Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pos temp files all over my documents and my computer [CLOSED]

Started by raj_mca , Feb 15 2008 03:54 PM

  • This topic is locked This topic is locked

#16
raj_mca
Posted 17 February 2008 - 07:59 AM

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
did the scan as you suggested.... am pasting the log below... should i keep all the *.exe files that you have asked me to download...
yesterday i deleted them and the pos files are back....srry for the trouble....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2008 at 01:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type : Complete Scan
Total Scan Time : 01:04:47

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 5559
Registry threats detected : 11
File items scanned : 45192
File threats detected : 79

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JVIGVDTB.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210004.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210005.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210007.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Suraj\Cookies\suraj@888[1].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][1].txt
C:\Documents and Settings\Suraj\Cookies\suraj@cassava[1].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][1].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][2].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][2].txt
C:\Documents and Settings\Suraj\Cookies\suraj@adinterax[1].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][1].txt
C:\Documents and Settings\Suraj\Cookies\suraj@doubleclick[1].txt
C:\Documents and Settings\Suraj\Cookies\suraj@serving-sys[2].txt
C:\Documents and Settings\Suraj\Cookies\suraj@atdmt[2].txt
C:\Documents and Settings\Suraj\Cookies\suraj@advertising[1].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][1].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][2].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][1].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][1].txt
C:\Documents and Settings\Suraj\Cookies\[email protected][2].txt
C:\Documents and Settings\Suraj\Cookies\suraj@clickbank[1].txt

Trojan.Unknown Origin
C:\WINDOWS\system32\nGpxx01
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209071.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209072.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209073.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209074.VBS

Adware.Adservs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209035.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209036.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209998.DLL

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209037.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209038.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210000.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210997.DLL

Adware.Rabio Search Enhancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209039.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209041.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210008.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210009.DLL

Adware.ClickSpring
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209043.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210002.EXE

Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209044.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209045.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209046.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209047.EXE

Trojan.ZQuest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209048.DLL

Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209056.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209057.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209058.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209059.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209060.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209061.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209062.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209063.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209064.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209065.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209066.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209067.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209068.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209069.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209070.EXE

Trojan.ZQuest-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209079.EXE

Adware.StarsDoor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209080.EXE

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209083.DLL

Trojan.Downloader-Gen/DDC
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209084.EXE

Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209085.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209086.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209087.DLL

Trojan.Unclassifed/AffiliateBundle
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209997.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0209999.DLL

Trojan.Unclassified/NGP-XX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210001.EXE

Trojan.NetMon/DNSChange
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6137518E-3460-44A2-8946-2060EBA7AE81}\RP291\A0210003.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\5ZZMDBYK\crypt[1].htm
C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\3NYYGEL8\clean[1].htm
C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\5ZZMDBYK\style59[1].css
C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\3NYYGEL8\stats[1].jpg
C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\3NYYGEL8\errorhandler[1].htm
C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\5ZZMDBYK\managers[1].htm
C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\01WLGB6P\index[1].htm
C:\Documents and Settings\Suraj\Local Settings\Temporary Internet Files\Content.IE5\SXQJ8PQZ\autoresize[1].htm
  • 0

Advertisements

#17
Essexboy
Posted 17 February 2008 - 08:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, but you must be aware that a temporary improvement in performance may not mean that the infection was gone..

We will pick up again from the winpfind log :) And if you attach it I will be able to do the fix in one go

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#18
raj_mca
Posted 17 February 2008 - 09:31 AM

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hello... scanned as per ur instructions.. am not very knowledgeable with computers... sorry for the amateurish replies....


