WNSO.EXE help please.........

Viruses and worms
1

I have somehow been hit by a Trojan horse/spyware file that is called WNSO.exe. It was picked up from Baidu.com (Chinese search engine). Although Avast detects it, I am not able to remove, move, rename, etc. >:( Does anyone know how to remove this file???

2

Why can’t you move, rename, etc. I assume something like the file is in use ?

If so, if you have XP or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php

3

Hi MarkLoehndorf,

Download SDFix from http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
and save it to your desktop.

When you have done this, please boot into Safe Mode (Tap F8 during startup).

Rightclick on the SDFix.zip folder and choose Extract All. Open the extracted folder - C:\ SDFix and doubleclick on RunThis.bat to start the script.

Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.

Finally open the SDFix folder on your desktop and copy and paste the contents of Report.txt back in this thread along with fresh hijackthis log, and tell how things are running

If the file WNSO.exe persists, or comes back even in safe mode, we have to consider using avenger.zip,
don’t use it yet, first post a Hijackthislog (you may need two postings to post this log)

Please download:
http://swandog46.geekstogo.com/avenger.zip

by Swandog46 to your Desktop.
You must extract avenger. zip to your desktop, before you run it.

Start up Avenger exe.
Check the ‘Input script manually’ option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste all the text in the quote box below.
Quote:

Folders to delete:
C:\Program Files\Common Files\RGGZS

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt

Please copy/paste the content of C:\avenger.txt into your reply along with a fresh HJT log

polonus

4

Thanks for the help. I must be doing something wrong, though. I downloaded SDFix.exe and saved it. Files were extracted OK and restarted in safe mode. But I don’t know about the sdfix.zip folder. I am able to find the Runthis.bat. But when prompted to press Y or N, it does nothing after I press Y. I let it sit for 20 minutes and nothing happened. Any idea where I went wrong??? I’ll try again tonight. Mark

5

Hi MarkLoahndorf,

Did you somehow try in SAFE MODE, and did not this work or you seemed to use 100% CPU and nothing happened. Let’s try thie following then. Reboot the computer normally and DO NOT kill any processes. Then, download WinPFind3u.exe from http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop. Now Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Under Additional Scans click the checkboxes in front of the following items to select them:
Reg - Policy Settings
Reg - Security Settings

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
Curious what you will come up with,

polonus

6

Here ya go Polonus, I really do appreciate your help on this. My hat’s off to you if you are able to make heads or tails of it all…
WinPFind3 logfile created on: 10/19/2007 8:26:26 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\hp user\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.48 Mb Total Physical Memory | 676.66 Mb Available Physical Memory | 66.18% Memory free
2.41 Gb Paging File | 2.09 Gb Available in Paging File | 86.93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 37.71 Gb Free Space | 50.60% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MARKSHPLAPTOP
Current User Name: hp user
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
atiptaxx.exe → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr = ]
avgas.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
cdac11ba.exe → %System32%\drivers\CDAC11BA.EXE → Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr = ]
guard.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
hphmon05.exe → %System32%\hphmon05.exe → Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr = ]
standaloneslv.exe → %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe → [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr = ]
syntpenh.exe → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr = ]
syntplpr.exe → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr = ]
tivobeacon.exe → %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe → TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr = ]
ulcdrsvr.exe → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe → Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 7/18/2005 11:17:28 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] → %System32%\drivers\CDAC11BA.EXE → Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe → Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(ms_fax) Fax Client [Win32_Own | Auto | Stopped] → %System32%\0ae7.exe → File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] → %System32%\nvsvc32.exe → NVIDIA Corporation [Ver = 6.14.10.5401 | Size = 77824 bytes | Modified Date = 2/3/2004 8:26:00 AM | Attr = R ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] → %System32%\HPZipm12.exe → HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ]
(Remote Solver for COSMOSFloWorks 2007) Remote Solver for COSMOSFloWorks 2007 [Win32_Own | Auto | Running] → %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe → [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr = ]
(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe → SolidWorks [Ver = 2.80.002 | Size = 79360 bytes | Modified Date = 9/21/2007 9:35:50 PM | Attr = ]
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] → %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe → TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]

7

It continues…
| Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] → %System32%\drivers\CDAC11BA.EXE → Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe → Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(ms_fax) Fax Client [Win32_Own | Auto | Stopped] → %System32%\0ae7.exe → File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] → %System32%\nvsvc32.exe → NVIDIA Corporation [Ver = 6.14.10.5401 | Size = 77824 bytes | Modified Date = 2/3/2004 8:26:00 AM | Attr = R ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] → %System32%\HPZipm12.exe → HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ]
(Remote Solver for COSMOSFloWorks 2007) Remote Solver for COSMOSFloWorks 2007 [Win32_Own | Auto | Running] → %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe → [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr = ]
(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe → SolidWorks [Ver = 2.80.002 | Size = 79360 bytes | Modified Date = 9/21/2007 9:35:50 PM | Attr = ]
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] → %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe → TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
!AVG Anti-Spyware → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
ATIPTA → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr = ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
HPHmon05 → %System32%\hphmon05.exe → Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr = ]
SearchIndexer → %System32%\xuswofkx.dll [rundll32.exe “C:\WINDOWS\system32\xuswofkx.dll”,sitypnow] → [Ver = | Size = 83008 bytes | Modified Date = 10/18/2007 11:01:12 PM | Attr = ]
SynTPEnh → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr = ]
SynTPLpr → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr = ]
< OptionalComponents [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ →
IMAIL → Installed = 1 →
MAPI → Installed = 1 →
MSFS → Installed = 1 →
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\WNSO.lnk → %CommonProgramFiles%\RGGZS\WNSO.exe → File not found
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks →
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] → GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] → %System32%\rqrqomm.dll → File not found
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
AtiExtEvent → %System32%\ati2evxx.dll → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 61440 bytes | Modified Date = 3/8/2005 4:34:34 PM | Attr = ]
rqrqomm → rqrqomm.dll → File not found
WgaLogon → Reg Data - Value does not exist → File not found

8

< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 145 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools → 0 →
< HOSTS File > (764 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts →
127.0.0.1 localhost → →
192.168.1.109 HP000D9D182CA5 → →
< Internet Explorer Settings > → →
HKLM: Default_Page_URL → http://us8l.hpwis.com
HKLM: Main\Default_Search_URL → http://www.google.com/ie
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM: Start Page → http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM: CustomizeSearch → http://seek.3721.com/srchcust.htm
HKLM: Search\Default_Search_URL → http://www.google.com/ie
HKLM: SearchAssistant → http://www.google.com/ie
HKCU: Local Page → C:\WINDOWS\system32\blank.htm →
HKCU: Search Bar → http://www.google.com/ie
HKCU: Search Page → http://www.google.com
HKCU: Start Page → http://us8l.hpwis.com/
HKCU: SearchAssistant → http://www.google.com/ie
HKCU: ProxyEnable → 0 →
HKCU: ProxyOverride → 127.0.0.1 →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] → Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{387EDF53-1CF2-4523-BC2F-13462651BE8C} [HKLM] → %System32%\BhoCitUS.dll [CitiUSBrowserHelper Class] → Orbiscom Ltd. All rights reserved. [Ver = 3, 7, 0, 0, 134 | Size = 139264 bytes | Modified Date = 8/12/2004 2:55:00 PM | Attr = ]
{72F37957-227A-476E-9F62-9E00CDB84368} [HKLM] → %System32%\vturr.dll [Reg Data - Value does not exist] → [Ver = | Size = 244832 bytes | Modified Date = 9/19/2007 4:49:34 AM | Attr = ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] → %System32%\rqrqomm.dll [Reg Data - Value does not exist] → File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
{89AD4D75-2429-462e-BD4E-443F233F6033} [HKLM] → %System32%\vtquqiex.dll [Reg Data - Value does not exist] → [Ver = | Size = 77376 bytes | Modified Date = 10/2/2007 7:06:56 PM | Attr = ]
< Internet Explorer Bars [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ →
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
[HKLM] → Reg Data - Key not found → File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
E&xport to Microsoft Excel → → File not found
< User Agent Post Platform [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform →
SV1 → →
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{1AF1AB90-7611-4EF5-9EAC-76B4D4CF6D36} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{22EC5A37-74D9-46B2-963C-7E18D6427A2E} → (1394 Net Adapter) →
{32564508-58B8-45A1-9A54-0B1E9C5D32A3} → (1394 Net Adapter) →
{5C79B13D-D4E6-41B5-8537-A193B74756ED} → () →
{690E8785-F190-4F25-8406-EAEDB088921C} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{7C777C7A-6DEF-4F41-91BB-8AC28D08D0D7} → (1394 Net Adapter) →
{7D4EEF3A-321A-4114-8A31-619F7E7D68E3} → (1394 Net Adapter) →
{B0043B74-DEA3-411A-AEA4-86C8487645A8} → (Broadcom 802.11b) →
{B146B9C6-05FB-40C5-AAF9-4424DAD1C800} → (1394 Net Adapter) →
{C1D6AC56-DFF8-49B8-9E4A-81C6919FE1BA} → (Broadcom 802.11b) →
{EECAB3FF-1C5B-4C5B-B679-9AF04C2FC3B3} → (1394 Net Adapter) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
cetihpz → %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll → Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr = ]
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{00000055-9980-0010-8000-00AA00389B71} → - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB
{D27CDB6E-AE6D-11CF-96B8-444553540000} → - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Microsoft XML Parser for Java → - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab →

Jeez… Is it supposed to be this long???

9

Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ImagePath → %SystemRoot%\System32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DisplayName → Background Intelligent Transfer Service →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnService → Rpcss; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Description → Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\FailureActions →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ServiceDll → C:\WINDOWS\System32\qmgr.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\Security → 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\0 → Root\LEGACY_BITS\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ImagePath → %SystemRoot%\System32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DisplayName → Windows Firewall/Internet Connection Sharing (ICS) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DependOnService → Netman;WinMgmt; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Description → Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch → 65993 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ServiceDll → %SystemRoot%\System32\ipnathlp.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\C:\WINDOWS\system32-200431.exe → C:\WINDOWS\system32-200431.exe:*:Enabled:pop →

10

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32-16767.exe → C:\WINDOWS\system32-16767.exe::Disabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\yjiklkd.exe → C:\Program Files\Internet Explorer\yjiklkd.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\zfkhggn.exe → C:\WINDOWS\system32\zfkhggn.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\HP\tlchiil.exe → C:\Program Files\HP\tlchiil.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\msnmsgr.exe → C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\livecall.exe → C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\1900:UDP → 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\2869:TCP → 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\139:TCP → 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\445:TCP → 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\137:UDP → 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\138:UDP → 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy‚—\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy‚—\C:\WINDOWS\system32-200431.exe → C:\WINDOWS\system32-200431.exe:*:Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\Security → 

[Files/Folders - Created Within 30 days]
SDFix → %SystemDrive%\SDFix → [Folder | Created Date = 10/16/2007 9:00:38 PM | Attr = ]
SDFix.zip → %SystemDrive%\SDFix.zip → [Ver = | Size = 1346060 bytes | Created Date = 10/16/2007 10:30:09 PM | Attr = ]
$NtUninstallKB911993-V2$ → %SystemRoot%$NtUninstallKB911993-V2$ → [Folder | Created Date = 9/21/2007 8:03:48 PM | Attr = H ]
$NtUninstallKB919880$ → %SystemRoot%$NtUninstallKB919880$ → [Folder | Created Date = 9/21/2007 8:45:38 PM | Attr = H ]
$NtUninstallKB922120$ → %SystemRoot%$NtUninstallKB922120$ → [Folder | Created Date = 10/5/2007 7:11:30 PM | Attr = H ]
$NtUninstallKB933729$ → %SystemRoot%$NtUninstallKB933729$ → [Folder | Created Date = 10/10/2007 10:13:12 PM | Attr = H ]
$NtUninstallKB939653$ → %SystemRoot%$NtUninstallKB939653$ → [Folder | Created Date = 10/10/2007 10:11:30 PM | Attr = H ]
$NtUninstallKB941202$ → %SystemRoot%$NtUninstallKB941202$ → [Folder | Created Date = 10/10/2007 10:09:57 PM | Attr = H ]
cookies.ini → %SystemRoot%\cookies.ini → [Ver = | Size = 639 bytes | Created Date = 9/20/2007 10:37:33 PM | Attr = ]
eDrawingOfficeAutomator.INI → %SystemRoot%\eDrawingOfficeAutomator.INI → [Ver = | Size = 0 bytes | Created Date = 9/21/2007 8:48:37 PM | Attr = ]
winshow.exe → %SystemRoot%\winshow.exe → [Ver = 23.03.0020 | Size = 35328 bytes | Created Date = 10/3/2007 11:19:47 PM | Attr = ]
bocouhkq.ini → %System32%\bocouhkq.ini → [Ver = | Size = 693721 bytes | Created Date = 10/15/2007 7:30:47 PM | Attr = HS]
bxsrffnh.exe → %System32%\bxsrffnh.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/3/2007 6:21:13 PM | Attr = ]
caqlphka.dll → %System32%\caqlphka.dll → [Ver = | Size = 69184 bytes | Created Date = 9/30/2007 8:55:30 PM | Attr = ]
cfnwicad.dll → %System32%\cfnwicad.dll → [Ver = | Size = 69184 bytes | Created Date = 9/22/2007 4:08:06 AM | Attr = ]
cvqtiqmy.ini → %System32%\cvqtiqmy.ini → [Ver = | Size = 693772 bytes | Created Date = 9/29/2007 6:10:11 PM | Attr = HS]
cxxyvsqv.exe → %System32%\cxxyvsqv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/9/2007 4:10:45 PM | Attr = ]
dvmjoetv.exe → %System32%\dvmjoetv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/20/2007 10:18:33 PM | Attr = ]
emdorobt.ini → %System32%\emdorobt.ini → [Ver = | Size = 693481 bytes | Created Date = 10/8/2007 5:47:34 PM | Attr = HS]
epqefoto.exe → %System32%\epqefoto.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/1/2007 5:54:31 PM | Attr = ]
erfgtpgv.ini → %System32%\erfgtpgv.ini → [Ver = | Size = 694381 bytes | Created Date = 10/7/2007 8:30:23 AM | Attr = HS]
evxftikj.exe → %System32%\evxftikj.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/17/2007 7:56:25 PM | Attr = ]
fsdgubhf.ini → %System32%\fsdgubhf.ini → [Ver = | Size = 694312 bytes | Created Date = 10/5/2007 9:34:19 PM | Attr = HS]
gahucgqj.ini → %System32%\gahucgqj.ini → [Ver = | Size = 694021 bytes | Created Date = 10/2/2007 6:03:51 PM | Attr = HS]
ghabwcty.exe → %System32%\ghabwcty.exe → [Ver = | Size = 4672 bytes | Created Date = 10/16/2007 7:58:45 PM | Attr = ]
gqorhcce.ini → %System32%\gqorhcce.ini → [Ver = | Size = 693721 bytes | Created Date = 9/29/2007 5:49:10 PM | Attr = HS]
GroupPolicy → %System32%\GroupPolicy → [Folder | Created Date = 9/21/2007 8:13:55 PM | Attr = ]

