[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> desote.exe -> C:\WINDOWS\System32\desote.exe
[Win32 Services - Safe List]
YY -> (AFinding) AFinding Service [Win32_Own | Auto | Stopped] -> 
YY -> (AFindingAlerter) AFinding Service AFindingAlerter [Win32_Own | Auto | Stopped] -> 
YY -> (AntipPro2009_100) AntipyProex [Win32_Own | Auto | Stopped] -> C:\WINDOWS\svchasts.exe
YY -> (CaCCProvSP) CaCCProvSP [Win32_Own | On_Demand | Stopped] -> 
[Driver Services - Safe List]
YY -> (Beep) Beep [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\beep.sys
[Registry - Safe List]
< HOSTS File > (11 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts
YN -> Reset Hosts -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{0BF43445-2F28-4351-9252-17FE6E806AA0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "bigopuhawe" -> C:\WINDOWS\System32\lonayemu.dll [Rundll32.exe "lonayemu.dll",s]
YN -> "braviax" -> [braviax.exesystem32\lo]
YY -> "vapefujal" -> C:\WINDOWS\System32\gotahati.DLL [Rundll32.exe "c:\windows\system32\gotahati.dll",a]
YY -> "winupdate.exe" -> C:\WINDOWS\System32\winupdate.exe [C:\WINDOWS\system32\winupdate.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Performance Center" -> C:\Program Files\Ascentive\Performance Center\APCMain.exe [C:\Program Files\Ascentive\Performance Center\APCMain.exe -m]
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\cru629.dat -> C:\WINDOWS\System32\cru629.dat
YY -> c:\windows\system32\gotahati.dll -> C:\WINDOWS\System32\gotahati.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*TaskMan* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan
YN -> *TaskMan* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan
YY -> C:\RECYCLER\S-1-5-21-7844617112-8411431039-041237076-4898\msimfo32.exe -> C:\RECYCLER\S-1-5-21-7844617112-8411431039-041237076-4898\msimfo32.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{62c4d17c-49d7-4a72-806e-ebc718406456}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [juzozosef]
YY -> "{e6905a78-d180-4f29-8b53-b854939653d4}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [siwevusiw]
YY -> "{7d9ea0c5-31ec-4458-90cd-b87443bfcbdf}" [HKLM] -> C:\WINDOWS\System32\gotahati.dll [tepugitiy]
NY -> "{cc92643e-007c-4e81-bef5-d35dd5997420}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [vutodeheg]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{62c4d17c-49d7-4a72-806e-ebc718406456}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [kupuhivus]
YY -> "{7d9ea0c5-31ec-4458-90cd-b87443bfcbdf}" [HKLM] -> C:\WINDOWS\System32\gotahati.dll [mujuzedij]
YY -> "{cc92643e-007c-4e81-bef5-d35dd5997420}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [kupuhivus]