[code=auto:0]WinPFind35 logfile created on: 2/17/2008 3:27:42 PM
WinPFind35U Version Beta52 Folder = C:\Documents and Settings\Suraj\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 154.57 Mb Available Physical Memory | 30.71% Memory free
1.20 Gb Paging File | 0.92 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.03 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SURAJ
Current User Name: Suraj
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 86016 bytes | Modified Date = 7/23/2005 4:40:54 AM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 372809 bytes | Modified Date = 7/23/2005 4:43:46 AM | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 2, 11 | Size = 225353 bytes | Modified Date = 7/23/2005 4:52:30 AM | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 401408 bytes | Modified Date = 7/23/2005 4:46:52 AM | Attr = ]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 11:46:34 PM | Attr = ]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 11:50:30 PM | Attr = ]
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127037 bytes | Modified Date = 3/16/2005 11:33:00 AM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 5:33:20 PM | Attr = ]
support.exe -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 0, 0, 34 | Size = 294912 bytes | Modified Date = 10/7/2003 10:21:10 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 2/1/2006 3:17:26 AM | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 385024 bytes | Modified Date = 7/23/2005 4:47:12 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/20/2003 1:48:14 AM | Attr = ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 1/17/2006 7:03:06 PM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 10:50:18 PM | Attr = ]
tsnpstd3.exe -> %SystemRoot%\tsnpstd3.exe -> [Ver = 1, 1, 3, 6 | Size = 262144 bytes | Modified Date = 7/7/2006 3:04:56 PM | Attr = ]
vsnpstd3.exe -> %SystemRoot%\vsnpstd3.exe -> [Ver = 1, 0, 6, 0 | Size = 843776 bytes | Modified Date = 9/18/2006 2:12:12 PM | Attr = ]
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 9:22:02 PM | Attr = ]
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 159744 bytes | Modified Date = 10/14/2005 11:46:24 PM | Attr = ]
notifyalert.exe -> %ProgramFiles%\Dell\Support\Alert\bin\NotifyAlert.exe -> [Ver = 2.1.0.72 | Size = 352256 bytes | Modified Date = 10/7/2003 10:20:18 PM | Attr = ]
xinside.exe -> %ProgramFiles%\xInsIDE\xInsIDE.exe -> [Ver = | Size = 53248 bytes | Modified Date = 2/16/2008 10:03:45 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 8/19/2004 3:40:08 PM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 139264 bytes | Modified Date = 7/23/2005 4:40:16 AM | Attr = ]
yahoom~1.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/16/2008 1:03:26 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 86016 bytes | Modified Date = 7/23/2005 4:40:54 AM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 139264 bytes | Modified Date = 7/23/2005 4:40:16 AM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 372809 bytes | Modified Date = 7/23/2005 4:43:46 AM | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 2, 11 | Size = 225353 bytes | Modified Date = 7/23/2005 4:52:30 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
1cdb080b -> %SystemRoot%\system32\kodhjiio.DLL -> File not found
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 5:33:20 PM | Attr = ]
dla -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127037 bytes | Modified Date = 3/16/2005 11:33:00 AM | Attr = ]
DwlClient -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 0, 0, 34 | Size = 294912 bytes | Modified Date = 10/7/2003 10:21:10 PM | Attr = ]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 9:22:02 PM | Attr = ]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 11:46:34 PM | Attr = ]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 11:50:30 PM | Attr = ]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 11:49:46 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 385024 bytes | Modified Date = 7/23/2005 4:47:12 AM | Attr = ]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 401408 bytes | Modified Date = 7/23/2005 4:46:52 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 10:50:42 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 10:50:18 PM | Attr = ]
mmtask -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 1/17/2006 7:03:06 PM | Attr = ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 5:50:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ]
snpstd3 -> %SystemRoot%\vsnpstd3.exe -> [Ver = 1, 0, 6, 0 | Size = 843776 bytes | Modified Date = 9/18/2006 2:12:12 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/20/2003 1:48:14 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 2/1/2006 3:17:26 AM | Attr = ]
tsnpstd3 -> %SystemRoot%\tsnpstd3.exe -> [Ver = 1, 1, 3, 6 | Size = 262144 bytes | Modified Date = 7/7/2006 3:04:56 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> File not found
Jwx -> %SystemRoot%\Τаsks\wυauboot.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
WeatherDPA -> %ProgramFiles%\Zango\bin\10.1.181.0\Weather.exe -> File not found
xInsIDE -> %ProgramFiles%\xInsIDE\xInsIDE.exe -> [Ver = | Size = 53248 bytes | Modified Date = 2/16/2008 10:03:45 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ALUAlert -> %ProgramFiles%\Symantec\LiveUpdate\ALUNotify.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> File not found
Symantec NetDriver Warning -> %ProgramFiles%\SymNetDrv\SNDWarn.exe -> Symantec Corporation [Ver = 5, 4, 3, 11 | Size = 218232 bytes | Modified Date = 10/29/2004 4:52:14 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ALUAlert -> %ProgramFiles%\Symantec\LiveUpdate\ALUNotify.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> File not found
Symantec NetDriver Warning -> %ProgramFiles%\SymNetDrv\SNDWarn.exe -> Symantec Corporation [Ver = 5, 4, 3, 11 | Size = 218232 bytes | Modified Date = 10/29/2004 4:52:14 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> File not found
Jwx -> %SystemRoot%\Τаsks\wυauboot.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
WeatherDPA -> %ProgramFiles%\Zango\bin\10.1.181.0\Weather.exe -> File not found
xInsIDE -> %ProgramFiles%\xInsIDE\xInsIDE.exe -> [Ver = | Size = 53248 bytes | Modified Date = 2/16/2008 10:03:45 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Suraj Startup Folder > -> C:\Documents and Settings\Suraj\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003] > -> HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
icksretu -> icksretu.dll -> File not found
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 11:45:38 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 110592 bytes | Modified Date = 7/23/2005 4:46:56 AM | Attr = ]
jvigvdtb -> jvigvdtb.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003] > -> HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> <local> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
HKEY_USERS\.DEFAULT\: ProxyOverride -> <local> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-18\: ProxyOverride -> <local> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\] > -> ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\: Main\\Start Page -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\: ProxyOverride -> <local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. ->
7 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. ->
7 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 10:17:44 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 3/16/2005 11:33:00 AM | Attr = ]
{93D68F49-38AF-3D0A-8C5A-4DE670F35BB0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ynngi.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{A2FBBF41-159B-0F38-A11E-09CB41B176F4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ynngi.dll [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1606980848-606747145-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{35EB99CF-D760-4E11-84A3-6975C1103155} -> () ->
{63F6E284-626E-4E36-9562-5D9825332DAC} -> (1394 Net Adapter) ->
{974A9020-EA0C-43A2-8220-D859E9B6B5A1} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{9A82ED9C-84B8-4C17-8EDE-7C102B03243C} -> (Broadcom 440x 10/100 Integrated Controller) ->
{AB85FCB7-63BC-43F2-8D18-0AA9DA4C6073} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}[HKEY_LOCAL_MACHINE] -> http://dl.tvunetworks.com/TVUAx.cab[CTVUAxCtrl Object] ->
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www1.snapfish.co.uk/SnapfishUKActivia.cab[Snapfish Activia] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192962184796[WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192962171453[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] ->
{C5E28B9D-0A68-4B50-94E9-E8F6B4697514}[HKEY_LOCAL_MACHINE] -> http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab[NsvPlayX Control] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 5:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 2:21:15 PM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 4:37:50 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 656 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 11:00:00 AM | Attr = ]
HKEY_LO
  • 0

#19
Essexboy
Posted 17 February 2008 - 09:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I am still not getting the full report - could you follow these instructions to upload the file

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#20
raj_mca
Posted 17 February 2008 - 02:50 PM

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
attaching the file

Attached Files


  • 0

#21
Essexboy
Posted 17 February 2008 - 03:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Excellent I am now about to remove several thousand bad files from your computer. This may take a while and windows may report that winpfind is not responding, it is it is just working hard

Start WinPFind35. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> kgfhkncq.exe -> %SystemRoot%\system32\kgfhkncq.exe
NY -> mrofinu572.exe -> %SystemRoot%\mrofinu572.exe
YY -> oeaddon.exe -> %ProgramFiles%\Zango\bin\10.1.181.0\OEAddOn.exe
YN -> zangosa.exe -> %ProgramFiles%\Zango\bin\10.1.181.0\ZangoSA.exe
YY -> qdrpack12.exe -> %ProgramFiles%\QdrPack\QdrPack12.exe
YY -> weather.exe -> %ProgramFiles%\Zango\bin\10.1.181.0\Weather.exe
YY -> nѕlookup.exe -> %CommonProgramFiles%\Fоnts\nѕlookup.exe
[Win32 Services - Non-Microsoft Only]
YY -> (DomainService) DomainService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\kgfhkncq.exe
YY -> (MSControlService) Microsoft cache control [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\windows
YY -> (Network Monitor) Network Monitor [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Monitor\netmon.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> 1cdb080b -> %SystemRoot%\system32\lxunpynp.dll
YY -> runner1 -> %SystemRoot%\mrofinu572.exe
YY -> ZangoOE -> %ProgramFiles%\Zango\bin\10.1.181.0\OEAddOn.exe
YY -> ZangoSA -> %ProgramFiles%\Zango\bin\10.1.181.0\ZangoSA.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Qbqzpxuj -> %CommonProgramFiles%\Fоnts\nѕlookup.exe
YY -> QdrPack12 -> %ProgramFiles%\QdrPack\QdrPack12.exe
YY -> Router -> %ProgramFiles%\Router\Router.exe
YY -> Uaol -> %UserProfile%\My Documents\Fοnts\wuaclt.exe
YY -> WeatherDPA -> %ProgramFiles%\Zango\bin\10.1.181.0\Weather.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {B285004D-6D02-4212-91FC-B8F47B68C254} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkkhffg.dll []
YY -> {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iiffdde.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> icksretu -> %SystemRoot%\system32\icksretu.dll
YY -> iiffdde -> %SystemRoot%\system32\iiffdde.dll
YY -> jkkhffg -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {100EB1FD-D03E-47FD-81F3-EE91287F9465} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.0.26\ShoppingReport.dll [ShoppingReport]
YY -> {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NewDotNet\newdotnet7_48.dll [URLLink]
YY -> {5675718F-5C96-40C9-BD00-24BC7FE9728E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\vtsqq.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {76d43899-b28f-4e33-af3b-6c397e3c205f} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ciknesye.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {93D68F49-38AF-3D0A-8C5A-4DE670F35BB0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ynngi.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {A2FBBF41-159B-0F38-A11E-09CB41B176F4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ynngi.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\icksretu.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {B285004D-6D02-4212-91FC-B8F47B68C254} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkkhffg.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango]
YY -> {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iiffdde.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YY -> {1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive8.dll [Internet Speed Monitor]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.0.26\ShoppingReport.dll [ShopperReports]
YY -> {CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango Information Window]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Zango\bin\10.1.181.0\HostIE.dll [Zango]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {C5428486-50A0-4a02-9D20-520B59A9F9B2}:{C9CCBB35-D123-4a31-AFFC-9B2933132116} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.0.26\ShoppingReport.dll [ShopperReports - Compare product prices]
YY -> {C5428486-50A0-4a02-9D20-520B59A9F9B3}:{A16AD1E9-F69A-45af-9462-B1C286708842} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.0.26\ShoppingReport.dll [ShopperReports - Compare travel rates]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YY -> CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.0.26\ShoppingReport.dll [ShopperReports - Compare product prices]
YY -> CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.0.26\ShoppingReport.dll [ShopperReports - Compare travel rates]
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
YY -> text/html:{07851C6A-1C43-41d9-8319-BC89154A8C00}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\RcvSystem\httpdchk.dll[Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 90 days]
