WNSO.EXE help please.........

system · 2007-10-20T02:46:45.000Z

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32-16767.exe → C:\WINDOWS\system32-16767.exe::Disabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\yjiklkd.exe → C:\Program Files\Internet Explorer\yjiklkd.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\zfkhggn.exe → C:\WINDOWS\system32\zfkhggn.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\HP\tlchiil.exe → C:\Program Files\HP\tlchiil.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\msnmsgr.exe → C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\livecall.exe → C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\1900:UDP → 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\2869:TCP → 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\139:TCP → 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\445:TCP → 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\137:UDP → 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\138:UDP → 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy‚—\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy‚—\C:\WINDOWS\system32-200431.exe → C:\WINDOWS\system32-200431.exe:*:Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\Security →

[Files/Folders - Created Within 30 days]
SDFix → %SystemDrive%\SDFix → [Folder | Created Date = 10/16/2007 9:00:38 PM | Attr = ]
SDFix.zip → %SystemDrive%\SDFix.zip → [Ver = | Size = 1346060 bytes | Created Date = 10/16/2007 10:30:09 PM | Attr = ]
$NtUninstallKB911993-V2$ → %SystemRoot%$NtUninstallKB911993-V2$ → [Folder | Created Date = 9/21/2007 8:03:48 PM | Attr = H ]
$NtUninstallKB919880$ → %SystemRoot%$NtUninstallKB919880$ → [Folder | Created Date = 9/21/2007 8:45:38 PM | Attr = H ]
$NtUninstallKB922120$ → %SystemRoot%$NtUninstallKB922120$ → [Folder | Created Date = 10/5/2007 7:11:30 PM | Attr = H ]
$NtUninstallKB933729$ → %SystemRoot%$NtUninstallKB933729$ → [Folder | Created Date = 10/10/2007 10:13:12 PM | Attr = H ]
$NtUninstallKB939653$ → %SystemRoot%$NtUninstallKB939653$ → [Folder | Created Date = 10/10/2007 10:11:30 PM | Attr = H ]
$NtUninstallKB941202$ → %SystemRoot%$NtUninstallKB941202$ → [Folder | Created Date = 10/10/2007 10:09:57 PM | Attr = H ]
cookies.ini → %SystemRoot%\cookies.ini → [Ver = | Size = 639 bytes | Created Date = 9/20/2007 10:37:33 PM | Attr = ]
eDrawingOfficeAutomator.INI → %SystemRoot%\eDrawingOfficeAutomator.INI → [Ver = | Size = 0 bytes | Created Date = 9/21/2007 8:48:37 PM | Attr = ]
winshow.exe → %SystemRoot%\winshow.exe → [Ver = 23.03.0020 | Size = 35328 bytes | Created Date = 10/3/2007 11:19:47 PM | Attr = ]
bocouhkq.ini → %System32%\bocouhkq.ini → [Ver = | Size = 693721 bytes | Created Date = 10/15/2007 7:30:47 PM | Attr = HS]
bxsrffnh.exe → %System32%\bxsrffnh.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/3/2007 6:21:13 PM | Attr = ]
caqlphka.dll → %System32%\caqlphka.dll → [Ver = | Size = 69184 bytes | Created Date = 9/30/2007 8:55:30 PM | Attr = ]
cfnwicad.dll → %System32%\cfnwicad.dll → [Ver = | Size = 69184 bytes | Created Date = 9/22/2007 4:08:06 AM | Attr = ]
cvqtiqmy.ini → %System32%\cvqtiqmy.ini → [Ver = | Size = 693772 bytes | Created Date = 9/29/2007 6:10:11 PM | Attr = HS]
cxxyvsqv.exe → %System32%\cxxyvsqv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/9/2007 4:10:45 PM | Attr = ]
dvmjoetv.exe → %System32%\dvmjoetv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/20/2007 10:18:33 PM | Attr = ]
emdorobt.ini → %System32%\emdorobt.ini → [Ver = | Size = 693481 bytes | Created Date = 10/8/2007 5:47:34 PM | Attr = HS]
epqefoto.exe → %System32%\epqefoto.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/1/2007 5:54:31 PM | Attr = ]
erfgtpgv.ini → %System32%\erfgtpgv.ini → [Ver = | Size = 694381 bytes | Created Date = 10/7/2007 8:30:23 AM | Attr = HS]
evxftikj.exe → %System32%\evxftikj.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/17/2007 7:56:25 PM | Attr = ]
fsdgubhf.ini → %System32%\fsdgubhf.ini → [Ver = | Size = 694312 bytes | Created Date = 10/5/2007 9:34:19 PM | Attr = HS]
gahucgqj.ini → %System32%\gahucgqj.ini → [Ver = | Size = 694021 bytes | Created Date = 10/2/2007 6:03:51 PM | Attr = HS]
ghabwcty.exe → %System32%\ghabwcty.exe → [Ver = | Size = 4672 bytes | Created Date = 10/16/2007 7:58:45 PM | Attr = ]
gqorhcce.ini → %System32%\gqorhcce.ini → [Ver = | Size = 693721 bytes | Created Date = 9/29/2007 5:49:10 PM | Attr = HS]
GroupPolicy → %System32%\GroupPolicy → [Folder | Created Date = 9/21/2007 8:13:55 PM | Attr = ]