YY -> "{e6905a78-d180-4f29-8b53-b854939653d4}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [gahurihor]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\system32\cujabwmc.exe" -> [C:\WINDOWS\system32\cujaating System]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{175c2aed-0245-11dc-9afd-00038a000015}\Shell -> 
YN -> \{175c2aed-0245-11dc-9afd-00038a000015}\Shell\\"" -> [AutoRun]
[Files/Folders - Created Within 30 Days]
NY -> braviax.exe -> C:\WINDOWS\System32\braviax.exe
NY -> braviax.exe -> C:\WINDOWS\braviax.exe
NY -> bincd32.dat -> C:\WINDOWS\System32\bincd32.dat
NY -> bennuar.old -> C:\WINDOWS\System32\bennuar.old
NY -> desote.exe -> C:\WINDOWS\System32\desote.exe
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> AVR09.exe -> C:\WINDOWS\System32\AVR09.exe
NY -> winhelper.dll -> C:\WINDOWS\System32\winhelper.dll
NY -> 10613284 -> C:\Documents and Settings\All Users\Application Data\10613284
NY -> winupdate.exe -> C:\WINDOWS\System32\winupdate.exe
NY -> susopaya.exe -> C:\WINDOWS\System32\susopaya.exe
NY -> images -> C:\WINDOWS\System32\images
NY -> onhelp.htm -> C:\WINDOWS\System32\onhelp.htm
NY -> svchasts.exe -> C:\WINDOWS\svchasts.exe
NY -> ppp4.dat -> C:\WINDOWS\ppp4.dat
NY -> sysnet.dat -> C:\WINDOWS\System32\sysnet.dat
NY -> ppp3.dat -> C:\WINDOWS\ppp3.dat
NY -> dddesot.dll -> C:\WINDOWS\System32\dddesot.dll
NY -> sonhelp.htm -> C:\WINDOWS\System32\sonhelp.htm
NY -> Windows Police Pro -> C:\Program Files\Windows Police Pro
NY -> dxxdv34567.bat -> C:\WINDOWS\dxxdv34567.bat
NY -> ld14.exe -> C:\WINDOWS\ld14.exe
NY -> wingenocx.dll -> C:\WINDOWS\System32\wingenocx.dll
NY -> cru629.dat -> C:\WINDOWS\System32\cru629.dat
NY -> cru629.dat -> C:\WINDOWS\cru629.dat
NY -> svfp.exe -> C:\svfp.exe
NY -> emxtqjit.exe -> C:\emxtqjit.exe
NY -> fyblb.exe -> C:\fyblb.exe
NY -> blyuwrjl.exe -> C:\blyuwrjl.exe
NY -> osps.exe -> C:\osps.exe
NY -> wisdstr.exe -> C:\WINDOWS\System32\wisdstr.exe
NY -> xvhu.exe -> C:\xvhu.exe
NY -> ~.exe -> C:\WINDOWS\System32\~.exe
NY -> gotahati.dll -> C:\WINDOWS\System32\gotahati.dll
NY -> reveraza.dll -> C:\WINDOWS\System32\reveraza.dll
NY -> zikedama.dll -> C:\WINDOWS\System32\zikedama.dll
NY -> tibipaku.dll -> C:\WINDOWS\System32\tibipaku.dll
NY -> str.sys -> C:\WINDOWS\System32\drivers\str.sys
NY -> voladeti.dll -> C:\WINDOWS\System32\voladeti.dll
NY -> donojawi.dll -> C:\WINDOWS\System32\donojawi.dll
NY -> lonayemu.dll -> C:\WINDOWS\System32\lonayemu.dll
NY -> lesugeti.dll -> C:\WINDOWS\System32\lesugeti.dll
NY -> hajiruno.dll -> C:\WINDOWS\System32\hajiruno.dll
NY -> bovenage.dll -> C:\WINDOWS\System32\bovenage.dll
NY -> sejutedi.dll -> C:\WINDOWS\System32\sejutedi.dll
NY -> peroruvo.dll -> C:\WINDOWS\System32\peroruvo.dll
NY -> wulubuvo.dll -> C:\WINDOWS\System32\wulubuvo.dll
NY -> fopijunu.dll -> C:\WINDOWS\System32\fopijunu.dll
