159B-0F38-A11E-09CB41B176F4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ynngi.dll [Reg Error: Value does not exist or could not be read.]
YY -> {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\icksretu.dll [Reg Error: Value does not exist or could not be read.]
YY -> {E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YY -> {1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive8.dll [Internet Speed Monitor]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console]
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35 scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#14
raj_mca

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i tried running the winpfind35 fix but nothing is happening... i dont get any log..

however most of the pos files from my documents and c: have disappeared and i am able to delete the remaining ones... my computer is back to normal and is working fine to my eyes....

thanks a million... we are in a foreign country and were worried when the computer got infected... i just wanted to give a try and it has worked fantastically.. i will recommend this site to all my friends...

Essexboy... a million thanks to you for taking the time and effort and for prompt replies...

i love this site..
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would like to do one more check before I let you go

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP