Thursday, May 21, 2009

How to remove OnLineGames Virus manually?

Delete Following Registry Keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HBKernel32

HKEY_CLASSES_ROOT\CLSID\{71A78CD4-E470-4a18-8457-E0E0283DD507}

HKEY_CLASSES_ROOT\CLSID\{F0930A2F-D971-4828-8209-B7DFD266ED44}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{09eb15fa-17d8-4d60-8598-3f549a848df2}

HKEY_CLASSES_ROOT\CLSID\{09eb15fa-17d8-4d60-8598-3f549a848df2}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09eb15fa-17d8-4d60-8598-3f549a848df2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d10ba6d-fd37-4cbc-a5e7-95cd4b043399}

HKEY_CLASSES_ROOT\CLSID\{3d10ba6d-fd37-4cbc-a5e7-95cd4b043399}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3d10ba6d-fd37-4cbc-a5e7-95cd4b043399}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcf49866-8f81-4f5f-8193-7ec75a2ab321}

HKEY_CLASSES_ROOT\CLSID\{dcf49866-8f81-4f5f-8193-7ec75a2ab321}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{dcf49866-8f81-4f5f-8193-7ec75a2ab321}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{489873ce-f3e1-44a3-8e89-04be26be4446}

HKEY_CLASSES_ROOT\CLSID\{489873ce-f3e1-44a3-8e89-04be26be4446}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{489873ce-f3e1-44a3-8e89-04be26be4446}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05}

HKEY_CLASSES_ROOT\CLSID\{50940f85-f015-14f1-a05f-f69858ac6d05}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653}

HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801
237653}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25fd6584-698f-bcd2-602c-698745210352}

HKEY_CLASSES_ROOT\CLSID\{25fd6584-698f-bcd2-602c-698745210352}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b490415f-65f8-b5c5-d8ba-9405fb12054b}

HKEY_CLASSES_ROOT\CLSID\{b490415f-65f8-b5c5-d8ba-9405fb12054b}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08cbfe20-8dc8-4195-b8e2-dd66f860469d}

HKEY_CLASSES_ROOT\CLSID\{08cbfe20-8dc8-4195-b8e2-dd66f860469d}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\{08cbfe20-8dc8-4195-b8e2-dd66f860469d}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87fd640a-158f-48ac-fd14-1597f14a9778}

HKEY_CLASSES_ROOT\CLSID\{87fd640a-158f-48ac-fd14-1597f14a9778}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d098345-6785-1098-5413-678067ae03d5}

HKEY_CLASSES_ROOT\CLSID\{5d098345-6785-1098-5413-678067ae03d5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2626e66-d21b-e628-c1df-1daccfa36ed2}

HKEY_CLASSES_ROOT\CLSID\{c2626e66-d21b-e628-c1df-1daccfa36ed2}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2626e66-d21b-e628-c1df-1daccfa36ed2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a698452-c5d8-c584-c256-c264c987c5a2}

HKEY_CLASSES_ROOT\CLSID\{2a698452-c5d8-c584-c256-c264c987c5a2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20618412-c528-c784-c056-c164d1f7c502}

HKEY_CLASSES_ROOT\CLSID\{20618412-c528-c784-c056-c164d1f7c502}

HKEY_CLASSES_ROOT\CLSID\{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0}

HKEY_CLASSES_ROOT\CLSID\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35671234-7890-abcd-cdef-567801237653}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25fd6584-698f-bcd2-602c-698745210352}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b490415f-65f8-b5c5-d8ba-9405fb12054b}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c69034a-f45f-d34d-a33a-c33c4d324fc7}

HKEY_CLASSES_ROOT\CLSID\{7c69034a-f45f-d34d-a33a-c33c4d324fc7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c69034a-f45f-d34d-a33a-c33c4d324fc7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60a345cd-abcd-efab-cdef-abcd01020306}

HKEY_CLASSES_ROOT\CLSID\{60a345cd-abcd-efab-cdef-abcd01020306}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60a345cd-abcd-efab-cdef-abcd01020306}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d098345-6785-1098-5413-678067ae03d5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20909876-4567-3908-4056-909834565102}

HKEY_CLASSES_ROOT\CLSID\{20909876-4567-3908-4056-909834565102}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20909876-4567-3908-4056-909834565102}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54ebd53a-9bc1-480b-966a-843a333ca162}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54ebd53a-9bc1-480b-966a-843a333ca162}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7242a763-6114-4045-9970-07c545d72c45}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7242a763-6114-4045-9970-07c545d72c45}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70df1ae4-af9e-4457-8a6a-d2d49691ff4b}

HKEY_CLASSES_ROOT\CLSID\{70df1ae4-af9e-4457-8a6a-d2d49691ff4b}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70df1ae4-af9e-4457-8a6a-d2d49691ff4b}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7}

HKEY_CLASSES_ROOT\CLSID\{7c8d1401-a58d-a81c-cd24-a5915c4517c7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c8d1401-a58d-a81c-cd24-a5915c4517c7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50940f85-f015-14f1-a05f-f69858ac6d05}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45694105-5108-9405-3695-954187462154}

HKEY_CLASSES_ROOT\CLSID\{45694105-5108-9405-3695-954187462154}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{45694105-5108-9405-3695-954187462154}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37ac9076-c898-b098-d098-a18319080973}

HKEY_CLASSES_ROOT\CLSID\{37ac9076-c898-b098-d098-a18319080973}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37ac9076-c898-b098-d098-a18319080973}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a041f13-a111-12a3-b0cf-f99818aa68a6}

HKEY_CLASSES_ROOT\CLSID\{6a041f13-a111-12a3-b0cf-f99818aa68a6}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6a041f13-a111-12a3-b0cf-f99818aa68a6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1798bea6-e891-46b7-a1f8-c15780d0a023}

HKEY_CLASSES_ROOT\CLSID\{1798bea6-e891-46b7-a1f8-c15780d0a023}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1798bea6-e891-46b7-a1f8-c15780d0a023}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87fd640a-158f-48ac-fd14-1597f14a9778}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a908760-8000-4000-a000-9000322145a4}

HKEY_CLASSES_ROOT\CLSID\{4a908760-8000-4000-a000-9000322145a4}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a908760-8000-4000-a000-9000322145a4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a698452-c5d8-c584-c256-c264c987c5a1}

HKEY_CLASSES_ROOT\CLSID\{1a698452-c5d8-c584-c256-c264c987c5a1}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a698452-c5d8-c584-c256-c264c987c5a1}

HKEY_CLASSES_ROOT\CLSID\{54ebd53a-9bc1-480b-966a-843a333ca162}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kernel32

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfc42

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72bbbc08-f7e1-4434-a293-3a96db488d4d}

HKEY_CLASSES_ROOT\CLSID\{72bbbc08-f7e1-4434-a293-3a96db488d4d}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72bbbc08-f7e1-4434-a293-3a96db488d4d}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4901228

HKEY_CLASSES_ROOT\CLSID\{7242a763-6114-4045-9970-07c545d72c45}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80af1289-f140-a140-d012-c1458759fc08}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80af1289-f140-a140-d012-c1458759fc08}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msfpfis64

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msp2p32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc8975eb-dd3e-406a-8df9-218848c3b594}

HKEY_CLASSES_ROOT\CLSID\{bc8975eb-dd3e-406a-8df9-218848c3b594}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
{bc8975eb-dd3e-406a-8df9-218848c3b594}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fd45a54-9875-698f-e56e-65102358fdf5}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5fd45a54-9875-698f-e56e-65102358fdf5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\5102a80

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnsf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a33b53e3-404c-481d-8f9c-33e416e9d865}

HKEY_CLASSES_ROOT\CLSID\{a33b53e3-404c-481d-8f9c-33e416e9d865}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\{a33b53e3-404c-481d-8f9c-33e416e9d865}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9490415f-65f8-b5c5-d8ba-9405fb120549}

HKEY_CLASSES_ROOT\CLSID\{9490415f-65f8-b5c5-d8ba-9405fb120549}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9490415f-65f8-b5c5-d8ba-9405fb120549}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{141fdc3c-15fb-11dd-b723-9ef855d89593}

HKEY_CLASSES_ROOT\CLSID\{141fdc3c-15fb-11dd-b723-9ef855d89593}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{141fdc3c-15fb-11dd-b723-9ef855d89593}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7319a1f1-9410-9654-3201-345ffa349137}

HKEY_CLASSES_ROOT\CLSID\{7319a1f1-9410-9654-3201-345ffa349137}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7319a1f1-9410-9654-3201-345ffa349137}

HKEY_CLASSES_ROOT\CLSID\{5fd45a54-9875-698f-e56e-65102358fdf5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55694105-5108-9405-3695-954187462155}

HKEY_CLASSES_ROOT\CLSID\{55694105-5108-9405-3695-954187462155}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55694105-5108-9405-3695-954187462155}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa}
HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{aa59145f-315d-bc23-ac1f-145df81a34aa}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zftp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d29dcee0-457b-45a2-a92d-741b95b7723b}

HKEY_CLASSES_ROOT\CLSID\{d29dcee0-457b-45a2-a92d-741b95b7723b}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d29dcee0-457b-45a2-a92d-741b95b7723b}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ad0f1b1-990d-4f52-a33d-2837e43cef58}

HKEY_CLASSES_ROOT\CLSID\{8ad0f1b1-990d-4f52-a33d-2837e43cef58}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ad0f1b1-990d-4f52-a33d-2837e43cef58}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16ff142f-bebd-47ce-a3a6-d52a1a2ecb54}
HKEY_CLASSES_ROOT\CLSID\{16ff142f-bebd-47ce-a3a6-d52a1a2ecb54}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16ff142f-bebd-47ce-a3a6-d52a1a2ecb54}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A041F13-A111-12A5-B0CF-F99818AA68A5}

HKEY_CLASSES_ROOT\CLSID\{5A041F13-A111-12A5-B0CF-F99818AA68A5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{398c9b84-4ef7-47b5-9862-de29543b3c42}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{398c9b84-4ef7-47b5-9862-de29543b3c42}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6A454AE-156A-415E-9F89-3795677A8A91}

HKEY_CLASSES_ROOT\CLSID\{F6A454AE-156A-415E-9F89-3795677A8A91}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ba45af-faaa-cddd-beee-bcde1234ab38}

HKEY_CLASSES_ROOT\CLSID\{83ba45af-faaa-cddd-beee-bcde1234ab38}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ba45af-faaa-cddd-beee-bcde1234ab38}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msertk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msskye

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{6167f471-ef2b-41dd-a5e5-c26acdb5c096}

HKEY_CLASSES_ROOT\CLSID\{6167f471-ef2b-41dd-a5e5-c26acdb5c096}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6167f471-ef2b-41dd-a5e5-c26acdb5c096}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D47A61B8-0EAB-417F-8DF4-5C949982A2AF}

HKEY_CLASSES_ROOT\CLSID\{D47A61B8-0EAB-417F-8DF4-5C949982A2AF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4372FE4D-E2C2-45FE-A893-E2B1691A7DD0}

HKEY_CLASSES_ROOT\CLSID\{4372FE4D-E2C2-45FE-A893-E2B1691A7DD0}

HKEY_CLASSES_ROOT\CLSID\{0DB96520-1FCA-CA75-EB96-7520DC97521E}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
\ShellExecuteHooks

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msertk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msskye

Delete following registry values:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2=[%SYSTEM%]\winsys2.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2=[%SYSTEM%]\startup.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, brzqcpyx.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, joigychf.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, cmbpalnt.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kftsuhka.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, evshjiyu.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, spwivbsi.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lxhfzrlu.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lubydwro.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, bquyxhel.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, sndjfakf.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, npxigjyh.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, eidvshfi.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gxrkppit.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kkyjyppx.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fylrldya.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, coqescgp.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, htsbtzox.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, aywqhydc.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, pttsggbk.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, irutjhgz.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, rkefdllo.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karina.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xolehlpjh.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lweurqhx.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zmboajlj.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat??
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat,wbsys.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\cru629.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, aulbsvtk.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mqcbtdlx.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, aoafzbtd.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDQG32=LYLoadqr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDHG32=LYLoadhr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDMG32=LYLoadmr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDSG32=LYLoadar.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDOG32=LYLoador.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDWG32=LYLoadbr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDEG32=LYLoader.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDCG32=LYLeador.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat sctitn.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat pafxie.dll [%SYSTEM%]\jidaduta.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2=;[%SYSTEM%]\winsys2.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat?
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gioqpsdv.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%WINDOWS%]\karna.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%WINDOWS%]\karina.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2="[%SYSTEM%]\winsys2.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%PROGRAM_FILES%]\ThunMail\testabd.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\goveyudi.dll,[%SYSTEM%]\pujawewo.dll,[%SYSTEM%]\ponovisi.dll,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, TBMonEx=[%FONTS%]\system\ati2evxx.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysW=[%WINDOWS%]\47L.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\136741M.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\yikiduta.dll znmbpc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2="[%SYSTEM%]\startup.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat [%SYSTEM%]\buwuwati.dll igbqok.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat [%SYSTEM%]\buwuwati.dll nqqgri.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2=[%WINDOWS%]\winsys2.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%WINDOWS%]\karna.dat,[%SYSTEM%]\devmgr32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, kmmsoft=[%SYSTEM%]\revo.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat jyizkf.dll [%SYSTEM%]\ruyopaku.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\ruyopaku.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=secuload.dll [%SYSTEM%]\karna.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, huifitc=[%WINDOWS%]\huifitc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\sekapehu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat,[%SYSTEM%]\sopejuwi.dll msdiew.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, njdsibln.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gqwdibma.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat xlxjkg.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, fmsbbqi=[%WINDOWS%]\fmsbbqi.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vgbapkot.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\glmf3232.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\338448M.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tpevjfrd.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, pupxzxzz.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jvrbsjrn.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, bnstbhlv.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kmkaamid.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ttbgdrwq.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jiruhovt.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\kus109.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, DXDLG32=DXDLG.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, susipapl.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys3=[%WINDOWS%]\winsys3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, inudhya=[%FONTS%]\syn00-16-EC-A4-7F-17\system\1a.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WSockDrv32=[%WINDOWS%]\ggondr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\721815M.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysW=[%WINDOWS%]\721815L.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\vutofudi.dll nblhit.dll [%SYSTEM%]\jotejazo.dll ysitph.dll [%SYSTEM%]\petonuho.dll [%SYSTEM%]\hididofu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, txgckwcz.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, bvxwzpuf.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, casqtfho.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mxuzyllu.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\547661M.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\471871M.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysW=[%WINDOWS%]\547661L.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tfrrwfis.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, brbmmebr.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\667673M.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\714960M.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\255528M.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\238781M.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WSockDrv32=[%WINDOWS%]\WSockDrv32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat,[%SYSTEM%]\regoyivu.dll,[%SYSTEM%]\dukeyiwa.dll,[%SYSTEM%]\yimogate.dll,[%SYSTEM%]\zehuruwo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat hfetyn.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\cssdll32.dll [%SYSTEM%]\guard32.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\dezubebo.dll [%SYSTEM%]\hobokuzu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat jlzcva.dll edzdiv.dll jjcgln.dll [%PROGRAM_FILES%]\Google\GOOGLE~1\GOEC62~1.DLL zpenoo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat [%SYSTEM%]\ninegozu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat bjfdag.dll cwhyyy.dll fioleb.dll oksjbt.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat itkjyk.dll [%SYSTEM%]\fujehone.dll [%SYSTEM%]\vihokaso.dll [%SYSTEM%]\fupikoti.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat vavwfj.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\940477M.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat [%SYSTEM%]\juzusiwe.dll [%SYSTEM%]\kagavuva.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat bgszxv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, TBMonEx=[%FONTS%]\00-30-18-B0-66-20\system\wdfmgr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\modufime.dll [%SYSTEM%]\dakabedu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat nsgecz.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\kupageli.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat,[%SYSTEM%]\jebanemu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat xzfvge.dll qtybav.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\701696M.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat gdjruq.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat hmpfxq.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\yitefuko.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\779941M.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\zakanilu.dll,[%SYSTEM%]\lobofenu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat ,[%SYSTEM%]\vizalodu.dll,[%SYSTEM%]\wikegivi.dll [%SYSTEM%]\wemipipo.dll,[%SYSTEM%]\zurihiga.dll [%SYSTEM%]\hujinuya.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat lhkujy.dll wmdbsl.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\rorivano.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat sgmyrb.dll [%SYSTEM%]\rekahuba.dll [%SYSTEM%]\voridako.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat [%SYSTEM%]\fijugige.dll [%SYSTEM%]\gerabuse.dll [%SYSTEM%]\selekide.dll [%SYSTEM%]\varigisu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat mdkcty.dll rscgbz.dll whvakt.dll lsdwsu.dll ysiwtx.dll eyiyzw.dll vjbwdb.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat vrhdrj.dll [%SYSTEM%]\gotujumu.dll [%SYSTEM%]\jobaruse.dll [%SYSTEM%]\lazikito.dll [%SYSTEM%]\mazileve.dll [%PROGRAM_FILES%]\Google\GOOGLE~2\GOEC62~1.DLL [%SYSTEM%]\zugahohe.dll [%SYSTEM%]\vopereso.dll [%SYSTEM%]\huvehibi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat zyjxmo.dll [%PROGRAM_FILES%]\Google\GOOGLE~1\GOEC62~1.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hhweasau.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, taqbsdic.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\nigobani.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vyidgunh.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat aeiqvp.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, egpbxlkt.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, rjpnvahf.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tkbzxpqy.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lrhwjxby.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hpjitquk.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, cndgcrwz.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kbmvkhqk.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, cnoosbkr.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tijemfuv.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tlriaeul.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat clxqwt.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, czswghny.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zkznulst.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, odpvunnp.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fonsvplt.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xalbialv.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mscxkfjv.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lmmpbvvj.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, nwjwkiyz.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, czxmrhnj.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ohdwrqem.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dzsyogvl.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, rnafubgf.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\dujiyera.dll [%SYSTEM%]\wobarale.dll,[%SYSTEM%]\zifipari.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\genahemo.dll [%SYSTEM%]\yulejoka.dll [%SYSTEM%]\suhokamo.dll [%SYSTEM%]\berinege.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat olfobw.dll llxgzv.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat,[%SYSTEM%]\zimuworo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat jhoeht.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ypbkxtqz.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, bfolertb.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dwhmtscj.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat zqwrsb.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=,karna.dat vlsxle.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\yaromido.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat hcuvyd.dll fvvzkw.dll wdeoka.dll ittopz.dll [%SYSTEM%]\wegahuwe.dll [%SYSTEM%]\tuwihavo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,iasdij.dll,[%SYSTEM%]\ronihuni.dll,[%SYSTEM%]\jamamafo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\higawaka.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qmfagzxd.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, nrkvjitq.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ehkdaecf.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, nttmrjdv.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jfzgypax.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jyfvrtee.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, syqwavhp.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, udhezvcc.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dpoityvh.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xjoypjrg.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qwexfdym.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, domuracn.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mfwmilca.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, wydhbovn.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, uyutwjzv.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, rhozjkxu.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\bowafefi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\zevehahu.dll [%SYSTEM%]\jejowada.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\pozimadu.dll [%SYSTEM%]\yuworowe.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\matumiga.dll [%SYSTEM%]\jeribejo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat,[%SYSTEM%]\dmcompos32.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%PROGRAM_FILES%]\Google\GOOGLE~1\GOEC62~1.DLL qqxess.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\honayoto.dll,[%SYSTEM%]\migezomu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat gnkdrd.dll [%SYSTEM%]\noweripe.dll [%SYSTEM%]\wugonihi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dwvyxynv.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,phhozo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat zcinve.dll [%SYSTEM%]\viliwesi.dll [%SYSTEM%]\dezuzara.dll [%SYSTEM%]\pelojewe.dll [%SYSTEM%]\vivudoma.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat derxmy.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat ojaqwv.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat smxqwp.dll [%SYSTEM%]\nirotona.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat avbmun.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat uwqeok.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat, kphooc.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\ludozagi.dll,[%SYSTEM%]\muguwubo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ttajupee.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xewkqxao.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ftxgfpea.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gatmakad.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hbniurdu.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, sbqjukzz.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, timppnou.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ujflaurt.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fijnimnq.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, niojgkft.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat jcuzso.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fgxwbizw.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mkbaaqds.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ftqvstrr.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ygyzzyly.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zfdjdvsb.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qixfellm.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, wykfzmgg.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jhkccnvx.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jswhnrbr.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ywbgtwun.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, wkulnakg.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dqiitozd.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jxdiogbx.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dxtpnmrt.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat xkjsff.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\remenena.dll [%SYSTEM%]\zumidiba.dll [%SYSTEM%]\topapope.dll [%SYSTEM%]\wotitiha.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat nsecee.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qhkmaujx.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, rxlgbqgj.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\wayolelu.dll [%SYSTEM%]\mufojale.dll [%SYSTEM%]\zupikure.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\yomebazi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%PROGRAM_FILES%]\DEFEND~1\DEFEND~1.0\adialhk.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat nxohve.dll dxzetx.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\pozogere.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat,[%SYSTEM%]\lakutufo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, pobabbes.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zepkcgyq.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hewansxt.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gyizhuqm.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, antmqyue.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, wcqclxwb.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xedojfgz.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, nrkditkl.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, wnktqssi.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qicfatbp.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, caixuhrn.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qofhcbif.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, cayxhuwu.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ljdtqduk.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gwjyyenw.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, auczsntl.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lrvebwch.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vykddtvx.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vsjsxydb.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xnnjyoya.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, edbmjaio.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ogsiqkgx.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ajpdoxza.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, bxpgymvx.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, cxgnhizw.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, bqvizmbs.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, krxtykeb.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dpylvwkb.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kpcextjw.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hbixmzoy.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gpzspuiq.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, glzqpbfc.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, czxisiyl.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, iequbeaz.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qfylmqhc.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qzkkfasv.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mypdhxpx.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jnukdxrv.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hffridii.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, acolzsme.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fomepyur.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dtynrawi.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, svgswher.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, czbxtady.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, swwaqujy.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ujnepjet.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, thfoplih.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, judjrlvl.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ydzusdeb.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ijotusqr.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, idfjpxxu.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kyrzhotu.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, oedxizkw.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xpuloqif.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qfnzqxme.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, phquhduk.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zpddiiga.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dmrpatvt.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gjxtewzw.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zfigvado.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tlliyzub.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, unyuwgez.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, uxdhrxlz.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tweivtqi.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qtqygvsz.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ctxqsjhy.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mwzvodgf.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, btnqmwmn.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hryhdesr.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gpyregdg.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, amysypjv.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lcsyhyss.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vrgwivmq.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vlymdatt.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xfbcvrot.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, eoqgouyy.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, nzhunmxh.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, aclxlzil.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, bqdaeolh.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, cqvhekhh.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jvjxdseh.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qgjclztu.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qqbunbsy.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat pgptzs.dll otzzvt.dll bxcfze.dll rmjbhy.dll ryvjxi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, rqdbzofo.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vkiyhelt.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, rhrezogq.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, nulnphys.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tqvnbwwo.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kexbkyhz.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qjgxzycm.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, pbrosocs.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, izvftxlr.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dkpdwyap.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, smpcbqgl.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fdygvokt.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hldipcou.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, shgixbhd.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xopifvmh.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zrjsgbjr.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, bnczvqjv.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fhzwdgga.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, egkhgrch.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xrbllkcy.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dnllxqau.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ucnzgacf.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, agwvuafs.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fteerrqt.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vznihzhi.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tucuvuoq.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ftigptuc.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, phallgxp.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, utvldxkk.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fhzllwvu.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kviluqay.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gdfljcum.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, efhlqplv.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fwkcxeyp.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ewvoipmw.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, hedpjkpu.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gfrxkpcv.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ytbtbzeg.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dgchirhs.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, faplupaj.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vorxbxqx.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tknayrxg.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fbtmjrms.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jyduzgxh.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, uazsydua.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, fwcsgunk.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kdlsooso.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, glrrmaeu.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat hmegwm.dll ,[%SYSTEM%]\saheloju.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat,HBmhly.dll,HBWOW.dll,HBTL.dll,HBASKTAO.dll,HBQQSG.dll,HBXMJ.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\guard32.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\hezigotu.dll fleclj.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.datXXXXXXXXXXXXXXXXXXXXXXX
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\semehine.dll [%SYSTEM%]\holuyibi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysW=[%WINDOWS%]\380841L.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\380841M.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\perapola.dll [%SYSTEM%]\notewufe.dll [%SYSTEM%]\kawolumi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat xszppj.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\cru629.dat yvvlsw.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\dibafeya.dll [%SYSTEM%]\mebokewe.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\sobamehu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\gejanojo.dll [%SYSTEM%]\rafaweti.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat wiudcz.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=secuload.dll,karna.dat hfbpzu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\wadomasu.dll [%SYSTEM%]\bokeneja.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat sgbqke.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat apucgp.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat ffyjsi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%PROGRAM_FILES%]\Google\GOOGLE~1\GOEC62~1.DLL qkkpkj.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\XPP2\255528M.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\pevojazi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat ybncvx.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat sclbmz.dll tnqqix.dll ibiwia.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\suhahebu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat gdcfyu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat japire.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat cocata.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysW=[%WINDOWS%]\779941L.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\guniyiyu.dll,[%SYSTEM%]\liwomajo.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat,[%SYSTEM%]\jekofozu.dll [%SYSTEM%]\duyesedi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\binupasa.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat,HBmhly.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat rqelut.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat upudnn.dll anjpxb.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\wahewozi.dll,[%SYSTEM%]\majudohi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\yetuheke.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat vmggxh.dll,[%SYSTEM%]\hikagazu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat,[%SYSTEM%]\kumeweva.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,yauncs.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat fltqzf.dll dlnjjz.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat fltqzf.dll dlnjjz.dll jbpwfn.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat[%SYSTEM%]\liyogune.dll gybuaj.dll qlxjlr.dll evywev.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\hijagolu.dll,[%SYSTEM%]\zivahesu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karina.dat [%SYSTEM%]\wayumabe.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karina.dat [%SYSTEM%]\wayumabe.dll,[%SYSTEM%]\tayufazu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat lnwehu.dll ccfbbq.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, TBMonEx=[%FONTS%]\00-18-F3-66-C9-67\system\wdfmgr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%SYSTEM%]\nefuwipi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVPSrv=[%WINDOWS%]\AVPSrv.exE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat rojzdw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ticisms=[%WINDOWS%]\ticisms.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WSockDrv32=[%WINDOWS%]\enskoe.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat ryfllr.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat ftmzll.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat coeuzd.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat bodbgy.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat ejkant.dll btjzyz.dll ehtbez.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat tdjhnw.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=kus109.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat PGPmapih.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat hfwbxu.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat ejkant.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat xhkren.dll amvvfh.dll esksob.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%WINDOWS%]\cru629.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat cjbfiz.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat rimzop.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat kgquej.dll qovcum.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat dvjczz.dll ilefgm.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat rexvmd.dll aqlsck.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat tkomve.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.dat xoowoy.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\cru629.dat,[%SYSTEM%]\dmocx32.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat kjmsvx.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat zmhalg.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.dat.com.au/
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\cru629.dat mssetd.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%PROGRAM_FILES%]\agnitum\outpos~1\wl_hook.dll cru629.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {0DB96520-1FCA-CA75-EB96-7520DC97521E}=

Delete following files:
[%SYSTEM%]\System.exe
[%SYSTEM%]\jwedsfdo0.dll
[%SYSTEM%]\jwedsfdo1.dll
[%SYSTEM%]\kxvo1.dll
[%SYSTEM%]\kxvo0.dll
[%SYSTEM%]\nmdfgds0.dll
[%SYSTEM%]\nmdfgds1.dll
[%SYSTEM_DRIVE%]\em8tqm.cmd
[%SYSTEM_DRIVE%]\n.com
[%SYSTEM%]\dpcxool64.sys
[%SYSTEM_DRIVE%]\boyedt.com
[%SYSTEM_DRIVE%]\eyt.exe
[%SYSTEM_DRIVE%]\husyu8n.exe
[%SYSTEM_DRIVE%]\ymxf2.exe
[%SYSTEM%]\optyhww0.dll
[%SYSTEM%]\urretnd.exe
[%SYSTEM_DRIVE%]\icxpa.cmd
[%SYSTEM%]\kacsde.exe
[%SYSTEM%]\pcm1394.sys
[%SYSTEM_DRIVE%]\dbrxubcw.com
[%SYSTEM_DRIVE%]\clc1al.com
[%SYSTEM_DRIVE%]\q1pady.cmd
[%SYSTEM%]\godert0.dll
[%SYSTEM%]\godert1.dll
[%SYSTEM%]\jwedsfdo2.dll
[%SYSTEM%]\lhgjyit0.dll
[%SYSTEM%]\lhgjyit1.dll
[%SYSTEM%]\lhgjyit2.dll
[%SYSTEM%]\uret463.exe
[%SYSTEM_DRIVE%]\3iugonx.com
[%SYSTEM_DRIVE%]\dgkx.exe
[%SYSTEM_DRIVE%]\dsty.com
[%SYSTEM_DRIVE%]\oc.cmd
[%SYSTEM_DRIVE%]\pjwtv.cmd
[%SYSTEM_DRIVE%]\y319s.exe
[%SYSTEM_DRIVE%]\uhoxajc.cmd
[%SYSTEM%]\optyhww1.dll
[%SYSTEM%]\karna.dat
[%SYSTEM%]\ckvo0.dll
[%SYSTEM_DRIVE%]\0bcobed.exe
[%SYSTEM_DRIVE%]\1ogf.exe
[%SYSTEM_DRIVE%]\ej10fkdo.bat
[%SYSTEM_DRIVE%]\g1ljsm.com
[%SYSTEM_DRIVE%]\nu.cmd
[%SYSTEM_DRIVE%]\jm3cx96.bat
[%FONTS%]\zZ5kDff9es3wZ9YZ.Ttf
[%FONTS%]\Qq3qg7RGSp9raxWW.Ttf
[%SYSTEM%]\gth69335.exe
[%SYSTEM_DRIVE%]\2fiy.bat
[%SYSTEM_DRIVE%]\a1agmur.cmd
[%SYSTEM_DRIVE%]\cv22.cmd
[%SYSTEM_DRIVE%]\i6g6x.cmd
[%SYSTEM_DRIVE%]\sys32krnl.exe
[%SYSTEM_DRIVE%]\syswin.exe
[%WINDOWS%]\tr.exe
[%SYSTEM%]\bgotrtu0.dll
[%SYSTEM%]\bgotrtu1.dll
[%SYSTEM%]\dsetwem0.dll
[%SYSTEM%]\kvosoft.exe
[%SYSTEM%]\uweyiwe0.dll
[%SYSTEM%]\HBmhly.dll
[%WINDOWS%]\wpcap.dll
[%SYSTEM%]\122B901E.dll
[%SYSTEM%]\HBASKTAO.dll
[%SYSTEM%]\HBWOW.dll
[%SYSTEM%]\HBXY2.dll
[%WINDOWS%]\Packet.dll
[%SYSTEM%]\HBJXSJ.dll
[%SYSTEM%]\sysmxd.dll
[%WINDOWS%]\WanPacket.dll
[%SYSTEM%]\HBWULIN2.dll
[%SYSTEM%]\kav320.dll
[%SYSTEM_DRIVE%]\npee.com
[%SYSTEM_DRIVE%]\vwewav8.com
[%SYSTEM%]\08223B03.dll
[%SYSTEM%]\56BC86C7.dll
[%SYSTEM%]\704C3595.dll
[%SYSTEM%]\76B9BA7A.dll
[%SYSTEM%]\A0C86020.dll
[%SYSTEM%]\BMsg6pdMD4ht.dll
[%SYSTEM%]\dhDhwS7fFW.dll
[%SYSTEM%]\ed78ab9.dll
[%SYSTEM%]\Hzs3R95W.dll
[%SYSTEM%]\taNjsFa2tT2Dh.dll
[%SYSTEM%]\ufQCU5.dll
[%SYSTEM%]\VnTU2WAqUcZA6.dll
[%SYSTEM%]\wF87W8XjgDW5Es6tuA.dll
[%SYSTEM%]\yp77Tt3UCG74J.dll
[%SYSTEM%]\ys7auTeZqZ8W.dll
[%FONTS%]\f13ERxR2Urh.fon
[%FONTS%]\tY5UFS434YYd.fon
[%SYSTEM%]\A1A6BC2E.dll
[%SYSTEM%]\E4814792.dll
[%SYSTEM%]\GaZ2AKyYG.dll
[%SYSTEM%]\j8EG7scz8.dll
[%SYSTEM%]\m37tEtTX7Ye5c.dll
[%SYSTEM%]\skcfujQ5EDN.dll
[%SYSTEM%]\v6yj3gxacYQU.dll
[%FONTS%]\CESPVP8FQd.fon
[%FONTS%]\MbsV2QQJe.fon
[%SYSTEM%]\svtepps.dll
[%WINDOWS%]\Help\F3C74E3FA248.dll
[%WINDOWS%]\Help\F3C74E3FA248.exe
[%SYSTEM%]\2EF0D734.dll
[%SYSTEM%]\3D144530.dll
[%SYSTEM%]\ACg9ycsarj8y.dll
[%SYSTEM%]\CCCA2FB9.dll
[%SYSTEM%]\CDuAUVkGy9.dll
[%SYSTEM%]\GrTZqH5SnRhAt.dll
[%SYSTEM%]\kT2NuqZeGma.dll
[%SYSTEM%]\kW5xUYZjcSnWs.dll
[%SYSTEM%]\PkVyCX5kHnftC7BXjt.dll
[%FONTS%]\uXUsF2RrQy.fon
[%FONTS%]\xbaDtK8wjtgDDaS7M.Ttf
[%FONTS%]\KXBqRpa2mrNPeXKb.Ttf
[%SYSTEM%]\gasretyw0.dll
[%PROGRAM_FILES%]\Internet Explorer\MainCode.api
[%SYSTEM%]\GTH60343.exe
[%FONTS%]\GTH60343.ttf