11

hmcdhdlw.ini → %System32%\hmcdhdlw.ini → [Ver = | Size = 693841 bytes | Created Date = 10/15/2007 8:52:28 PM | Attr = HS]
hpfkwomp.ini → %System32%\hpfkwomp.ini → [Ver = | Size = 693901 bytes | Created Date = 9/30/2007 8:58:35 PM | Attr = HS]
hvvycbpm.exe → %System32%\hvvycbpm.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/15/2007 7:57:47 PM | Attr = ]
hwawctdi.exe → %System32%\hwawctdi.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/6/2007 9:31:14 PM | Attr = ]
hxhdipqm.exe → %System32%\hxhdipqm.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/15/2007 7:24:47 PM | Attr = ]
ibuauegt.dll → %System32%\ibuauegt.dll → [Ver = | Size = 86080 bytes | Created Date = 10/16/2007 8:01:51 PM | Attr = ]
iivpjxjk.exe → %System32%\iivpjxjk.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/8/2007 9:08:11 AM | Attr = ]
inpiutmn.ini → %System32%\inpiutmn.ini → [Ver = | Size = 693412 bytes | Created Date = 10/13/2007 12:06:04 AM | Attr = HS]
jmcmndmr.exe → %System32%\jmcmndmr.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/29/2007 2:46:23 PM | Attr = ]
jxibasda.ini → %System32%\jxibasda.ini → [Ver = | Size = 693472 bytes | Created Date = 9/25/2007 9:46:00 AM | Attr = HS]
kakggcks.ini → %System32%\kakggcks.ini → [Ver = | Size = 693481 bytes | Created Date = 9/20/2007 10:25:30 PM | Attr = HS]
kvyyliof.dll → %System32%\kvyyliof.dll → [Ver = | Size = 69184 bytes | Created Date = 10/1/2007 6:03:31 PM | Attr = ]
lvgxyqsp.ini → %System32%\lvgxyqsp.ini → [Ver = | Size = 693832 bytes | Created Date = 10/10/2007 12:19:06 PM | Attr = HS]
lxnhaexo.exe → %System32%\lxnhaexo.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/30/2007 5:55:30 PM | Attr = ]
mcrh.tmp → %System32%\mcrh.tmp → [Ver = | Size = 97 bytes | Created Date = 10/11/2007 7:39:02 PM | Attr = ]
mpsqtnkp.ini → %System32%\mpsqtnkp.ini → [Ver = | Size = 694141 bytes | Created Date = 10/3/2007 6:24:13 PM | Attr = HS]
mwxpwfnx.exe → %System32%\mwxpwfnx.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/20/2007 9:49:02 AM | Attr = ]
ndrlrvlk.ini → %System32%\ndrlrvlk.ini → [Ver = | Size = 693592 bytes | Created Date = 10/14/2007 8:21:56 AM | Attr = HS]
nnccwnfn.ini → %System32%\nnccwnfn.ini → [Ver = | Size = 693712 bytes | Created Date = 10/9/2007 4:14:54 PM | Attr = HS]
nryafwid.exe → %System32%\nryafwid.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/23/2007 9:33:55 AM | Attr = ]
nthxsrbx.ini → %System32%\nthxsrbx.ini → [Ver = | Size = 693481 bytes | Created Date = 10/11/2007 9:37:59 PM | Attr = HS]
oeohfjck.ini → %System32%\oeohfjck.ini → [Ver = | Size = 693472 bytes | Created Date = 10/17/2007 8:02:44 PM | Attr = HS]
ohcmrdoh.tmp → %System32%\ohcmrdoh.tmp → [Ver = | Size = 694501 bytes | Created Date = 10/8/2007 8:59:42 AM | Attr = HS]
ooyqblwu.ini → %System32%\ooyqblwu.ini → [Ver = | Size = 694252 bytes | Created Date = 10/4/2007 9:25:29 PM | Attr = HS]
pmnlmlk.dll → %System32%\pmnlmlk.dll → [Ver = | Size = 36352 bytes | Created Date = 10/3/2007 11:19:59 PM | Attr = ]
psqyxgvl.dll → %System32%\psqyxgvl.dll → [Ver = | Size = 84544 bytes | Created Date = 10/10/2007 12:19:04 PM | Attr = ]
qftklagh.dll → %System32%\qftklagh.dll → [Ver = | Size = 69184 bytes | Created Date = 9/23/2007 10:06:27 AM | Attr = ]
qiiosgee.exe → %System32%\qiiosgee.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/22/2007 4:07:18 AM | Attr = ]
qiyklfiu.exe → %System32%\qiyklfiu.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/26/2007 2:08:26 PM | Attr = ]
qqmwguyd.exe → %System32%\qqmwguyd.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/4/2007 9:13:59 PM | Attr = ]
qsafjfbr.exe → %System32%\qsafjfbr.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/3/2007 7:22:54 PM | Attr = ]
qubfkmri.exe → %System32%\qubfkmri.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/7/2007 8:36:40 AM | Attr = ]
qvmyndvv.dll → %System32%\qvmyndvv.dll → [Ver = | Size = 85568 bytes | Created Date = 9/23/2007 10:06:01 AM | Attr = ]
qwruiljg.exe → %System32%\qwruiljg.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/2/2007 5:54:50 PM | Attr = ]
rbrdorry.ini → %System32%\rbrdorry.ini → [Ver = | Size = 693592 bytes | Created Date = 9/26/2007 5:52:50 PM | Attr = HS]
rkpokdfk.ini → %System32%\rkpokdfk.ini → [Ver = | Size = 693412 bytes | Created Date = 9/24/2007 9:50:45 AM | Attr = HS]
rttjqulv.ini → %System32%\rttjqulv.ini → [Ver = | Size = 693952 bytes | Created Date = 10/1/2007 6:06:32 PM | Attr = HS]
skcggkak.dll → %System32%\skcggkak.dll → [Ver = | Size = 87616 bytes | Created Date = 9/20/2007 10:25:17 PM | Attr = ]
tecfbqsg.ini → %System32%\tecfbqsg.ini → [Ver = | Size = 693481 bytes | Created Date = 9/22/2007 4:09:46 AM | Attr = HS]
tgeuaubi.ini → %System32%\tgeuaubi.ini → [Ver = | Size = 693901 bytes | Created Date = 10/16/2007 8:01:54 PM | Attr = HS]
thrbncyb.dll → %System32%\thrbncyb.dll → [Ver = | Size = 69184 bytes | Created Date = 9/20/2007 10:28:17 PM | Attr = ]
tkspfget.ini → %System32%\tkspfget.ini → [Ver = | Size = 693652 bytes | Created Date = 9/28/2007 5:48:16 PM | Attr = HS]
ucpueekp.exe → %System32%\ucpueekp.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/11/2007 9:06:40 PM | Attr = ]
uedjhktu.ini → %System32%\uedjhktu.ini → [Ver = | Size = 693421 bytes | Created Date = 10/11/2007 7:47:48 PM | Attr = HS]
uhtbhmns.exe → %System32%\uhtbhmns.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/16/2007 7:55:48 PM | Attr = ]
uogtjtbp.dll → %System32%\uogtjtbp.dll → [Ver = | Size = 69184 bytes | Created Date = 9/26/2007 5:50:20 PM | Attr = ]
urqbepte.exe → %System32%\urqbepte.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/29/2007 5:55:10 PM | Attr = ]
vtquqiex.dll → %System32%\vtquqiex.dll → [Ver = | Size = 77376 bytes | Created Date = 10/2/2007 6:06:53 PM | Attr = ]
vvdnymvq.ini → %System32%\vvdnymvq.ini → [Ver = | Size = 693541 bytes | Created Date = 9/23/2007 10:06:07 AM | Attr = HS]
wwhwfjax.exe → %System32%\wwhwfjax.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/12/2007 9:04:18 PM | Attr = ]
xbrsxhtn.dll → %System32%\xbrsxhtn.dll → [Ver = | Size = 84032 bytes | Created Date = 10/11/2007 9:37:59 PM | Attr = ]
xkfowsux.ini → %System32%\xkfowsux.ini → [Ver = | Size = 693652 bytes | Created Date = 10/18/2007 10:01:12 PM | Attr = HS]
xsfimpjd.exe → %System32%\xsfimpjd.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/14/2007 8:15:58 AM | Attr = ]
xuswofkx.dll → %System32%\xuswofkx.dll → [Ver = | Size = 83008 bytes | Created Date = 10/18/2007 10:01:11 PM | Attr = ]
xytoteva.dll → %System32%\xytoteva.dll → [Ver = | Size = 69184 bytes | Created Date = 9/29/2007 6:04:10 PM | Attr = ]
ycebjhku.exe → %System32%\ycebjhku.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/18/2007 9:56:11 PM | Attr = ]
ynwhmodg.dll → %System32%\ynwhmodg.dll → [Ver = | Size = 69184 bytes | Created Date = 9/28/2007 5:54:14 PM | Attr = ]
ytswoufv.ini → %System32%\ytswoufv.ini → [Ver = | Size = 694201 bytes | Created Date = 10/3/2007 7:28:56 PM | Attr = HS]
AvgAsCln.sys → %System32%\drivers\AvgAsCln.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 10/14/2007 6:45:17 PM | Attr = ]

12

[Files/Folders - Modified Within 30 days]
avenger → %SystemDrive%\avenger → [Folder | Modified Date = 10/15/2007 8:23:18 PM | Attr = ]
boot.ini → %SystemDrive%\boot.ini → [Ver = | Size = 209 bytes | Modified Date = 10/16/2007 9:52:26 PM | Attr = RHS]
Config.Msi → %SystemDrive%\Config.Msi → [Folder | Modified Date = 9/23/2007 11:00:48 AM | Attr = H ]
Program Files → %ProgramFiles% → [Folder | Modified Date = 10/14/2007 7:44:58 PM | Attr = R ]
SDFix → %SystemDrive%\SDFix → [Folder | Modified Date = 10/15/2007 7:33:38 PM | Attr = ]
SDFix.zip → %SystemDrive%\SDFix.zip → [Ver = | Size = 1346060 bytes | Modified Date = 10/16/2007 11:30:12 PM | Attr = ]
System Volume Information → %SystemDrive%\System Volume Information → [Folder | Modified Date = 10/17/2007 7:11:50 PM | Attr = HS]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 10/19/2007 7:23:42 PM | Attr = ]
$hf_mig$ → %SystemRoot%$hf_mig$ → [Folder | Modified Date = 10/10/2007 11:13:10 PM | Attr = H ]
$NtUninstallKB911993-V2$ → %SystemRoot%$NtUninstallKB911993-V2$ → [Folder | Modified Date = 9/21/2007 9:03:50 PM | Attr = H ]
$NtUninstallKB919880$ → %SystemRoot%$NtUninstallKB919880$ → [Folder | Modified Date = 9/21/2007 9:45:40 PM | Attr = H ]
$NtUninstallKB922120$ → %SystemRoot%$NtUninstallKB922120$ → [Folder | Modified Date = 10/5/2007 8:11:32 PM | Attr = H ]
$NtUninstallKB933729$ → %SystemRoot%$NtUninstallKB933729$ → [Folder | Modified Date = 10/10/2007 11:13:14 PM | Attr = H ]
$NtUninstallKB939653$ → %SystemRoot%$NtUninstallKB939653$ → [Folder | Modified Date = 10/10/2007 11:11:40 PM | Attr = H ]
$NtUninstallKB941202$ → %SystemRoot%$NtUninstallKB941202$ → [Folder | Modified Date = 10/10/2007 11:09:58 PM | Attr = H ]
assembly → %SystemRoot%\assembly → [Folder | Modified Date = 9/23/2007 10:50:36 AM | Attr = R S]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 10/19/2007 7:21:58 PM | Attr = S]
cookies.ini → %SystemRoot%\cookies.ini → [Ver = | Size = 639 bytes | Modified Date = 10/16/2007 9:56:32 PM | Attr = ]
eDrawingOfficeAutomator.INI → %SystemRoot%\eDrawingOfficeAutomator.INI → [Ver = | Size = 0 bytes | Modified Date = 9/21/2007 9:48:38 PM | Attr = ]
Fonts → %SystemRoot%\Fonts → [Folder | Modified Date = 9/21/2007 9:20:04 PM | Attr = R S]
Help → %SystemRoot%\Help → [Folder | Modified Date = 10/11/2007 11:08:44 PM | Attr = ]
imsins.BAK → %SystemRoot%\imsins.BAK → [Ver = | Size = 1393 bytes | Modified Date = 10/10/2007 11:13:08 PM | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 10/10/2007 11:13:32 PM | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 9/23/2007 10:44:24 AM | Attr = HS]
Microsoft.NET → %SystemRoot%\Microsoft.NET → [Folder | Modified Date = 9/23/2007 10:48:10 AM | Attr = ]
netdet.ini → %SystemRoot%\netdet.ini → [Ver = | Size = 520 bytes | Modified Date = 10/8/2007 10:59:26 PM | Attr = ]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 10/18/2007 11:35:18 PM | Attr = ]
pss → %SystemRoot%\pss → [Folder | Modified Date = 10/16/2007 11:23:10 PM | Attr = ]
QTFont.qfn → %SystemRoot%\QTFont.qfn → [Ver = | Size = 54156 bytes | Modified Date = 10/9/2007 5:23:46 PM | Attr = H ]
system.ini → %SystemRoot%\system.ini → [Ver = | Size = 435 bytes | Modified Date = 10/16/2007 9:52:26 PM | Attr = ]
system32 → %System32% → [Folder | Modified Date = 10/19/2007 8:26:28 PM | Attr = ]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 10/19/2007 8:20:10 PM | Attr = ]
Thumbs.db → %SystemRoot%\Thumbs.db → [Ver = | Size = 73216 bytes | Modified Date = 10/11/2007 8:56:02 PM | Attr = HS]
@Alternate Data Stream - 0 bytes → %SystemRoot%\Thumbs.db:encryptable →
win.ini → %SystemRoot%\win.ini → [Ver = | Size = 730 bytes | Modified Date = 10/16/2007 9:52:26 PM | Attr = ]
winshow.exe → %SystemRoot%\winshow.exe → [Ver = 23.03.0020 | Size = 35328 bytes | Modified Date = 10/4/2007 12:19:48 AM | Attr = ]
WinSxS → %SystemRoot%\WinSxS → [Folder | Modified Date = 9/23/2007 10:39:30 AM | Attr = ]
yacht.xws → %SystemRoot%\yacht.xws → [Ver = | Size = 23 bytes | Modified Date = 9/21/2007 9:38:32 PM | Attr = H ]
eKMEw.job → %SystemRoot%\tasks\eKMEw.job → [Ver = | Size = 222 bytes | Modified Date = 10/19/2007 8:00:02 PM | Attr = ]
jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job → %SystemRoot%\tasks\jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job → [Ver = | Size = 222 bytes | Modified Date = 10/19/2007 8:00:02 PM | Attr = ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 10/19/2007 7:22:30 PM | Attr = H ]
Win_Update_Program.job → %SystemRoot%\tasks\Win_Update_Program.job → [Ver = | Size = 222 bytes | Modified Date = 10/19/2007 8:00:02 PM | Attr = ]
bocouhkq.ini → %System32%\bocouhkq.ini → [Ver = | Size = 693721 bytes | Modified Date = 10/15/2007 9:52:16 PM | Attr = HS]
bxsrffnh.exe → %System32%\bxsrffnh.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/3/2007 7:21:18 PM | Attr = ]
caqlphka.dll → %System32%\caqlphka.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/30/2007 9:55:34 PM | Attr = ]
CatRoot → %System32%\CatRoot → [Folder | Modified Date = 9/21/2007 9:05:44 PM | Attr = ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 10/18/2007 5:17:24 AM | Attr = ]
cfnwicad.dll → %System32%\cfnwicad.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/22/2007 5:08:12 AM | Attr = ]
cvqtiqmy.ini → %System32%\cvqtiqmy.ini → [Ver = | Size = 693772 bytes | Modified Date = 9/30/2007 7:00:16 PM | Attr = HS]
cxxyvsqv.exe → %System32%\cxxyvsqv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/9/2007 5:10:50 PM | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 10/17/2007 10:31:40 PM | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 10/15/2007 8:23:22 PM | Attr = ]
dvmjoetv.exe → %System32%\dvmjoetv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/20/2007 11:18:38 PM | Attr = ]
emdorobt.ini → %System32%\emdorobt.ini → [Ver = | Size = 693481 bytes | Modified Date = 10/9/2007 5:12:56 PM | Attr = HS]
epqefoto.exe → %System32%\epqefoto.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/1/2007 6:56:28 PM | Attr = ]
erfgtpgv.ini → %System32%\erfgtpgv.ini → [Ver = | Size = 694381 bytes | Modified Date = 10/7/2007 9:36:20 AM | Attr = HS]
evxftikj.exe → %System32%\evxftikj.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/17/2007 8:56:34 PM | Attr = ]
FNTCACHE.DAT → %System32%\FNTCACHE.DAT → [Ver = | Size = 376056 bytes | Modified Date = 9/22/2007 5:00:14 AM | Attr = ]