NY -> tilepilo.dll -> C:\WINDOWS\System32\tilepilo.dll
NY -> mofewobi.dll -> C:\WINDOWS\System32\mofewobi.dll
NY -> pisiluvu.dll -> C:\WINDOWS\System32\pisiluvu.dll
NY -> kijudawi.dll -> C:\WINDOWS\System32\kijudawi.dll
NY -> luvigaki.dll -> C:\WINDOWS\System32\luvigaki.dll
NY -> lomugiti.dll -> C:\WINDOWS\System32\lomugiti.dll
NY -> nirotona.dll -> C:\WINDOWS\System32\nirotona.dll
NY -> satulosu.dll -> C:\WINDOWS\System32\satulosu.dll
NY -> godobovo.dll -> C:\WINDOWS\System32\godobovo.dll
NY -> yubihimo.dll -> C:\WINDOWS\System32\yubihimo.dll
NY -> gasesila.dll -> C:\WINDOWS\System32\gasesila.dll
NY -> bisomasu.dll -> C:\WINDOWS\System32\bisomasu.dll
NY -> puwaduvu.dll -> C:\WINDOWS\System32\puwaduvu.dll
NY -> fedoniko.dll -> C:\WINDOWS\System32\fedoniko.dll
NY -> tipiyipo.dll -> C:\WINDOWS\System32\tipiyipo.dll
NY -> dxpwcgcp.ini.vir -> C:\WINDOWS\System32\dxpwcgcp.ini.vir
NY -> hjjlm.ini2.vir -> C:\WINDOWS\System32\hjjlm.ini2.vir
NY -> hjjlm.ini.vir -> C:\WINDOWS\System32\hjjlm.ini.vir
NY -> pxmqkdhu.ini.ren -> C:\WINDOWS\System32\pxmqkdhu.ini.ren
NY -> uuoojdoi.ini -> C:\WINDOWS\System32\uuoojdoi.ini
NY -> fiopalcf.ini -> C:\WINDOWS\System32\fiopalcf.ini
NY -> umbrcwjc.ini -> C:\WINDOWS\System32\umbrcwjc.ini
NY -> ojeqgihv.ini -> C:\WINDOWS\System32\ojeqgihv.ini
NY -> cookies.ini -> C:\WINDOWS\cookies.ini
NY -> gltshsqw.ini -> C:\WINDOWS\System32\gltshsqw.ini
NY -> hjjlm.ini2.ren -> C:\WINDOWS\System32\hjjlm.ini2.ren
NY -> hjjlm.ini.ren -> C:\WINDOWS\System32\hjjlm.ini.ren
NY -> beep.sys -> C:\WINDOWS\System32\drivers\beep.sys
NY -> drmgs.sys -> C:\WINDOWS\System32\drmgs.sys
NY -> comsa32.sys -> C:\WINDOWS\System32\comsa32.sys
[Files/Folders - Modified Within 30 Days]
NY -> yoviyare -> C:\WINDOWS\System32\yoviyare
NY -> gotahati.dll -> C:\WINDOWS\System32\gotahati.dll
NY -> reveraza.dll -> C:\WINDOWS\System32\reveraza.dll
NY -> braviax.exe -> C:\WINDOWS\System32\braviax.exe
NY -> braviax.exe -> C:\WINDOWS\braviax.exe
NY -> cru629.dat -> C:\WINDOWS\System32\cru629.dat
NY -> cru629.dat -> C:\WINDOWS\cru629.dat
NY -> zikedama.dll -> C:\WINDOWS\System32\zikedama.dll
NY -> tibipaku.dll -> C:\WINDOWS\System32\tibipaku.dll
NY -> bincd32.dat -> C:\WINDOWS\System32\bincd32.dat
NY -> ppp4.dat -> C:\WINDOWS\ppp4.dat
NY -> ppp3.dat -> C:\WINDOWS\ppp3.dat
NY -> desote.exe -> C:\WINDOWS\System32\desote.exe
NY -> onhelp.htm -> C:\WINDOWS\System32\onhelp.htm
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> dddesot.dll -> C:\WINDOWS\System32\dddesot.dll
NY -> bennuar.old -> C:\WINDOWS\System32\bennuar.old
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> AVR09.exe -> C:\WINDOWS\System32\AVR09.exe
NY -> 01066968.cmd -> C:\WINDOWS\Temp\01066968.cmd
NY -> winhelper.dll -> C:\WINDOWS\System32\winhelper.dll