YY -> 27510 C:\*.tmp files -> C:\*.tmp
YY -> @Alternate Data Stream - 26 bytes -> %SystemDrive%\Vikat_tm.ttf:Zone.Identifier
YY -> aflkvetk.dll -> %SystemRoot%\System32\aflkvetk.dll
YY -> aghsgipj.ini -> %SystemRoot%\System32\aghsgipj.ini
YY -> ahftfqie.exe -> %SystemRoot%\System32\ahftfqie.exe
YY -> akjmlqrl.exe -> %SystemRoot%\System32\akjmlqrl.exe
YY -> akpogxne.dll -> %SystemRoot%\System32\akpogxne.dll
YY -> annskeqo.ini -> %SystemRoot%\System32\annskeqo.ini
YY -> aokqsgwk.dll -> %SystemRoot%\System32\aokqsgwk.dll
YY -> aotpjawq.ini -> %SystemRoot%\System32\aotpjawq.ini
YY -> aoxolfvc.exe -> %SystemRoot%\System32\aoxolfvc.exe
YY -> artbtloy.exe -> %SystemRoot%\System32\artbtloy.exe
YY -> atkcyumd.dll -> %SystemRoot%\System32\atkcyumd.dll
YY -> atmtd.dll -> %SystemRoot%\System32\atmtd.dll
YY -> atmtd.dll._ -> %SystemRoot%\System32\atmtd.dll._
YY -> axwtcjol.dll -> %SystemRoot%\System32\axwtcjol.dll
YY -> ayigwfdn.ini -> %SystemRoot%\System32\ayigwfdn.ini
YY -> baafkrhe.ini -> %SystemRoot%\System32\baafkrhe.ini
YY -> bcndrnhf.dll -> %SystemRoot%\System32\bcndrnhf.dll
YY -> bgiuolfm.dll -> %SystemRoot%\System32\bgiuolfm.dll
YY -> bhegifsm.dll -> %SystemRoot%\System32\bhegifsm.dll
YY -> biajawxh.exe -> %SystemRoot%\System32\biajawxh.exe
YY -> bknneylm.exe -> %SystemRoot%\System32\bknneylm.exe
YY -> blevwywu.ini -> %SystemRoot%\System32\blevwywu.ini
YY -> blxodcih.dll -> %SystemRoot%\System32\blxodcih.dll
YY -> btojnaas.dll -> %SystemRoot%\System32\btojnaas.dll
YY -> cakeqffl.dll -> %SystemRoot%\System32\cakeqffl.dll
YY -> cejlwoki.exe -> %SystemRoot%\System32\cejlwoki.exe
YY -> cfboxsjf.dll -> %SystemRoot%\System32\cfboxsjf.dll
YY -> chlnumbg.exe -> %SystemRoot%\System32\chlnumbg.exe
YY -> cibquiux.ini -> %SystemRoot%\System32\cibquiux.ini
YY -> ciknesye.dll -> %SystemRoot%\System32\ciknesye.dll
YY -> cimlvuml.exe -> %SystemRoot%\System32\cimlvuml.exe
YY -> ckituwmu.exe -> %SystemRoot%\System32\ckituwmu.exe
YY -> clnwilvc.dll -> %SystemRoot%\System32\clnwilvc.dll
YY -> cntefqys.ini -> %SystemRoot%\System32\cntefqys.ini
YY -> coohuumf.exe -> %SystemRoot%\System32\coohuumf.exe
YY -> coxquflc.dll -> %SystemRoot%\System32\coxquflc.dll
YY -> crxtbxfn.exe -> %SystemRoot%\System32\crxtbxfn.exe
YY -> cstmkumb.exe -> %SystemRoot%\System32\cstmkumb.exe
YY -> curjsmii.ini -> %SystemRoot%\System32\curjsmii.ini
YY -> cwqdaiso.ini -> %SystemRoot%\System32\cwqdaiso.ini
YY -> cyiqvmgw.dll -> %SystemRoot%\System32\cyiqvmgw.dll
YY -> cyyuqmcv.dll -> %SystemRoot%\System32\cyyuqmcv.dll
YY -> daSgo01 -> %SystemRoot%\System32\daSgo01
YY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> dbeuvymv.dll -> %SystemRoot%\System32\dbeuvymv.dll
YY -> dgevbqir.exe -> %SystemRoot%\System32\dgevbqir.exe
YY -> dhhbbegx.dll -> %SystemRoot%\System32\dhhbbegx.dll
YY -> dhyipsxl.exe -> %SystemRoot%\System32\dhyipsxl.exe
YY -> dkgtvpnp.dll -> %SystemRoot%\System32\dkgtvpnp.dll
YY -> dmfnmndl.dll -> %SystemRoot%\System32\dmfnmndl.dll
YY -> dmuyckta.ini -> %SystemRoot%\System32\dmuyckta.ini
YY -> dnayillw.exe -> %SystemRoot%\System32\dnayillw.exe
YY -> dnfjpedx.exe -> %SystemRoot%\System32\dnfjpedx.exe
YY -> dntlepnk.dll -> %SystemRoot%\System32\dntlepnk.dll
YY -> dntlepnk.dllbox -> %SystemRoot%\System32\dntlepnk.dllbox
YY -> dnvdiflf.exe -> %SystemRoot%\System32\dnvdiflf.exe
YY -> dpemysdi.ini -> %SystemRoot%\System32\dpemysdi.ini
YY -> dpslpqwd.exe -> %SystemRoot%\System32\dpslpqwd.exe
YY -> drootkxw.ini -> %SystemRoot%\System32\drootkxw.ini
YY -> drtyuncy.exe -> %SystemRoot%\System32\drtyuncy.exe
YY -> dxegsqax.dll -> %SystemRoot%\System32\dxegsqax.dll
YY -> eacflggq.dll -> %SystemRoot%\System32\eacflggq.dll
YY -> ebujsfqt.dll -> %SystemRoot%\System32\ebujsfqt.dll
YY -> edqnlkgs.ini -> %SystemRoot%\System32\edqnlkgs.ini
YY -> ehrkfaab.dll -> %SystemRoot%\System32\ehrkfaab.dll
YY -> eixxfoia.exe -> %SystemRoot%\System32\eixxfoia.exe
YY -> enwdgksy.ini -> %SystemRoot%\System32\enwdgksy.ini
YY -> enxgopka.ini -> %SystemRoot%\System32\enxgopka.ini
YY -> eojyhguf.dll -> %SystemRoot%\System32\eojyhguf.dll
YY -> erryechj.dll -> %SystemRoot%\System32\erryechj.dll
YY -> evthgusw.dll -> %SystemRoot%\System32\evthgusw.dll
YY -> ffshegta.ini -> %SystemRoot%\System32\ffshegta.ini
YY -> fheuvstn.exe -> %SystemRoot%\System32\fheuvstn.exe
YY -> figerupa.dll -> %SystemRoot%\System32\figerupa.dll
YY -> fjhnwxbl.exe -> %SystemRoot%\System32\fjhnwxbl.exe