[%SYSTEM_DRIVE%]\xih9.cmd
[%PROGRAM_FILES%]\INTERN~1\PLUGINS\b54321.bho
[%SYSTEM_DRIVE%]\m0vnonh.bat
[%SYSTEM_DRIVE%]\j60osk9.cmd
[%SYSTEM_DRIVE%]\uvsqfgwd.cmd
[%PROGRAM_FILES%]\Internet Explorer\LookHttp.jsp
[%SYSTEM%]\efc0c52cc1.dll
[%SYSTEM%]\fywd.dll
[%SYSTEM%]\inertno.exe
[%SYSTEM%]\soliee.exe
[%SYSTEM%]\soss.exe
[%SYSTEM%]\xoxx.exe
[%SYSTEM%]\lhp32.dll
[%SYSTEM%]\karina.dat
[%SYSTEM%]\gasretyw1.dll
[%WINDOWS%]\npptools.dll
[%SYSTEM%]\kavo.exe
[%SYSTEM%]\kavo0.dll
[%SYSTEM%]\kavo1.dll
[%PROGRAM_FILES%]\zzToolBar\Toolbar_bho.dll
[%SYSTEM%]\kxvo.exe
[%SYSTEM%]\fool1.dll
[%PROGRAM_FILES%]\Internet Explorer\PowerJa.ask
[%SYSTEM%]\yzztlmsn.dll
[%SYSTEM%]\mndshsrv.dll
[%SYSTEM%]\tysqbkol.dll
[%SYSTEM%]\zptlcsys.dll
[%SYSTEM%]\yxcschlp.dll
[%SYSTEM%]\ijdybpaw.dll
[%SYSTEM%]\rijxbkin.dll
[%SYSTEM%]\detxbiua.dll
[%SYSTEM%]\BrowserHelper.dll
[%WINDOWS%]\karna.dat
[%SYSTEM%]\Drivers\HBKernel32.sys
[%SYSTEM%]\HBZHUXIAN.dll
[%SYSTEM%]\8566F82E.dll
[%WINDOWS%]\SYSTEM\xccef090131.exe
[%SYSTEM%]\oezckwu.dll
[%SYSTEM%]\HBZG.dll
[%SYSTEM%]\HBBO.dll
[%SYSTEM%]\HBCHIBI.dll
[%SYSTEM%]\HBQQFFO.dll
[%SYSTEM%]\Drivers\HBKernel.sys
[%SYSTEM%]\cru629.dat
[%PROGRAM_FILES%]\Internet Explorer\IETimber\IETimber.dll
[%WINDOWS%]\Intel\baiduc.dll
[%SYSTEM%]\allmax.dll
[%PROGRAM_FILES%]\Tencent\QQ\QQIEHelper.dll
[%PROGRAM_FILES%]\Internet Explorer\DoboMako.lsp
[%SYSTEM%]\HBFY.dll
[%SYSTEM%]\HB1000Y.dll
[%SYSTEM%]\HBCT.dll
[%SYSTEM%]\HBSOUL.dll
[%PROGRAM_FILES%]\Internet Explorer\Plugins\WinNt64.Jmp
[%SYSTEM%]\xunleiBHO13.dll
[%SYSTEM%]\aaa.dll
[%SYSTEM%]\HBSO2.dll
[%SYSTEM%]\j3ewro.exe
[%WINDOWS%]\xccdf16_090131a.dll
[%WINDOWS%]\xccdf32_090131a.dll
[%SYSTEM%]\inf\xccdfb16_090131.dll
[%PROGRAM_FILES%]\Internet Explorer\CoboMake.jsp
[%PROGRAM_FILES%]\Internet Explorer\PowerJz.zsk
[%SYSTEM%]\5102a80.sys
[%SYSTEM%]\HBQQSG.dll
[%SYSTEM%]\12B02216.dll
[%SYSTEM%]\HBKDXY.dll
[%SYSTEM%]\revo.exe
[%SYSTEM%]\revo0.dll
[%SYSTEM%]\HBSHQ.dll
[%WINDOWS%]\SYSTEM\ming9a090110.exe
[%WINDOWS%]\SYSTEM\zhahss090101.exe
[%SYSTEM%]\HBW2I.dll
[%SYSTEM%]\HBYY.dll
[%SYSTEM%]\b160485.sys
[%SYSTEM%]\b71fe93.sys
[%SYSTEM%]\d812a079.sys
[%SYSTEM%]\HBTW2.dll
[%SYSTEM%]\HBFS2.dll
[%WINDOWS%]\xccdf16_090123a.dll
[%WINDOWS%]\SYSTEM\xccef090123.exe
[%SYSTEM%]\inf\xccdfb16_090123.dll
[%WINDOWS%]\xccdf32_090123a.dll
[%WINDOWS%]\xccdfb16_090123.dll
[%WINDOWS%]\xccdf16_090112a.dll
[%WINDOWS%]\xccdf32_090112a.dll
[%WINDOWS%]\SYSTEM\xccef090112.exe
[%SYSTEM%]\inf\xccdfb16_090112.dll
E:\QQ\QQIEHelper.dll
[%WINDOWS%]\SYSTEM\lljyn090118.exe
[%PROGRAM_FILES%]\Internet Explorer\Plugins\Unix_Me.Jmp
[%WINDOWS%]\dcbdcatys32_090120a.dll
[%WINDOWS%]\wftadfi16_090120a.dll
[%WINDOWS%]\SYSTEM\lz090121.exe
[%WINDOWS%]\SYSTEM\sgcxcxxaspf090120.exe
[%SYSTEM%]\inf\scsys16_090120.dll
[%WINDOWS%]\SYSTEM\jjxzwzjy090122.exe
[%SYSTEM%]\kus109.dat
[%SYSTEM%]\HBLYFX.dll
[%PROGRAM_FILES%]\Internet Explorer\Plugins\SysWin7s.Jmp
[%PROGRAM_FILES%]\Internet Explorer\Plugins\system.jmp
[%PROGRAM_FILES%]\Internet Explorer\fzsKetNt.Ps2
[%PROGRAM_FILES%]\Internet Explorer\Plugins\UnixSys32.Jmp
[%SYSTEM%]\txgckwcz.dll
[%SYSTEM%]\HBWD.dll