system · 2007-10-20T02:47:32.000Z

system · 2007-10-20T02:49:50.000Z

[Files/Folders - Modified Within 30 days]
avenger → %SystemDrive%\avenger → [Folder | Modified Date = 10/15/2007 8:23:18 PM | Attr = ]
boot.ini → %SystemDrive%\boot.ini → [Ver = | Size = 209 bytes | Modified Date = 10/16/2007 9:52:26 PM | Attr = RHS]
Config.Msi → %SystemDrive%\Config.Msi → [Folder | Modified Date = 9/23/2007 11:00:48 AM | Attr = H ]
Program Files → %ProgramFiles% → [Folder | Modified Date = 10/14/2007 7:44:58 PM | Attr = R ]
SDFix → %SystemDrive%\SDFix → [Folder | Modified Date = 10/15/2007 7:33:38 PM | Attr = ]
SDFix.zip → %SystemDrive%\SDFix.zip → [Ver = | Size = 1346060 bytes | Modified Date = 10/16/2007 11:30:12 PM | Attr = ]
System Volume Information → %SystemDrive%\System Volume Information → [Folder | Modified Date = 10/17/2007 7:11:50 PM | Attr = HS]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 10/19/2007 7:23:42 PM | Attr = ]
$hf_mig$ → %SystemRoot%$hf_mig$ → [Folder | Modified Date = 10/10/2007 11:13:10 PM | Attr = H ]
$NtUninstallKB911993-V2$ → %SystemRoot%$NtUninstallKB911993-V2$ → [Folder | Modified Date = 9/21/2007 9:03:50 PM | Attr = H ]
$NtUninstallKB919880$ → %SystemRoot%$NtUninstallKB919880$ → [Folder | Modified Date = 9/21/2007 9:45:40 PM | Attr = H ]
$NtUninstallKB922120$ → %SystemRoot%$NtUninstallKB922120$ → [Folder | Modified Date = 10/5/2007 8:11:32 PM | Attr = H ]
$NtUninstallKB933729$ → %SystemRoot%$NtUninstallKB933729$ → [Folder | Modified Date = 10/10/2007 11:13:14 PM | Attr = H ]
$NtUninstallKB939653$ → %SystemRoot%$NtUninstallKB939653$ → [Folder | Modified Date = 10/10/2007 11:11:40 PM | Attr = H ]
$NtUninstallKB941202$ → %SystemRoot%$NtUninstallKB941202$ → [Folder | Modified Date = 10/10/2007 11:09:58 PM | Attr = H ]
assembly → %SystemRoot%\assembly → [Folder | Modified Date = 9/23/2007 10:50:36 AM | Attr = R S]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 10/19/2007 7:21:58 PM | Attr = S]
cookies.ini → %SystemRoot%\cookies.ini → [Ver = | Size = 639 bytes | Modified Date = 10/16/2007 9:56:32 PM | Attr = ]
eDrawingOfficeAutomator.INI → %SystemRoot%\eDrawingOfficeAutomator.INI → [Ver = | Size = 0 bytes | Modified Date = 9/21/2007 9:48:38 PM | Attr = ]
Fonts → %SystemRoot%\Fonts → [Folder | Modified Date = 9/21/2007 9:20:04 PM | Attr = R S]
Help → %SystemRoot%\Help → [Folder | Modified Date = 10/11/2007 11:08:44 PM | Attr = ]
imsins.BAK → %SystemRoot%\imsins.BAK → [Ver = | Size = 1393 bytes | Modified Date = 10/10/2007 11:13:08 PM | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 10/10/2007 11:13:32 PM | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 9/23/2007 10:44:24 AM | Attr = HS]
Microsoft.NET → %SystemRoot%\Microsoft.NET → [Folder | Modified Date = 9/23/2007 10:48:10 AM | Attr = ]
netdet.ini → %SystemRoot%\netdet.ini → [Ver = | Size = 520 bytes | Modified Date = 10/8/2007 10:59:26 PM | Attr = ]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 10/18/2007 11:35:18 PM | Attr = ]
pss → %SystemRoot%\pss → [Folder | Modified Date = 10/16/2007 11:23:10 PM | Attr = ]
QTFont.qfn → %SystemRoot%\QTFont.qfn → [Ver = | Size = 54156 bytes | Modified Date = 10/9/2007 5:23:46 PM | Attr = H ]
system.ini → %SystemRoot%\system.ini → [Ver = | Size = 435 bytes | Modified Date = 10/16/2007 9:52:26 PM | Attr = ]
system32 → %System32% → [Folder | Modified Date = 10/19/2007 8:26:28 PM | Attr = ]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 10/19/2007 8:20:10 PM | Attr = ]
Thumbs.db → %SystemRoot%\Thumbs.db → [Ver = | Size = 73216 bytes | Modified Date = 10/11/2007 8:56:02 PM | Attr = HS]
@Alternate Data Stream - 0 bytes → %SystemRoot%\Thumbs.db:encryptable →
win.ini → %SystemRoot%\win.ini → [Ver = | Size = 730 bytes | Modified Date = 10/16/2007 9:52:26 PM | Attr = ]
winshow.exe → %SystemRoot%\winshow.exe → [Ver = 23.03.0020 | Size = 35328 bytes | Modified Date = 10/4/2007 12:19:48 AM | Attr = ]
WinSxS → %SystemRoot%\WinSxS → [Folder | Modified Date = 9/23/2007 10:39:30 AM | Attr = ]
yacht.xws → %SystemRoot%\yacht.xws → [Ver = | Size = 23 bytes | Modified Date = 9/21/2007 9:38:32 PM | Attr = H ]
eKMEw.job → %SystemRoot%\tasks\eKMEw.job → [Ver = | Size = 222 bytes | Modified Date = 10/19/2007 8:00:02 PM | Attr = ]
jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job → %SystemRoot%\tasks\jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job → [Ver = | Size = 222 bytes | Modified Date = 10/19/2007 8:00:02 PM | Attr = ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 10/19/2007 7:22:30 PM | Attr = H ]
Win_Update_Program.job → %SystemRoot%\tasks\Win_Update_Program.job → [Ver = | Size = 222 bytes | Modified Date = 10/19/2007 8:00:02 PM | Attr = ]
bocouhkq.ini → %System32%\bocouhkq.ini → [Ver = | Size = 693721 bytes | Modified Date = 10/15/2007 9:52:16 PM | Attr = HS]
bxsrffnh.exe → %System32%\bxsrffnh.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/3/2007 7:21:18 PM | Attr = ]
caqlphka.dll → %System32%\caqlphka.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/30/2007 9:55:34 PM | Attr = ]
CatRoot → %System32%\CatRoot → [Folder | Modified Date = 9/21/2007 9:05:44 PM | Attr = ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 10/18/2007 5:17:24 AM | Attr = ]
cfnwicad.dll → %System32%\cfnwicad.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/22/2007 5:08:12 AM | Attr = ]
cvqtiqmy.ini → %System32%\cvqtiqmy.ini → [Ver = | Size = 693772 bytes | Modified Date = 9/30/2007 7:00:16 PM | Attr = HS]
cxxyvsqv.exe → %System32%\cxxyvsqv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/9/2007 5:10:50 PM | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 10/17/2007 10:31:40 PM | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 10/15/2007 8:23:22 PM | Attr = ]
dvmjoetv.exe → %System32%\dvmjoetv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/20/2007 11:18:38 PM | Attr = ]
emdorobt.ini → %System32%\emdorobt.ini → [Ver = | Size = 693481 bytes | Modified Date = 10/9/2007 5:12:56 PM | Attr = HS]
epqefoto.exe → %System32%\epqefoto.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/1/2007 6:56:28 PM | Attr = ]
erfgtpgv.ini → %System32%\erfgtpgv.ini → [Ver = | Size = 694381 bytes | Modified Date = 10/7/2007 9:36:20 AM | Attr = HS]
evxftikj.exe → %System32%\evxftikj.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/17/2007 8:56:34 PM | Attr = ]
FNTCACHE.DAT → %System32%\FNTCACHE.DAT → [Ver = | Size = 376056 bytes | Modified Date = 9/22/2007 5:00:14 AM | Attr = ]

system · 2007-10-20T02:51:52.000Z

system · 2007-10-20T02:52:49.000Z

File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes → %SystemDrive%\Thumbs.db:encryptable →
Thawte Consulting , → %SystemRoot%\HPBroker.dll → [Ver = 1, 0, 0, 18 | Size = 91848 bytes | Modified Date = 11/17/2006 11:34:40 AM | Attr = ]
@Alternate Data Stream - 0 bytes → %SystemRoot%\Thumbs.db:encryptable →
UPX! , UPX0 , → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 5:09:50 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\bxsrffnh.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/3/2007 7:21:18 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\caqlphka.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/30/2007 9:55:34 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\cfnwicad.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/22/2007 5:08:12 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\cxxyvsqv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/9/2007 5:10:50 PM | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 7/30/2003 11:00:00 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\DivX.dll → DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 7/25/2007 9:50:22 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\dvmjoetv.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/20/2007 11:18:38 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\epqefoto.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/1/2007 6:56:28 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\evxftikj.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/17/2007 8:56:34 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\hvvycbpm.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/15/2007 8:57:52 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\hwawctdi.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/6/2007 10:31:18 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\hxhdipqm.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/15/2007 8:24:56 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\iivpjxjk.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/8/2007 6:41:34 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\jmcmndmr.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/29/2007 3:46:40 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\kvyyliof.dll → [Ver = | Size = 69184 bytes | Modified Date = 10/1/2007 7:03:34 PM | Attr = ]
PTech , → %System32%\LegitCheckControl.DLL → Microsoft® Corporation [Ver = 1.3.0272.0 | Size = 520968 bytes | Modified Date = 8/29/2005 2:27:12 PM | Attr = ]
aspack , → %System32%\LibHupSink.dll → [Ver = | Size = 206848 bytes | Modified Date = 8/27/2006 2:22:24 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\lxnhaexo.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/30/2007 9:52:46 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\mwxpwfnx.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/20/2007 11:17:14 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\nryafwid.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/23/2007 10:34:00 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\qftklagh.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/23/2007 1:20:16 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\qiiosgee.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/22/2007 5:07:26 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\qiyklfiu.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/26/2007 3:08:30 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\qqmwguyd.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/4/2007 10:14:12 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\qsafjfbr.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/3/2007 8:23:02 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\qubfkmri.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/7/2007 9:36:46 AM | Attr = ]
PEC2 , PECompact2 , → %System32%\qwruiljg.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/2/2007 6:55:04 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\thrbncyb.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/20/2007 11:29:54 PM | Attr = ]
@Alternate Data Stream - 0 bytes → %System32%\Thumbs.db:encryptable →
PEC2 , PECompact2 , → %System32%\ucpueekp.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/11/2007 10:37:56 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\uhtbhmns.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/16/2007 8:56:14 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\uogtjtbp.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/26/2007 6:51:58 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\urqbepte.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 9/29/2007 6:58:18 PM | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 7/30/2003 11:00:00 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\wwhwfjax.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/13/2007 1:00:00 AM | Attr = ]
Thawte Consulting , → %System32%\XceedZip.dll → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 4.5.77.0 | Size = 397856 bytes | Modified Date = 10/29/2001 9:44:36 AM | Attr = R ]
PEC2 , PECompact2 , → %System32%\xsfimpjd.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/14/2007 9:16:02 AM | Attr = ]
Thawte Consulting , → %System32%\xupload.ocx → Persits Software, Inc. [Ver = 2, 1, 0, 0 | Size = 227672 bytes | Modified Date = 11/22/2000 12:47:08 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\xytoteva.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/29/2007 7:04:16 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\ycebjhku.exe → [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/18/2007 10:56:22 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\ynwhmodg.dll → [Ver = | Size = 69184 bytes | Modified Date = 9/28/2007 6:54:20 PM | Attr = ]
MZKERNEL32.DLL , → %System32%\zfkhggn.exe → [Ver = | Size = 49816 bytes | Modified Date = 5/9/2005 7:02:04 PM | Attr = ]
WSUD , UPX0 , → %System32%\dllcache\hwxjpn.dll → [Ver = | Size = 13463552 bytes | Modified Date = 7/30/2003 3:00:00 PM | Attr = ]
PTech , → %System32%\drivers\mtlstrm.sys → Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >
Finally finished. Are they all this long???

system · 2007-10-20T05:26:53.000Z

Pol - I hope you don’t mind me jumping in but I had my WinPFind analyst tool already open for another thread anyway.