YY -> fjsxobfc.ini -> %SystemRoot%\System32\fjsxobfc.ini
YY -> fkmnqdpy.dll -> %SystemRoot%\System32\fkmnqdpy.dll
YY -> flekhsvv.ini -> %SystemRoot%\System32\flekhsvv.ini
YY -> fothtvvl.exe -> %SystemRoot%\System32\fothtvvl.exe
YY -> fpwyegls.exe -> %SystemRoot%\System32\fpwyegls.exe
YY -> froyufxh.ini -> %SystemRoot%\System32\froyufxh.ini
YY -> ftqioghh.dll -> %SystemRoot%\System32\ftqioghh.dll
YY -> fuufbtlb.dll -> %SystemRoot%\System32\fuufbtlb.dll
YY -> fvtfntma.ini -> %SystemRoot%\System32\fvtfntma.ini
YY -> fxopkmkf.ini -> %SystemRoot%\System32\fxopkmkf.ini
YY -> F?nts -> %SystemRoot%\System32\Fоnts
YY -> gdijatbg.dll -> %SystemRoot%\System32\gdijatbg.dll
YY -> gdqvyoxc.ini -> %SystemRoot%\System32\gdqvyoxc.ini
YY -> ggyrfnvb.exe -> %SystemRoot%\System32\ggyrfnvb.exe
YY -> ghenpifo.dll -> %SystemRoot%\System32\ghenpifo.dll
YY -> gkxvpewt.dll -> %SystemRoot%\System32\gkxvpewt.dll
YY -> gldyuvbo.ini -> %SystemRoot%\System32\gldyuvbo.ini
YY -> gsruyivi.ini -> %SystemRoot%\System32\gsruyivi.ini
YY -> gsssdoup.ini -> %SystemRoot%\System32\gsssdoup.ini
YY -> gtuxwptc.dll -> %SystemRoot%\System32\gtuxwptc.dll
YY -> hbbouoka.dll -> %SystemRoot%\System32\hbbouoka.dll
YY -> hegbcbix.exe -> %SystemRoot%\System32\hegbcbix.exe
YY -> helkuhor.dll -> %SystemRoot%\System32\helkuhor.dll
YY -> hfgxkuyq.ini -> %SystemRoot%\System32\hfgxkuyq.ini
YY -> hfpdolis.ini -> %SystemRoot%\System32\hfpdolis.ini
YY -> hgodoyil.exe -> %SystemRoot%\System32\hgodoyil.exe
YY -> hlqeeexh.ini -> %SystemRoot%\System32\hlqeeexh.ini
YY -> hpsuorpy.ini -> %SystemRoot%\System32\hpsuorpy.ini
YN -> hqscamwv.exe -> %SystemRoot%\System32\hqscamwv.exe
YY -> hqwpoelg.dll -> %SystemRoot%\System32\hqwpoelg.dll
YY -> htupbfxo.exe -> %SystemRoot%\System32\htupbfxo.exe
YY -> hyjubscp.exe -> %SystemRoot%\System32\hyjubscp.exe
YY -> hywnruyo.ini -> %SystemRoot%\System32\hywnruyo.ini
YY -> ichosypk.dll -> %SystemRoot%\System32\ichosypk.dll
YY -> icksretu.dll -> %SystemRoot%\System32\icksretu.dll
YY -> icksretu.dllbox -> %SystemRoot%\System32\icksretu.dllbox
YY -> icpwmwbd.ini -> %SystemRoot%\System32\icpwmwbd.ini
YY -> ienpmoar.ini -> %SystemRoot%\System32\ienpmoar.ini
YY -> iiffdde.dll -> %SystemRoot%\System32\iiffdde.dll
YY -> inwehotp.exe -> %SystemRoot%\System32\inwehotp.exe
YY -> iotfnohd.ini -> %SystemRoot%\System32\iotfnohd.ini
YY -> iuckrlag.exe -> %SystemRoot%\System32\iuckrlag.exe
YY -> ivideaaf.dll -> %SystemRoot%\System32\ivideaaf.dll
YY -> ivuqviki.dll -> %SystemRoot%\System32\ivuqviki.dll
YY -> jffkcghn.ini -> %SystemRoot%\System32\jffkcghn.ini
YY -> jfstquvn.dll -> %SystemRoot%\System32\jfstquvn.dll
YY -> jgfvdfcj.dll -> %SystemRoot%\System32\jgfvdfcj.dll
YY -> jhkohnqi.dll -> %SystemRoot%\System32\jhkohnqi.dll
YY -> jjmsopct.exe -> %SystemRoot%\System32\jjmsopct.exe
YY -> jjwkkpwi.exe -> %SystemRoot%\System32\jjwkkpwi.exe
YY -> jkkjiif.dll -> %SystemRoot%\System32\jkkjiif.dll
YY -> jknnyieh.exe -> %SystemRoot%\System32\jknnyieh.exe
YY -> jkpsibvd.dll -> %SystemRoot%\System32\jkpsibvd.dll
YY -> jkwgrglh.ini -> %SystemRoot%\System32\jkwgrglh.ini
YY -> jnwjxdup.exe -> %SystemRoot%\System32\jnwjxdup.exe
YY -> jooqyvnj.dll -> %SystemRoot%\System32\jooqyvnj.dll
YY -> jpabyebw.dll -> %SystemRoot%\System32\jpabyebw.dll
YY -> jqnprxvo.exe -> %SystemRoot%\System32\jqnprxvo.exe
YY -> jsdxqowt.ini -> %SystemRoot%\System32\jsdxqowt.ini
YY -> juheupxo.ini -> %SystemRoot%\System32\juheupxo.ini
YY -> jujfvurv.ini -> %SystemRoot%\System32\jujfvurv.ini
YY -> jurtyeqe.dll -> %SystemRoot%\System32\jurtyeqe.dll
YY -> jwvkyusq.dll -> %SystemRoot%\System32\jwvkyusq.dll
YY -> kcuvycju.ini -> %SystemRoot%\System32\kcuvycju.ini
YY -> kefwixix.exe -> %SystemRoot%\System32\kefwixix.exe
YY -> kgbgiumf.dll -> %SystemRoot%\System32\kgbgiumf.dll
YY -> kgfhkncq.exe -> %SystemRoot%\System32\kgfhkncq.exe
YY -> kjhmsljx.ini -> %SystemRoot%\System32\kjhmsljx.ini
YY -> kjpnncql.ini -> %SystemRoot%\System32\kjpnncql.ini
YY -> kkfeqmvh.exe -> %SystemRoot%\System32\kkfeqmvh.exe
YY -> knygqfyp.ini -> %SystemRoot%\System32\knygqfyp.ini
YY -> kogkphsy.dll -> %SystemRoot%\System32\kogkphsy.dll
YY -> krgpldmv.dll -> %SystemRoot%\System32\krgpldmv.dll
YY -> ksxrkaiv.ini -> %SystemRoot%\System32\ksxrkaiv.ini
YY -> lbhniccu.ini -> %SystemRoot%\System32\lbhniccu.ini
YY -> lcgbkyqx.ini -> %SystemRoot%\System32\lcgbkyqx.ini
YY -> lduuowlq.ini -> %SystemRoot%\System32\lduuowlq.ini
YY -> lffqekac.ini -> %SystemRoot%\System32\lffqekac.ini