[%SYSTEM%]\HBJTLQ.dll
[%WINDOWS%]\fmsbbqi.exe
[%SYSTEM%]\HBTL.dll
[%SYSTEM%]\HBXMJ.dll
[%SYSTEM%]\fool2.dll
[%SYSTEM%]\revo1.dll
[%SYSTEM%]\HBDNF.dll
[%SYSTEM%]\HBQQXX.dll
[%SYSTEM%]\ukrth.dll
[%SYSTEM%]\mpwdeapi.dll
[%SYSTEM%]\archibidll.dll
[%SYSTEM%]\hhweasau.dll
[%SYSTEM%]\vyidgunh.dll
[%SYSTEM%]\rjpnvahf.dll
[%SYSTEM%]\comuidsg.dll
[%SYSTEM%]\odpvunnp.dll
[%SYSTEM%]\lmmpbvvj.dll
[%SYSTEM%]\ohdwrqem.dll
[%SYSTEM%]\Drivers\4.tmp
[%PROGRAM_FILES%]\Internet Explorer\Plugins\UnixeMe.Jmp
[%SYSTEM%]\delnice.dll
[%SYSTEM%]\udhezvcc.dll
[%SYSTEM%]\qwexfdym.dll
[%WINDOWS%]\Temp\~ms40.tmp
[%PROGRAM_FILES%]\Internet Explorer\Plugins\Nv_Win3s.Jmp
[%PROGRAM_FILES%]\Internet Explorer\Plugins\Unixs32.Jmp
[%WINDOWS%]\Temp\~ms21.tmp
[%WINDOWS%]\Temp\~ms22.tmp
[%SYSTEM%]\d699e62c.dat
[%PROGRAM_FILES%]\Yam\QQ\QQIEHelper.dll
[%WINDOWS%]\Temp\~ms33.tmp
[%WINDOWS%]\Temp\~ms34.tmp
[%SYSTEM%]\xewkqxao.dll
[%SYSTEM%]\hbniurdu.dll
[%SYSTEM%]\ujflaurt.dll
[%WINDOWS%]\Temp\~ms10.tmp
[%WINDOWS%]\Temp\~ms11.tmp
[%WINDOWS%]\Temp\~ms12.tmp
[%WINDOWS%]\Temp\~ms13.tmp
[%WINDOWS%]\Temp\~ms14.tmp
[%WINDOWS%]\Temp\~ms15.tmp
[%WINDOWS%]\Temp\~ms17.tmp
[%WINDOWS%]\Temp\~ms18.tmp
[%WINDOWS%]\Temp\~ms19.tmp
[%WINDOWS%]\Temp\~ms73.tmp
[%WINDOWS%]\Temp\~ms74.tmp
[%WINDOWS%]\Temp\~ms75.tmp
[%WINDOWS%]\Temp\~ms77.tmp
[%WINDOWS%]\Temp\~ms78.tmp
[%WINDOWS%]\Temp\~ms79.tmp
[%WINDOWS%]\Temp\~ms87.tmp
[%WINDOWS%]\Temp\~ms88.tmp
[%WINDOWS%]\Temp\~ms20.tmp
[%SYSTEM%]\niojgkft.dll
[%SYSTEM%]\fgxwbizw.dll
[%SYSTEM%]\wykfzmgg.dll
[%SYSTEM%]\jxdiogbx.dll
[%PROGRAM_FILES%]\Internet Explorer\Vv54321t.321
[%WINDOWS%]\Temp\~ms30.tmp
[%WINDOWS%]\Temp\~ms31.tmp
[%WINDOWS%]\Temp\~ms32.tmp
[%WINDOWS%]\Temp\~ms35.tmp
[%SYSTEM%]\hewansxt.dll
[%SYSTEM%]\dmrpatvt.dll
[%SYSTEM%]\qfylmqhc.dll
[%SYSTEM%]\czxisiyl.dll
[%SYSTEM%]\zpddiiga.dll
[%WINDOWS%]\Temp\~ms89.tmp
[%SYSTEM%]\rqdbzofo.dll
[%SYSTEM%]\bnczvqjv.dll
[%SYSTEM%]\efhlqplv.dll
[%WINDOWS%]\karina.dat
[%PROGRAM_FILES%]\Internet Explorer\Plugins\DosSys16.Jmp
[%WINDOWS%]\bincdwsa.exe
[%WINDOWS%]\dbhlp32.exe
[%WINDOWS%]\fmsjhif.exe
[%WINDOWS%]\mfchlp64.exe
[%PROGRAM_FILES%]\Internet Explorer\53u1ttMe.2ys
[%PROGRAM_FILES%]\Internet Explorer\Plugins\SysWin16.Jmp
[%PROGRAM_FILES%]\Internet Explorer\Plugins\WinSys16.Sys
[%PROGRAM_FILES%]\Internet Explorer\Plugins\DosSys32.Jmp
[%WINDOWS%]\AVPSrv.exE
[%SYSTEM%]\drivers\msyecp.sys
[%SYSTEM%]\drivers\msaclue.sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\WinSys8v.Sys
[%PROGRAM_FILES%]\Internet Explorer\Plugins\Nt_Win32.Jmp
[%PROGRAM_FILES%]\Internet Explorer\Plugins\Sys_Win7s.Jmp
[%PROGRAM_FILES%]\Internet Explorer\Plugins\Sy_Win7k.Jmp
[%PROGRAM_FILES%]\Internet Explorer\Plugins\NewSys32.Sys
[%SYSTEM%]\msosmhfp00.dll
[%SYSTEM%]\msoscqit00.dll
[%SYSTEM%]\msosdohs00.dll
[%SYSTEM%]\msosmnsf00.dll
[%SYSTEM%]\ticisms.dll
[%WINDOWS%]\cru629.dat
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\Windows64.Sys
[%SYSTEM%]\STVXYLM.dll

Delete following folders:
[%SYSTEM_DRIVE%]\Dokumente
[%COMMON_APPDATA%]\Jump Cdrom Owns.qa9sdqe
[%COMMON_APPDATA%]\globalfragfrag.s8glg




No comments:

Post a Comment

AddThis