Mark, start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.

[Registry - Non-Microsoft Only] < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ YN -> rqrqomm -> rqrqomm.dll [Files/Folders - Created Within 30 days] NY -> winshow.exe -> %SystemRoot%\winshow.exe NY -> bocouhkq.ini -> %System32%\bocouhkq.ini NY -> bxsrffnh.exe -> %System32%\bxsrffnh.exe NY -> caqlphka.dll -> %System32%\caqlphka.dll NY -> cfnwicad.dll -> %System32%\cfnwicad.dll NY -> cvqtiqmy.ini -> %System32%\cvqtiqmy.ini NY -> cxxyvsqv.exe -> %System32%\cxxyvsqv.exe NY -> dvmjoetv.exe -> %System32%\dvmjoetv.exe NY -> emdorobt.ini -> %System32%\emdorobt.ini NY -> epqefoto.exe -> %System32%\epqefoto.exe NY -> erfgtpgv.ini -> %System32%\erfgtpgv.ini NY -> evxftikj.exe -> %System32%\evxftikj.exe NY -> fsdgubhf.ini -> %System32%\fsdgubhf.ini NY -> gahucgqj.ini -> %System32%\gahucgqj.ini NY -> ghabwcty.exe -> %System32%\ghabwcty.exe NY -> gqorhcce.ini -> %System32%\gqorhcce.ini NY -> hmcdhdlw.ini -> %System32%\hmcdhdlw.ini NY -> hpfkwomp.ini -> %System32%\hpfkwomp.ini NY -> hvvycbpm.exe -> %System32%\hvvycbpm.exe NY -> hwawctdi.exe -> %System32%\hwawctdi.exe NY -> hxhdipqm.exe -> %System32%\hxhdipqm.exe NY -> ibuauegt.dll -> %System32%\ibuauegt.dll NY -> iivpjxjk.exe -> %System32%\iivpjxjk.exe NY -> inpiutmn.ini -> %System32%\inpiutmn.ini NY -> jmcmndmr.exe -> %System32%\jmcmndmr.exe NY -> jxibasda.ini -> %System32%\jxibasda.ini NY -> kakggcks.ini -> %System32%\kakggcks.ini NY -> kvyyliof.dll -> %System32%\kvyyliof.dll NY -> lvgxyqsp.ini -> %System32%\lvgxyqsp.ini NY -> lxnhaexo.exe -> %System32%\lxnhaexo.exe NY -> mcrh.tmp -> %System32%\mcrh.tmp NY -> mpsqtnkp.ini -> %System32%\mpsqtnkp.ini NY -> mwxpwfnx.exe -> %System32%\mwxpwfnx.exe NY -> ndrlrvlk.ini -> %System32%\ndrlrvlk.ini NY -> nnccwnfn.ini -> %System32%\nnccwnfn.ini NY -> nryafwid.exe -> %System32%\nryafwid.exe NY -> nthxsrbx.ini -> %System32%\nthxsrbx.ini NY -> oeohfjck.ini -> %System32%\oeohfjck.ini NY -> ohcmrdoh.tmp -> %System32%\ohcmrdoh.tmp NY -> ooyqblwu.ini -> %System32%\ooyqblwu.ini NY -> pmnlmlk.dll -> %System32%\pmnlmlk.dll NY -> psqyxgvl.dll -> %System32%\psqyxgvl.dll NY -> qftklagh.dll -> %System32%\qftklagh.dll NY -> qiiosgee.exe -> %System32%\qiiosgee.exe NY -> qiyklfiu.exe -> %System32%\qiyklfiu.exe NY -> qqmwguyd.exe -> %System32%\qqmwguyd.exe NY -> qsafjfbr.exe -> %System32%\qsafjfbr.exe NY -> qubfkmri.exe -> %System32%\qubfkmri.exe NY -> qvmyndvv.dll -> %System32%\qvmyndvv.dll NY -> qwruiljg.exe -> %System32%\qwruiljg.exe NY -> rbrdorry.ini -> %System32%\rbrdorry.ini NY -> rkpokdfk.ini -> %System32%\rkpokdfk.ini NY -> rttjqulv.ini -> %System32%\rttjqulv.ini NY -> skcggkak.dll -> %System32%\skcggkak.dll NY -> tecfbqsg.ini -> %System32%\tecfbqsg.ini NY -> tgeuaubi.ini -> %System32%\tgeuaubi.ini NY -> thrbncyb.dll -> %System32%\thrbncyb.dll NY -> tkspfget.ini -> %System32%\tkspfget.ini NY -> ucpueekp.exe -> %System32%\ucpueekp.exe NY -> uedjhktu.ini -> %System32%\uedjhktu.ini NY -> uhtbhmns.exe -> %System32%\uhtbhmns.exe NY -> uogtjtbp.dll -> %System32%\uogtjtbp.dll NY -> urqbepte.exe -> %System32%\urqbepte.exe NY -> vtquqiex.dll -> %System32%\vtquqiex.dll NY -> vvdnymvq.ini -> %System32%\vvdnymvq.ini NY -> wwhwfjax.exe -> %System32%\wwhwfjax.exe NY -> xbrsxhtn.dll -> %System32%\xbrsxhtn.dll NY -> xkfowsux.ini -> %System32%\xkfowsux.ini NY -> xsfimpjd.exe -> %System32%\xsfimpjd.exe NY -> xuswofkx.dll -> %System32%\xuswofkx.dll NY -> xytoteva.dll -> %System32%\xytoteva.dll NY -> ycebjhku.exe -> %System32%\ycebjhku.exe NY -> ynwhmodg.dll -> %System32%\ynwhmodg.dll NY -> ytswoufv.ini -> %System32%\ytswoufv.ini [Files/Folders - Modified Within 30 days] NY -> eKMEw.job -> %SystemRoot%\tasks\eKMEw.job NY -> jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job -> %SystemRoot%\tasks\jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job NY -> bocouhkq.ini -> %System32%\bocouhkq.ini NY -> bxsrffnh.exe -> %System32%\bxsrffnh.exe NY -> caqlphka.dll -> %System32%\caqlphka.dll NY -> cfnwicad.dll -> %System32%\cfnwicad.dll NY -> cvqtiqmy.ini -> %System32%\cvqtiqmy.ini NY -> cxxyvsqv.exe -> %System32%\cxxyvsqv.exe NY -> dvmjoetv.exe -> %System32%\dvmjoetv.exe NY -> emdorobt.ini -> %System32%\emdorobt.ini NY -> epqefoto.exe -> %System32%\epqefoto.exe NY -> erfgtpgv.ini -> %System32%\erfgtpgv.ini NY -> evxftikj.exe -> %System32%\evxftikj.exe NY -> fsdgubhf.ini -> %System32%\fsdgubhf.ini NY -> gahucgqj.ini -> %System32%\gahucgqj.ini NY -> ghabwcty.exe -> %System32%\ghabwcty.exe NY -> gqorhcce.ini -> %System32%\gqorhcce.ini NY -> hmcdhdlw.ini -> %System32%\hmcdhdlw.ini NY -> hpfkwomp.ini -> %System32%\hpfkwomp.ini NY -> hvvycbpm.exe -> %System32%\hvvycbpm.exe NY -> hwawctdi.exe -> %System32%\hwawctdi.exe NY -> hxhdipqm.exe -> %System32%\hxhdipqm.exe NY -> ibuauegt.dll -> %System32%\ibuauegt.dll NY -> iivpjxjk.exe -> %System32%\iivpjxjk.exe NY -> inpiutmn.ini -> %System32%\inpiutmn.ini NY -> jmcmndmr.exe -> %System32%\jmcmndmr.exe NY -> jxibasda.ini -> %System32%\jxibasda.ini NY -> kakggcks.ini -> %System32%\kakggcks.ini NY -> kvyyliof.dll -> %System32%\kvyyliof.dll NY -> lvgxyqsp.ini -> %System32%\lvgxyqsp.ini NY -> lxnhaexo.exe -> %System32%\lxnhaexo.exe NY -> mcrh.tmp -> %System32%\mcrh.tmp NY -> mpsqtnkp.ini -> %System32%\mpsqtnkp.ini NY -> mwxpwfnx.exe -> %System32%\mwxpwfnx.exe NY -> ndrlrvlk.ini -> %System32%\ndrlrvlk.ini NY -> nnccwnfn.ini -> %System32%\nnccwnfn.ini NY -> nryafwid.exe -> %System32%\nryafwid.exe NY -> nthxsrbx.ini -> %System32%\nthxsrbx.ini NY -> oeohfjck.ini -> %System32%\oeohfjck.ini NY -> ohcmrdoh.tmp -> %System32%\ohcmrdoh.tmp NY -> ooyqblwu.ini -> %System32%\ooyqblwu.ini NY -> pmnlmlk.dll -> %System32%\pmnlmlk.dll NY -> psqyxgvl.dll -> %System32%\psqyxgvl.dll NY -> qftklagh.dll -> %System32%\qftklagh.dll NY -> qiiosgee.exe -> %System32%\qiiosgee.exe NY -> qiyklfiu.exe -> %System32%\qiyklfiu.exe NY -> qqmwguyd.exe -> %System32%\qqmwguyd.exe NY -> qsafjfbr.exe -> %System32%\qsafjfbr.exe NY -> qubfkmri.exe -> %System32%\qubfkmri.exe NY -> qvmyndvv.dll -> %System32%\qvmyndvv.dll NY -> qwruiljg.exe -> %System32%\qwruiljg.exe NY -> rbrdorry.ini -> %System32%\rbrdorry.ini NY -> rkpokdfk.ini -> %System32%\rkpokdfk.ini NY -> rrutv.bak1 -> %System32%\rrutv.bak1 NY -> rrutv.bak2 -> %System32%\rrutv.bak2 NY -> rrutv.ini -> %System32%\rrutv.ini NY -> rttjqulv.ini -> %System32%\rttjqulv.ini NY -> skcggkak.dll -> %System32%\skcggkak.dll NY -> tecfbqsg.ini -> %System32%\tecfbqsg.ini NY -> tgeuaubi.ini -> %System32%\tgeuaubi.ini NY -> thrbncyb.dll -> %System32%\thrbncyb.dll NY -> tkspfget.ini -> %System32%\tkspfget.ini NY -> ucpueekp.exe -> %System32%\ucpueekp.exe NY -> uedjhktu.ini -> %System32%\uedjhktu.ini NY -> uhtbhmns.exe -> %System32%\uhtbhmns.exe NY -> uogtjtbp.dll -> %System32%\uogtjtbp.dll NY -> urqbepte.exe -> %System32%\urqbepte.exe NY -> vtquqiex.dll -> %System32%\vtquqiex.dll NY -> vvdnymvq.ini -> %System32%\vvdnymvq.ini NY -> wwhwfjax.exe -> %System32%\wwhwfjax.exe NY -> xbrsxhtn.dll -> %System32%\xbrsxhtn.dll NY -> xkfowsux.ini -> %System32%\xkfowsux.ini NY -> xsfimpjd.exe -> %System32%\xsfimpjd.exe NY -> xuswofkx.dll -> %System32%\xuswofkx.dll NY -> xytoteva.dll -> %System32%\xytoteva.dll NY -> ycebjhku.exe -> %System32%\ycebjhku.exe NY -> ynwhmodg.dll -> %System32%\ynwhmodg.dll NY -> ytswoufv.ini -> %System32%\ytswoufv.ini

