Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I Think I am Infected! Scans Pick Up Nothing! msiexec.exe Runs

Started by FPSFan , Oct 16 2008 08:33 PM

This topic is locked

#16
eddie5659

Posted 27 October 2008 - 04:36 PM

Trusted Helper

Malware Removal
1,980 posts

SafeMode doesn't work still? Okay, lets have a look at that before you attempt the SDfix.

As soon as your online scan is complete, try the following:

To get safeboot.txt:

Click Start>Run
Copy the lines in the box below, and paste it in the run box that opens:

regedit /e c:\safeboot.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot"
Click “Ok”
Double click the My Computer icon, then your C drive
In there, you will see a file called safeboot.txt. Double click to open it.
Copy and paste the text into a reply to your thread.

eddie

#17
FPSFan

Posted 27 October 2008 - 04:44 PM

Member

Topic Starter
Member
74 posts

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

#18
FPSFan

Posted 27 October 2008 - 04:51 PM

Member

Topic Starter
Member
74 posts

The "My Computer" as well as the others were not working, as in they were freezing and the browser stops responding. Java is up-to-date because it downloaded the files without a problem. I went to single file scan and I was able to scan Windows.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 20:30:26
Records in database: 1351940
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\WINDOWS

Scan statistics:
Files scanned: 13567
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:09:57

No malware has been detected. The scan area is clean.

The selected area was scanned.

#19
FPSFan

Posted 27 October 2008 - 05:45 PM

Member

Topic Starter
Member
74 posts

Ok, I am semi-happy right now. I made progress with SDFix by moving the 3 AVG files to a different folder and restored them after SDFix was fully finished. file found:

SDFix: Version 1.238
Run by Administrator on Mon 10/27/2008 at 06:15 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\hosts - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 18:36:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4f,0d,8b,9a,2c,a9,5e,20,70,8b,f0,47,3f,cd,b0,df,db,7d,82,d0,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4f,0d,8b,9a,2c,a9,5e,20,70,8b,f0,47,3f,cd,b0,df,db,7d,82,d0,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4f,0d,8b,9a,2c,a9,5e,20,70,8b,f0,47,3f,cd,b0,df,db,7d,82,d0,45,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{46143738-5D9C-8708-243F-81D0777DAB0A}]
"abamicjfalbapgjmnmjidbhmlhokglgbac"=hex:64,62,67,6c,61,6e,61,69,68,6d,6b,65,6d,6d,67,6d,6e,6b,63,62,65,..
"bbamicjfalbapgjmnmcigmmbbojfepfppddf"=hex:61,62,62,6a,6f,6e,68,6e,6f,6b,63,6d,66,6b,65,63,65,68,6c,65,64,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\half-life 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\half-life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Quake2\\Quake2maX.exe"="C:\\Quake2\\Quake2maX.exe:*:Enabled:Quake2maX"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\half-life blue shift\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\half-life blue shift\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\garrysmod\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\garrysmod\\hl2.exe:*:Enabled:hl2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\HalfLife2Beta\\hl2.exe"="C:\\Program Files\\HalfLife2Beta\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\commanderdoom1\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\id Software\\Quake 4\\Quake4.exe"="C:\\Program Files\\id Software\\Quake 4\\Quake4.exe:*:Enabled:Quake 4"
"C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\half-life deathmatch source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\half-life deathmatch source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\day of defeat source\\hl2.exe:*:Disabled:hl2"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:WindowsR NetMeetingR"
"C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\source dedicated server\\srcds.exe"="C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\source dedicated server\\srcds.exe:*:Enabled:srcds"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Disabled:File Transfer Protocol"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\HalfLife2Beta\\EkomZ.exe"="C:\\Program Files\\HalfLife2Beta\\EkomZ.exe:*:Enabled:EkomZ"
"C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\source sdk base 2007\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\source sdk base 2007\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\insurgency\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\CommanderDoom1\\insurgency\\hl2.exe:*:Enabled:hl2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 18 Aug 2008 145,920 ..SHR --- "C:\Program Files\WinPatrol\Setup.exe"
Thu 7 Aug 2008 1,024 A..H. --- "C:\System Volume Information\_restore{C792DA24-822A-4C74-92EC-68A0FC619639}\RP11\A0005048.sys"
Mon 15 Sep 2008 1,562,960 A..H. --- "C:\System Volume Information\_restore{C792DA24-822A-4C74-92EC-68A0FC619639}\RP23\A0005890.dll"
Mon 7 Jul 2008 1,429,840 A..H. --- "C:\System Volume Information\_restore{C792DA24-822A-4C74-92EC-68A0FC619639}\RP23\A0005893.exe"
Mon 7 Jul 2008 4,891,472 A..H. --- "C:\System Volume Information\_restore{C792DA24-822A-4C74-92EC-68A0FC619639}\RP23\A0005895.exe"
Tue 16 Sep 2008 1,833,296 A..H. --- "C:\System Volume Information\_restore{C792DA24-822A-4C74-92EC-68A0FC619639}\RP23\A0005897.exe"
Fri 27 Jun 2008 249,879 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Tue 12 Aug 2008 1,977 ...HR --- "C:\Documents and Settings\LEO\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

My computer seems to be running more smoothly than before. Thanks for all your help so far!

Edited by FPSFan, 01 November 2008 - 11:10 AM.

#20
eddie5659

Posted 30 October 2008 - 01:05 PM

Trusted Helper

Malware Removal
1,980 posts

Okay, there is an entry that I just want to check out, so if you can export teh key, that would be great

Go to Start | Run and type

REGEDIT

and press Ok.

Now, on your left are folders, and you browse through them, clicking the + like you do in Windows Explorer

So, navigate to this folder, and click to highlight it:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{46143738-5D9C-8708-243F-81D0777DAB0A}

Then, at the top Menu, click on File and then Export. Call the file Info, and make sure the Save as Type is *.reg. It should be this by default. Save to your Desktop.

Now, to paste the contents here, rightclick on the reg file you just created, and select Edit.

Copy/paste the contents here, in a code box, eg: [ code]info blah blah [/ code]

Note, there is no space in the brackets, I've just put that there so you can see it

eddie

Edited by eddie5659, 30 October 2008 - 01:06 PM.

#21
FPSFan

Posted 30 October 2008 - 04:41 PM

Member

Topic Starter
Member
74 posts

"Error while opening key {key name}"

I can't open it. When I tried to save, it said "Cannot find specified key."

Should I delete it?

#22
eddie5659

Posted 30 October 2008 - 05:46 PM

Trusted Helper

Malware Removal
1,980 posts

No, not yet. I'll need to have a look at this, so will be back tomorrow, as its nearly 12am here.

It may be legit, just need to check some stuff first.

#23
eddie5659

Posted 01 November 2008 - 05:12 AM

Trusted Helper

Malware Removal
1,980 posts

Download GMER and save it to your Desktop.

Unzip GMER to your Desktop. It will create a folder named gmer
Open the gmer folder and double click gmer.exe to run the program
On starting GMER will run a short scan, allow it to complete this.
Click on the > > > tab to open the menus
Click on the Registry tab to open GMERS registry editor
Now carefully navigate to the following Key by using the + icon to unfold the path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Now click on the folder icon for {46143738-5D9C-8708-243F-81D0777DAB0A}
With the folder selected click the Export button
Save the file to your desktop as Export.reg
Close GMER by clicking the OK button at the bottom right hand side of the program window
Now open Export.reg by Right Clicking it and choosing Edit
Please post the contents of Export.reg in your next reply.

#24
FPSFan

Posted 01 November 2008 - 10:59 AM

Member

Topic Starter
Member
74 posts

My internet is so messed up right now, that it redirects to a "Cannot display the page" every 2 searches. I'm sorry that this is happening, but I will post as soon as I can.

I also that TUKernal.exe keeps coming back into system32.

I'm also Defragging for once, and there is about 9.2 gigs that need to be defragged. So, I'll see how she runs after.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{46143738-5D9C-8708-243F-81D0777DAB0A}]
"abamicjfalbapgjmnmjidbhmlhokglgbac"=hex:64,62,67,6c,61,6e,61,69,68,6d,6b,65,6d,6d,67,6d,6e,6b,63,62,65,6f,6d,6
3,62,70,62,68,67,62,68,6f,65,63,6e,63,63,6a,6c,63,00,5c
"bbamicjfalbapgjmnmcigmmbbojfepfppddf"=hex:61,62,62,6a,6f,6e,68,6e,6f,6b,63,6d,66,6b,65,63,65,68,6c,65,64,68,64,6
1,70,68,63,6f,6a,65,6e,6d,70,6f,00,63

(FYI, it looks like the files are usless or malicious since they are a bunch of random letters typed.) I'll let you analyze this, and report back anytime convenient for you.

**11-3-08**Redirecting problem persists ,but worsens, and I had to download Google Chrome because the sluggishness of IE7 was so bad. Defragging finished, TUKernal hasn't appeared for 2 days.**

Edited by FPSFan, 03 November 2008 - 08:33 PM.

#25
eddie5659

Posted 04 November 2008 - 04:22 AM

Trusted Helper

Malware Removal
1,980 posts

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

Download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.

Registry Modifications

Please download and unzip Icesword to its own folder.

Open the Icesword folder, locate Icesword.exe and double click it to run the program
Posted Image

Click the Registry tab in the bottom right corner of the Icesword window.
Posted Image

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{46143738-5D9C-8708-243F-81D0777DAB0A}
Posted Image

Right click on {46143738-5D9C-8708-243F-81D0777DAB0A} and choose Delete
Posted Image

Click Yes to confirm the deletion, then close Icesword by clicking the red X
Posted Image

Also, do the same for the following keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

After this is all done, can you post a fresh RSIT log

eddie

#26
FPSFan

Posted 04 November 2008 - 03:38 PM

Member

Topic Starter
Member
74 posts

Let me guess that it isn't a good thing that the registry key will not delete. When I press ok to delete, it doesn't disappear. I went back into the program again to see if it would and it did not. The two nm.sys files deleted immediately, and they had no files inside of them.

Logfile of random's system information tool 1.04 (written by random/random)
Run by LEO at 2008-11-05 18:51:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 200 GB (66%) free of 305 GB
Total RAM: 3327 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:11 PM, on 11/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\steam\steamapps\HLSS\hlss300\HLSS.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\LEO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LEO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\LEO\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\LEO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Eset Service] "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: CookieWall.lnk = C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WMP300NSvc - GEMTEKS - C:\Program Files\Wireless-N PCI Adapter\WLService.exe

--
End of file - 6046 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-09-24 756840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-23 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-30 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-30 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=C:\Program Files\WinPatrol\winpatrol.exe [2008-07-04 333120]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-10-25 1410304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Eset Service"=C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-10-25 455936]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-07-27 15360]
"Steam"=c:\program files\steam\steam.exe [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-23 1235736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2007-07-27 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\LEO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-01 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
C:\Program Files\ViOrb\ViOrb.exe [2008-10-21 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZeppelinService"=2
"StyleXPService"=2
"Spooler"=2
"ImapiService"=3
"OcHealthMon"=2
"vsmon"=2
"winss"=2
"SCardSvr"=3
"ERSvc"=2
"AVKService"=2
"AVKProxy"=2
"RemoteRegistry"=2
"LBTServ"=3
"ThreatFire"=2
"AntiVirMailService"=2
"avast! Mail Scanner"=3

C:\Documents and Settings\LEO\Start Menu\Programs\Startup
CookieWall.lnk - C:\Program Files\AnalogX\CookieWall\cookie.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2007-11-15 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\WindowBlinds\wbsrv.dll [2008-08-02 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\IconPackager\iprepair.dll [2008-05-15 65536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDeletePrinter"=0
"NoAddPrinter"=0
"Btn_Back"=0
"Btn_Forward"=0
"Btn_Stop"=2
"Btn_Refresh"=0
"Btn_Home"=0
"Btn_Folders"=2
"Btn_Favorites"=2
"Btn_Media"=2
"Btn_History"=0
"Btn_Fullscreen"=2
"Btn_Tools"=0
"Btn_MailNews"=2
"Btn_Size"=2
"Btn_Print"=2
"Btn_Edit"=2
"Btn_Discussions"=0
"Btn_Cut"=0
"Btn_Copy"=0
"Btn_Paste"=0
"Btn_Encoding"=0
"Btn_PrintPreview"=0
"NoFileUrl"=0
"MemCheckBoxInRunDlg"=0
"NoStrCmpLogical"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoChangeAnimation"=
"NoStrCmpLogical"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Steam\steamapps\commanderdoom1\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\commanderdoom1\condition zero deleted scenes\hl.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\commanderdoom1\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Steam\steamapps\commanderdoom1\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\commanderdoom1\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\commanderdoom1\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\commanderdoom1\half-life 2\hl2.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\half-life 2\hl2.exe:*:Enabled:hl2"
"C:\Quake2\Quake2maX.exe"="C:\Quake2\Quake2maX.exe:*:Enabled:Quake2maX"
"C:\Program Files\Steam\steamapps\commanderdoom1\half-life blue shift\hl.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\commanderdoom1\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\commanderdoom1\garrysmod\hl2.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\garrysmod\hl2.exe:*:Enabled:hl2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HalfLife2Beta\hl2.exe"="C:\Program Files\HalfLife2Beta\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\commanderdoom1\team fortress classic\hl.exe"="C:\Program Files\Steam\steamapps\commanderdoom1\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\id Software\Quake 4\Quake4.exe"="C:\Program Files\id Software\Quake 4\Quake4.exe:*:Enabled:Quake 4"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\CommanderDoom1\half-life deathmatch source\hl2.exe"="C:\Program Files\Steam\steamapps\CommanderDoom1\half-life deathmatch source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\CommanderDoom1\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\CommanderDoom1\day of defeat source\hl2.exe:*:Disabled:hl2"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Steam\steamapps\CommanderDoom1\source dedicated server\srcds.exe"="C:\Program Files\Steam\steamapps\CommanderDoom1\source dedicated server\srcds.exe:*:Enabled:srcds"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Protocol"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\HalfLife2Beta\EkomZ.exe"="C:\Program Files\HalfLife2Beta\EkomZ.exe:*:Enabled:EkomZ"
"C:\Program Files\Steam\steamapps\CommanderDoom1\source sdk base 2007\hl2.exe"="C:\Program Files\Steam\steamapps\CommanderDoom1\source sdk base 2007\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\CommanderDoom1\insurgency\hl2.exe"="C:\Program Files\Steam\steamapps\CommanderDoom1\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\CommanderDoom1\zombie panic! source\hl2.exe"="C:\Program Files\Steam\steamapps\CommanderDoom1\zombie panic! source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\CommanderDoom1\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\CommanderDoom1\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-05 18:31:11 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-05 18:31:11 ----A---- C:\WINDOWS\gmer.dll
2008-11-05 18:31:10 ----A---- C:\WINDOWS\gmer.exe
2008-11-04 17:50:18 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-04 17:00:36 ----A---- C:\lopR.txt
2008-11-04 17:00:10 ----D---- C:\Lop SD
2008-11-04 15:59:03 ----A---- C:\WINDOWS\gmer.ini
2008-11-04 15:24:32 ----D---- C:\Program Files\ERUNT
2008-11-03 15:53:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-01 15:25:30 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-11-01 07:41:23 ----D---- C:\Program Files\Common Files\Scanner
2008-10-31 21:11:49 ----SHD---- C:\RECYCLER
2008-10-31 21:11:13 ----D---- C:\WINDOWS\temp
2008-10-31 21:11:12 ----A---- C:\ComboFix.txt
2008-10-31 21:07:58 ----D---- C:\Qoobox
2008-10-31 21:07:53 ----D---- C:\ComboFix
2008-10-31 14:11:42 ----D---- C:\ERDNT
2008-10-29 16:53:53 ----HD---- C:\Program Files\Uninstall Information
2008-10-29 15:43:07 ----D---- C:\Program Files\Trend Micro
2008-10-27 17:10:17 ----D---- C:\WINDOWS\ERUNT
2008-10-27 14:14:23 ----D---- C:\Program Files\RegCure
2008-10-26 10:04:08 ----D---- C:\Documents and Settings\LEO\Application Data\Macromedia
2008-10-24 15:24:30 ----A---- C:\WINDOWS\wininit.ini
2008-10-23 18:03:34 ----D---- C:\rsit
2008-10-23 16:57:25 ----D---- C:\Program Files\XoftSpySE
2008-10-21 20:00:41 ----D---- C:\Program Files\ViOrb
2008-10-14 19:40:45 ----SHD---- C:\RECYCLER(2)
2008-10-12 13:41:07 ----D---- C:\Program Files\GCFScape
2008-10-11 22:34:05 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-10 22:10:06 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-10 22:05:00 ----D---- C:\WINDOWS\system32\AGEIA
2008-10-10 22:04:59 ----D---- C:\Program Files\AGEIA Technologies
2008-10-09 21:10:36 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-10-09 21:05:44 ----D---- C:\Program Files\ZonedOut

======List of files/folders modified in the last 1 months======

2008-11-05 18:33:33 ----D---- C:\WINDOWS
2008-11-05 18:31:11 ----D---- C:\WINDOWS\system32\drivers
2008-11-05 17:41:12 ----D---- C:\WINDOWS\system32
2008-11-05 16:25:07 ----D---- C:\Documents and Settings\LEO\Application Data\LimeWire
2008-11-05 14:12:06 ----D---- C:\Program Files\Steam
2008-11-05 13:25:45 ----D---- C:\WINDOWS\Debug
2008-11-04 22:17:05 ----RHD---- C:\$AVG8.VAULT$
2008-11-04 21:49:49 ----D---- C:\Program Files\ViStart
2008-11-04 21:39:40 ----RSH---- C:\boot.ini
2008-11-04 21:27:06 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-04 21:27:05 ----RD---- C:\Program Files
2008-11-04 17:56:54 ----D---- C:\WINDOWS\ERDNT
2008-11-04 17:52:21 ----D---- C:\WINDOWS\system32\config
2008-11-04 17:15:10 ----D---- C:\Program Files\SpywareBlaster
2008-11-03 15:09:15 ----SHD---- C:\System Volume Information
2008-11-03 15:09:15 ----D---- C:\WINDOWS\system32\Restore
2008-11-03 14:31:29 ----HD---- C:\WINDOWS\inf
2008-11-03 14:30:51 ----D---- C:\WINDOWS\system32\Macromed
2008-11-02 19:04:59 ----SD---- C:\WINDOWS\Tasks
2008-11-02 09:13:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 08:51:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 08:47:58 ----D---- C:\WINDOWS\Prefetch
2008-11-01 18:25:42 ----SHD---- C:\WINDOWS\Installer
2008-11-01 15:25:30 ----D---- C:\WINDOWS\Help
2008-11-01 10:32:10 ----D---- C:\Program Files\Internet Explorer
2008-11-01 07:41:23 ----D---- C:\Program Files\Common Files
2008-10-31 21:15:02 ----D---- C:\Documents and Settings
2008-10-31 21:09:50 ----D---- C:\WINDOWS\AppPatch
2008-10-30 17:57:59 ----D---- C:\Program Files\FLV Player
2008-10-27 17:14:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-26 16:13:40 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-10-26 15:59:49 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-26 14:47:47 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 14:40:30 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-26 08:41:37 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-25 08:47:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 15:35:50 ----D---- C:\Program Files\Cheat Engine
2008-10-21 19:33:53 ----SD---- C:\Documents and Settings\LEO\Application Data\Microsoft
2008-10-15 15:30:25 ----D---- C:\WINDOWS\system32\wbem
2008-10-15 15:30:25 ----D---- C:\WINDOWS\Registration
2008-10-15 15:29:55 ----D---- C:\Program Files\AnalogX
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 19:46:35 ----D---- C:\WINDOWS\Internet Logs
2008-10-13 10:53:03 ----D---- C:\Program Files\Defraggler
2008-10-13 00:36:51 ----D---- C:\Program Files\JavaRa
2008-10-12 23:37:32 ----A---- C:\WINDOWS\WB.ini
2008-10-12 13:58:00 ----RSD---- C:\WINDOWS\assembly
2008-10-12 13:58:00 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-11 15:32:02 ----D---- C:\Converted Music
2008-10-10 22:08:22 ----D---- C:\WINDOWS\nview
2008-10-09 20:44:02 ----D---- C:\WINDOWS\WinSxS
2008-10-07 13:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-29 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-30 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-23 90632]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-10-25 27144]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 30728]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-07-27 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-10-25 33800]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-07-27 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-07-27 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-07-27 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys []
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 BCM43XX;Linksys Wireless-N PCI Adapter WMP300N Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-24 543104]
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-05 85969]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\WIRELE~1\GTNDIS5.SYS []
S3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
S3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\drivers\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\drivers\SymIMMP.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2007-07-27 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-07-27 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-10-25 455936]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2007-07-27 14336]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-10-25 18176]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-09 355584]
S3 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-04-24 20992]
S3 WMP300NSvc;WMP300NSvc; C:\Program Files\Wireless-N PCI Adapter\WLService.exe [2005-07-04 53307]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-07-27 14336]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2007-11-15 121360]
S4 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]

-----------------EOF-----------------

Services.exe is still running at 25% all the time! Really eating CPU. None of my CD-ROM Drives Are Being Read! IceSword No Longer Opens!

Edited by FPSFan, 05 November 2008 - 10:09 PM.

#27
eddie5659

Posted 06 November 2008 - 01:54 PM

Trusted Helper

Malware Removal
1,980 posts

Copy/paste the following line into a new Notepad file. Then click File | Save As, and in the File Name, call it fix.reg. Ensure the Save as Type is showing as All Files. Save it to your Desktop.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{46143738-5D9C-8708-243F-81D0777DAB0A}]
@=""

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{46143738-5D9C-8708-243F-81D0777DAB0A}]

Locate the fix.reg file on your Desktop, doubleclick and when the option appears saying Are you sure you want to Add the information in fix.reg to the Registry?, select Yes.

After doing that, go to Start then Run and copy/paste the following:

regedit /e C:\extensionspeek.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions"

And press OK. Then, go to Windows Explorer, and post the contents of the C:\extensionspeek.txt

Edited by eddie5659, 06 November 2008 - 01:54 PM.

#28
FPSFan

Posted 06 November 2008 - 03:17 PM

Member

Topic Starter
Member
74 posts

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}]
@="Web Folders"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{46143738-5D9C-8708-243F-81D0777DAB0A}]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,3c,6b,9c,7c,3a,4b,c7,58,54,40,c9,01
"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,3c,3f,3c,15,31,4c,c8,01
"{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,e5,68,3f,fc,e3,75,c8,01
"{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,4a,66,43,15,31,4c,c8,01
"{FBF23B40-E3F0-101B-8488-00AA003E56F8} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,1a,79,56,15,31,4c,c8,01
"{7007ACC7-3202-11D1-AAD2-00805FC1270E} {93F2F68C-1D1B-11D3-A30E-00C04F79ABD1} 0x401"=hex:01,\
00,00,00,33,00,34,00,90,29,67,15,31,4c,c8,01
"{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,3c,6b,9c,7c,48,5c,1c,16,31,4c,c8,01
"{A70C977A-BF00-412C-90B7-034C51DA2439} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,e4,4b,2e,32,31,4c,c8,01
"{FF393560-C2A7-11CF-BFF4-444553540000} {062E1261-A60E-11D0-82C2-00C04FD5AE38} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,f8,00,6a,fc,34,4c,c8,01
"{FF393560-C2A7-11CF-BFF4-444553540000} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,06,28,71,fc,34,4c,c8,01
"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,58,4a,24,d3,36,4c,c8,01
"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,0c,0f,29,d3,36,4c,c8,01
"{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,fe,26,e8,8b,37,4c,c8,01
"{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,b2,eb,ec,8b,37,4c,c8,01
"{7007ACC7-3202-11D1-AAD2-00805FC1270E} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,a0,a8,50,e7,40,4c,c8,01
"{7007ACC7-3202-11D1-AAD2-00805FC1270E} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,3c,80,68,e3,27,3c,c9,01
"{B089FE88-FB52-11D3-BDF1-0050DA34150D} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,96,d6,a8,c2,51,4d,c8,01
"{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,2a,9a,49,a0,cf,71,c8,01
"{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,2a,d6,03,7e,61,4d,c8,01
"{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {0000013A-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,a8,8a,a4,3f,c5,3f,c9,01
"{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {93F2F68C-1D1B-11D3-A30E-00C04F79ABD1} 0x401"=hex:01,\
00,00,00,33,00,34,00,d4,54,a6,a3,61,4d,c8,01
"{3F30C968-480A-4C6C-862D-EFC0897BB84B} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,68,bc,41,e9,61,4d,c8,01
"{EB9B1153-3B57-4E68-959A-A3266BC3D7FE} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,b8,bf,4f,ec,61,4d,c8,01
"{E84FDA7C-1D6A-45F6-B725-CB260C236066} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,68,ab,5e,f6,61,4d,c8,01
"{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,64,a0,52,e2,68,4d,c8,01
"{67EA19A0-CCEF-11D0-8024-00C04FD75D13} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,c4,d4,8e,e4,68,4d,c8,01
"{ECF03A33-103D-11D2-854D-006008059367} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,78,99,93,e4,68,4d,c8,01
"{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,2c,5e,98,e4,68,4d,c8,01
"{BD472F60-27FA-11CF-B8B4-444553540000} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,f4,6f,c8,11,69,4d,c8,01
"{C5A40261-CD64-4CCF-84CB-C394DA41D590} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,7a,cd,1c,0c,4f,4e,c8,01
"{1F2E5C40-9550-11CE-99D2-00AA006E086C} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,38,67,c6,19,4f,4e,c8,01
"{596AB062-B4D2-4215-9F74-E9109B0A8153} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,46,8e,cd,19,4f,4e,c8,01
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,54,b5,d4,19,4f,4e,c8,01
"{7444C719-39BF-11D1-8CD9-00C04FC29D45} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,be,24,35,0c,50,4e,c8,01
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,da,72,43,0c,50,4e,c8,01
"{883373C3-BF89-11D1-BE35-080036B11A03} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,e8,99,4a,0c,50,4e,c8,01
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,9c,c0,60,3e,50,4e,c8,01
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,aa,e7,67,3e,50,4e,c8,01
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,b8,0e,6f,3e,50,4e,c8,01
"{ECF03A32-103D-11D2-854D-006008059367} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,6c,d3,73,3e,50,4e,c8,01
"{9DB7A13C-F208-4981-8353-73CC61AE2783} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0x401"=hex:01,\
00,00,00,33,00,34,00,6e,65,3a,68,53,4e,c8,01
"{8DD448E6-C188-4AED-AF92-44956194EB1F} {00000000-0000-0000-C000-000000000046} 0x17"=hex:01,\
00,00,00,f8,da,5a,02,d6,23,32,c0,5a,4e,c8,01
"{E4B29F9D-D390-480B-92FD-7DDB47101D71} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,c4,bb,ab,c0,5a,4e,c8,01
"{F0407C3D-349C-42B9-B83E-821E31623DF9} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,a0,fa,a0,b7,80,4e,c8,01
"{F3BA0DC0-9CC8-11D0-A599-00C04FD64435} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,aa,29,a8,c7,80,4e,c8,01
"{88895560-9AA2-1069-930E-00AA0030EBC8} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,82,eb,ea,c7,80,4e,c8,01
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,b4,0f,30,c8,80,4e,c8,01
"{BD84B380-8CA2-1069-AB1D-08000948F534} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,1e,d0,91,c8,80,4e,c8,01
"{FBF23B40-E3F0-101B-8488-00AA003E56F8} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,e6,68,55,f9,80,4e,c8,01
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,26,bd,2f,1f,83,4e,c8,01
"{41E300E0-78B6-11CE-849B-444553540000} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,78,2d,ac,b5,f8,4e,c8,01
"{E84FDA7C-1D6A-45F6-B725-CB260C236066} {00000122-0000-0000-C000-000000000046} 0x17"=hex:01,\
00,00,00,f0,35,09,00,62,73,52,06,2c,4f,c8,01
"{40C3D757-D6E4-4B49-BB41-0E5BBEA28817} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,76,29,10,02,a6,51,c8,01
"{CE3FB1D1-02AE-4A5F-A6E9-D9F1B4073E6C} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,56,c7,b3,03,a6,51,c8,01
"{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,ea,9e,07,73,a1,54,c8,01
"{85BBD920-42A0-1069-A2E4-08002B30309D} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,8e,25,72,46,5b,5a,c8,01
"{8DD448E6-C188-4AED-AF92-44956194EB1F} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,64,9b,f5,80,e8,5e,c8,01
"{F1B9284F-E9DC-4E68-9D7E-42362A59F0FD} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,18,60,fa,80,e8,5e,c8,01
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,48,a8,f8,b8,2e,60,c8,01
"{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,84,25,b3,0e,f5,61,c8,01
"{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,38,ea,b7,0e,f5,61,c8,01
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933} {93F2F68C-1D1B-11D3-A30E-00C04F79ABD1} 0x401"=hex:01,\
00,00,00,33,00,34,00,ca,b4,d5,d3,f6,61,c8,01
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,86,c0,a0,6e,d5,04,c9,01
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933} {55272A00-42CB-11CE-8135-00AA004BB851} 0x401"=hex:00,\
00,00,00,33,00,34,00,ce,46,0d,14,a1,3f,c9,01
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933} {0000013A-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,5a,a6,25,95,77,d5,c8,01
"{5F327514-6C5E-4D60-8F16-D07FA08A78ED} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,cc,fa,f9,92,3e,6c,c8,01
"{F0152790-D56E-4445-850E-4F3117DB740C} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,e8,48,08,93,3e,6c,c8,01
"{60254CA5-953B-11CF-8C96-00AA00B8708C} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,40,74,a3,6d,37,70,c8,01
"{60254CA5-953B-11CF-8C96-00AA00B8708C} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,f8,a6,58,6e,37,70,c8,01
"{ED9D80B9-D157-457B-9192-0E7280313BF0} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,c1,8b,be,9b,5b,70,c8,01
"{B8CDCB65-B1BF-4B42-9428-1DFDB7EE92AF} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,cf,b2,c5,9b,5b,70,c8,01
"{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,84,04,e3,49,d4,74,c8,01
"{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,92,2b,ea,49,d4,74,c8,01
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933} {000214EA-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,f6,66,dd,41,ef,74,c8,01
"{B41DB860-8EE4-11D2-9906-E49FADC173CA} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,a0,2a,be,f7,ef,74,c8,01
"{CE3FB1D1-02AE-4A5F-A6E9-D9F1B4073E6C} {00000122-0000-0000-C000-000000000046} 0x17"=hex:01,\
00,00,00,78,d4,10,00,80,8f,dc,2d,97,75,c8,01
"{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,99,2d,44,fc,e3,75,c8,01
"{DD2110F0-9EEF-11CF-8D8E-00AA0060F5BF} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,33,05,08,12,e4,75,c8,01
"{42071712-76D4-11D1-8B24-00A0C9068FF3} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,cb,15,ac,60,e4,75,c8,01
"{42071713-76D4-11D1-8B24-00A0C9068FF3} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,25,78,ae,60,e4,75,c8,01
"{42071714-76D4-11D1-8B24-00A0C9068FF3} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,84,ca,8e,04,5e,dc,c8,01
"{F92E8C40-3D33-11D2-B1AA-080036A75B03} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,33,9f,b5,60,e4,75,c8,01
"{5DB2625A-54DF-11D0-B6C4-0800091AA605} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,4f,ed,c3,60,e4,75,c8,01
"{FFB699E0-306A-11D3-8BD1-00104B6F7516} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,79,62,d9,60,e4,75,c8,01
"{B41DB860-8EE4-11D2-9906-E49FADC173CA} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,9a,af,8d,b0,dc,7b,c8,01
"{692F0339-CBAA-47E6-B5B5-3B84DB604E87} {93F2F68C-1D1B-11D3-A30E-00C04F79ABD1} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,3a,98,c1,e6,47,7d,c8,01
"{59099400-57FF-11CE-BD94-0020AF85B590} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,84,c8,a2,52,67,7d,c8,01
"{692F0339-CBAA-47E6-B5B5-3B84DB604E87} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,3a,7e,16,af,95,81,c8,01
"{FED7043D-346A-414D-ACD7-550D052499A7} {E8025004-1C42-11D2-BE2C-00A0C9A83DA1} 0x401"=hex:01,\
00,00,00,33,00,34,00,b2,0b,9d,9d,90,84,c8,01
"{FED7043D-346A-414D-ACD7-550D052499A7} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,3a,04,d2,40,92,84,c8,01
"{87D62D94-71B3-4B9A-9489-5FE6850DC73E} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,80,fe,ae,f6,bc,86,c8,01
"{FFB699E0-306A-11D3-8BD1-00104B6F7516} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,66,a9,e4,02,bd,86,c8,01
"{FF393560-C2A7-11CF-BFF4-444553540000} {55272A00-42CB-11CE-8135-00AA004BB851} 0x401"=hex:00,\
00,00,00,44,6b,9c,7c,88,58,65,c1,4f,3d,c9,01
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,4c,ac,af,3e,2d,90,c8,01
"{88C6C381-2E85-11D0-94DE-444553540000} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,fa,0e,7e,1c,90,93,c8,01
"{F5175861-2688-11D0-9C5E-00AA00A45957} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,16,5d,8c,1c,90,93,c8,01
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,40,d2,a1,1c,90,93,c8,01
"{88C6C381-2E85-11D0-94DE-444553540000} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,4c,5b,51,cd,2e,31,c9,01
"{88C6C381-2E85-11D0-94DE-444553540000} {0000013A-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,54,fc,59,c6,2e,31,c9,01
"{88C6C381-2E85-11D0-94DE-444553540000} {55272A00-42CB-11CE-8135-00AA004BB851} 0x401"=hex:00,\
00,00,00,33,00,34,00,24,78,7b,63,2e,31,c9,01
"{35786D3C-B075-49B9-88DD-029876E11C01} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0x401"=hex:01,\
00,00,00,33,00,34,00,ea,d1,60,7a,b7,96,c8,01
"{640167B4-59B0-47A6-B335-A6B3C0695AEA} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0x401"=hex:01,\
00,00,00,33,00,34,00,ca,42,d3,7a,b7,96,c8,01
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,f2,71,ab,44,16,07,c9,01
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,0a,03,e6,de,5e,9b,c8,01
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} {0000013A-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,58,ca,56,f1,b5,37,c9,01
"{CC6EEFFB-43F6-46C5-9619-51D571967F7D} {00000122-0000-0000-C000-000000000046} 0x17"=hex:01,\
00,00,00,4a,d9,9b,3e,f8,b4,a1,bc,38,9c,c8,01
"{B9B9F083-2B04-452A-8691-83694AC1037B} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,f8,8e,32,82,f4,a0,c8,01
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {0000013A-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,aa,4a,d6,1a,2f,3e,c9,01
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,3e,d2,00,ee,2e,3e,c9,01
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {55272A00-42CB-11CE-8135-00AA004BB851} 0x401"=hex:00,\
00,00,00,33,00,34,00,4c,f9,07,ee,2e,3e,c9,01
"{DDE4BEEB-DDE6-48FD-8EB5-035C09923F83} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,1a,96,ae,bb,b0,a1,c8,01
"{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,8c,00,c3,28,c1,a1,c8,01
"{E37E2028-CE1A-4F42-AF05-6CEABC4E5D75} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,36,52,34,4d,c1,a1,c8,01
"{BE79B9C8-9791-41D3-9267-C4123AC0AEAE} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,22,2c,f3,e8,72,a2,c8,01
"{FF393560-C2A7-11CF-BFF4-444553540000} {8B5E41E8-A56C-42AD-8A26-14B3E90B7563} 0x401"=hex:01,\
00,00,00,33,00,34,00,1a,d7,7f,4d,75,a2,c8,01
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,de,46,3e,6b,b9,a8,c8,01
"{472083B0-C522-11CF-8763-00608CC02F24} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,9a,15,3b,f7,be,a8,c8,01
"{7D4734E6-047E-41E2-AEAA-E763B4739DC4} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,a6,17,ae,43,4a,aa,c8,01
"{3C733846-EE2E-44DA-9C10-3E9449D4AF4D} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,aa,4c,c5,d9,12,ab,c8,01
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {93F2F68C-1D1B-11D3-A30E-00C04F79ABD1} 0x401"=hex:01,\
00,00,00,33,00,34,00,48,6a,a2,dc,37,ae,c8,01
"{F5175861-2688-11D0-9C5E-00AA00A45957} {0000013A-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,8c,41,07,92,d7,00,c9,01
"{F5175861-2688-11D0-9C5E-00AA00A45957} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,82,a1,2d,f7,b7,b2,c8,01
"{F5175861-2688-11D0-9C5E-00AA00A45957} {55272A00-42CB-11CE-8135-00AA004BB851} 0x401"=hex:00,\
00,00,00,33,00,34,00,ac,16,43,f7,b7,b2,c8,01
"{4A7DED0A-AD25-11D0-98A8-0800361B1103} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,ee,da,54,ff,d9,b6,c8,01
"{81559C35-8464-49F7-BB0E-07A383BEF910} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,64,8d,21,e1,b6,b7,c8,01
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} {00000122-0000-0000-C000-000000000046} 0x17"=hex:01,\
00,00,00,00,00,00,00,24,cb,f8,46,57,b9,c8,01
"{FF393560-C2A7-11CF-BFF4-444553540000} {0000013A-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,e8,32,3f,c1,4f,3d,c9,01
"{FF393560-C2A7-11CF-BFF4-444553540000} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,b8,45,52,c1,4f,3d,c9,01
"{6EE51AA0-77A0-11D7-B4E1-000347126E46} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,36,45,83,73,e9,c5,c8,01
"{1D2680C9-0E2A-469D-B787-065558BC7D43} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,00,38,ff,6e,8c,c6,c8,01
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {7D688A70-C613-11D0-999B-00C04FD655E1} 0x401"=hex:00,\
00,00,00,f0,cd,a9,00,90,bb,2f,a9,cf,ff,c8,01
"{CA8ACAFA-5FBB-467B-B348-90DD488DE003} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,44,a3,6a,12,92,c6,c8,01
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,ea,0d,bf,39,92,c6,c8,01
"{88C6C381-2E85-11D0-94DE-444553540000} {7D688A70-C613-11D0-999B-00C04FD655E1} 0x401"=hex:00,\
00,00,00,33,00,34,00,8c,78,18,f7,ea,2b,c9,01
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} {7D688A70-C613-11D0-999B-00C04FD655E1} 0x401"=hex:00,\
00,00,00,33,00,34,00,36,b4,4a,79,2f,3e,c9,01
"{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {89BCB740-6119-101A-BCB7-00DD010655AF} 0x401"=hex:00,\
00,00,00,33,00,34,00,12,07,33,f1,b5,37,c9,01
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} {89BCB740-6119-101A-BCB7-00DD010655AF} 0x401"=hex:00,\
00,00,00,33,00,34,00,4a,a3,4f,f1,b5,37,c9,01
"{42042206-2D85-11D3-8CFF-005004838597} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,02,80,5a,d2,0f,cc,c8,01
"{00020D75-0000-0000-C000-000000000046} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,06,85,0a,11,dc,d0,c8,01
"{23170F69-40C1-278A-1000-000100020000} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,6e,38,9d,6b,58,ce,c8,01
"{B090E2C0-7264-4D49-AAA0-31E0891BF5EB} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,a6,df,24,87,58,ce,c8,01
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,24,46,4a,12,fa,ce,c8,01
"{0006F045-0000-0000-C000-000000000046} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,24,bb,02,c8,06,d0,c8,01
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,9e,c3,1b,75,cc,d0,c8,01
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,ca,80,7f,af,48,d2,c8,01
"{871C5380-42A0-1069-A2EA-08002B30309D} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,40,86,23,98,b7,d3,c8,01
"{DD230880-495A-11D1-B064-008048EC2FC5} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,a8,56,3f,ea,f2,d3,c8,01
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,0a,60,29,ec,99,d5,c8,01
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,62,9d,0b,85,ac,d5,c8,01
"{51C55F9E-C308-4C95-89AB-8858D8AFD819} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,98,af,ba,96,57,d6,c8,01
"{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,fa,cb,cd,8f,99,d7,c8,01
"{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,62,55,d7,8f,99,d7,c8,01
"{4858E7D9-8E12-45A3-B6A3-1CD128C9D403} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,c2,3f,6b,88,f4,d7,c8,01
"{4F07DA45-8170-4859-9B5F-037EF2970034} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,1a,b1,d6,a1,cd,d8,c8,01
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,84,f9,03,e7,fc,d9,c8,01