13

fsdgubhf.ini → %System32%\fsdgubhf.ini → [Ver = | Size = 694312 bytes | Modified Date = 10/6/2007 10:34:40 PM | Attr = HS]
gahucgqj.ini → %System32%\gahucgqj.ini → [Ver = | Size = 694021 bytes | Modified Date = 10/3/2007 7:18:08 PM | Attr = HS]
ghabwcty.exe → %System32%\ghabwcty.exe → [Ver = | Size = 4672 bytes | Modified Date = 10/16/2007 8:58:50 PM | Attr = ]
gqorhcce.ini → %System32%\gqorhcce.ini → [Ver = | Size = 693721 bytes | Modified Date = 9/29/2007 7:04:36 PM | Attr = HS]
GroupPolicy → %System32%\GroupPolicy → [Folder | Modified Date = 9/21/2007 9:13:56 PM | Attr = ]
hmcdhdlw.ini → %System32%\hmcdhdlw.ini → [Ver = | Size = 693841 bytes | Modified Date = 10/16/2007 7:35:34 PM | Attr = HS]
hpfkwomp.ini → %System32%\hpfkwomp.ini → [Ver = | Size = 693901 bytes | Modified Date = 10/1/2007 10:26:34 AM | Attr = HS]
hvvycbpm.exe → %System32%\hvvycbpm.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/15/2007 8:57:52 PM | Attr = ]
hwawctdi.exe → %System32%\hwawctdi.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/6/2007 10:31:18 PM | Attr = ]
hxhdipqm.exe → %System32%\hxhdipqm.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/15/2007 8:24:56 PM | Attr = ]
ibuauegt.dll → %System32%\ibuauegt.dll → [Ver = | Size = 86080 bytes | Modified Date = 10/16/2007 9:01:54 PM | Attr = ]
iivpjxjk.exe → %System32%\iivpjxjk.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/8/2007 6:41:34 PM | Attr = ]
inpiutmn.ini → %System32%\inpiutmn.ini → [Ver = | Size = 693412 bytes | Modified Date = 10/14/2007 9:15:48 AM | Attr = HS]
jmcmndmr.exe → %System32%\jmcmndmr.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/29/2007 3:46:40 PM | Attr = ]
jxibasda.ini → %System32%\jxibasda.ini → [Ver = | Size = 693472 bytes | Modified Date = 9/26/2007 6:52:58 PM | Attr = HS]
kakggcks.ini → %System32%\kakggcks.ini → [Ver = | Size = 693481 bytes | Modified Date = 9/21/2007 6:44:50 PM | Attr = HS]
kvyyliof.dll → %System32%\kvyyliof.dll → [Ver = | Size = 69184 bytes | Modified Date = 10/1/2007 7:03:34 PM | Attr = ]
lvgxyqsp.ini → %System32%\lvgxyqsp.ini → [Ver = | Size = 693832 bytes | Modified Date = 10/10/2007 10:44:58 PM | Attr = HS]
lxnhaexo.exe → %System32%\lxnhaexo.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/30/2007 9:52:46 PM | Attr = ]
mcrh.tmp → %System32%\mcrh.tmp → [Ver = | Size = 97 bytes | Modified Date = 10/11/2007 8:39:04 PM | Attr = ]
mpsqtnkp.ini → %System32%\mpsqtnkp.ini → [Ver = | Size = 694141 bytes | Modified Date = 10/3/2007 8:03:06 PM | Attr = HS]
mwxpwfnx.exe → %System32%\mwxpwfnx.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/20/2007 11:17:14 PM | Attr = ]
ndrlrvlk.ini → %System32%\ndrlrvlk.ini → [Ver = | Size = 693592 bytes | Modified Date = 10/15/2007 11:34:08 AM | Attr = HS]
nnccwnfn.ini → %System32%\nnccwnfn.ini → [Ver = | Size = 693712 bytes | Modified Date = 10/9/2007 8:23:26 PM | Attr = HS]
nryafwid.exe → %System32%\nryafwid.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/23/2007 10:34:00 AM | Attr = ]
nthxsrbx.ini → %System32%\nthxsrbx.ini → [Ver = | Size = 693481 bytes | Modified Date = 10/11/2007 11:00:52 PM | Attr = HS]
oeohfjck.ini → %System32%\oeohfjck.ini → [Ver = | Size = 693472 bytes | Modified Date = 10/18/2007 10:54:06 PM | Attr = HS]
ohcmrdoh.tmp → %System32%\ohcmrdoh.tmp → [Ver = | Size = 694501 bytes | Modified Date = 10/8/2007 9:59:48 AM | Attr = HS]
ooyqblwu.ini → %System32%\ooyqblwu.ini → [Ver = | Size = 694252 bytes | Modified Date = 10/5/2007 10:25:52 PM | Attr = HS]
perfc009.dat → %System32%\perfc009.dat → [Ver = | Size = 63166 bytes | Modified Date = 9/23/2007 10:42:22 AM | Attr = ]
perfh009.dat → %System32%\perfh009.dat → [Ver = | Size = 403604 bytes | Modified Date = 9/23/2007 10:42:22 AM | Attr = ]
PerfStringBackup.INI → %System32%\PerfStringBackup.INI → [Ver = | Size = 457498 bytes | Modified Date = 9/23/2007 10:42:22 AM | Attr = ]
pmnlmlk.dll → %System32%\pmnlmlk.dll → [Ver = | Size = 36352 bytes | Modified Date = 10/4/2007 12:20:00 AM | Attr = ]
psqyxgvl.dll → %System32%\psqyxgvl.dll → [Ver = | Size = 84544 bytes | Modified Date = 10/10/2007 1:19:08 PM | Attr = ]
qftklagh.dll → %System32%\qftklagh.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/23/2007 1:20:16 PM | Attr = ]
qiiosgee.exe → %System32%\qiiosgee.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/22/2007 5:07:26 AM | Attr = ]
qiyklfiu.exe → %System32%\qiyklfiu.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/26/2007 3:08:30 PM | Attr = ]
qqmwguyd.exe → %System32%\qqmwguyd.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/4/2007 10:14:12 PM | Attr = ]
qsafjfbr.exe → %System32%\qsafjfbr.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/3/2007 8:23:02 PM | Attr = ]
qubfkmri.exe → %System32%\qubfkmri.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/7/2007 9:36:46 AM | Attr = ]
qvmyndvv.dll → %System32%\qvmyndvv.dll → [Ver = | Size = 85568 bytes | Modified Date = 9/23/2007 11:06:04 AM | Attr = ]
qwruiljg.exe → %System32%\qwruiljg.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/2/2007 6:55:04 PM | Attr = ]
rbrdorry.ini → %System32%\rbrdorry.ini → [Ver = | Size = 693592 bytes | Modified Date = 9/27/2007 9:47:08 PM | Attr = HS]
Restore → %System32%\Restore → [Folder | Modified Date = 10/17/2007 7:11:50 PM | Attr = ]
rkpokdfk.ini → %System32%\rkpokdfk.ini → [Ver = | Size = 693412 bytes | Modified Date = 9/24/2007 10:50:48 AM | Attr = HS]
rrutv.bak1 → %System32%\rrutv.bak1 → [Ver = | Size = 1504795 bytes | Modified Date = 10/7/2007 9:31:28 AM | Attr = HS]
rrutv.bak2 → %System32%\rrutv.bak2 → [Ver = | Size = 635658 bytes | Modified Date = 10/18/2007 10:56:10 PM | Attr = HS]
rrutv.ini → %System32%\rrutv.ini → [Ver = | Size = 636050 bytes | Modified Date = 10/19/2007 8:26:38 PM | Attr = HS]
rttjqulv.ini → %System32%\rttjqulv.ini → [Ver = | Size = 693952 bytes | Modified Date = 10/1/2007 7:06:48 PM | Attr = HS]
ShellExt → %System32%\ShellExt → [Folder | Modified Date = 9/20/2007 11:31:28 PM | Attr = ]
skcggkak.dll → %System32%\skcggkak.dll → [Ver = | Size = 87616 bytes | Modified Date = 9/20/2007 11:25:20 PM | Attr = ]
tecfbqsg.ini → %System32%\tecfbqsg.ini → [Ver = | Size = 693481 bytes | Modified Date = 9/23/2007 11:05:42 AM | Attr = HS]
tgeuaubi.ini → %System32%\tgeuaubi.ini → [Ver = | Size = 693901 bytes | Modified Date = 10/16/2007 9:56:22 PM | Attr = HS]
thrbncyb.dll → %System32%\thrbncyb.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/20/2007 11:29:54 PM | Attr = ]
tkspfget.ini → %System32%\tkspfget.ini → [Ver = | Size = 693652 bytes | Modified Date = 9/29/2007 6:48:44 PM | Attr = HS]
ucpueekp.exe → %System32%\ucpueekp.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/11/2007 10:37:56 PM | Attr = ]
uedjhktu.ini → %System32%\uedjhktu.ini → [Ver = | Size = 693421 bytes | Modified Date = 10/11/2007 8:51:10 PM | Attr = HS]
uhtbhmns.exe → %System32%\uhtbhmns.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/16/2007 8:56:14 PM | Attr = ]
uogtjtbp.dll → %System32%\uogtjtbp.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/26/2007 6:51:58 PM | Attr = ]
urqbepte.exe → %System32%\urqbepte.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/29/2007 6:58:18 PM | Attr = ]
vtquqiex.dll → %System32%\vtquqiex.dll → [Ver = | Size = 77376 bytes | Modified Date = 10/2/2007 7:06:56 PM | Attr = ]
vvdnymvq.ini → %System32%\vvdnymvq.ini → [Ver = | Size = 693541 bytes | Modified Date = 9/23/2007 1:28:52 PM | Attr = HS]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 1158 bytes | Modified Date = 10/5/2007 10:09:30 PM | Attr = ]
wwhwfjax.exe → %System32%\wwhwfjax.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/13/2007 1:00:00 AM | Attr = ]
xbrsxhtn.dll → %System32%\xbrsxhtn.dll → [Ver = | Size = 84032 bytes | Modified Date = 10/11/2007 10:38:00 PM | Attr = ]
xkfowsux.ini → %System32%\xkfowsux.ini → [Ver = | Size = 693652 bytes | Modified Date = 10/19/2007 7:25:40 PM | Attr = HS]
xsfimpjd.exe → %System32%\xsfimpjd.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/14/2007 9:16:02 AM | Attr = ]
xuswofkx.dll → %System32%\xuswofkx.dll → [Ver = | Size = 83008 bytes | Modified Date = 10/18/2007 11:01:12 PM | Attr = ]
xytoteva.dll → %System32%\xytoteva.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/29/2007 7:04:16 PM | Attr = ]
ycebjhku.exe → %System32%\ycebjhku.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/18/2007 10:56:22 PM | Attr = ]
ynwhmodg.dll → %System32%\ynwhmodg.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/28/2007 6:54:20 PM | Attr = ]
ytswoufv.ini → %System32%\ytswoufv.ini → [Ver = | Size = 694201 bytes | Modified Date = 10/4/2007 10:13:32 PM | Attr = HS]
HpUsbPVR → %System32%\drivers\HpUsbPVR → [Folder | Modified Date = 10/7/2007 11:55:42 AM | Attr = ]