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

Also let me know of any problems you encounter performing these steps or any continuing problems you are having with the computer.

Is there a red line through the avast! icon in the system tray at the bottom right of your screen? The avast! services are reported stopped in the WinPFind log.

EDIT:

Finally finished. Are they all this long???

Yes, give or take a line or two ;D

system · 2007-10-20T23:39:41.000Z

I ran it and here are the results. But now, WNSO.exe still shows up as loading during boot up, and my Netscape bookmarks are all gone, same with my newsgroup settings.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrqomm deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\winshow.exe moved successfully.
C:\WINDOWS\SYSTEM32\bocouhkq.ini moved successfully.
C:\WINDOWS\SYSTEM32\bxsrffnh.exe moved successfully.
C:\WINDOWS\SYSTEM32\caqlphka.dll moved successfully.
C:\WINDOWS\SYSTEM32\cfnwicad.dll moved successfully.
C:\WINDOWS\SYSTEM32\cvqtiqmy.ini moved successfully.
C:\WINDOWS\SYSTEM32\cxxyvsqv.exe moved successfully.
C:\WINDOWS\SYSTEM32\dvmjoetv.exe moved successfully.
C:\WINDOWS\SYSTEM32\emdorobt.ini moved successfully.
C:\WINDOWS\SYSTEM32\epqefoto.exe moved successfully.
C:\WINDOWS\SYSTEM32\erfgtpgv.ini moved successfully.
C:\WINDOWS\SYSTEM32\evxftikj.exe moved successfully.
C:\WINDOWS\SYSTEM32\fsdgubhf.ini moved successfully.
C:\WINDOWS\SYSTEM32\gahucgqj.ini moved successfully.
C:\WINDOWS\SYSTEM32\ghabwcty.exe moved successfully.
C:\WINDOWS\SYSTEM32\gqorhcce.ini moved successfully.
C:\WINDOWS\SYSTEM32\hmcdhdlw.ini moved successfully.
C:\WINDOWS\SYSTEM32\hpfkwomp.ini moved successfully.
C:\WINDOWS\SYSTEM32\hvvycbpm.exe moved successfully.
C:\WINDOWS\SYSTEM32\hwawctdi.exe moved successfully.
C:\WINDOWS\SYSTEM32\hxhdipqm.exe moved successfully.
C:\WINDOWS\SYSTEM32\ibuauegt.dll moved successfully.
C:\WINDOWS\SYSTEM32\iivpjxjk.exe moved successfully.
C:\WINDOWS\SYSTEM32\inpiutmn.ini moved successfully.
C:\WINDOWS\SYSTEM32\jmcmndmr.exe moved successfully.
C:\WINDOWS\SYSTEM32\jxibasda.ini moved successfully.
C:\WINDOWS\SYSTEM32\kakggcks.ini moved successfully.
C:\WINDOWS\SYSTEM32\kvyyliof.dll moved successfully.
C:\WINDOWS\SYSTEM32\lvgxyqsp.ini moved successfully.
C:\WINDOWS\SYSTEM32\lxnhaexo.exe moved successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp moved successfully.
C:\WINDOWS\SYSTEM32\mpsqtnkp.ini moved successfully.
C:\WINDOWS\SYSTEM32\mwxpwfnx.exe moved successfully.
C:\WINDOWS\SYSTEM32\ndrlrvlk.ini moved successfully.
C:\WINDOWS\SYSTEM32\nnccwnfn.ini moved successfully.
C:\WINDOWS\SYSTEM32\nryafwid.exe moved successfully.
C:\WINDOWS\SYSTEM32\nthxsrbx.ini moved successfully.
C:\WINDOWS\SYSTEM32\oeohfjck.ini moved successfully.
C:\WINDOWS\SYSTEM32\ohcmrdoh.tmp moved successfully.
C:\WINDOWS\SYSTEM32\ooyqblwu.ini moved successfully.
C:\WINDOWS\SYSTEM32\pmnlmlk.dll moved successfully.
C:\WINDOWS\SYSTEM32\psqyxgvl.dll moved successfully.
C:\WINDOWS\SYSTEM32\qftklagh.dll moved successfully.
C:\WINDOWS\SYSTEM32\qiiosgee.exe moved successfully.
C:\WINDOWS\SYSTEM32\qiyklfiu.exe moved successfully.
C:\WINDOWS\SYSTEM32\qqmwguyd.exe moved successfully.
C:\WINDOWS\SYSTEM32\qsafjfbr.exe moved successfully.
C:\WINDOWS\SYSTEM32\qubfkmri.exe moved successfully.
C:\WINDOWS\SYSTEM32\qvmyndvv.dll moved successfully.
C:\WINDOWS\SYSTEM32\qwruiljg.exe moved successfully.
C:\WINDOWS\SYSTEM32\rbrdorry.ini moved successfully.
C:\WINDOWS\SYSTEM32\rkpokdfk.ini moved successfully.
C:\WINDOWS\SYSTEM32\rttjqulv.ini moved successfully.
C:\WINDOWS\SYSTEM32\skcggkak.dll moved successfully.
C:\WINDOWS\SYSTEM32\tecfbqsg.ini moved successfully.
C:\WINDOWS\SYSTEM32\tgeuaubi.ini moved successfully.
C:\WINDOWS\SYSTEM32\thrbncyb.dll moved successfully.
C:\WINDOWS\SYSTEM32\tkspfget.ini moved successfully.
C:\WINDOWS\SYSTEM32\ucpueekp.exe moved successfully.
C:\WINDOWS\SYSTEM32\uedjhktu.ini moved successfully.
C:\WINDOWS\SYSTEM32\uhtbhmns.exe moved successfully.
C:\WINDOWS\SYSTEM32\uogtjtbp.dll moved successfully.
C:\WINDOWS\SYSTEM32\urqbepte.exe moved successfully.
C:\WINDOWS\SYSTEM32\vtquqiex.dll moved successfully.
C:\WINDOWS\SYSTEM32\vvdnymvq.ini moved successfully.
C:\WINDOWS\SYSTEM32\wwhwfjax.exe moved successfully.
C:\WINDOWS\SYSTEM32\xbrsxhtn.dll moved successfully.
C:\WINDOWS\SYSTEM32\xkfowsux.ini moved successfully.
C:\WINDOWS\SYSTEM32\xsfimpjd.exe moved successfully.
C:\WINDOWS\SYSTEM32\xuswofkx.dll moved successfully.
C:\WINDOWS\SYSTEM32\xytoteva.dll moved successfully.
C:\WINDOWS\SYSTEM32\ycebjhku.exe moved successfully.
C:\WINDOWS\SYSTEM32\ynwhmodg.dll moved successfully.
C:\WINDOWS\SYSTEM32\ytswoufv.ini moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\tasks\eKMEw.job moved successfully.
C:\WINDOWS\tasks\jVakIwGLcxbxzakDfKhmXqrscHJSGFe.job moved successfully.
File C:\WINDOWS\SYSTEM32\bocouhkq.ini not found!
File C:\WINDOWS\SYSTEM32\bxsrffnh.exe not found!
File C:\WINDOWS\SYSTEM32\caqlphka.dll not found!
File C:\WINDOWS\SYSTEM32\cfnwicad.dll not found!
File C:\WINDOWS\SYSTEM32\cvqtiqmy.ini not found!
File C:\WINDOWS\SYSTEM32\cxxyvsqv.exe not found!
File C:\WINDOWS\SYSTEM32\dvmjoetv.exe not found!
File C:\WINDOWS\SYSTEM32\emdorobt.ini not found!
File C:\WINDOWS\SYSTEM32\epqefoto.exe not found!
File C:\WINDOWS\SYSTEM32\erfgtpgv.ini not found!
File C:\WINDOWS\SYSTEM32\evxftikj.exe not found!
File C:\WINDOWS\SYSTEM32\fsdgubhf.ini not found!
File C:\WINDOWS\SYSTEM32\gahucgqj.ini not found!
File C:\WINDOWS\SYSTEM32\ghabwcty.exe not found!
File C:\WINDOWS\SYSTEM32\gqorhcce.ini not found!
File C:\WINDOWS\SYSTEM32\hmcdhdlw.ini not found!
File C:\WINDOWS\SYSTEM32\hpfkwomp.ini not found!
File C:\WINDOWS\SYSTEM32\hvvycbpm.exe not found!
File C:\WINDOWS\SYSTEM32\hwawctdi.exe not found!
File C:\WINDOWS\SYSTEM32\hxhdipqm.exe not found!
File C:\WINDOWS\SYSTEM32\ibuauegt.dll not found!
File C:\WINDOWS\SYSTEM32\iivpjxjk.exe not found!
File C:\WINDOWS\SYSTEM32\inpiutmn.ini not found!
File C:\WINDOWS\SYSTEM32\jmcmndmr.exe not found!
File C:\WINDOWS\SYSTEM32\jxibasda.ini not found!
File C:\WINDOWS\SYSTEM32\kakggcks.ini not found!
File C:\WINDOWS\SYSTEM32\kvyyliof.dll not found!