NY -> niyihifi.exe -> C:\WINDOWS\System32\niyihifi.exe
NY -> voladeti.dll -> C:\WINDOWS\System32\voladeti.dll
NY -> donojawi.dll -> C:\WINDOWS\System32\donojawi.dll
NY -> winupdate.exe -> C:\WINDOWS\System32\winupdate.exe
NY -> heruhozu.exe -> C:\WINDOWS\System32\heruhozu.exe
NY -> c.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\c.exe
NY -> susopaya.exe -> C:\WINDOWS\System32\susopaya.exe
NY -> 757.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\757.exe
NY -> 527.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\527.exe
NY -> bovenage.dll -> C:\WINDOWS\System32\bovenage.dll
NY -> sejutedi.dll -> C:\WINDOWS\System32\sejutedi.dll
NY -> 299.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\299.exe
NY -> svchasts.exe -> C:\WINDOWS\svchasts.exe
NY -> sysnet.dat -> C:\WINDOWS\System32\sysnet.dat
NY -> sonhelp.htm -> C:\WINDOWS\System32\sonhelp.htm
NY -> 837.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\837.exe
NY -> dxxdv34567.bat -> C:\WINDOWS\dxxdv34567.bat
NY -> wulubuvo.dll -> C:\WINDOWS\System32\wulubuvo.dll
NY -> binatoko.exe -> C:\WINDOWS\System32\binatoko.exe
NY -> ld14.exe -> C:\WINDOWS\ld14.exe
NY -> peroruvo.dll -> C:\WINDOWS\System32\peroruvo.dll
NY -> laroriwa.exe -> C:\WINDOWS\System32\laroriwa.exe
NY -> hahohetu.exe -> C:\WINDOWS\System32\hahohetu.exe
NY -> fopijunu.dll -> C:\WINDOWS\System32\fopijunu.dll
NY -> mofewobi.dll -> C:\WINDOWS\System32\mofewobi.dll
NY -> pisiluvu.dll -> C:\WINDOWS\System32\pisiluvu.dll
NY -> kijudawi.dll -> C:\WINDOWS\System32\kijudawi.dll
NY -> zanamalo.exe -> C:\WINDOWS\System32\zanamalo.exe
NY -> wingenocx.dll -> C:\WINDOWS\System32\wingenocx.dll
NY -> luvigaki.dll -> C:\WINDOWS\System32\luvigaki.dll
NY -> lomugiti.dll -> C:\WINDOWS\System32\lomugiti.dll
NY -> satulosu.dll -> C:\WINDOWS\System32\satulosu.dll
NY -> godobovo.dll -> C:\WINDOWS\System32\godobovo.dll
NY -> puwaduvu.dll -> C:\WINDOWS\System32\puwaduvu.dll
NY -> bisomasu.dll -> C:\WINDOWS\System32\bisomasu.dll
NY -> gasesila.dll -> C:\WINDOWS\System32\gasesila.dll
NY -> tipiyipo.dll -> C:\WINDOWS\System32\tipiyipo.dll
NY -> fedoniko.dll -> C:\WINDOWS\System32\fedoniko.dll
NY -> svfp.exe -> C:\svfp.exe
NY -> wisdstr.exe -> C:\WINDOWS\System32\wisdstr.exe
NY -> emxtqjit.exe -> C:\emxtqjit.exe
NY -> fyblb.exe -> C:\fyblb.exe
NY -> blyuwrjl.exe -> C:\blyuwrjl.exe
NY -> xvhu.exe -> C:\xvhu.exe
NY -> osps.exe -> C:\osps.exe
NY -> beep.sys -> C:\WINDOWS\System32\drivers\beep.sys
NY -> beep.sys -> C:\WINDOWS\System32\dllcache\beep.sys
NY -> ~.exe -> C:\WINDOWS\System32\~.exe
[File - Lop Check]
NY -> 10613284 -> C:\Documents and Settings\All Users\Application Data\10613284
[Custom Items]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:end
[Reboot]