14

File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes → %SystemDrive%\Thumbs.db:encryptable →
Thawte Consulting , → %SystemRoot%\HPBroker.dll → [Ver = 1, 0, 0, 18 | Size = 91848 bytes | Modified Date = 11/17/2006 11:34:40 AM | Attr = ]
@Alternate Data Stream - 0 bytes → %SystemRoot%\Thumbs.db:encryptable →
UPX! , UPX0 , → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 5:09:50 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\bxsrffnh.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/3/2007 7:21:18 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\caqlphka.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/30/2007 9:55:34 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\cfnwicad.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/22/2007 5:08:12 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\cxxyvsqv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/9/2007 5:10:50 PM | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 7/30/2003 11:00:00 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\DivX.dll → DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 7/25/2007 9:50:22 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\dvmjoetv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/20/2007 11:18:38 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\epqefoto.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/1/2007 6:56:28 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\evxftikj.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/17/2007 8:56:34 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\hvvycbpm.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/15/2007 8:57:52 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\hwawctdi.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/6/2007 10:31:18 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\hxhdipqm.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/15/2007 8:24:56 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\iivpjxjk.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/8/2007 6:41:34 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\jmcmndmr.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/29/2007 3:46:40 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\kvyyliof.dll → [Ver = | Size = 69184 bytes | Modified Date = 10/1/2007 7:03:34 PM | Attr = ]
PTech , → %System32%\LegitCheckControl.DLL → Microsoft® Corporation [Ver = 1.3.0272.0 | Size = 520968 bytes | Modified Date = 8/29/2005 2:27:12 PM | Attr = ]
aspack , → %System32%\LibHupSink.dll → [Ver = | Size = 206848 bytes | Modified Date = 8/27/2006 2:22:24 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\lxnhaexo.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/30/2007 9:52:46 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\mwxpwfnx.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/20/2007 11:17:14 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\nryafwid.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/23/2007 10:34:00 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\qftklagh.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/23/2007 1:20:16 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\qiiosgee.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/22/2007 5:07:26 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\qiyklfiu.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/26/2007 3:08:30 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\qqmwguyd.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/4/2007 10:14:12 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\qsafjfbr.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/3/2007 8:23:02 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\qubfkmri.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/7/2007 9:36:46 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\qwruiljg.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/2/2007 6:55:04 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\thrbncyb.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/20/2007 11:29:54 PM | Attr = ]
@Alternate Data Stream - 0 bytes → %System32%\Thumbs.db:encryptable →
PEC2 , PECompact2 , → %System32%\ucpueekp.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/11/2007 10:37:56 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\uhtbhmns.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/16/2007 8:56:14 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\uogtjtbp.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/26/2007 6:51:58 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\urqbepte.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/29/2007 6:58:18 PM | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 7/30/2003 11:00:00 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\wwhwfjax.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/13/2007 1:00:00 AM | Attr = ]
Thawte Consulting , → %System32%\XceedZip.dll → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 4.5.77.0 | Size = 397856 bytes | Modified Date = 10/29/2001 9:44:36 AM | Attr = R ]
PEC2 , PECompact2 , → %System32%\xsfimpjd.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/14/2007 9:16:02 AM | Attr = ]
Thawte Consulting , → %System32%\xupload.ocx → Persits Software, Inc. [Ver = 2, 1, 0, 0 | Size = 227672 bytes | Modified Date = 11/22/2000 12:47:08 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\xytoteva.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/29/2007 7:04:16 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\ycebjhku.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/18/2007 10:56:22 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\ynwhmodg.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/28/2007 6:54:20 PM | Attr = ]
MZKERNEL32.DLL , → %System32%\zfkhggn.exe → [Ver = | Size = 49816 bytes | Modified Date = 5/9/2005 7:02:04 PM | Attr = ]
WSUD , UPX0 , → %System32%\dllcache\hwxjpn.dll → [Ver = | Size = 13463552 bytes | Modified Date = 7/30/2003 3:00:00 PM | Attr = ]
PTech , → %System32%\drivers\mtlstrm.sys → Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >
Finally finished. Are they all this long???

15

Pol - I hope you don’t mind me jumping in but I had my WinPFind analyst tool already open for another thread anyway.

Mark, start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.

[Registry - Non-Microsoft Only] < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ YN -> rqrqomm -> rqrqomm.dll [Files/Folders - Created Within 30 days] NY -> winshow.exe -> %SystemRoot%\winshow.exe NY -> bocouhkq.ini -> %System32%\bocouhkq.ini NY -> bxsrffnh.exe -> %System32%\bxsrffnh.exe NY -> caqlphka.dll -> %System32%\caqlphka.dll NY -> cfnwicad.dll -> %System32%\cfnwicad.dll NY -> cvqtiqmy.ini -> %System32%\cvqtiqmy.ini NY -> cxxyvsqv.exe -> %System32%\cxxyvsqv.exe NY -> dvmjoetv.exe -> %System32%\dvmjoetv.exe NY -> emdorobt.ini -> %System32%\emdorobt.ini NY -> epqefoto.exe -> %System32%\epqefoto.exe NY -> erfgtpgv.ini -> %System32%\erfgtpgv.ini NY -> evxftikj.exe -> %System32%\evxftikj.exe NY -> fsdgubhf.ini -> %System32%\fsdgubhf.ini NY -> gahucgqj.ini -> %System32%\gahucgqj.ini NY -> ghabwcty.exe -> %System32%\ghabwcty.exe NY -> gqorhcce.ini -> %System32%\gqorhcce.ini NY -> hmcdhdlw.ini -> %System32%\hmcdhdlw.ini NY -> hpfkwomp.ini -> %System32%\hpfkwomp.ini NY -> hvvycbpm.exe -> %System32%\hvvycbpm.exe NY -> hwawctdi.exe -> %System32%\hwawctdi.exe NY -> hxhdipqm.exe -> %System32%\hxhdipqm.exe NY -> ibuauegt.dll -> %System32%\ibuauegt.dll NY -> iivpjxjk.exe -> %System32%\iivpjxjk.exe NY -> inpiutmn.ini -> %System32%\inpiutmn.ini NY -> jmcmndmr.exe -> %System32%\jmcmndmr.exe NY -> jxibasda.ini -> %System32%\jxibasda.ini NY -> kakggcks.ini -> %System32%\kakggcks.ini NY -> kvyyliof.dll -> %System32%\kvyyliof.dll NY -> lvgxyqsp.ini -> %System32%\lvgxyqsp.ini NY -> lxnhaexo.exe -> %System32%\lxnhaexo.exe NY -> mcrh.tmp -> %System32%\mcrh.tmp NY -> mpsqtnkp.ini -> %System32%\mpsqtnkp.ini NY -> mwxpwfnx.exe -> %System32%\mwxpwfnx.exe NY -> ndrlrvlk.ini -> %System32%\ndrlrvlk.ini NY -> nnccwnfn.ini -> %System32%\nnccwnfn.ini NY -> nryafwid.exe -> %System32%\nryafwid.exe NY -> nthxsrbx.ini -> %System32%\nthxsrbx.ini NY -> oeohfjck.ini -> %System32%\oeohfjck.ini NY -> ohcmrdoh.tmp -> %System32%\ohcmrdoh.tmp NY -> ooyqblwu.ini -> %System32%\ooyqblwu.ini NY -> pmnlmlk.dll -> %System32%\pmnlmlk.dll NY -> psqyxgvl.dll -> %System32%\psqyxgvl.dll NY -> qftklagh.dll -> %System32%\qftklagh.dll NY -> qiiosgee.exe -> %System32%\qiiosgee.exe NY -> qiyklfiu.exe -> %System32%\qiyklfiu.exe NY -> qqmwguyd.exe -> %System32%\qqmwguyd.exe NY -> qsafjfbr.exe -> %System32%\qsafjfbr.exe NY -> qubfkmri.exe -> %System32%\qubfkmri.exe NY -> qvmyndvv.dll -> %System32%\qvmyndvv.dll NY -> qwruiljg.exe -> %System32%\qwruiljg.exe NY -> rbrdorry.ini -> %System32%\rbrdorry.ini NY -> rkpokdfk.ini -> %System32%\rkpokdfk.ini NY -> rttjqulv.ini -> %System32%\rttjqulv.ini NY -> skcggkak.dll -> %System32%\skcggkak.dll NY -> tecfbqsg.ini -> %System32%\tecfbqsg.ini NY -> tgeuaubi.ini -> %System32%\tgeuaubi.ini NY -> thrbncyb.dll -> %System32%\thrbncyb.dll NY -> tkspfget.ini -> %System32%\tkspfget.ini NY -> ucpueekp.exe -> %System32%\ucpueekp.exe NY -> uedjhktu.ini -> %System32%\uedjhktu.ini NY -> uhtbhmns.exe -> %System32%\uhtbhmns.exe NY -> uogtjtbp.dll -> %System32%\uogtjtbp.dll NY -> urqbepte.exe -> %System32%\urqbepte.exe NY -> vtquqiex.dll -> %System32%\vtquqiex.dll NY -> vvdnymvq.ini -> %System32%\vvdnymvq.ini NY -> wwhwfjax.exe -> %System32%\wwhwfjax.exe NY -> xbrsxhtn.dll -> %System32%\xbrsxhtn.dll NY -> xkfowsux.ini -> %System32%\xkfowsux.ini NY -> xsfimpjd.exe -> %System32%\xsfimpjd.exe NY -> xuswofkx.dll -> %System32%\xuswofkx.dll NY -> xytoteva.dll -> %System32%\xytoteva.dll NY -> ycebjhku.exe -> %System32%\ycebjhku.exe NY -> ynwhmodg.dll -> %System32%\ynwhmodg.dll NY -> ytswoufv.ini -> %System32%\ytswoufv.ini [Files/Folders - Modified Within 30 days] NY -> eKMEw.job -> %SystemRoot%\tasks\eKMEw.job NY -> jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job -> %SystemRoot%\tasks\jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job NY -> bocouhkq.ini -> %System32%\bocouhkq.ini NY -> bxsrffnh.exe -> %System32%\bxsrffnh.exe NY -> caqlphka.dll -> %System32%\caqlphka.dll NY -> cfnwicad.dll -> %System32%\cfnwicad.dll NY -> cvqtiqmy.ini -> %System32%\cvqtiqmy.ini NY -> cxxyvsqv.exe -> %System32%\cxxyvsqv.exe NY -> dvmjoetv.exe -> %System32%\dvmjoetv.exe NY -> emdorobt.ini -> %System32%\emdorobt.ini NY -> epqefoto.exe -> %System32%\epqefoto.exe NY -> erfgtpgv.ini -> %System32%\erfgtpgv.ini NY -> evxftikj.exe -> %System32%\evxftikj.exe NY -> fsdgubhf.ini -> %System32%\fsdgubhf.ini NY -> gahucgqj.ini -> %System32%\gahucgqj.ini NY -> ghabwcty.exe -> %System32%\ghabwcty.exe NY -> gqorhcce.ini -> %System32%\gqorhcce.ini NY -> hmcdhdlw.ini -> %System32%\hmcdhdlw.ini NY -> hpfkwomp.ini -> %System32%\hpfkwomp.ini NY -> hvvycbpm.exe -> %System32%\hvvycbpm.exe NY -> hwawctdi.exe -> %System32%\hwawctdi.exe NY -> hxhdipqm.exe -> %System32%\hxhdipqm.exe NY -> ibuauegt.dll -> %System32%\ibuauegt.dll NY -> iivpjxjk.exe -> %System32%\iivpjxjk.exe NY -> inpiutmn.ini -> %System32%\inpiutmn.ini NY -> jmcmndmr.exe -> %System32%\jmcmndmr.exe NY -> jxibasda.ini -> %System32%\jxibasda.ini NY -> kakggcks.ini -> %System32%\kakggcks.ini NY -> kvyyliof.dll -> %System32%\kvyyliof.dll NY -> lvgxyqsp.ini -> %System32%\lvgxyqsp.ini NY -> lxnhaexo.exe -> %System32%\lxnhaexo.exe NY -> mcrh.tmp -> %System32%\mcrh.tmp NY -> mpsqtnkp.ini -> %System32%\mpsqtnkp.ini NY -> mwxpwfnx.exe -> %System32%\mwxpwfnx.exe NY -> ndrlrvlk.ini -> %System32%\ndrlrvlk.ini NY -> nnccwnfn.ini -> %System32%\nnccwnfn.ini NY -> nryafwid.exe -> %System32%\nryafwid.exe NY -> nthxsrbx.ini -> %System32%\nthxsrbx.ini NY -> oeohfjck.ini -> %System32%\oeohfjck.ini NY -> ohcmrdoh.tmp -> %System32%\ohcmrdoh.tmp NY -> ooyqblwu.ini -> %System32%\ooyqblwu.ini NY -> pmnlmlk.dll -> %System32%\pmnlmlk.dll NY -> psqyxgvl.dll -> %System32%\psqyxgvl.dll NY -> qftklagh.dll -> %System32%\qftklagh.dll NY -> qiiosgee.exe -> %System32%\qiiosgee.exe NY -> qiyklfiu.exe -> %System32%\qiyklfiu.exe NY -> qqmwguyd.exe -> %System32%\qqmwguyd.exe NY -> qsafjfbr.exe -> %System32%\qsafjfbr.exe NY -> qubfkmri.exe -> %System32%\qubfkmri.exe NY -> qvmyndvv.dll -> %System32%\qvmyndvv.dll NY -> qwruiljg.exe -> %System32%\qwruiljg.exe NY -> rbrdorry.ini -> %System32%\rbrdorry.ini NY -> rkpokdfk.ini -> %System32%\rkpokdfk.ini NY -> rrutv.bak1 -> %System32%\rrutv.bak1 NY -> rrutv.bak2 -> %System32%\rrutv.bak2 NY -> rrutv.ini -> %System32%\rrutv.ini NY -> rttjqulv.ini -> %System32%\rttjqulv.ini NY -> skcggkak.dll -> %System32%\skcggkak.dll NY -> tecfbqsg.ini -> %System32%\tecfbqsg.ini NY -> tgeuaubi.ini -> %System32%\tgeuaubi.ini NY -> thrbncyb.dll -> %System32%\thrbncyb.dll NY -> tkspfget.ini -> %System32%\tkspfget.ini NY -> ucpueekp.exe -> %System32%\ucpueekp.exe NY -> uedjhktu.ini -> %System32%\uedjhktu.ini NY -> uhtbhmns.exe -> %System32%\uhtbhmns.exe NY -> uogtjtbp.dll -> %System32%\uogtjtbp.dll NY -> urqbepte.exe -> %System32%\urqbepte.exe NY -> vtquqiex.dll -> %System32%\vtquqiex.dll NY -> vvdnymvq.ini -> %System32%\vvdnymvq.ini NY -> wwhwfjax.exe -> %System32%\wwhwfjax.exe NY -> xbrsxhtn.dll -> %System32%\xbrsxhtn.dll NY -> xkfowsux.ini -> %System32%\xkfowsux.ini NY -> xsfimpjd.exe -> %System32%\xsfimpjd.exe NY -> xuswofkx.dll -> %System32%\xuswofkx.dll NY -> xytoteva.dll -> %System32%\xytoteva.dll NY -> ycebjhku.exe -> %System32%\ycebjhku.exe NY -> ynwhmodg.dll -> %System32%\ynwhmodg.dll NY -> ytswoufv.ini -> %System32%\ytswoufv.ini

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

Also let me know of any problems you encounter performing these steps or any continuing problems you are having with the computer.

Is there a red line through the avast! icon in the system tray at the bottom right of your screen? The avast! services are reported stopped in the WinPFind log.

EDIT:

Finally finished. Are they all this long???
Yes, give or take a line or two ;D
16

I ran it and here are the results. But now, WNSO.exe still shows up as loading during boot up, and my Netscape bookmarks are all gone, same with my newsgroup settings.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrqomm deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\winshow.exe moved successfully.
C:\WINDOWS\SYSTEM32\bocouhkq.ini moved successfully.
C:\WINDOWS\SYSTEM32\bxsrffnh.exe moved successfully.
C:\WINDOWS\SYSTEM32\caqlphka.dll moved successfully.
C:\WINDOWS\SYSTEM32\cfnwicad.dll moved successfully.
C:\WINDOWS\SYSTEM32\cvqtiqmy.ini moved successfully.
C:\WINDOWS\SYSTEM32\cxxyvsqv.exe moved successfully.
C:\WINDOWS\SYSTEM32\dvmjoetv.exe moved successfully.
C:\WINDOWS\SYSTEM32\emdorobt.ini moved successfully.
C:\WINDOWS\SYSTEM32\epqefoto.exe moved successfully.
C:\WINDOWS\SYSTEM32\erfgtpgv.ini moved successfully.
C:\WINDOWS\SYSTEM32\evxftikj.exe moved successfully.
C:\WINDOWS\SYSTEM32\fsdgubhf.ini moved successfully.
C:\WINDOWS\SYSTEM32\gahucgqj.ini moved successfully.
C:\WINDOWS\SYSTEM32\ghabwcty.exe moved successfully.
C:\WINDOWS\SYSTEM32\gqorhcce.ini moved successfully.
C:\WINDOWS\SYSTEM32\hmcdhdlw.ini moved successfully.
C:\WINDOWS\SYSTEM32\hpfkwomp.ini moved successfully.
C:\WINDOWS\SYSTEM32\hvvycbpm.exe moved successfully.
C:\WINDOWS\SYSTEM32\hwawctdi.exe moved successfully.
C:\WINDOWS\SYSTEM32\hxhdipqm.exe moved successfully.
C:\WINDOWS\SYSTEM32\ibuauegt.dll moved successfully.
C:\WINDOWS\SYSTEM32\iivpjxjk.exe moved successfully.
C:\WINDOWS\SYSTEM32\inpiutmn.ini moved successfully.
C:\WINDOWS\SYSTEM32\jmcmndmr.exe moved successfully.
C:\WINDOWS\SYSTEM32\jxibasda.ini moved successfully.
C:\WINDOWS\SYSTEM32\kakggcks.ini moved successfully.
C:\WINDOWS\SYSTEM32\kvyyliof.dll moved successfully.
C:\WINDOWS\SYSTEM32\lvgxyqsp.ini moved successfully.
C:\WINDOWS\SYSTEM32\lxnhaexo.exe moved successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp moved successfully.
C:\WINDOWS\SYSTEM32\mpsqtnkp.ini moved successfully.
C:\WINDOWS\SYSTEM32\mwxpwfnx.exe moved successfully.
C:\WINDOWS\SYSTEM32\ndrlrvlk.ini moved successfully.
C:\WINDOWS\SYSTEM32\nnccwnfn.ini moved successfully.
C:\WINDOWS\SYSTEM32\nryafwid.exe moved successfully.
C:\WINDOWS\SYSTEM32\nthxsrbx.ini moved successfully.
C:\WINDOWS\SYSTEM32\oeohfjck.ini moved successfully.
C:\WINDOWS\SYSTEM32\ohcmrdoh.tmp moved successfully.
C:\WINDOWS\SYSTEM32\ooyqblwu.ini moved successfully.
C:\WINDOWS\SYSTEM32\pmnlmlk.dll moved successfully.
C:\WINDOWS\SYSTEM32\psqyxgvl.dll moved successfully.
C:\WINDOWS\SYSTEM32\qftklagh.dll moved successfully.
C:\WINDOWS\SYSTEM32\qiiosgee.exe moved successfully.
C:\WINDOWS\SYSTEM32\qiyklfiu.exe moved successfully.
C:\WINDOWS\SYSTEM32\qqmwguyd.exe moved successfully.
C:\WINDOWS\SYSTEM32\qsafjfbr.exe moved successfully.
C:\WINDOWS\SYSTEM32\qubfkmri.exe moved successfully.
C:\WINDOWS\SYSTEM32\qvmyndvv.dll moved successfully.
C:\WINDOWS\SYSTEM32\qwruiljg.exe moved successfully.
C:\WINDOWS\SYSTEM32\rbrdorry.ini moved successfully.
C:\WINDOWS\SYSTEM32\rkpokdfk.ini moved successfully.
C:\WINDOWS\SYSTEM32\rttjqulv.ini moved successfully.
C:\WINDOWS\SYSTEM32\skcggkak.dll moved successfully.
C:\WINDOWS\SYSTEM32\tecfbqsg.ini moved successfully.
C:\WINDOWS\SYSTEM32\tgeuaubi.ini moved successfully.
C:\WINDOWS\SYSTEM32\thrbncyb.dll moved successfully.
C:\WINDOWS\SYSTEM32\tkspfget.ini moved successfully.
C:\WINDOWS\SYSTEM32\ucpueekp.exe moved successfully.
C:\WINDOWS\SYSTEM32\uedjhktu.ini moved successfully.
C:\WINDOWS\SYSTEM32\uhtbhmns.exe moved successfully.
C:\WINDOWS\SYSTEM32\uogtjtbp.dll moved successfully.
C:\WINDOWS\SYSTEM32\urqbepte.exe moved successfully.
C:\WINDOWS\SYSTEM32\vtquqiex.dll moved successfully.
C:\WINDOWS\SYSTEM32\vvdnymvq.ini moved successfully.
C:\WINDOWS\SYSTEM32\wwhwfjax.exe moved successfully.
C:\WINDOWS\SYSTEM32\xbrsxhtn.dll moved successfully.
C:\WINDOWS\SYSTEM32\xkfowsux.ini moved successfully.
C:\WINDOWS\SYSTEM32\xsfimpjd.exe moved successfully.
C:\WINDOWS\SYSTEM32\xuswofkx.dll moved successfully.
C:\WINDOWS\SYSTEM32\xytoteva.dll moved successfully.
C:\WINDOWS\SYSTEM32\ycebjhku.exe moved successfully.
C:\WINDOWS\SYSTEM32\ynwhmodg.dll moved successfully.
C:\WINDOWS\SYSTEM32\ytswoufv.ini moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\tasks\eKMEw.job moved successfully.
C:\WINDOWS\tasks\jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job moved successfully.
File C:\WINDOWS\SYSTEM32\bocouhkq.ini not found!
File C:\WINDOWS\SYSTEM32\bxsrffnh.exe not found!
File C:\WINDOWS\SYSTEM32\caqlphka.dll not found!
File C:\WINDOWS\SYSTEM32\cfnwicad.dll not found!
File C:\WINDOWS\SYSTEM32\cvqtiqmy.ini not found!
File C:\WINDOWS\SYSTEM32\cxxyvsqv.exe not found!
File C:\WINDOWS\SYSTEM32\dvmjoetv.exe not found!
File C:\WINDOWS\SYSTEM32\emdorobt.ini not found!
File C:\WINDOWS\SYSTEM32\epqefoto.exe not found!
File C:\WINDOWS\SYSTEM32\erfgtpgv.ini not found!
File C:\WINDOWS\SYSTEM32\evxftikj.exe not found!
File C:\WINDOWS\SYSTEM32\fsdgubhf.ini not found!
File C:\WINDOWS\SYSTEM32\gahucgqj.ini not found!
File C:\WINDOWS\SYSTEM32\ghabwcty.exe not found!
File C:\WINDOWS\SYSTEM32\gqorhcce.ini not found!
File C:\WINDOWS\SYSTEM32\hmcdhdlw.ini not found!
File C:\WINDOWS\SYSTEM32\hpfkwomp.ini not found!
File C:\WINDOWS\SYSTEM32\hvvycbpm.exe not found!
File C:\WINDOWS\SYSTEM32\hwawctdi.exe not found!
File C:\WINDOWS\SYSTEM32\hxhdipqm.exe not found!
File C:\WINDOWS\SYSTEM32\ibuauegt.dll not found!
File C:\WINDOWS\SYSTEM32\iivpjxjk.exe not found!
File C:\WINDOWS\SYSTEM32\inpiutmn.ini not found!
File C:\WINDOWS\SYSTEM32\jmcmndmr.exe not found!
File C:\WINDOWS\SYSTEM32\jxibasda.ini not found!
File C:\WINDOWS\SYSTEM32\kakggcks.ini not found!
File C:\WINDOWS\SYSTEM32\kvyyliof.dll not found!
File C:\WINDOWS\SYSTEM32\lvgxyqsp.ini not found!
File C:\WINDOWS\SYSTEM32\lxnhaexo.exe not found!
File C:\WINDOWS\SYSTEM32\mcrh.tmp not found!
File C:\WINDOWS\SYSTEM32\mpsqtnkp.ini not found!
File C:\WINDOWS\SYSTEM32\mwxpwfnx.exe not found!
File C:\WINDOWS\SYSTEM32\ndrlrvlk.ini not found!
File C:\WINDOWS\SYSTEM32\nnccwnfn.ini not found!
File C:\WINDOWS\SYSTEM32\nryafwid.exe not found!
File C:\WINDOWS\SYSTEM32\nthxsrbx.ini not found!
File C:\WINDOWS\SYSTEM32\oeohfjck.ini not found!
File C:\WINDOWS\SYSTEM32\ohcmrdoh.tmp not found!
File C:\WINDOWS\SYSTEM32\ooyqblwu.ini not found!
File C:\WINDOWS\SYSTEM32\pmnlmlk.dll not found!
File C:\WINDOWS\SYSTEM32\psqyxgvl.dll not found!
File C:\WINDOWS\SYSTEM32\qftklagh.dll not found!
File C:\WINDOWS\SYSTEM32\qiiosgee.exe not found!
File C:\WINDOWS\SYSTEM32\qiyklfiu.exe not found!
File C:\WINDOWS\SYSTEM32\qqmwguyd.exe not found!
File C:\WINDOWS\SYSTEM32\qsafjfbr.exe not found!
File C:\WINDOWS\SYSTEM32\qubfkmri.exe not found!
File C:\WINDOWS\SYSTEM32\qvmyndvv.dll not found!
File C:\WINDOWS\SYSTEM32\qwruiljg.exe not found!
File C:\WINDOWS\SYSTEM32\rbrdorry.ini not found!
File C:\WINDOWS\SYSTEM32\rkpokdfk.ini not found!
C:\WINDOWS\SYSTEM32\rrutv.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\rrutv.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\rrutv.ini moved successfully.
File C:\WINDOWS\SYSTEM32\rttjqulv.ini not found!
File C:\WINDOWS\SYSTEM32\skcggkak.dll not found!
File C:\WINDOWS\SYSTEM32\tecfbqsg.ini not found!
File C:\WINDOWS\SYSTEM32\tgeuaubi.ini not found!
File C:\WINDOWS\SYSTEM32\thrbncyb.dll not found!
File C:\WINDOWS\SYSTEM32\tkspfget.ini not found!
File C:\WINDOWS\SYSTEM32\ucpueekp.exe not found!
File C:\WINDOWS\SYSTEM32\uedjhktu.ini not found!
File C:\WINDOWS\SYSTEM32\uhtbhmns.exe not found!
File C:\WINDOWS\SYSTEM32\uogtjtbp.dll not found!
File C:\WINDOWS\SYSTEM32\urqbepte.exe not found!
File C:\WINDOWS\SYSTEM32\vtquqiex.dll not found!
File C:\WINDOWS\SYSTEM32\vvdnymvq.ini not found!
File C:\WINDOWS\SYSTEM32\wwhwfjax.exe not found!
File C:\WINDOWS\SYSTEM32\xbrsxhtn.dll not found!
File C:\WINDOWS\SYSTEM32\xkfowsux.ini not found!
File C:\WINDOWS\SYSTEM32\xsfimpjd.exe not found!
File C:\WINDOWS\SYSTEM32\xuswofkx.dll not found!
File C:\WINDOWS\SYSTEM32\xytoteva.dll not found!
File C:\WINDOWS\SYSTEM32\ycebjhku.exe not found!
File C:\WINDOWS\SYSTEM32\ynwhmodg.dll not found!
File C:\WINDOWS\SYSTEM32\ytswoufv.ini not found!
< End of log >
Created on 10/20/2007 15:53:41

17

Hmmmm. It seemed to be gone when you ran WinPFInd the first time, but please run it again and post another log.

Netscape bookmarks are saved in a file named bookmark.htm . See if you can locate that on your computer. And see if this helps in regard to the newsgroup settings

http://sillydog.org/netscape/kb/lostmailnewsgroup.html

18

New scan. I still have Downloader.tiny.id in my pc. I keep having I.E. take me to a website “Errorsafe.com” that wants me to download a pc fixing program. Luckily, Avast lets me abort the connection.
WinPFind3 logfile created on: 10/21/2007 10:54:25 AM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\hp user\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.48 Mb Total Physical Memory | 577.23 Mb Available Physical Memory | 56.45% Memory free
2.41 Gb Paging File | 2.07 Gb Available in Paging File | 85.82% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 37.78 Gb Free Space | 50.69% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MARKSHPLAPTOP
Current User Name: hp user
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
ashmaisv.exe → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr = ]
ashwebsv.exe → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
atiptaxx.exe → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr = ]
avgas.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
cdac11ba.exe → %System32%\drivers\CDAC11BA.EXE → Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr = ]
guard.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
hphmon05.exe → %System32%\hphmon05.exe → Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr = ]
standaloneslv.exe → %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe → [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr = ]
syntpenh.exe → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr = ]
syntplpr.exe → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr = ]
tivobeacon.exe → %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe → TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr = ]
ulcdrsvr.exe → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe → Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 7/18/2005 11:17:28 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] → %System32%\drivers\CDAC11BA.EXE → Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Stopped] → %System32%\ljnhokqn.exe → File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe → Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(ms_fax) Fax Client [Win32_Own | Auto | Stopped] → %System32%\0ae7.exe → File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] → %System32%\nvsvc32.exe → NVIDIA Corporation [Ver = 6.14.10.5401 | Size = 77824 bytes | Modified Date = 2/3/2004 8:26:00 AM | Attr = R ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] → %System32%\HPZipm12.exe → HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ]
(Remote Solver for COSMOSFloWorks 2007) Remote Solver for COSMOSFloWorks 2007 [Win32_Own | Auto | Running] → %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe → [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr = ]
(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe → SolidWorks [Ver = 2.80.002 | Size = 79360 bytes | Modified Date = 9/21/2007 9:35:50 PM | Attr = ]
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] → %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe → TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]

19

[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
!AVG Anti-Spyware → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
ATIPTA → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr = ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
HPHmon05 → %System32%\hphmon05.exe → Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr = ]
SearchIndexer → %System32%\xytoqfrl.dll [rundll32.exe “C:\WINDOWS\system32\xytoqfrl.dll”,sitypnow] → [Ver = | Size = 83008 bytes | Modified Date = 10/21/2007 9:57:50 AM | Attr = ]
SynTPEnh → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr = ]
SynTPLpr → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr = ]
< OptionalComponents [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ →
IMAIL → Installed = 1 →
MAPI → Installed = 1 →
MSFS → Installed = 1 →
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\WNSO.lnk → %CommonProgramFiles%\RGGZS\WNSO.exe → File not found
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks →
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] → GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] → %System32%\rqrqomm.dll → File not found
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
AtiExtEvent → %System32%\ati2evxx.dll → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 61440 bytes | Modified Date = 3/8/2005 4:34:34 PM | Attr = ]
WgaLogon → Reg Data - Value does not exist → File not found
< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 145 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools → 0 →
< HOSTS File > (764 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts →
127.0.0.1 localhost → →
192.168.1.109 HP000D9D182CA5 → →
< Internet Explorer Settings > → →
HKLM: Default_Page_URL → http://us8l.hpwis.com
HKLM: Main\Default_Search_URL → http://www.google.com/ie
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM: Start Page → http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM: CustomizeSearch → http://seek.3721.com/srchcust.htm
HKLM: Search\Default_Search_URL → http://www.google.com/ie
HKLM: SearchAssistant → http://www.google.com/ie
HKCU: Local Page → C:\WINDOWS\system32\blank.htm →
HKCU: Search Bar → http://www.google.com/ie
HKCU: Search Page → http://www.google.com
HKCU: Start Page → http://us8l.hpwis.com/
HKCU: SearchAssistant → http://www.google.com/ie
HKCU: ProxyEnable → 0 →
HKCU: ProxyOverride → 127.0.0.1 →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] → Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{387EDF53-1CF2-4523-BC2F-13462651BE8C} [HKLM] → %System32%\BhoCitUS.dll [CitiUSBrowserHelper Class] → Orbiscom Ltd. All rights reserved. [Ver = 3, 7, 0, 0, 134 | Size = 139264 bytes | Modified Date =

20

8/12/2004 2:55:00 PM | Attr = ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] → %System32%\rqrqomm.dll [Reg Data - Value does not exist] → File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
{89AD4D75-2429-462e-BD4E-443F233F6033} [HKLM] → %System32%\vtquqiex.dll [Reg Data - Value does not exist] → File not found
{E8A11B0B-1C19-4C36-B956-F0C213CF18DF} [HKLM] → %System32%\vturr.dll [Reg Data - Value does not exist] → [Ver = | Size = 244832 bytes | Modified Date = 9/19/2007 4:49:34 AM | Attr = ]
< Internet Explorer Bars [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ →
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
[HKLM] → Reg Data - Key not found → File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
E&xport to Microsoft Excel → → File not found
< User Agent Post Platform [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform →
SV1 → →
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{1AF1AB90-7611-4EF5-9EAC-76B4D4CF6D36} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{22EC5A37-74D9-46B2-963C-7E18D6427A2E} → (1394 Net Adapter) →
{32564508-58B8-45A1-9A54-0B1E9C5D32A3} → (1394 Net Adapter) →
{5C79B13D-D4E6-41B5-8537-A193B74756ED} → () →
{690E8785-F190-4F25-8406-EAEDB088921C} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{7C777C7A-6DEF-4F41-91BB-8AC28D08D0D7} → (1394 Net Adapter) →
{7D4EEF3A-321A-4114-8A31-619F7E7D68E3} → (1394 Net Adapter) →
{B0043B74-DEA3-411A-AEA4-86C8487645A8} → (Broadcom 802.11b) →
{B146B9C6-05FB-40C5-AAF9-4424DAD1C800} → (1394 Net Adapter) →
{C1D6AC56-DFF8-49B8-9E4A-81C6919FE1BA} → (Broadcom 802.11b) →
{EECAB3FF-1C5B-4C5B-B679-9AF04C2FC3B3} → (1394 Net Adapter) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
cetihpz → %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll → Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr = ]
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{00000055-9980-0010-8000-00AA00389B71} → - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB
{D27CDB6E-AE6D-11CF-96B8-444553540000} → - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Microsoft XML Parser for Java → - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab →

[Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ImagePath → %SystemRoot%\System32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DisplayName → Background Intelligent Transfer Service →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnService → Rpcss; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Description → Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. →