File C:\WINDOWS\SYSTEM32\lvgxyqsp.ini not found!
File C:\WINDOWS\SYSTEM32\lxnhaexo.exe not found!
File C:\WINDOWS\SYSTEM32\mcrh.tmp not found!
File C:\WINDOWS\SYSTEM32\mpsqtnkp.ini not found!
File C:\WINDOWS\SYSTEM32\mwxpwfnx.exe not found!
File C:\WINDOWS\SYSTEM32\ndrlrvlk.ini not found!
File C:\WINDOWS\SYSTEM32\nnccwnfn.ini not found!
File C:\WINDOWS\SYSTEM32\nryafwid.exe not found!
File C:\WINDOWS\SYSTEM32\nthxsrbx.ini not found!
File C:\WINDOWS\SYSTEM32\oeohfjck.ini not found!
File C:\WINDOWS\SYSTEM32\ohcmrdoh.tmp not found!
File C:\WINDOWS\SYSTEM32\ooyqblwu.ini not found!
File C:\WINDOWS\SYSTEM32\pmnlmlk.dll not found!
File C:\WINDOWS\SYSTEM32\psqyxgvl.dll not found!
File C:\WINDOWS\SYSTEM32\qftklagh.dll not found!
File C:\WINDOWS\SYSTEM32\qiiosgee.exe not found!
File C:\WINDOWS\SYSTEM32\qiyklfiu.exe not found!
File C:\WINDOWS\SYSTEM32\qqmwguyd.exe not found!
File C:\WINDOWS\SYSTEM32\qsafjfbr.exe not found!
File C:\WINDOWS\SYSTEM32\qubfkmri.exe not found!
File C:\WINDOWS\SYSTEM32\qvmyndvv.dll not found!
File C:\WINDOWS\SYSTEM32\qwruiljg.exe not found!
File C:\WINDOWS\SYSTEM32\rbrdorry.ini not found!
File C:\WINDOWS\SYSTEM32\rkpokdfk.ini not found!
C:\WINDOWS\SYSTEM32\rrutv.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\rrutv.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\rrutv.ini moved successfully.
File C:\WINDOWS\SYSTEM32\rttjqulv.ini not found!
File C:\WINDOWS\SYSTEM32\skcggkak.dll not found!
File C:\WINDOWS\SYSTEM32\tecfbqsg.ini not found!
File C:\WINDOWS\SYSTEM32\tgeuaubi.ini not found!
File C:\WINDOWS\SYSTEM32\thrbncyb.dll not found!
File C:\WINDOWS\SYSTEM32\tkspfget.ini not found!
File C:\WINDOWS\SYSTEM32\ucpueekp.exe not found!
File C:\WINDOWS\SYSTEM32\uedjhktu.ini not found!
File C:\WINDOWS\SYSTEM32\uhtbhmns.exe not found!
File C:\WINDOWS\SYSTEM32\uogtjtbp.dll not found!
File C:\WINDOWS\SYSTEM32\urqbepte.exe not found!
File C:\WINDOWS\SYSTEM32\vtquqiex.dll not found!
File C:\WINDOWS\SYSTEM32\vvdnymvq.ini not found!
File C:\WINDOWS\SYSTEM32\wwhwfjax.exe not found!
File C:\WINDOWS\SYSTEM32\xbrsxhtn.dll not found!
File C:\WINDOWS\SYSTEM32\xkfowsux.ini not found!
File C:\WINDOWS\SYSTEM32\xsfimpjd.exe not found!
File C:\WINDOWS\SYSTEM32\xuswofkx.dll not found!
File C:\WINDOWS\SYSTEM32\xytoteva.dll not found!
File C:\WINDOWS\SYSTEM32\ycebjhku.exe not found!
File C:\WINDOWS\SYSTEM32\ynwhmodg.dll not found!
File C:\WINDOWS\SYSTEM32\ytswoufv.ini not found!
< End of log >
Created on 10/20/2007 15:53:41

system · 2007-10-21T05:10:07.000Z

MarkLoehndorf post:7:

< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\WNSO.lnk → %CommonProgramFiles%\RGGZS\WNSO.exe → File not found

Hmmmm. It seemed to be gone when you ran WinPFInd the first time, but please run it again and post another log.

Netscape bookmarks are saved in a file named bookmark.htm . See if you can locate that on your computer. And see if this helps in regard to the newsgroup settings

http://sillydog.org/netscape/kb/lostmailnewsgroup.html

system · 2007-10-21T16:05:08.000Z

New scan. I still have Downloader.tiny.id in my pc. I keep having I.E. take me to a website “Errorsafe.com” that wants me to download a pc fixing program. Luckily, Avast lets me abort the connection.
WinPFind3 logfile created on: 10/21/2007 10:54:25 AM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\hp user\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.48 Mb Total Physical Memory | 577.23 Mb Available Physical Memory | 56.45% Memory free
2.41 Gb Paging File | 2.07 Gb Available in Paging File | 85.82% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 37.78 Gb Free Space | 50.69% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MARKSHPLAPTOP
Current User Name: hp user
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
ashmaisv.exe → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr = ]
ashwebsv.exe → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
atiptaxx.exe → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr = ]
avgas.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
cdac11ba.exe → %System32%\drivers\CDAC11BA.EXE → Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr = ]
guard.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
hphmon05.exe → %System32%\hphmon05.exe → Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr = ]
standaloneslv.exe → %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe → [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr = ]
syntpenh.exe → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr = ]
syntplpr.exe → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr = ]
tivobeacon.exe → %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe → TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr = ]
ulcdrsvr.exe → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe → Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 7/18/2005 11:17:28 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] → %System32%\drivers\CDAC11BA.EXE → Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Stopped] → %System32%\ljnhokqn.exe → File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe → Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(ms_fax) Fax Client [Win32_Own | Auto | Stopped] → %System32%\0ae7.exe → File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] → %System32%\nvsvc32.exe → NVIDIA Corporation [Ver = 6.14.10.5401 | Size = 77824 bytes | Modified Date = 2/3/2004 8:26:00 AM | Attr = R ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] → %System32%\HPZipm12.exe → HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ]
(Remote Solver for COSMOSFloWorks 2007) Remote Solver for COSMOSFloWorks 2007 [Win32_Own | Auto | Running] → %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe → [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr = ]
(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe → SolidWorks [Ver = 2.80.002 | Size = 79360 bytes | Modified Date = 9/21/2007 9:35:50 PM | Attr = ]
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] → %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe → TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]