"{44440D00-FF19-4AFC-B765-9A0970567D97} {000214E9-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,40,ea,bc,5e,1e,db,c8,01
"{117FAA1C-44E4-4BE6-B284-27EDF9B843EE} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,24,fe,0f,3a,ca,db,c8,01
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,98,5c,a2,a0,db,db,c8,01
"{56160A70-D083-4856-9998-F565ABC03F86} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,0c,77,5b,7b,5e,dc,c8,01
"{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {7D688A70-C613-11D0-999B-00C04FD655E1} 0x401"=hex:00,\
00,00,00,33,00,34,00,f4,50,b0,72,2f,3e,c9,01
"{D6791A63-E7E2-4FEE-BF52-5DED8E86E9B8} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,22,82,22,5a,59,f2,c8,01
"{7988B573-EC89-11CF-9C00-00AA00A14F56} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,7a,da,fd,5a,59,f2,c8,01
"{62CEC5C9-4B3F-4BE8-897B-C08CAA114FAA} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,c6,4a,e1,3a,89,f2,c8,01
"{BED4C38B-F765-45AC-8C56-613F76BBF43E} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,2a,e9,2a,da,88,f3,c8,01
"{65713842-C410-4F44-8383-BFE01A398C90} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,72,db,cf,f3,5e,f7,c8,01
"{1CE2AA40-1317-11D3-9922-00104B0AD431} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,b0,a3,13,fa,12,f8,c8,01
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,e8,12,6b,f0,cc,f8,c8,01
"{8934FCEF-F5B8-468F-951F-78A921CD3920} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,36,91,8f,95,d2,f8,c8,01
"{57CE581A-0CB6-4266-9CA0-19364C90A0B3} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,8a,d7,4d,78,fb,f8,c8,01
"{D9872D13-7651-4471-9EEE-F0A00218BEBB} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,65,e6,1a,db,4b,fa,c8,01
"{D20EA4E1-3957-11D2-A40B-0C5020524152} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,ac,b2,de,31,c3,fd,c8,01
"{D20EA4E1-3957-11D2-A40B-0C5020524153} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,4c,d8,04,32,c3,fd,c8,01
"{E211B736-43FD-11D1-9EFB-0000F8757FCD} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,4e,3c,8e,33,c3,fd,c8,01
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,00,cd,81,20,77,fe,c8,01
"{52B87208-9CCF-42C9-B88E-069281105805} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,a0,a3,9b,15,05,ff,c8,01
"{E7593602-124B-47C9-9F73-A69308EDC973} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,62,81,78,8c,06,00,c9,01
"{CAF4C320-32F5-11D3-A222-004095200FF2} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,e6,64,d7,e1,1c,00,c9,01
"{1D2680C9-0E2A-469D-B787-065558BC7D43} {89BCB740-6119-101A-BCB7-00DD010655AF} 0x401"=hex:00,\
00,00,00,33,00,34,00,b2,48,6c,91,d7,00,c9,01
"{1D2680C9-0E2A-469D-B787-065558BC7D43} {0000013A-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,1a,d2,75,91,d7,00,c9,01
"{88C6C381-2E85-11D0-94DE-444553540000} {89BCB740-6119-101A-BCB7-00DD010655AF} 0x401"=hex:00,\
00,00,00,33,00,34,00,f8,0b,90,91,d7,00,c9,01
"{F5175861-2688-11D0-9C5E-00AA00A45957} {89BCB740-6119-101A-BCB7-00DD010655AF} 0x401"=hex:00,\
00,00,00,33,00,34,00,62,cc,f1,91,d7,00,c9,01
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {89BCB740-6119-101A-BCB7-00DD010655AF} 0x401"=hex:00,\
00,00,00,33,00,34,00,10,19,1f,92,d7,00,c9,01
"{E211B736-43FD-11D1-9EFB-0000F8757FCD} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:00,\
00,00,00,33,00,34,00,34,69,ca,5f,9b,04,c9,01
"{D20EA4E1-3957-11D2-A40B-0C5020524153} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:01,\
00,00,00,33,00,34,00,fe,8a,99,63,9b,04,c9,01
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} {93F2F68C-1D1B-11D3-A30E-00C04F79ABD1} 0x401"=hex:01,\
00,00,00,33,00,34,00,12,a7,d6,41,16,07,c9,01
"{93CCF120-E053-45CA-B7E0-7DC963928598} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,54,8a,2a,59,c1,07,c9,01
"{D7824897-C8DC-49B4-B790-30F7ED16A5FD} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:00,\
00,00,00,33,00,34,00,70,de,aa,b8,e9,07,c9,01
"{D20EA4E1-3957-11D2-A40B-0C5020524152} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401"=hex:01,\
00,00,00,33,00,34,00,66,ba,42,1f,87,08,c9,01
"{BD84B380-8CA2-1069-AB1D-08000948F534} {000214EA-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,22,2e,77,1f,87,08,c9,01
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,82,62,29,d2,97,08,c9,01
"{00022613-0000-0000-C000-000000000046} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,54,70,77,72,df,0b,c9,01
"{5F887A03-D791-4CA9-B616-9617F9A0D684} {0000010B-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,33,00,34,00,76,22,f8,44,8e,26,c9,01
"{1D2680C9-0E2A-469D-B787-065558BC7D43} {7D688A70-C613-11D0-999B-00C04FD655E1} 0x401"=hex:00,\
00,00,00,33,00,34,00,79,9e,fd,55,59,27,c9,01
"{1D2680C9-0E2A-469D-B787-065558BC7D43} {93F2F68C-1D1B-11D3-A30E-00C04F79ABD1} 0x401"=hex:00,\
00,00,00,33,00,34,00,e1,27,07,56,59,27,c9,01
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933} {7D688A70-C613-11D0-999B-00C04FD655E1} 0x401"=hex:00,\
00,00,00,33,00,34,00,dc,00,1a,3a,2f,3e,c9,01
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,c4,c9,52,1e,d5,33,c9,01
"{BD88A479-9623-4897-8546-BC62B9628F44} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\
00,00,00,44,6b,9c,7c,54,a4,b7,c7,80,37,c9,01

#29
FPSFan

Posted 07 November 2008 - 10:21 PM

Member

Topic Starter
Member
74 posts

Warning: The same registry key that was moved to the blocked section is still in the approved area highlighted in red, as it always was. Is this good or bad?

#30
FPSFan

Posted 08 November 2008 - 11:24 PM

Member

Topic Starter
Member
74 posts

Now I'm really scared.

I scanned for malware today and I found this, and I am very shocked.

Malwarebytes' Anti-Malware 1.28
Database version: 1252
Windows 5.1.2600 Service Pack 2

11/8/2008 11:23:40 PM
mbam-log-2008-11-08 (23-23-40).txt

Scan type: Quick Scan
Objects scanned: 46434
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\fkcsnno.sys (Rootkit.Agent) -> Quarantined and deleted successfully.