YY -> ljcottcf.dll -> %SystemRoot%\System32\ljcottcf.dll
YY -> ljfkxbgu.ini -> %SystemRoot%\System32\ljfkxbgu.ini
YY -> ljmjfllh.ini -> %SystemRoot%\System32\ljmjfllh.ini
YY -> lojctwxa.ini -> %SystemRoot%\System32\lojctwxa.ini
YY -> lowvlgxv.dll -> %SystemRoot%\System32\lowvlgxv.dll
YY -> lpjalirf.dll -> %SystemRoot%\System32\lpjalirf.dll
YY -> lrmqjtsl.exe -> %SystemRoot%\System32\lrmqjtsl.exe
YY -> ltssfgtm.dll -> %SystemRoot%\System32\ltssfgtm.dll
YY -> lvexblmu.exe -> %SystemRoot%\System32\lvexblmu.exe
YY -> lwegfgmh.ini -> %SystemRoot%\System32\lwegfgmh.ini
YY -> lxunpynp.dll -> %SystemRoot%\System32\lxunpynp.dll
YY -> mccyxeng.dll -> %SystemRoot%\System32\mccyxeng.dll
YY -> mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll
YY -> migbutsh.ini -> %SystemRoot%\System32\migbutsh.ini
YY -> mihjkgfu.dll -> %SystemRoot%\System32\mihjkgfu.dll
YY -> miylwfxj.ini -> %SystemRoot%\System32\miylwfxj.ini
YY -> mpoophxe.ini -> %SystemRoot%\System32\mpoophxe.ini
YY -> mqfqxwpe.dll -> %SystemRoot%\System32\mqfqxwpe.dll
YY -> mrxqrjsk.exe -> %SystemRoot%\System32\mrxqrjsk.exe
YY -> msanevpk.dll -> %SystemRoot%\System32\msanevpk.dll
YY -> mtgfsstl.ini -> %SystemRoot%\System32\mtgfsstl.ini
YY -> musclxvl.exe -> %SystemRoot%\System32\musclxvl.exe
YY -> mvvmgbli.exe -> %SystemRoot%\System32\mvvmgbli.exe
YY -> mweakoyp.dll -> %SystemRoot%\System32\mweakoyp.dll
YY -> mwinxgto.dll -> %SystemRoot%\System32\mwinxgto.dll
YY -> mwmuuoqx.dll -> %SystemRoot%\System32\mwmuuoqx.dll
YY -> mybpglio.dll -> %SystemRoot%\System32\mybpglio.dll
YY -> mygpmupy.dll -> %SystemRoot%\System32\mygpmupy.dll
YY -> myigtcud.dll -> %SystemRoot%\System32\myigtcud.dll
YY -> myoileym.exe -> %SystemRoot%\System32\myoileym.exe
YY -> nboajray.dll -> %SystemRoot%\System32\nboajray.dll
YY -> nfikdagn.dll -> %SystemRoot%\System32\nfikdagn.dll
YY -> nfwfbyxk.dll -> %SystemRoot%\System32\nfwfbyxk.dll
YY -> ngkuhsxc.ini -> %SystemRoot%\System32\ngkuhsxc.ini
YY -> nhgckffj.dll -> %SystemRoot%\System32\nhgckffj.dll
YY -> nlmocmxt.dll -> %SystemRoot%\System32\nlmocmxt.dll
YY -> nnnkife.dll -> %SystemRoot%\System32\nnnkife.dll
YY -> nomcqmxt.ini -> %SystemRoot%\System32\nomcqmxt.ini
YY -> nqqkjpbb.exe -> %SystemRoot%\System32\nqqkjpbb.exe
YY -> nunwdsjr.ini -> %SystemRoot%\System32\nunwdsjr.ini
YY -> nwhcqyme.dll -> %SystemRoot%\System32\nwhcqyme.dll
YY -> nwxeisqn.exe -> %SystemRoot%\System32\nwxeisqn.exe
YY -> oiqpnrfn.dll -> %SystemRoot%\System32\oiqpnrfn.dll
YY -> okcmlqjc.dll -> %SystemRoot%\System32\okcmlqjc.dll
YY -> omomrexk.exe -> %SystemRoot%\System32\omomrexk.exe
YY -> osjigdxx.exe -> %SystemRoot%\System32\osjigdxx.exe
YY -> ouxocgbk.exe -> %SystemRoot%\System32\ouxocgbk.exe
YY -> ovehrtok.dll -> %SystemRoot%\System32\ovehrtok.dll
YY -> ovjaicqs.ini -> %SystemRoot%\System32\ovjaicqs.ini
YY -> oyurnwyh.dll -> %SystemRoot%\System32\oyurnwyh.dll
YY -> pbfneqje.dll -> %SystemRoot%\System32\pbfneqje.dll
YY -> pcgocaew.dll -> %SystemRoot%\System32\pcgocaew.dll
YY -> pdeecahi.ini -> %SystemRoot%\System32\pdeecahi.ini
YY -> phpxhvye.exe -> %SystemRoot%\System32\phpxhvye.exe
YY -> phvgoxov.dll -> %SystemRoot%\System32\phvgoxov.dll
YY -> pip5 -> %SystemRoot%\System32\pip5
YY -> pjmyjalg.dll -> %SystemRoot%\System32\pjmyjalg.dll
YY -> pjsyrhin.dll -> %SystemRoot%\System32\pjsyrhin.dll
YY -> plqqkmyx.ini -> %SystemRoot%\System32\plqqkmyx.ini
YY -> pmgioirq.exe -> %SystemRoot%\System32\pmgioirq.exe
YY -> pmlegoup.dll -> %SystemRoot%\System32\pmlegoup.dll
YY -> pmnmkhh.dll -> %SystemRoot%\System32\pmnmkhh.dll
YY -> pnypnuxl.ini -> %SystemRoot%\System32\pnypnuxl.ini
YY -> prbfwxth.exe -> %SystemRoot%\System32\prbfwxth.exe
YY -> prppvyko.dll -> %SystemRoot%\System32\prppvyko.dll
YY -> psbmohup.exe -> %SystemRoot%\System32\psbmohup.exe
YY -> psqjsoow.dll -> %SystemRoot%\System32\psqjsoow.dll
YY -> psujnqtw.ini -> %SystemRoot%\System32\psujnqtw.ini
YY -> pyhiveyo.exe -> %SystemRoot%\System32\pyhiveyo.exe
YY -> pyokaewm.ini -> %SystemRoot%\System32\pyokaewm.ini
YY -> qagrnhus.ini -> %SystemRoot%\System32\qagrnhus.ini
YY -> qbxgcgwc.dll -> %SystemRoot%\System32\qbxgcgwc.dll
YY -> qgglfcae.ini -> %SystemRoot%\System32\qgglfcae.ini
YY -> qhjougyt.dll -> %SystemRoot%\System32\qhjougyt.dll
YY -> qidphbga.ini -> %SystemRoot%\System32\qidphbga.ini
YY -> qlrkfwyo.exe -> %SystemRoot%\System32\qlrkfwyo.exe
YY -> qmapmdny.dll -> %SystemRoot%\System32\qmapmdny.dll
YY -> qmrffokw.exe -> %SystemRoot%\System32\qmrffokw.exe