system · 2007-10-21T16:12:23.000Z

[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
!AVG Anti-Spyware → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
ATIPTA → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr = ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
HPHmon05 → %System32%\hphmon05.exe → Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr = ]
SearchIndexer → %System32%\xytoqfrl.dll [rundll32.exe “C:\WINDOWS\system32\xytoqfrl.dll”,sitypnow] → [Ver = | Size = 83008 bytes | Modified Date = 10/21/2007 9:57:50 AM | Attr = ]
SynTPEnh → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr = ]
SynTPLpr → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr = ]
< OptionalComponents [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ →
IMAIL → Installed = 1 →
MAPI → Installed = 1 →
MSFS → Installed = 1 →
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\WNSO.lnk → %CommonProgramFiles%\RGGZS\WNSO.exe → File not found
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks →
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] → GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] → %System32%\rqrqomm.dll → File not found
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
AtiExtEvent → %System32%\ati2evxx.dll → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 61440 bytes | Modified Date = 3/8/2005 4:34:34 PM | Attr = ]
WgaLogon → Reg Data - Value does not exist → File not found
< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 145 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools → 0 →
< HOSTS File > (764 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts →
127.0.0.1 localhost → →
192.168.1.109 HP000D9D182CA5 → →
< Internet Explorer Settings > → →
HKLM: Default_Page_URL → http://us8l.hpwis.com →
HKLM: Main\Default_Search_URL → http://www.google.com/ie →
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch →
HKLM: Start Page → http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home →
HKLM: CustomizeSearch → http://seek.3721.com/srchcust.htm →
HKLM: Search\Default_Search_URL → http://www.google.com/ie →
HKLM: SearchAssistant → http://www.google.com/ie →
HKCU: Local Page → C:\WINDOWS\system32\blank.htm →
HKCU: Search Bar → http://www.google.com/ie →
HKCU: Search Page → http://www.google.com →
HKCU: Start Page → http://us8l.hpwis.com/ →
HKCU: SearchAssistant → http://www.google.com/ie →
HKCU: ProxyEnable → 0 →
HKCU: ProxyOverride → 127.0.0.1 →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] → Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{387EDF53-1CF2-4523-BC2F-13462651BE8C} [HKLM] → %System32%\BhoCitUS.dll [CitiUSBrowserHelper Class] → Orbiscom Ltd. All rights reserved. [Ver = 3, 7, 0, 0, 134 | Size = 139264 bytes | Modified Date =

system · 2007-10-21T16:13:12.000Z

8/12/2004 2:55:00 PM | Attr = ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] → %System32%\rqrqomm.dll [Reg Data - Value does not exist] → File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
{89AD4D75-2429-462e-BD4E-443F233F6033} [HKLM] → %System32%\vtquqiex.dll [Reg Data - Value does not exist] → File not found
{E8A11B0B-1C19-4C36-B956-F0C213CF18DF} [HKLM] → %System32%\vturr.dll [Reg Data - Value does not exist] → [Ver = | Size = 244832 bytes | Modified Date = 9/19/2007 4:49:34 AM | Attr = ]
< Internet Explorer Bars [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ →
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
[HKLM] → Reg Data - Key not found → File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
E&xport to Microsoft Excel → → File not found
< User Agent Post Platform [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform →
SV1 → →
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{1AF1AB90-7611-4EF5-9EAC-76B4D4CF6D36} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{22EC5A37-74D9-46B2-963C-7E18D6427A2E} → (1394 Net Adapter) →
{32564508-58B8-45A1-9A54-0B1E9C5D32A3} → (1394 Net Adapter) →
{5C79B13D-D4E6-41B5-8537-A193B74756ED} → () →
{690E8785-F190-4F25-8406-EAEDB088921C} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{7C777C7A-6DEF-4F41-91BB-8AC28D08D0D7} → (1394 Net Adapter) →
{7D4EEF3A-321A-4114-8A31-619F7E7D68E3} → (1394 Net Adapter) →
{B0043B74-DEA3-411A-AEA4-86C8487645A8} → (Broadcom 802.11b) →
{B146B9C6-05FB-40C5-AAF9-4424DAD1C800} → (1394 Net Adapter) →
{C1D6AC56-DFF8-49B8-9E4A-81C6919FE1BA} → (Broadcom 802.11b) →
{EECAB3FF-1C5B-4C5B-B679-9AF04C2FC3B3} → (1394 Net Adapter) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
cetihpz → %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll → Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr = ]
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{00000055-9980-0010-8000-00AA00389B71} → - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB →
{D27CDB6E-AE6D-11CF-96B8-444553540000} → - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab →
Microsoft XML Parser for Java → - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab →

[Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ImagePath → %SystemRoot%\System32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DisplayName → Background Intelligent Transfer Service →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnService → Rpcss; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Description → Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. →

system · 2007-10-21T16:14:36.000Z

8/12/2004 2:55:00 PM | Attr = ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] → %System32%\rqrqomm.dll [Reg Data - Value does not exist] → File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
{89AD4D75-2429-462e-BD4E-443F233F6033} [HKLM] → %System32%\vtquqiex.dll [Reg Data - Value does not exist] → File not found
{E8A11B0B-1C19-4C36-B956-F0C213CF18DF} [HKLM] → %System32%\vturr.dll [Reg Data - Value does not exist] → [Ver = | Size = 244832 bytes | Modified Date = 9/19/2007 4:49:34 AM | Attr = ]
< Internet Explorer Bars [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ →
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
[HKLM] → Reg Data - Key not found → File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
E&xport to Microsoft Excel → → File not found
< User Agent Post Platform [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform →
SV1 → →
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{1AF1AB90-7611-4EF5-9EAC-76B4D4CF6D36} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{22EC5A37-74D9-46B2-963C-7E18D6427A2E} → (1394 Net Adapter) →
{32564508-58B8-45A1-9A54-0B1E9C5D32A3} → (1394 Net Adapter) →
{5C79B13D-D4E6-41B5-8537-A193B74756ED} → () →
{690E8785-F190-4F25-8406-EAEDB088921C} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{7C777C7A-6DEF-4F41-91BB-8AC28D08D0D7} → (1394 Net Adapter) →
{7D4EEF3A-321A-4114-8A31-619F7E7D68E3} → (1394 Net Adapter) →
{B0043B74-DEA3-411A-AEA4-86C8487645A8} → (Broadcom 802.11b) →
{B146B9C6-05FB-40C5-AAF9-4424DAD1C800} → (1394 Net Adapter) →
{C1D6AC56-DFF8-49B8-9E4A-81C6919FE1BA} → (Broadcom 802.11b) →
{EECAB3FF-1C5B-4C5B-B679-9AF04C2FC3B3} → (1394 Net Adapter) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
cetihpz → %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll → Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr = ]
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{00000055-9980-0010-8000-00AA00389B71} → - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB →
{D27CDB6E-AE6D-11CF-96B8-444553540000} → - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab →
Microsoft XML Parser for Java → - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab →

[Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ImagePath → %SystemRoot%\System32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DisplayName → Background Intelligent Transfer Service →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnService → Rpcss; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Description → Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. →

system · 2007-10-21T16:15:24.000Z

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe → C:\WINDOWS\system32\usmt\migwiz.exe::Enabled:Files and Settings Transfer Wizard →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\Setup\HPZnet01.exe → D:\Setup\HPZnet01.exe::Disabled:ICE Network Plug in →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\rlflnmk.exe → C:\WINDOWS\system32\rlflnmk.exe::Disabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\rgeeihf.exe → C:\WINDOWS\system32\rgeeihf.exe::Disabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\1717986.exe → C:\WINDOWS\system32\1717986.exe::Disabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32-200431.exe → C:\WINDOWS\system32-200431.exe::Disabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32-16767.exe → C:\WINDOWS\system32-16767.exe::Disabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\yjiklkd.exe → C:\Program Files\Internet Explorer\yjiklkd.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\zfkhggn.exe → C:\WINDOWS\system32\zfkhggn.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\HP\tlchiil.exe → C:\Program Files\HP\tlchiil.exe::Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\msnmsgr.exe → C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\livecall.exe → C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\ljnhokqn.exe → C:\WINDOWS\system32\ljn →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\1900:UDP → 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\2869:TCP → 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\139:TCP → 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\445:TCP → 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\137:UDP → 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\138:UDP → 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy‚—\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy‚—\C:\WINDOWS\system32-200431.exe → C:\WINDOWS\system32-200431.exe:*:Enabled:pop →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\Security →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ServiceUpgrade → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\{690E8785-F190-4F25-8406-EAEDB088921C} → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\{7C777C7A-6DEF-4F41-91BB-8AC28D08D0D7} → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\{B0043B74-DEA3-411A-AEA4-86C8487645A8} → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\0 → Root\LEGACY_SHAREDACCESS\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ImagePath → %systemroot%\system32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\DisplayName → Automatic Updates →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Description → Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ServiceDll → C:\WINDOWS\system32\wuauserv.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\Security →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\0 → Root\LEGACY_WUAUSERV\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\NextInstance → 1 →
< Software Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\DesktopSearch\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\DesktopSearch\PreventIndexingOutlook → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\DesktopSearch\PreventIndexingOutlookExpress → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\DesktopSearch\PreventIndexingEmailAttachments → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\DesktopSearch\DisableReplacingStartSearch → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\DesktopSearch\FRW → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\DesktopSearch\db → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC{A5B45060-354F-4097-A928-5125436C46F1}\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC{A5B45060-354F-4097-A928-5125436C46F1}\DisableServerCheck → 1 →

system · 2007-10-21T16:16:35.000Z

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC{A5B45060-354F-4097-A928-5125436C46F1}\LegacyPresence → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\EnableAdminTSRemote → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ExecutableTypes → ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel → 262144 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}\Description → Stop the download of this file →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}\FriendlyName → Mdac11.cab →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}\SaferFlags → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}\HashAlg → 32771 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}\ItemData → ^«0O•zI‰j
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}\LastModified → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}\ItemSize → ; →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\Description → Stop the download of this file →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\FriendlyName → mdac20.cab →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\SaferFlags → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\HashAlg → 32771 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ItemData → g°Ô‹4:?Ó¼éÜdgó” →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\LastModified → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ItemSize → ; →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\Description → Stop the download of this file →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\FriendlyName → mdac20_a.cab →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\SaferFlags → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\HashAlg → 32771 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ItemData → 2xÜþøÈ“ÜŠ°Ý„} →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\LastModified → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ItemSize → –; →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}\Description → Stop the download of this file →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}\FriendlyName → msadc10.cab →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}\SaferFlags → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}\HashAlg → 32771 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}\ItemData → ½š*ÛBëØV%Mø/g →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}\LastModified → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}\ItemSize → å; →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\Description → Stop the download of this file →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\FriendlyName → msadc11.cab →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\SaferFlags → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\HashAlg → 32771 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ItemData → 8k„ìöiÓk•j"À€ →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\LastModified → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ItemSize → r; →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths{dda3f824-d8cb-441b-834d-be2efd2c1a33}\Description → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths{dda3f824-d8cb-441b-834d-be2efd2c1a33}\SaferFlags → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ItemData → %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths{dda3f824-d8cb-441b-834d-be2efd2c1a33}\LastModified → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ → →
< Software Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\policies\ →
HKEY_CURRENT_USER\Software\Policies\ → →
HKEY_CURRENT_USER\Software\Policies\Microsoft\ → →

system · 2007-10-21T16:17:15.000Z

[Files/Folders - Created Within 30 days]
SDFix → %SystemDrive%\SDFix → [Folder | Created Date = 10/16/2007 9:00:38 PM | Attr = ]
SDFix.zip → %SystemDrive%\SDFix.zip → [Ver = | Size = 1346060 bytes | Created Date = 10/16/2007 10:30:09 PM | Attr = ]
$NtUninstallKB922120$ → %SystemRoot%$NtUninstallKB922120$ → [Folder | Created Date = 10/5/2007 7:11:30 PM | Attr = H ]
$NtUninstallKB933729$ → %SystemRoot%$NtUninstallKB933729$ → [Folder | Created Date = 10/10/2007 10:13:12 PM | Attr = H ]
$NtUninstallKB939653$ → %SystemRoot%$NtUninstallKB939653$ → [Folder | Created Date = 10/10/2007 10:11:30 PM | Attr = H ]
$NtUninstallKB941202$ → %SystemRoot%$NtUninstallKB941202$ → [Folder | Created Date = 10/10/2007 10:09:57 PM | Attr = H ]
winshow.exe → %SystemRoot%\winshow.exe → [Ver = 23.03.0020 | Size = 35328 bytes | Created Date = 10/20/2007 4:51:38 PM | Attr = ]
bcwhocfi.exe → %System32%\bcwhocfi.exe → [Ver = | Size = 75328 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = ]
fnajvskc.ini → %System32%\fnajvskc.ini → [Ver = | Size = 693911 bytes | Created Date = 10/20/2007 2:22:48 PM | Attr = HS]
lrfqotyx.ini → %System32%\lrfqotyx.ini → [Ver = | Size = 694030 bytes | Created Date = 10/21/2007 8:57:48 AM | Attr = HS]
rrutv.bak2 → %System32%\rrutv.bak2 → [Ver = | Size = 641284 bytes | Created Date = 10/21/2007 3:26:34 AM | Attr = HS]
xytoqfrl.dll → %System32%\xytoqfrl.dll → [Ver = | Size = 83008 bytes | Created Date = 10/21/2007 8:57:48 AM | Attr = ]
AvgAsCln.sys → %System32%\drivers\AvgAsCln.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 10/14/2007 6:45:17 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger → %SystemDrive%\avenger → [Folder | Modified Date = 10/15/2007 8:23:18 PM | Attr = ]
boot.ini → %SystemDrive%\boot.ini → [Ver = | Size = 209 bytes | Modified Date = 10/20/2007 6:41:56 PM | Attr = RHS]
Config.Msi → %SystemDrive%\Config.Msi → [Folder | Modified Date = 9/23/2007 11:00:48 AM | Attr = H ]
Program Files → %ProgramFiles% → [Folder | Modified Date = 10/14/2007 7:44:58 PM | Attr = R ]
SDFix → %SystemDrive%\SDFix → [Folder | Modified Date = 10/15/2007 7:33:38 PM | Attr = ]
SDFix.zip → %SystemDrive%\SDFix.zip → [Ver = | Size = 1346060 bytes | Modified Date = 10/16/2007 11:30:12 PM | Attr = ]
System Volume Information → %SystemDrive%\System Volume Information → [Folder | Modified Date = 10/17/2007 7:11:50 PM | Attr = HS]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 10/21/2007 10:15:24 AM | Attr = ]
$hf_mig$ → %SystemRoot%$hf_mig$ → [Folder | Modified Date = 10/10/2007 11:13:10 PM | Attr = H ]
$NtUninstallKB922120$ → %SystemRoot%$NtUninstallKB922120$ → [Folder | Modified Date = 10/5/2007 8:11:32 PM | Attr = H ]
$NtUninstallKB933729$ → %SystemRoot%$NtUninstallKB933729$ → [Folder | Modified Date = 10/10/2007 11:13:14 PM | Attr = H ]
$NtUninstallKB939653$ → %SystemRoot%$NtUninstallKB939653$ → [Folder | Modified Date = 10/10/2007 11:11:40 PM | Attr = H ]
$NtUninstallKB941202$ → %SystemRoot%$NtUninstallKB941202$ → [Folder | Modified Date = 10/10/2007 11:09:58 PM | Attr = H ]
assembly → %SystemRoot%\assembly → [Folder | Modified Date = 9/23/2007 10:50:36 AM | Attr = R S]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 10/21/2007 10:13:10 AM | Attr = S]
cookies.ini → %SystemRoot%\cookies.ini → [Ver = | Size = 2021 bytes | Modified Date = 10/21/2007 9:58:12 AM | Attr = ]
Help → %SystemRoot%\Help → [Folder | Modified Date = 10/11/2007 11:08:44 PM | Attr = ]
imsins.BAK → %SystemRoot%\imsins.BAK → [Ver = | Size = 1393 bytes | Modified Date = 10/10/2007 11:13:08 PM | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 10/10/2007 11:13:32 PM | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 9/23/2007 10:44:24 AM | Attr = HS]
Microsoft.NET → %SystemRoot%\Microsoft.NET → [Folder | Modified Date = 9/23/2007 10:48:10 AM | Attr = ]
netdet.ini → %SystemRoot%\netdet.ini → [Ver = | Size = 520 bytes | Modified Date = 10/8/2007 10:59:26 PM | Attr = ]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 10/21/2007 10:50:02 AM | Attr = ]
pss → %SystemRoot%\pss → [Folder | Modified Date = 10/16/2007 11:23:10 PM | Attr = ]
QTFont.qfn → %SystemRoot%\QTFont.qfn → [Ver = | Size = 54156 bytes | Modified Date = 10/9/2007 5:23:46 PM | Attr = H ]
system.ini → %SystemRoot%\system.ini → [Ver = | Size = 435 bytes | Modified Date = 10/20/2007 6:41:56 PM | Attr = ]
system32 → %System32% → [Folder | Modified Date = 10/21/2007 10:55:32 AM | Attr = ]
Tasks → %SystemRoot%\Tasks → [Folder | Modified Date = 10/20/2007 3:53:42 PM | Attr = S]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 10/21/2007 10:17:06 AM | Attr = ]
Thumbs.db → %SystemRoot%\Thumbs.db → [Ver = | Size = 73216 bytes | Modified Date = 10/11/2007 8:56:02 PM | Attr = HS]
@Alternate Data Stream - 0 bytes → %SystemRoot%\Thumbs.db:encryptable →
win.ini → %SystemRoot%\win.ini → [Ver = | Size = 730 bytes | Modified Date = 10/20/2007 6:41:56 PM | Attr = ]
winshow.exe → %SystemRoot%\winshow.exe → [Ver = 23.03.0020 | Size = 35328 bytes | Modified Date = 10/4/2007 12:19:48 AM | Attr = ]
WinSxS → %SystemRoot%\WinSxS → [Folder | Modified Date = 9/23/2007 10:39:30 AM | Attr = ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 10/21/2007 10:14:02 AM | Attr = H ]
Win_Update_Program.job → %SystemRoot%\tasks\Win_Update_Program.job → [Ver = | Size = 222 bytes | Modified Date = 10/21/2007 10:00:00 AM | Attr = ]
bcwhocfi.exe → %System32%\bcwhocfi.exe → [Ver = | Size = 75328 bytes | Modified Date = 10/21/2007 9:57:28 AM | Attr = ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 10/18/2007 5:17:24 AM | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 10/17/2007 10:31:40 PM | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 10/15/2007 8:23:22 PM | Attr = ]
fnajvskc.ini → %System32%\fnajvskc.ini → [Ver = | Size = 693911 bytes | Modified Date = 10/21/2007 9:53:48 AM | Attr = HS]
FNTCACHE.DAT → %System32%\FNTCACHE.DAT → [Ver = | Size = 376056 bytes | Modified Date = 9/22/2007 5:00:14 AM | Attr = ]
lrfqotyx.ini → %System32%\lrfqotyx.ini → [Ver = | Size = 694030 bytes | Modified Date = 10/21/2007 10:17:36 AM | Attr = HS]
perfc009.dat → %System32%\perfc009.dat → [Ver = | Size = 63166 bytes | Modified Date = 9/23/2007 10:42:22 AM | Attr = ]
perfh009.dat → %System32%\perfh009.dat → [Ver = | Size = 403604 bytes | Modified Date = 9/23/2007 10:42:22 AM | Attr = ]
PerfStringBackup.INI → %System32%\PerfStringBackup.INI → [Ver = | Size = 457498 bytes | Modified Date = 9/23/2007 10:42:22 AM | Attr = ]
Restore → %System32%\Restore → [Folder | Modified Date = 10/17/2007 7:11:50 PM | Attr = ]
rrutv.bak2 → %System32%\rrutv.bak2 → [Ver = | Size = 641284 bytes | Modified Date = 10/21/2007 4:26:36 AM | Attr = HS]
rrutv.ini → %System32%\rrutv.ini → [Ver = | Size = 642589 bytes | Modified Date = 10/21/2007 10:55:42 AM | Attr = HS]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 1158 bytes | Modified Date = 10/5/2007 10:09:30 PM | Attr = ]
xytoqfrl.dll → %System32%\xytoqfrl.dll → [Ver = | Size = 83008 bytes | Modified Date = 10/21/2007 9:57:50 AM | Attr = ]
HpUsbPVR → %System32%\drivers\HpUsbPVR → [Folder | Modified Date = 10/7/2007 11:55:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes → %SystemDrive%\Thumbs.db:encryptable →
Thawte Consulting , → %SystemRoot%\HPBroker.dll → [Ver = 1, 0, 0, 18 | Size = 91848 bytes | Modified Date = 11/17/2006 11:34:40 AM | Attr = ]
@Alternate Data Stream - 0 bytes → %SystemRoot%\Thumbs.db:encryptable →
UPX! , UPX0 , → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 5:09:50 AM | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 7/30/2003 11:00:00 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\DivX.dll → DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 7/25/2007 9:50:22 PM | Attr = ]
PTech , → %System32%\LegitCheckControl.DLL → Microsoft® Corporation [Ver = 1.3.0272.0 | Size = 520968 bytes | Modified Date = 8/29/2005 2:27:12 PM | Attr = ]
aspack , → %System32%\LibHupSink.dll → [Ver = | Size = 206848 bytes | Modified Date = 8/27/2006 2:22:24 PM | Attr = ]
@Alternate Data Stream - 0 bytes → %System32%\Thumbs.db:encryptable →
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 7/30/2003 11:00:00 PM | Attr = ]
Thawte Consulting , → %System32%\XceedZip.dll → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 4.5.77.0 | Size = 397856 bytes | Modified Date = 10/29/2001 9:44:36 AM | Attr = R ]
Thawte Consulting , → %System32%\xupload.ocx → Persits Software, Inc. [Ver = 2, 1, 0, 0 | Size = 227672 bytes | Modified Date = 11/22/2000 12:47:08 PM | Attr = ]
MZKERNEL32.DLL , → %System32%\zfkhggn.exe → [Ver = | Size = 49816 bytes | Modified Date = 5/9/2005 7:02:04 PM | Attr = ]
WSUD , UPX0 , → %System32%\dllcache\hwxjpn.dll → [Ver = | Size = 13463552 bytes | Modified Date = 7/30/2003 3:00:00 PM | Attr = ]
PTech , → %System32%\drivers\mtlstrm.sys → Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

polonus · 2007-10-21T22:17:21.000Z

Hi Mark and Mauserme,

If necessary I think you have to bring up avenger. As you have cleansed it so far, Mauserme, you can also guide Mark through the avenger routine. I think with you and essexboy we have all the expertise here at the avast webforum we need, and if you are at the end of this cleansing routine MarkLoehndorf, I hope you will come to join us and learn to help others to get clean of malware

Damian

system · 2007-10-21T22:20:54.000Z

Thanks for everything so far. I will run Avenger tonight and post any results. If I am capable to help anyone else, I would be more than happy to lend a hand.

system · 2007-10-21T23:52:44.000Z

I ran Avenger, to no avail. I’m at a loss now of what to do…
Here is the report
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mqiagmoy

Script file located at: ??\C:\WINDOWS\system32\vecoxyxq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

Beginning to process script file:

Folder C:\Program Files\Common files\RGGZS not found!
Deletion of folder C:\Program Files\Common files\RGGZS failed!

Could not process line:
C:\Program Files\Common files\RGGZS
Status: 0xc0000034

Completed script processing.

Finished! Terminate.

system · 2007-10-22T03:31:29.000Z

Mark, please be very carefull with the Avenger. It works at the API level - lower than Window’s protection. That’s its strength - it almost never fails to delete the specified files. But that’s also what brings the risk - if the script is written incorrectly it’s possible to wipe your drive with this tool and Window’s won’t be able to stop you. I’m not saying what you ran was wrong, but we’ll try a more targeted path in a bit.

Open WinPFind again and Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.

[Registry - Non-Microsoft Only] < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup YN -> %AllUsersStartup%\WNSO.lnk -> %CommonProgramFiles%\RGGZS\WNSO.exe < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks YN -> {733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] -> %System32%\rqrqomm.dll [] < Internet Explorer Settings > -> YN -> HKLM: CustomizeSearch -> http://seek.3721.com/srchcust.htm [Files/Folders - Created Within 30 days] NY -> winshow.exe -> %SystemRoot%\winshow.exe NY -> bcwhocfi.exe -> %System32%\bcwhocfi.exe NY -> fnajvskc.ini -> %System32%\fnajvskc.ini NY -> lrfqotyx.ini -> %System32%\lrfqotyx.ini NY -> rrutv.bak2 -> %System32%\rrutv.bak2 NY -> xytoqfrl.dll -> %System32%\xytoqfrl.dll [Files/Folders - Modified Within 30 days] NY -> rrutv.ini -> %System32%\rrutv.ini

Post the results in your next response as you did before.

Now, having sufficiently scared you about the Avenger I’ll ask you to open it once again

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WNSO.lnk
C:\Program Files\Common Files\RGGZS\WNSO.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
Under “Script file to execute” choose “Input Script Manually”.

Now click on the Magnifying Glass icon which will open a new window titled “View/edit script”

Paste the text copied to clipboard into this window by pressing (Ctrl+V).

Then download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

polonus · 2007-10-22T16:51:12.000Z

Hi Markloehndorf,

Mauserme is right when he points out to you not to underestimate the strength of some of the anti-malware tools of to-day. When you are addressing your OS at API-level some strange things can happen, if you are not completely aware what you are doing. Such a program is API-Spy, if you work this tool without caution you can ruin your registry, and have to deal with duplicate start-ups or worse even. An awful tool in the hands of those who want to evaluate and devastating in the hands of malcreants.
That is why people should have ample experience to be able to guide malware victims through malware cleansing, for others just follow their instructions to the dot. Seems like Hogwarts’s Higher Magic to you now Mark but wait until you learn to work it right. Mauserme has been to bootcamp to work these tools, and polonus learned through experience…

polonus

Announcements