YY -> qqmvnrrm.exe -> %SystemRoot%\System32\qqmvnrrm.exe
YY -> qqstv.bak1 -> %SystemRoot%\System32\qqstv.bak1
YY -> qqstv.bak2 -> %SystemRoot%\System32\qqstv.bak2
YY -> qqstv.ini -> %SystemRoot%\System32\qqstv.ini
YY -> qqstv.ini2 -> %SystemRoot%\System32\qqstv.ini2
YY -> qsgjwvop.ini -> %SystemRoot%\System32\qsgjwvop.ini
YY -> quhxggoi.exe -> %SystemRoot%\System32\quhxggoi.exe
YY -> qwxkagwj.dll -> %SystemRoot%\System32\qwxkagwj.dll
YY -> qxfpqseg.dll -> %SystemRoot%\System32\qxfpqseg.dll
YY -> qyxasfnd.dll -> %SystemRoot%\System32\qyxasfnd.dll
YY -> raygehrd.ini -> %SystemRoot%\System32\raygehrd.ini
YY -> rcwpbvxi.dll -> %SystemRoot%\System32\rcwpbvxi.dll
YY -> rduvnhui.dll -> %SystemRoot%\System32\rduvnhui.dll
YY -> rfoglsio.dll -> %SystemRoot%\System32\rfoglsio.dll
YY -> rhjycofs.dll -> %SystemRoot%\System32\rhjycofs.dll
YY -> rjsdwnun.dll -> %SystemRoot%\System32\rjsdwnun.dll
YY -> rkncqiww.dll -> %SystemRoot%\System32\rkncqiww.dll
YY -> rojhxkpv.exe -> %SystemRoot%\System32\rojhxkpv.exe
YY -> rqoyabpi.exe -> %SystemRoot%\System32\rqoyabpi.exe
YY -> rqqghtpt.exe -> %SystemRoot%\System32\rqqghtpt.exe
YY -> rsbdkibw.dll -> %SystemRoot%\System32\rsbdkibw.dll
YY -> rslyqybf.dll -> %SystemRoot%\System32\rslyqybf.dll
YY -> rsrpscou.ini -> %SystemRoot%\System32\rsrpscou.ini
YY -> rtdpsdtw.exe -> %SystemRoot%\System32\rtdpsdtw.exe
YY -> rthvdqbt.exe -> %SystemRoot%\System32\rthvdqbt.exe
YY -> rwtbssad.ini -> %SystemRoot%\System32\rwtbssad.ini
YY -> rxhcrsqp.exe -> %SystemRoot%\System32\rxhcrsqp.exe
YY -> rysnmfwy.exe -> %SystemRoot%\System32\rysnmfwy.exe
YY -> sdddfbou.ini -> %SystemRoot%\System32\sdddfbou.ini
YY -> sfelwded.dll -> %SystemRoot%\System32\sfelwded.dll
YY -> sjdwdyfh.dll -> %SystemRoot%\System32\sjdwdyfh.dll
YY -> skflvcwm.ini -> %SystemRoot%\System32\skflvcwm.ini
YY -> skpxtxmf.dll -> %SystemRoot%\System32\skpxtxmf.dll
YY -> sphiurhk.dll -> %SystemRoot%\System32\sphiurhk.dll
NY -> spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf
YY -> stmnreap.exe -> %SystemRoot%\System32\stmnreap.exe
YY -> strvswnl.exe -> %SystemRoot%\System32\strvswnl.exe
YY -> syfkrjcv.dll -> %SystemRoot%\System32\syfkrjcv.dll
YY -> tehsfiqd.dll -> %SystemRoot%\System32\tehsfiqd.dll
YY -> tjqfafyv.ini -> %SystemRoot%\System32\tjqfafyv.ini
YY -> tlhvuylk.dll -> %SystemRoot%\System32\tlhvuylk.dll
YY -> tmowdpwi.dll -> %SystemRoot%\System32\tmowdpwi.dll
YY -> tofylgjg.dll -> %SystemRoot%\System32\tofylgjg.dll
YY -> tqfsjube.ini -> %SystemRoot%\System32\tqfsjube.ini
YY -> trcyyfat.dll -> %SystemRoot%\System32\trcyyfat.dll
YY -> trwhgrhp.dll -> %SystemRoot%\System32\trwhgrhp.dll
YY -> uevgtprc.ini -> %SystemRoot%\System32\uevgtprc.ini
YY -> ugxxvdch.exe -> %SystemRoot%\System32\ugxxvdch.exe
YY -> ujtdgkbo.dll -> %SystemRoot%\System32\ujtdgkbo.dll
YY -> umqltiim.dll -> %SystemRoot%\System32\umqltiim.dll
YY -> umrafmgm.dll -> %SystemRoot%\System32\umrafmgm.dll
YY -> uqgxkffy.exe -> %SystemRoot%\System32\uqgxkffy.exe
YY -> urxmyckq.ini -> %SystemRoot%\System32\urxmyckq.ini
YY -> uuafvyhl.exe -> %SystemRoot%\System32\uuafvyhl.exe
YY -> uutxwgiy.exe -> %SystemRoot%\System32\uutxwgiy.exe
YY -> uviawmdq.exe -> %SystemRoot%\System32\uviawmdq.exe
YY -> uwfllbvp.exe -> %SystemRoot%\System32\uwfllbvp.exe
YY -> uxixuvrk.ini -> %SystemRoot%\System32\uxixuvrk.ini
YY -> uycybphp.exe -> %SystemRoot%\System32\uycybphp.exe
YY -> uyuclkdw.exe -> %SystemRoot%\System32\uyuclkdw.exe
YY -> vciuixcn.exe -> %SystemRoot%\System32\vciuixcn.exe
YY -> vekrbmxq.dll -> %SystemRoot%\System32\vekrbmxq.dll
YY -> vfjtltxo.ini -> %SystemRoot%\System32\vfjtltxo.ini
YY -> vhhdiubd.exe -> %SystemRoot%\System32\vhhdiubd.exe
YY -> vhlhksly.dll -> %SystemRoot%\System32\vhlhksly.dll
YY -> vmdlpgrk.ini -> %SystemRoot%\System32\vmdlpgrk.ini
YY -> vmwjkqsx.exe -> %SystemRoot%\System32\vmwjkqsx.exe
YY -> vovlipnf.ini -> %SystemRoot%\System32\vovlipnf.ini
YY -> voxogvhp.ini -> %SystemRoot%\System32\voxogvhp.ini
YY -> vpvvadxa.exe -> %SystemRoot%\System32\vpvvadxa.exe
YY -> vruvfjuj.dll -> %SystemRoot%\System32\vruvfjuj.dll
YY -> vtsqq.dll -> %SystemRoot%\System32\vtsqq.dll
YY -> vtuursr.dll -> %SystemRoot%\System32\vtuursr.dll
YY -> vtuvusp.dll -> %SystemRoot%\System32\vtuvusp.dll
YY -> vtywsjrv.exe -> %SystemRoot%\System32\vtywsjrv.exe
YY -> vudrdkxt.ini -> %SystemRoot%\System32\vudrdkxt.ini
YY -> vufntvwa.ini -> %SystemRoot%\System32\vufntvwa.ini
YY -> vuyxmohh.exe -> %SystemRoot%\System32\vuyxmohh.exe
YY -> vviejymg.dll -> %SystemRoot%\System32\vviejymg.dll
YY -> vxjsqbfs.ini -> %SystemRoot%\System32\vxjsqbfs.ini
YY -> vyfafqjt.dll -> %SystemRoot%\System32\vyfafqjt.dll
YY -> vykyolmb.dll -> %SystemRoot%\System32\vykyolmb.dll
YY -> wbeybapj.ini -> %SystemRoot%\System32\wbeybapj.ini
YY -> windows -> %SystemRoot%\System32\windows
YY -> wlymfbak.exe -> %SystemRoot%\System32\wlymfbak.exe
YY -> wnluxhbg.ini -> %SystemRoot%\System32\wnluxhbg.ini
YY -> wnsintisv.exe -> %SystemRoot%\System32\wnsintisv.exe
YY -> woosjqsp.ini -> %SystemRoot%\System32\woosjqsp.ini
YY -> wphudbqi.ini -> %SystemRoot%\System32\wphudbqi.ini
YY -> wubfjbat.exe -> %SystemRoot%\System32\wubfjbat.exe
YY -> xaqsgexd.ini -> %SystemRoot%\System32\xaqsgexd.ini
YY -> xdenvhtv.exe -> %SystemRoot%\System32\xdenvhtv.exe
YY -> xhyaceys.exe -> %SystemRoot%\System32\xhyaceys.exe
YY -> xkihngdb.dll -> %SystemRoot%\System32\xkihngdb.dll
YY -> xkqeldtt.ini -> %SystemRoot%\System32\xkqeldtt.ini
YY -> xnrruyfd.dll -> %SystemRoot%\System32\xnrruyfd.dll
YY -> xpgfliqg.exe -> %SystemRoot%\System32\xpgfliqg.exe
YY -> xpifdrbb.dll -> %SystemRoot%\System32\xpifdrbb.dll
YY -> xpmrbasv.ini -> %SystemRoot%\System32\xpmrbasv.ini
YY -> xpwaxxfo.ini -> %SystemRoot%\System32\xpwaxxfo.ini
YY -> xpxmijrf.ini -> %SystemRoot%\System32\xpxmijrf.ini
YY -> xqcqefgn.exe -> %SystemRoot%\System32\xqcqefgn.exe
YY -> xqykbgcl.dll -> %SystemRoot%\System32\xqykbgcl.dll
YY -> xtrwkjcw.exe -> %SystemRoot%\System32\xtrwkjcw.exe
YN -> xuxfmfci.ini -> %SystemRoot%\System32\xuxfmfci.ini
YY -> xxhlloog.exe -> %SystemRoot%\System32\xxhlloog.exe
YY -> xybqeuef.dll -> %SystemRoot%\System32\xybqeuef.dll
YY -> yfwppbgy.ini -> %SystemRoot%\System32\yfwppbgy.ini
YY -> ygbjptgv.dll -> %SystemRoot%\System32\ygbjptgv.dll
YY -> ygbppwfy.dll -> %SystemRoot%\System32\ygbppwfy.dll
YY -> yifyscph.dll -> %SystemRoot%\System32\yifyscph.dll
YY -> ykuklvoe.dll -> %SystemRoot%\System32\ykuklvoe.dll
YY -> yligsmuf.exe -> %SystemRoot%\System32\yligsmuf.exe
YY -> ymxwlrmy.ini -> %SystemRoot%\System32\ymxwlrmy.ini
YY -> yojkmhgp.exe -> %SystemRoot%\System32\yojkmhgp.exe
YY -> ypedsxbu.dll -> %SystemRoot%\System32\ypedsxbu.dll
YY -> yprhnrhw.dll -> %SystemRoot%\System32\yprhnrhw.dll
YY -> yprousph.dll -> %SystemRoot%\System32\yprousph.dll
YY -> yrqpwtqy.ini -> %SystemRoot%\System32\yrqpwtqy.ini
YY -> ytohpvjw.dll -> %SystemRoot%\System32\ytohpvjw.dll
YY -> yujccxng.dll -> %SystemRoot%\System32\yujccxng.dll
YY -> yuoquntp.exe -> %SystemRoot%\System32\yuoquntp.exe
YY -> yupgglaq.ini -> %SystemRoot%\System32\yupgglaq.ini
YY -> yvuhgyhb.exe -> %SystemRoot%\System32\yvuhgyhb.exe
YY -> yxllvkxx.exe -> %SystemRoot%\System32\yxllvkxx.exe
YY -> yxwpthbv.exe -> %SystemRoot%\System32\yxwpthbv.exe
YY -> ZoneAlarmIconUK.ico -> %SystemRoot%\System32\ZoneAlarmIconUK.ico
YY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
YY -> b122.exe -> %SystemRoot%\b122.exe
YY -> b148.exe -> %SystemRoot%\b148.exe
YY -> b149.exe -> %SystemRoot%\b149.exe
YY -> b151.exe -> %SystemRoot%\b151.exe
YY -> cookies.ini -> %SystemRoot%\cookies.ini
YY -> mrofinu1000106.exe -> %SystemRoot%\mrofinu1000106.exe
YY -> mrofinu572.exe -> %SystemRoot%\mrofinu572.exe
YY -> tk58.exe -> %SystemRoot%\tk58.exe
YY -> ?racle -> %SystemRoot%\Οracle
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35 scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#22
raj_mca
Posted 18 February 2008 - 05:08 AM

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hi.. i tried running the winfindp35 fix a lot of times... nothing happens.. i even left the fix to run for hours together but i didnt get any log report..

what to do??!!!
  • 0

#23
Essexboy
Posted 18 February 2008 - 11:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please run winpfind again and post a report so that I can see how far it got before it stalled
  • 0

#24
raj_mca
Posted 19 February 2008 - 10:27 AM

raj_mca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i tried running the fix many many times.. but the computer jus hangs and nothing happens... can u tell me something else to remove all the viruses..
  • 0

#25
Essexboy
Posted 19 February 2008 - 10:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try the new version of combofix ( you did have 27000 .tmp files to kill )

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

Advertisements

#26
Essexboy
Posted 25 February 2008 - 04:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP