Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have another problem


  • Please log in to reply

#1
themoirae

themoirae

    Member

  • Member
  • PipPip
  • 20 posts
Hi,
"Buckeye Sam" helped me reomve Virtumond from my system a little while back, but I am having a problem with my laptop still. Every so ofen it seems as though some mystery program or something starts running on my system- something I cannot find or identify- but something that causes my hard drive to run at maximum. I check on applications running, and only those which I know are running. let's say IE, show up...but I look at CPU, and it is just about off the chart.
I have run, and re-run all the suggested malware removal programs, etc. and nothing out of the ordinary pops up.
When I boot up...there is at the very beginning, an outline of a 'window' that I can barely see. If I were to blink I would miss it. Also, on start-up, I sometimes see, on the start bar, an icon of a 'window' , small white box with a blue title bar, that I would also miss if I blinked. I have tried to catch it and right click on it, but cannot.Any suggestions on what might be causing this , how to find out, or where to go from here?
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi themoirae! :tazz:

Let's see if we can find out what's going on.
Please post a hijackthis log.
  • 0

#3
themoirae

themoirae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Sam,
Here it is:
Logfile of HijackThis v1.99.1
Scan saved at 11:12:15 AM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Real\RealPlayer\starz\starzd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\Dit.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TiA\Start Menu\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: MereSurfer Band - {4C12361F-3431-4A69-B0CA-CA788A8F7C12} - C:\Program Files\MereSurfer 2005 Free\MereSurfInstall.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MereSurfer - {340166BC-786B-401F-96AC-7C8821EFA9CD} - C:\Program Files\MereSurfer 2005 Free\MereSurferF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [starzd] "C:\Program Files\Real\RealPlayer\starz\starzd.exe" 86400000
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to &banner block list - res://C:\Program Files\MereSurfer 2005 Free\MereSurferF.dll/AddImageBanner.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://*.geekstogo.com
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...cm/ICSCM_ca.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131841702515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C08FC2FC-0CBF-4367-8DDB-58B3762455CD}: NameServer = 192.168.0.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CFSvcs - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

...and there you have it. I upgraded my Real Player and allowed a Google Tool Bar to be installed, but don't actually have it after all. I see in the log that it appears as if I do..hmmm. Also, I wonder why DVDRam driver appears to be running in this log when I am not at this time using that device. Glad to have you helping me out again, Sam, thanks so much for your time. Ti'A
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log doesn't show me any malware. Let's cut down a little on the unnecessary apps that you have running at startup and then we'll dig a little deeper.

Please fix these lines with Hijackthis.

O4 - HKLM\..\Run: [starzd] "C:\Program Files\Real\RealPlayer\starz\starzd.exe" 86400000
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE



Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.


Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0

#5
themoirae

themoirae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Sam,
Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 10/30/2005 11:55:06 PM 170053 C:\WINDOWS\tsc.exe
UPX! 3/14/2005 1:38:28 PM 56832 C:\WINDOWS\Unwash6.exe
PECompact2 10/30/2005 11:55:06 PM 16257389 C:\WINDOWS\VPTNFILE.919
qoologic 10/30/2005 11:55:06 PM 16257389 C:\WINDOWS\VPTNFILE.919
SAHAgent 10/30/2005 11:55:06 PM 16257389 C:\WINDOWS\VPTNFILE.919
UPX! 10/30/2005 11:55:06 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 10/30/2005 11:55:06 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 3/31/2003 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 2/26/2005 1:01:40 PM 174080 C:\WINDOWS\SYSTEM32\ExMenu.dll
UPX! 2/26/2005 1:01:38 PM 113152 C:\WINDOWS\SYSTEM32\ExPMenu.dll
UPX! 2/26/2005 1:01:40 PM 202240 C:\WINDOWS\SYSTEM32\ExTab.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/31/2003 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 11/3/2005 12:30:22 AM 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 11/3/2005 12:30:22 AM 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 11/3/2005 12:30:22 AM 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 11/3/2005 12:30:22 AM 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/3/2005 12:23:46 PM S 2048 C:\WINDOWS\bootstat.dat
11/12/2005 8:39:34 PM H 0 C:\WINDOWS\inf\oem44.inf
10/13/2005 5:35:36 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6752e343d22c025be1f290a6267a146d\BIT14.tmp
10/28/2005 4:18:52 PM HS 162263 C:\WINDOWS\system32\oqtwa.bak1
11/4/2005 3:45:56 PM HS 191155 C:\WINDOWS\system32\oqtwa.bak2
11/4/2005 4:17:12 PM HS 190946 C:\WINDOWS\system32\oqtwa.ini
12/3/2005 12:19:04 PM H 35864 C:\WINDOWS\system32\vsconfig.xml
11/22/2005 6:56:02 PM H 4212 C:\WINDOWS\system32\zllictbl.dat
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 8:17:40 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
12/3/2005 12:23:36 PM H 8192 C:\WINDOWS\system32\config\default.LOG
12/3/2005 12:24:14 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
12/3/2005 12:23:48 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
12/3/2005 12:24:16 PM H 65536 C:\WINDOWS\system32\config\software.LOG
12/3/2005 12:23:54 PM H 1110016 C:\WINDOWS\system32\config\system.LOG
11/9/2005 7:26:08 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
11/9/2005 7:21:10 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
11/9/2005 7:21:10 PM S 70226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
11/9/2005 7:21:10 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
11/9/2005 7:21:10 PM S 128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
11/9/2005 1:02:52 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c71f206e-49ff-4640-a10b-3b33a1001931
11/9/2005 1:02:52 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
12/3/2005 12:22:18 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
TOSHIBA Corp. 10/31/2003 2:28:06 PM 520192 C:\WINDOWS\SYSTEM32\HWSETUP.CPL
Intel Corporation 4/7/2003 3:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 11/20/2003 7:41:52 PM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 7/27/2003 1:05:54 PM 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/31/2003 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
9/5/2003 4:36:40 PM 495616 C:\WINDOWS\SYSTEM32\TOSCDSPD.cpl
TOSHIBA Corporation 11/20/2003 12:16:36 AM 1257472 C:\WINDOWS\SYSTEM32\TPwrSave.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 4/7/2003 3:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/20/2003 6:46:40 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
11/3/2005 7:08:56 PM 772 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/20/2003 10:37:56 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
8/8/2005 8:29:52 PM 6494 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
11/20/2003 6:46:40 PM HS 84 C:\Documents and Settings\TiA\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
11/20/2003 10:37:56 AM HS 62 C:\Documents and Settings\TiA\Application Data\desktop.ini
11/15/2004 1:34:14 AM 0 C:\Documents and Settings\TiA\Application Data\dm.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{8C504614-A455-4CBA-81B4-D279644B8A7D}
= tfaxext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu
{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C12361F-3431-4A69-B0CA-CA788A8F7C12}
MereSurfBand Class = C:\Program Files\MereSurfer 2005 Free\MereSurfInstall.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{340166BC-786B-401F-96AC-7C8821EFA9CD} = MereSurfer : C:\Program Files\MereSurfer 2005 Free\MereSurferF.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll
{340166BC-786B-401F-96AC-7C8821EFA9CD} = MereSurfer : C:\Program Files\MereSurfer 2005 Free\MereSurferF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
00THotkey C:\WINDOWS\System32\00THotkey.exe
000StTHK 000StTHK.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
AGRSMMSG AGRSMMSG.exe
Apoint C:\Program Files\Apoint2K\Apoint.exe
TouchED C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
TFNF5 TFNF5.exe
PadTouch "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
TPSMain TPSMain.exe
TFncKy TFncKy.exe
Pinger C:\TOSHIBA\IVP\ISM\pinger.exe /run
Dit Dit.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
C-DillaCdaC11BA 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/3/2005 12:31:54 PM
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Double click on this file.

C:\WINDOWS\system32\oqtwa.ini

It should open up in notepad. Please copy the text that appears and post in your next reply.
  • 0

#7
themoirae

themoirae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Sam,
I don't know where I am supposed to double click this file to open it. Can you point me in the right direction? Thanks.
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You just have to navigate to it.

Go to My Computer -> Local Drive(C:) -> Windows -> System32
Then look for oqtwa.ini
  • 0

#9
themoirae

themoirae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Well, I tried that; its not there, and Searching Files and folders( says not found) and eventually tried to open it through Run. It opened a Notepad file as follows :
pR `    1 1  . 4 b b b O        `fb"13 !2313
!2313
!2313fcfbR13Pb*313dcfb2o6bcfb2313( !2313bcfb23 bcfb23%sc WGP[)\ }Z Bf%2J1U[W# vvVT Tur ^WqT"%Psrt
!2313
!2313gcfb2313 BRXT A'!{wPSVW@64.aH
PMRL
QLSUR @A[\BPP @ [W @E
VJX@NCF\C
JYVHD
\[email protected]
@ZV [email protected]PDKXTJ AEA DKR N WJF\@TREKK XTJ A]\DKXTJ ASF
DKR N WJF\@AVIKK XTJ A]ZDKXTJ AT]
WAJE\CWA@U^AWKK VZV [email protected]C
@^AJE\CWA
^[email protected] WJF\@@V]ZDKXTJ ACV
WABKJOJS]U ][email protected]@^
N WJF\@[email protected] WJF\@EVXT

[email protected]KJN WJF\@[email protected] WJF\@A\\[email protected] WJF\@AVCRAOJYVHD
R_K

DKXTJ ASV  @ZV [email protected]]

X
@WB
F ][email protected]@ FRJE\CWA\\CKK
KD^ADSE^[email protected] WJF\@QZAA
AOJYVHD
VBT DKXTJ ACR
@ZV [email protected]I
X
@WB ^ ][email protected]@ SKJE\CWA VVAKK
KD^AD][email protected] WJF\@TRBG
DKXTJ ABG X
@WB
DRJE\CWA\[email protected]\WX
@WBZGJ JYVHD
_^@AOJYVHD
_^@AOKZV [email protected]C
@ ][email protected]@ [V_KK
KD^AD^[email protected]AOJYVHD
[email protected]@ZV [email protected]W J
JYVHD
_^A@^AJE\CWAX
@WBX
@WBSSITKJN WJF\@QZP_ DKXTJ APG  X
@WB]_JE\CWA\[email protected] WJF\@]QT] DKXTJ A]\ X
@WB ]^JE\CWA [email protected] WJF\@QV]VDKXTJ AK\ X
@WB
\VJE\CWAFAP^@JN WJF\@SWP_DKXTJ AAA
X
@WB
@RJE\CWA[email protected] WJF\@W_PE DKXTJ A\R X
@WB SIJE\CWA[[email protected] WJF\@^VG_
DKXTJ AKJX
@WBW_JE\CWA[[email protected] WJF\@\VIZDKXTJ AGR
X
@WB FRJE\CWA[E^AAOJYVHD
_TE
X
@WB
DR\KK
KD^ADSKXCDKXTJ AP_
Q ][email protected]@WP^]@JN WJF\@AGX_ @ZV [email protected]_  G^JE\CWA @ZUZAOJYVHD
GPTX
@WBV\\KK
KD^AD^\_RDKXTJ AKR ^ ][email protected]@[email protected] WJF\@VR]^
@ZV [email protected]E []JE\CWA
VVX]AOJYVHD
KT] X
@WBTV\KK
KD^ADW_WZDKR_WJE\CWA@ZV [email protected]A  ][email protected]@ AZD^@JN WJF\@AVCV@ZV [email protected]Z
WKJE\CWA WCYV AOJYVHD
ITTX
@WB
QVEKK VZV [email protected]TX
@WBAOKXTJ AK\
J ][email protected]@][email protected] WJF\@FV\V@ZV [email protected]^ FRJE\CWA\FPGAOJYVHD
_TE X
@WB ]AEKK
KD^AD
S_RZ

DKXTJ ACV ] ][email protected]@]^[email protected] WJF\@_\VR @ZV [email protected]R@RJE\CWA
\R\Z AOJYVHD
RUZ X
@WBBRIKK
KD^AD [email protected]^]DKXTJ ARV J
JYVHD
CCVDKXTJ AKJN WJF\@\\SA  @ZV [email protected]C \VJE\CWA]EP]AOJYVHD
ITQX
@WB
 WGHKK
KD^AD
PVKZ DKXTJ AAA
@ ][email protected]@ [email protected] WJF\@S]TK
@ZV [email protected]@ [WJE\CWA
J\ER AOJYVHD
_XC  X
@WB @Z]KK
KD^ADGRKV @ZV [email protected]CBR\KK
KD^ADW_TQ@ZV [email protected]V \\BKK
KD^AD[email protected]]
@ZV [email protected]W BR\KK
KD^AD^PXW
@ZV [email protected]C

SCTKK
KD^AD ]PER
@ZV [email protected]G[]TKK
KD^AD ]A\Z @ZV [email protected]U  QVEKK
KD^AD ^\_\
@ZV [email protected]@
@VBKK
KD^AD GPER @ZV [email protected]C

AVRKK
KD^ADFRE\ @P]K
KD^AD@\JE\CWA AGKK
KD^ADS_TC @ZV [email protected]E
@ZAKK
KD^AD^GC\
@ZV [email protected]C
[VEKK
KD^AD[E^G

@ZV [email protected]V[_TKK
KD^AD
@[email protected]@ZV [email protected]A
\\]KK
KD^AD]_AZ @ZV [email protected]P HR\KK
KD^AD]AA[
@ZV [email protected]V@\IKK
KD^AD^VIV

@ZV [email protected]C QZPKK
KD^AD
JRKV @ZV [email protected]I
^VIKK
KD^AD@R\R
@ZV [email protected]P FZ_KK
KD^AD[email protected]\

@ZV [email protected]@

]PEKK
KD^AD@R_K
@ZV [email protected][WCP^@JN WJF\@_VEU
 \ ][email protected]@ZA^^DKXTJ AEA AZ]KK VZV [email protected]_
@ZV [email protected][
@X
@WB 
FV_PAOJYVHD
PT_ [QJE\CWA
@^^]
@ZV [email protected]G
]_P^@JN WJF\@S_]VA ][email protected]@\GCZDKXTJ AEVBR\KK
KD^ADSWP_R N WJF\@HR_G DKXTJ A@JOJYVHD
XTG S^JE\CWAFRK\ @ZV [email protected]G \\X]@JN\WX
@WBDKXTJ AP]
 ][email protected]@[email protected]P
DKXTJ A\VBR\KK
KD^AD@\RRX
@WB
ZA^ZAOJYVHD
\IJ 
\VJXTJ ARRDKXTJ ABX
DKZV [email protected]]
\GX]@JN WJF\@[QDC \
JYVHD
GPQAOJYVHD
_TE
AOKXTJ AK\
]]TKK
KD^ADWGYR X
@WB HVARAOJYVHD
@H] 
[WJE\CWA WCCR
R N WJF\@V[KK
KD^AD\\]\AOKR_WJE\CWA
D_T]@JN WJF\@FAXKJN WJF\@URSR[]JE\CWAGP^C
X
@WB @ZKZ DKXTJ ARZ
BAP^@JN WJF\@^VG\ 
[WJE\CWA GAPIX
@WB@R]Z DKXTJ A_ZWCP^@JN WJF\@_\\V
\VJE\CWA Q\AA
 X
@WB SI^_DKXTJ AW_ [email protected] WJF\@PFERS_JE\CWA HR_Z
X
@WB@ZUZ DKXTJ AKR P^^@JN WJF\@Q_^]S^JE\CWA TVUZ
X
@WB  SITCDKXTJ A_Z [email protected] WJF\@DRCW
[_JE\CWA _\EZ
X
@WB
 PZ^G DKXTJ ABZ [email protected] WJF\@VVAA ]]JE\CWA
W]EV X
@WBSI^_DKXTJ AYJ 
KA^ZAOJYVHD
@X^SGX]@JN WJF\@AZSF[]TKK
KD^ADZV_G \VJE\CWAF\CC

^ ][email protected]@ [email protected]
X
@WB SITC@ZV [email protected]@@ZAG
DKXTJ AR[
FVC\AOJYVHD
[HW 
V\[email protected] WJF\@QRCZ ]W^[email protected] WJF\@XR_WP^^@JN WJF\@SIXG
 KPX]@JN WJF\@SG^ASGX]@JN WJF\@BZ\V [^[email protected]@JN WJF\@[email protected]^^H\][email protected] WJF\@^\C^WCP^@JN\WX
@WB

] ][email protected]@ ^V_KJN\WX
@WB @\]KK
KD^ADQZUKJN WJF\@\\CT [email protected]\WX
@WB K_^[email protected] WJF\@A\]KJN WJF\@ZJAV@\[email protected] WJF\@QR_C
P^^@JN WJF\@^VG\ ]KX]AOJYVHD
VUA]ATDKXTJ ASF ]AA[
@ZV [email protected]R
[CEJ
X
@WB B[TG W ][email protected]@F[H_ [\_KK
KD^ADWE^]
AGCVAOJS]U ][email protected]@
]WJE\CWA[email protected]DKZV [email protected]VARGVM
_
JYVHD
@]VDKXTJ AUZ WABKJN WJF\@B[T]
FAPI
@ZV [email protected]P
SWCFH]^JXTJ AGZ@ZV [email protected]C^\\[email protected]
PHP \IPC
R N WJF\@Z\C^

@ZV [email protected]G

[WKK VZV [email protected]^W ][email protected]@SKP]AOKR_WJE\CWA]Q]VDKXTJ ABG
ZJE\CWABVCP
@KP
DKXTJ AR[ [RKV  VVJE\CWA\WCF
@VP
DKR_WJE\CWA SQTGDKXTJ A\V
 \VKK
KD^ADS]PW@^PPM
_ ][email protected]@S_\V ^Z_VL N
 ]]BHJ [GX\ A
BFAKK
G]EPAOOHRR U]p#0/,}RSSR
71*1I[XPWMAZ_\ [email protected] Z_WHZCT VREB^VBHJATT @ZX]^> FDPA? \@^UWoFZ [@AJ[email protected]D
YPDo ERCV> A\WGnDX]
 ACHDB @JN
@ZV [email protected]P ]
JYVHD
[email protected]
@^AJXTJ AARAOJ]AX
@WB Y ][email protected]@ CFTKJOJYVHD
][email protected] WJF\@TF_KK
KD^ADSAJE\CWAP ][email protected]@
R N WJF\@\VEKK XTJ AE[AOJYVHD
P^^@JN WJF\@[email protected]XTJ AE[AOJYVHD
G^[email protected] WJF\@PVEKK
KD^ADU^JE\CWA \ ][email protected]@ X
@WBZ[^@ZV [email protected]A
@ZV [email protected]U
@ZV [email protected]X
@ZV [email protected]A@ZV [email protected]X
@ZV [email protected]T@ZV [email protected]_
@P]K
KD^AD[GHKK XTJ AC\
@ZV [email protected]R FZRKJOJYVHD
\UWAOJYVHD
@]\AOJYVHD
_X] AOJS]U ][email protected]@W
N WJF\@P_PP Y
JYVHD
YPP AOJYVHD
Q]RDK ][email protected]@ W
JYVHD
[email protected]AOJ]AX
@WB
X
@WB
JE\CWA T\JE\CWA
_CJXTJ AA_DK\C ][email protected]@ W ][email protected]@
[email protected]JE\CWA
\VHKK
KD^AD[]_VDKR_WJE\CWA QXJE\CWASPZKJN\WX
@WB
@][email protected] WJF\@A_^GAOKX
@WBX
@WB
R N WJF\@UR\[email protected]
@ZV [email protected]QDKR_WJE\CWA
@
N WJF\@TF_KK
KD^AD]^AF@ ][email protected]@ X
@WB@ZV [email protected]\@ZV [email protected]@ @ZV [email protected]P@ZV [email protected]_
@P]K
KD^AD^\EKK XTJ AWADKXTJ AVR X
@WB
[]TKJOJYVHD
UCVAOJYVHD
C]RAOJYVHD
AD_AOJYVHD
U]R DKXTJ ARA@ZV [email protected]G
X
@WB

W]JE\CWA @GDRAOJYVHD
TP^  U ][email protected]@
WA_VAOJYVHD
@^UW ][email protected]@ ^VEGAOJYVHD
@EAK
JYVHD
UCVAOJYVHD
][email protected]
W^D  V ][email protected]@QRCRAOJYVHD
WXA 
@JJE\CWASPZY
@ZV [email protected]W
][email protected]@JN\WX
@WB X
@WB YJXTJ AB[@ZV [email protected]D@X
@WB @[email protected] @P]K
KD^AD][email protected] WJF\@DZUV
AOKR_WJE\CWA
AGJE\CWA
BF]RAOKXTJ AU\

SWPQDKR_WJE\CWAP_TKK
KD^AD SPRR@JXTJ AB_
DK\C ][email protected]@X
@WBX
@WBX
@WB
X
@WBX
@WBW
JYVHD
UD]@JN WJF\@T\CKJN WJF\@_RR[
@ZV [email protected]@
@GJXTJ A\R  W
N WJF\@[email protected] WJF\@B\ZVAOKZV [email protected]^  \VBKK
KD^AD \GTA @ZV [email protected]G
 S^T]AOJS]U ][email protected]@
A[JE\CWAURBKJN\WX
@WB \TR_DKXTJ ASVAOKX
@WB
X
@WB X
@WBX
@WB@ ][email protected]@ WJJXTJ AF\@^AJE\CWA
W
JYVHD
DXWAOJYVHD
[email protected]P]K
KD^AD]][email protected]
@ZV [email protected]U
DKXTJ ACVDKX
@WBZ ][email protected]@ []JE\CWA
YVCKK
KD^AD \[email protected]\WX
@WB A
N WJF\@[email protected] WJF\@[email protected] WJF\@[email protected]
AOJYVHD
W^D  V ][email protected]@ BFEVAOJYVHD
@^UW ][email protected]@
QX[RDKX
@WB \ ][email protected]@[email protected]JE\CWA FVBKK
KD^ADS^[email protected]@JN WJF\@AFAVAOJYVHD
@A\DKR_WJE\CWASCBKK XTJ AWADKXTJ AER @ZV [email protected]AE ][email protected]@
WA_VAOJYVHD
A^FW ][email protected]@SGTTAOJS]U ][email protected]@GATKK
KD^ADSUTKJOKXTJ AY\@P]K
KD^ADB\[email protected]
@ZV [email protected]Q

@P]K
KD^AD ]\ZKK XTJ ASV U
JYVHD
P^@DKXTJ ACZDKZV [email protected]GEZ_WAOJS]U ][email protected]@^ ][email protected]@WVEKJN\WX
@WB ^ ][email protected]@ SQ]R @KJN WJF\@P\_FAOJYVHD
\_]DKXTJ A]Z @ZV [email protected]T
X
@WBA ][email protected]@WAJE\CWA]GBKK VZV [email protected]Q

\K
KD^AD WDJE\CWA F[JE\CWA WVJE\CWAAGJE\CWA U]JXTJ AWADK\C ][email protected]@ Z ][email protected]@\ ][email protected]@]@[email protected]XTJ A\\ @ZV [email protected]^
X
@WB
AZEKK
KD^AD \GTA @ ][email protected]@ \@JE\CWA
FV]KK
KD^AD@[email protected] WJF\@Q[XCAOJYVHD
\WUDKR_WJE\CWA
YVCKK XTJ A]Z DKXTJ AGZ @ZV [email protected]Z \VEKK
KD^AD ^RRX R N WJF\@[email protected] WJF\@P_PP AOKR_WJE\CWAK_TKK
KD^AD[WT\@JOKZV [email protected]A F ][email protected]@]@HKK
KD^AD[ARFAOJS]U ][email protected]@ []TKK R_WJE\CWA V
N WJF\@PVEG
@P]K
KD^ADB\[email protected] WJF\@P\^[email protected]ZV [email protected]G
DKXTJ ASVAOJYVHD
][email protected]\WX
@WB @^AJE\CWA Q ][email protected]@ JE\CWAE ][email protected]@ V ][email protected]@W ][email protected]@W ][email protected]@W ][email protected]@^ ][email protected]@
V ][email protected]@
K ][email protected]@ Z ][email protected]@ A ][email protected]@ ] ][email protected]@F
JYVHD
UCVAOJ]AX
@WB X
@WB X
@WB X
@WB
R N WJF\@[email protected]
@ZV [email protected]U
DKR_WJE\CWA_VJE\CWA
@KJN WJF\@QAPCAOJYVHD
^^]DKXTJ AS\ @ZV [email protected]P
S
JYVHD
PP]@ZV [email protected]T@JE\CWA
\XJXTJ AVRDK\C ][email protected]@
K ][email protected]@W ][email protected]@ WAJE\CWA @GDRAOJYVHD
WXA 
@JKJN\WX
@WB \K
KD^AD[GTKK
KD^AD
VWBKK
KD^ADS]ZVAOKZV [email protected]@@ZV [email protected]@ @ZV [email protected]P

@ZV [email protected]Q

X
@WBZ ][email protected]@ [email protected]JE\CWASCBKK
KD^AD[email protected] WJF\@ERVVAOJYVHD
PHQDKXTJ AA\ @ZV [email protected]R
X
@WB V
JYVHD
Q^]DK\C ][email protected]@ Z ][email protected]@F ][email protected]@\FAKK
KD^ADWC^@ DKX
@WBA ][email protected]@
[email protected]JE\CWA[WTKK
KD^ADS^[email protected]@JN WJF\@_\_VAOJYVHD
CPJ
@ZV [email protected]A

@ ][email protected]@[]VKK
KD^AD
]][email protected]AOJYVHD
C]R @ZV [email protected]@ W ][email protected]@[VFKK
KD^AD [email protected]AOJYVHD
C^A
@ZV [email protected]TW ][email protected]@[]VKK
KD^ADWC^@ DKR_WJE\CWA
G ][email protected]@  ][email protected]@[email protected] WJF\@XRRX @ZV [email protected]B
FJJE\CWA\XX]AOJYVHD
QTG
X
@WB AVBKK
KD^AD[@EZ DKXTJ ATF S]JE\CWA
E]]\DKXTJ AX] WGJE\CWA_Q]Z DKXTJ AFR \TJE\CWAQPPADKXTJ ASF
[email protected]JE\CWA
TGFRDKXTJ AC\FVJXTJ AVR
\TJ JS]U ][email protected]@\K
KD^AD WGEZ DKR_WJE\CWA FVJE\CWAAGKJOJYVHD
TP^AOJYVHD
@XGAOJYVHD
[email protected]AOJYVHD
UCVAOJYVHD
C^XDKXTJ AVF @ZV [email protected]PX
@WB A ][email protected]@
[WTKK
KD^ADWPDAAOJYVHD
Z_GF
JYVHD
W^D  V ][email protected]@WKJN\WX
@WBV ][email protected]@  ][email protected]@
QX[RDKXTJ A]RWABKK
KD^AD[ATP X
@WB ]GX\ AOJS]U ][email protected]@
@GJE\CWA
]XKK VZV [email protected]Y
@ZV [email protected]Q  ][email protected]@
]A\R
R N WJF\@BRH\DKXTJ AWRDKP]K
KD^AD][email protected] WJF\@DZUV
AOKXTJ A\Z S^X]AOJYVHD
A^JLQ\\KK VZV [email protected]@ @ZV [email protected]^  \VKK VZV [email protected]@
SATKK
KD^AD W]^KJN WJF\@[]EV
[\_RAOJS]U ][email protected]@[]VKK
KD^AD
[TYVDKP]K
KD^AD \GTA @ZV [email protected]Q \TKK
KD^AD@\\\
AR\AOJS]U ][email protected]@ SZ_KK
KD^ADS^[email protected] KK VZV [email protected]CW
N WJF\@ACX]@JN WJF\@@\[email protected]XTJ A^]
X
@WB

JZJE\CWA
KR][email protected] WJF\@B_PJDKXTJ AT^
X
@WB VRJE\CWA
\[email protected] WJF\@BRH\DKXTJ AX]
 X
@WBWAJE\CWA[email protected] WJF\@]]]DKXTJ AA\X
@WB \TJE\CWAFZ^]@JN WJF\@UR\QDKXTJ ASR X
@WB[GJE\CWA\[email protected] WJF\@UR\Q@ZV [email protected]D

[email protected]JE\CWAFGX]AOJYVHD
T]R X
@WB ]\UKK
KD^AD
\]Z DKXTJ AAR A ][email protected]@ YC^[email protected] WJF\@VVA\
@ZV [email protected]@ S_JE\CWA@AP[AOJYVHD
EXAX
@WB
BRHKK
KD^AD\T]Z DKXTJ AEA Q ][email protected]@_\[email protected] WJF\@^ZBG
@ZV [email protected][

\WJE\CWA S]RR DKXTJ ATC 
\VJE\CWA_Q]Z DKR_WJE\CWA \ ][email protected]@ @JE\CWA\VEZ
DKXTJ AW\
[email protected]JE\CWA
TGFRDKXTJ A^U
@VJE\CWASA]FDKXTJ AX] WGJXTJ ABZDKXTJ AFV AOKXTJ AFR \TJE\CWAPVCQDKXTJ ASR SGJE\CWAFV]_DKXTJ AP^S]JXTJ AVR
\TJ JYVHD
[email protected] WJF\@A_^[email protected] WJF\@[email protected] WJF\@^[email protected] WJF\@QAPCAOJYVHD
PHQDKXTJ AVF @ZV [email protected]Q

X
@WB AVJE\CWA[email protected] WJF\@DZCG
@ZV [email protected]A

FGTKK
KD^AD \GTA @ZV [email protected]@
SATKK
KD^AD ^RRX R N WJF\@AC^AAOJYVHD
Q^\ AOKR_WJE\CWA QXJE\CWASPZKJN\WX
@WB
@ ][email protected]@W\KJOJYVHD
A^FW
JYVHD
A^FW
N WJF\@V\F] X
@WB
@][email protected] WJF\@P_PP Y
JYVHD
YPP AOJYVHD
Q]RDK ][email protected]@ FATRAOJS]U ][email protected]@
WA_VAOJ]AX
@WB \TJE\CWA[email protected] @P]K
KD^ADSPZKK
KD^AD ^[email protected]P]K
KD^ADSTPI
@^AJE\CWA[email protected] WJF\@X\DA 
@ ][email protected]@QRCVAOJS]U ][email protected]@ \_^RAOJ]AX
@WBZ ][email protected]@[email protected]XTJ AU\

SWJE\CWAF[DA @P]K
KD^AD[email protected]JE\CWAURBKJN WJF\@Z\]_
V ][email protected]@
P^^@JN WJF\@_Z_] S ][email protected]@F\DP
DKXTJ AP^FRCKK
KD^AD][email protected] R N WJF\@S_]KK
KD^AD^\[email protected]@JOJYVHD
GC\
\RJXTJ ASZAOJYVHD
U]R DKZV [email protected]C
FZ^]@JN WJF\@P_PP Y
JYVHD
ZB_AOJYVHD
PPC
DKP]K
KD^ADSPZKK
KD^AD ^[email protected]
PP_  \ZPKK
KD^AD]]_VGGJXTJ ARR @ZV [email protected]^


JYVHD
C]RDKXTJ AC\
@R N WJF\@SG\KK
KD^AD@VAR DKP]K
KD^ADSAUKK
KD^AD@VUZAOKR_WJE\CWA U[JE\CWA
^[email protected]
^[email protected]
[[email protected] WJF\@_ZRA
[]VKK
KD^AD \U^A ]]JXTJ A\R
@ZV [email protected]Q  [JXTJ AYZDKXTJ AFZ_JXTJ ABC
X
@WB@JXTJ ABF [CEZ

DK\C ][email protected]@
KVCKK
KD^AD]FC]DKR N WJF\@^[email protected] WJF\@ERVV

JYVHD
@AV
X
@WB
 @JE\CWA FVCG
W]EKK
KD^ADS
BV
K
\_X]AOJS]U ][email protected]@[email protected]AOJYVHD
ZB_
@R N WJF\@XRRX @ZV [email protected]D
 \TBKJN\WX
@WB 
@\^^@JN WJF\@P_PP YKJN WJF\@[email protected]
@P]K
KD^AD[email protected]]
DK\C ][email protected]@ []TKK VZV [email protected]\  W
N WJF\@DVVRAOJYVHD
AP]
X
@WB@[email protected]XTJ AX]
 X
@WB
@][email protected] WJF\@UR\Q
R N WJF\@_RR[
\K
KD^AD^\EKK
KD^AD^\[email protected]@JOKXTJ ARR

@][email protected]\WX
@WB
X
@WB@[email protected]ZV [email protected]P ]@JE\CWAAZ_\ @ZV [email protected]P ]P^^@JN WJF\@\@B @ZV [email protected]]AZ_\@JN WJF\@TATV \\JE\CWA WGP
DKXTJ A@U H]^JE\CWAAZ_\ X
@WB \\^] DKXTJ ARR

[email protected] WJF\@UAPQL X
@WB 
QRBZ DKXTJ ARR

[email protected] WJF\@Q_DQ \\JXTJ ABC
@ZV [email protected]Q

@^AJXTJ A^]
\K VZV [email protected]T[]VKK XTJ ARV P^^@JN WJF\@PVEG
LQ\\KJOJYVHD
TDZH]^JE\CWA FVB @ZV [email protected]Q \TP
DKXTJ AVR
\TP
DKXTJ AFR \TP
DKX
@WB P^^@JN WJF\@UFCFL X
@WB
 AR\AOJYVHD
@TR LQ\\KK VZV [email protected]@ P^^@JN WJF\@PVEG
@R N WJF\@UR\Q
P^^@JN WJF\@T\^G 
KK
KD^AD X  @ZV [email protected]PQRBZ DKXTJ ARR

UR\VAOJYVHD
TCR AZ_\@JN WJF\@FAD^M
_ ][email protected]@ []^\
X
@WBLQ\F AOJYVHD
 QH]^JE\CWAAZ_\  A ][email protected]@
[email protected]P
DKXTJ ASZ  LQ\\KK
KD^AD[email protected]]
M X
@WB \\FAOJYVHD
VICLQ\\KK
KD^AD[email protected]]
H@ ][email protected]@ ]QP @ZV [email protected]Z]R\AOJYVHD
[email protected]
LQ\\KK
KD^ADHQTGM
_ ][email protected]@  PVE @ZV [email protected]R WR\AOJYVHD
EXVLQ\\KK
KD^AD[email protected]]
[]TKK
KD^ADQG^C \\BKK
KD^AD XA_VM
_ ][email protected]@ []^A U ][email protected]@
^_P @ZV [email protected]Q AR\AOJYVHD
QPA

LQ\\KK
KD^AD
\_X] []^KK
KD^ADV_P
HP ][email protected]@T^^B @ZV [email protected]P ][email protected]
@ZV [email protected]P ]@RAOJYVHD
[email protected]
L\VEKK
KD^AD]FSVM
_ ][email protected]@SWX]L X
@WB []^ @ZV [email protected]Z \\P
DKXTJ A P ]_VAOJYVHD
GT_P^^@JN WJF\@QRBZ L\VEKK
KD^AD[email protected]]
 [email protected] WJF\@QRBZ LQ\\KK
KD^ADQRBZ H]^JE\CWA[email protected]]
M
_ ][email protected]@]QTGL X
@WBPZV @ZV [email protected]Q
@@P
DKXTJ A^R LQ\F AOJYVHD
[email protected]
P^^@JN WJF\@U\E LQ\\KK
KD^AD
\_X] []^@@JN WJF\@CLQ\\KK
KD^AD[email protected]]
N ][email protected] WJF\@DZCG
[email protected]]
AOJYVHD
QTGP^^@JN WJF\@PVEG
LQ\\KK
KD^ADWGPQH]^JE\CWA@AP[M
_ ][email protected]@A[XT
M
_ ][email protected]@P_T HY ][email protected]@AR_WM
_ ][email protected]@ F\_RM
_ ][email protected]@EVTCM
_ ][email protected]@[email protected]]
M
_ ][email protected]@ BWXPM
_ ][email protected]@]GTXM
_ ][email protected]@WASVM
_ ][email protected]@P_X]MF ][email protected]@W[email protected]]
M
_ ][email protected]@ []^T[]VKK
KD^AD[email protected]LQ\\KK
KD^ADU^VA
LQ\\KK
KD^AD[email protected]
LQ\\KK
KD^AD^[email protected]
LQ\\KK
KD^AD
]R[

LQ\\KK
KD^AD[email protected]]
M
FZKK
KD^ADFRC_
LQ\\KK
KD^AD WG^]LQ\\KK
KD^ADG][\
LQ\\KK
KD^AD[^B_
LQ\\KK
KD^AD SWCZLQ\\KK
KD^AD^_B_
LQ\\KK
KD^AD^FSW LQ\\KK
KD^AD][email protected]
LQ\\KK
KD^ADUAF]G
LQ\\KK
KD^ADSABR LQ\\KK
KD^AD [email protected]
LQ\\KK
KD^AD^_RALQ\\KK
KD^AD^\E_
LQ\\KK
KD^AD[email protected]]
LQ\\KK
KD^ADR[email protected]
LQ\\KK
KD^ADPTP^ LQ\\KK
KD^ADS^S_
LQ\\KK
KD^AD[email protected]
LQ\\KK
KD^AD[email protected]]
LQ\\KK
KD^AD WGC\
LQ\\KK
KD^AD[email protected]
LQ\\KK
KD^ADZVVA
LQ\\KK
KD^AD S_]JLQ\\KK
KD^ADSPCF LQ\\KK
KD^AD[email protected]]
LQ\\KK
KD^AD[_UY
LQ\\KK
KD^AD[email protected]]
LQ\\KK
KD^AD [email protected]
LQ\\KK
KD^AD^[email protected]
LQ\\KK
KD^AD]KF\
LQ\\KK
KD^AD]GP_ LQ\\KK
KD^AD[email protected]]
LQ\\KK
KD^AD[email protected]LQ\\KK
KD^ADS^S_
[email protected]]
AOJYVHD
[email protected]
WG]DKXTJ AB_
 DVC @ZV [email protected]E AZ_\L X
@WB \\FV M U ][email protected]@ []^^
H WGJE\CWA[email protected]
LQ\\KK
KD^ADDCRR

P^^@JN WJF\@QRBZ WR\AOJYVHD
[email protected]
GKP
DKXTJ AP
 STT @ZV [email protected]Q 
]_]RL X
@WB \\]Z HS ][email protected]@ []^@H]^JE\CWAAZ_\LQ\\KK
KD^ADUUA P^^@JN WJF\@ERVV WR\AOJYVHD
]TG \TP
DKXTJ A P ]R\L
@ZV [email protected]U^\[email protected] X
@WB \R]_M
_ ][email protected]@ F\WZ H]^JE\CWAAZ_\LQ\\KK
KD^AD ^RRX P^^@JN WJF\@PGUP ]R\AOJYVHD
[^^ WAP
DKXTJ AX]WFI @ZV [email protected]P ]G^CL X
@WB \\SRM
_ ][email protected]@[email protected]
LTAJE\CWA H]XILQ\\KK
KD^AD \GTA P^^@JN WJF\@^FRXTR\AOJYVHD
FBR \\P
DKXTJ ARR

\VE @ZV [email protected]@P\^XL X
@WB
]]UY
M
_ ][email protected]@ []^P L\_JE\CWA][email protected]LQ\\KK
KD^AD][email protected]
P^^@JN WJF\@SEXP ]R\AOJYVHD
@XR \\P
DKXTJ AB_
URB @ZV [email protected]PPAZ_\L X
@WB \\AH[
JYVHD
\__
@ZV [email protected]P ]BKJN WJF\@EVSP ]R\AOJYVHD
  \\P
DKXTJ AW\[email protected] X
@WB \\ZZ H]^JE\CWA[email protected] P^^@JN WJF\@YZFZ \\P
DKXTJ ARR

WFC\L X
@WB WRU\H]^JE\CWA[email protected] P^^@JN WJF\@ADTVGQP
DKR_WJE\CWA
YVCKK
KD^AD]\\ @X
@WB \\GVH]^JE\CWAAZ_\ P^^@JN WJF\@QRBZ  FJP
DKXTJ A\\  S_]@L X
@WBUTQOQRBZ H]^JE\CWA \ZRR

P^^@JN WJF\@QRBZ K \GP
DKXTJ AVR[_]VL X
@WB QRBZ H]^JE\CWAW
\RR

P^^@JN WJF\@_R[\WAP
DKXTJ ARR

@R\RL X
@WB \\BH]^JE\CWA
WQXT P^^@JN WJF\@ ZP ]@P
DKXTJ AW\ WQPJL X
@WBACP_H]^JE\CWASZ]C
P^^@JN WJF\@QRCWWAP
DKXTJ ARR

J^FL X
@WB \\FZH]^JE\CWA
KR]CQRBZ DKXTJ AGZ []^@L X
@WB
QRBZ H]^JE\CWA \[email protected]
P^^@JN WJF\@
TA \\P
DKXTJ A\\
\@D]L X
@WB ^ETTH]^JE\CWA]D_A P^^@JN WJF\@SQXI ^WP
DKXTJ ARR

DX]L X
@WB QRBZ H]^JE\CWAP^X_
P^^@JN WJF\@S^TA @@P
DKXTJ AC\^RRVL X
@WB \\VF [email protected]JE\CWA[]ARP^^@JN WJF\@U\E\ \\P
DKXTJ AUV][email protected] X
@WB JU^AH]^JE\CWAVRRR

P^^@JN WJF\@B_PP WGP
DKXTJ ARR

[email protected] X
@WBLQRBZ H
@TJE\CWAAZ_\
P^^@JN WJF\@[email protected] \\P
DKXTJ AA_
^FRXL X
@WB @ZGRH]^JE\CWAWRRR

P^^@JN WJF\@X \\P
DKXTJ ARR

]]_VM
_ ][email protected]@ HRRR

P^^@JN WJF\@QRBZ [WT @ZV [email protected]^QRBZ H]^JE\CWA\WXP@_VAOJYVHD
R []^@L X
@WB E\^WL RDKK
KD^AD ]RCW
^EP
DKXTJ ASV WR]VM
_ ][email protected]@ []^P
P^^@JN WJF\@E\C_ \VC @ZV [email protected]P ]RKGH]^JE\CWA
\GTP ]R\AOJYVHD
F]G WQTGL X
@WB \\E\LQ\\KK
KD^AD[email protected]]
 [email protected]P
DKXTJ AY\
W_CVM
_ ][email protected]@ZVRR

P^^@JN WJF\@QRBZ G^P @ZV [email protected]A
 QRBZ H]^JE\CWAQ]CRR

AR\AOJYVHD
S []^@L X
@WB \\[FLQ\\KK
KD^ADSJP] \\P
DKXTJ ASV A_DP M
_ ][email protected]@ []^@
P^^@JN WJF\@QRBZ 
@XK @ZV [email protected]@ @\HRH]^JE\CWA FVCD\R\AOJYVHD
V_GAZ_\L X
@WB \\]F PYKK
KD^AD[email protected]]
AJP
DKXTJ AP_
[email protected]]
M
_ ][email protected]@ YC^G
P^^@JN WJF\@QRBZ
]XZVL@ZV [email protected]C
QRBZ H]^JE\CWAS]UP ]R\AOJYVHD
DFDLK[email protected]]
MX
@WB \\B\LQ\\KK
KD^AD^RH[
]]P
DKXTJ A
[email protected]]
M
_ ][email protected]@ []^^P^^@JN WJF\@UAP] []T @ZV [email protected]T QRBZ H]^JE\CWA[@BP ]R\AOJYVHD
[email protected]
]^DL X
@WBS_PJ LQ\\KK
KD^ADSET_ SFP
DKXTJ AVR E\C_M
_ ][email protected]@@\RR

P^^@JN WJF\@QRBZ KVTF_ @ZV [email protected]CFC^XH]^JE\CWA
QXH]FR\AOJYVHD
DX_
ZZ]_L X
@WBAG^DLQ\\KK
KD^AD[email protected]]
[email protected]P
DKXTJ ARR

FBWM
_ ][email protected]@ []^A
P^^@JN WJF\@U\]W
 UVCP ] ][email protected]@ []^^


P^^@JN WJF\@QRBZ SZC @ZV [email protected]P ]PPH]^JE\CWA
@GD]
_R\AOJYVHD
T^\ []^@L
X
@WB \\CV
LQ\\KK
KD^AD]]EVO ^\P
DKXTJ AR_  [email protected]_M
_ ][email protected]@ [email protected]

P^^@JN WJF\@QRBZ KS^P @ZV [email protected]C@@^]H]^JE\CWA
FGBP ]R\AOJYVHD
Z_GAZ_\L X
@WB
 [email protected]
LQ\\KK
KD^AD[email protected]]
[PP
DKXTJ ACR
UR\VM
_ ][email protected]@SAU\ AR\AOJYVHD
@X_]_]RM
_ ][email protected]@SVR P ]R\AOJYVHD
[email protected]
O]]]Z HA ][email protected]@ AGRR

AR\AOJYVHD
C]RAZ_\M
_ ][email protected]@ []^WA_VAOJYVHD
ZB_
[email protected]]
M
_ ][email protected]@[email protected]]
@R\AOJYVHD
 SVAZ_\M
_ ][email protected]@ []^@ ^R\AOJYVHD
GYV \\_VM
_ ][email protected]@
[email protected]

AR\AOJYVHD
@^PAZ_\M
_ ][email protected]@\WHP ]R\AOJYVHD
[^_QRBZ H ^ ][email protected]@ []^@LPR\AOJYVHD
PYV[email protected]]
M
_ ][email protected]@
[email protected]]

PR\AOJYVHD
[email protected]
OZ\[email protected]MF ][email protected]@ VV_CWR\AOJYVHD
G^C[email protected]]
M
_ ][email protected]@[VP ]R\AOJYVHD
RCT
[email protected]]
M
_ ][email protected]@ YC^G SR\AOJYVHD
[email protected]
S^X]M
_ ][email protected]@ []^PLQ\F AOJYVHD
P^D [email protected]]
M
_ ][email protected]@ VV_]FR\AOJYVHD
[email protected]
ZR_PM
_ ][email protected]@RVRRR

AR\AOJYVHD
@D][email protected]]
M
_ ][email protected]@V _VBP ]R\AOJYVHD
[email protected]
OFR\CM
_ ][email protected]@WAP ]R\AOJYVHD
@DU
V\F]M
_ ][email protected]@ []^W
 \R\AOJYVHD
[email protected]
WA]Z M
_ ][email protected]@
[email protected]
FR\AOJYVHD
^TA
[email protected]]
M
_ ][email protected]@AVEVH]^RAOJYVHD
DX] 
\_X]M
_ ][email protected]@ []^ M[]UVAOJYVHD
[email protected]
W_CZ
M
_ ][email protected]@WARR

R\AOJYVHD
[email protected]
^RHVM
_ ][email protected]@ GPZP ]R\AOJYVHD
PX][email protected]]
M
_ ][email protected]@ []^G HR\AOJYVHD
V\C AP]F M
_ ][email protected]@BG \\FAOJYVHD
A^J[email protected]]
M
_ ][email protected]@ @FBP ]R\AOJYVHD
UW^@^X]M
_ ][email protected]@[email protected]]
WR\AOJYVHD
\__
[email protected]]
M
_ ][email protected]@]PP ]R\AOJYVHD
I^]NAZ_\M
_ ][email protected]@YJT^
@R\AOJYVHD
DFDL []^_HW ][email protected]@WTP ]R\AOJYVHD
[email protected]
OWKEAM
_ ][email protected]@
GCT \\UAOJYVHD
ATGLF\P ] ][email protected]@DS \\AAOJYVHD
DFDLTAZ_\M
_ ][email protected]@ PRBP ]R\AOJYVHD
[email protected]

\_X]M
_ ][email protected]@WAE\

FR\AOJYVHD
DFDL []^FM
_ ][email protected]@ []^WR\AOJYVHD
DFDL []^Q

HA ][email protected]@ A[P_
WR\AOJYVHD
CP_ [email protected]]
M
_ ][email protected]@ @R]W\R\AOJYVHD
QTG E\C_M
_ ][email protected]@ []^P
@R\AOJYVHD
EXADVVRM
_ ][email protected]@
QX[R \R\AOJYVHD
WT_[email protected]]
M
_ ][email protected]@ []^Q[P
AOJYVHD
RCT
[email protected]]
H]^JE\CWAW^[email protected] \\B @ZV [email protected]P ]^^A


P^^@JN WJF\@EDF[email protected]]
M
_ ][email protected]@ []^@O []TDKXTJ AFDMmail protected]
LQ\\KK
KD^AD[email protected]]
 [email protected]FL X
@WBLZFEP ]R\AOJYVHD
[email protected]
S]ERH]^JE\CWATRPVBG \\B @ZV [email protected]DH ]@RR

P^^@JN WJF\@U\]W [email protected]]
M
_ ][email protected]@ []^@L
P
DKXTJ ARR

\FVTLQ\\KK
KD^AD[email protected]]
 YZ_TL X
@WBLQRBZ H]^C AOJYVHD
[email protected]
WGC\ H WGJE\CWA VZP] \\B @ZV [email protected]P ]@^]
P^^@JN WJF\@EDF[email protected]]
M
_ ][email protected]@ UX \\P
DKXTJ AU []^@UTQLQ\\KK
KD^ADS
[^_AZ_\L X
@WBAZRP ]R\AOJYVHD
[email protected]
OWKAVH]^JE\CWA
F\WA_VB @ZV [email protected]P ]GCRP^^@JN WJF\@P_PP YPM
_ ][email protected]@WWPJ \\P
DKXTJ AEA  F_^F LQ\\KK
KD^AD@[email protected] ^FRXL
X
@WBLADP] \\@AOJYVHD
DFDLQRBZ H]^JE\CWAAZ_\
A\C @ZV [email protected]P ]]XRP^^@JN WJF\@]ASZ
[email protected]]
M
_ ][email protected]@ [email protected] \\P
DKXTJ AVR
\TVF L\VEKK
KD^ADEDP ]IL X
@WB \\BVAR\AOJYVHD
[email protected]
@\A[H]^JE\CWAS_^] \\B @ZV [email protected]DH[email protected]
P^^@JN WJF\@\__
[email protected]]
M
_ ][email protected]@_\_G \\P
DKXTJ AS_
SPZZ  LQ\\KK
KD^AD
S^AG

AZ_\L X
@WBLAGPA \\DAOJYVHD
[email protected]
[email protected]
LQ[JE\CWAAGSV []^ @ZV [email protected]D
@WRR

P^^@JN WJF\@][email protected] YVC HY ][email protected]@ []^^
WAP
DKXTJ ARR

T\CG
LQ\\KK
KD^AD
@_TR AZ_\L X
@WBL_VVR \\AAOJYVHD
DFDLOQRBZ H]^JE\CWA@R\Z []^ @ZV [email protected]DH[email protected]]
 P^^@JN WJF\@EDF [email protected]]
M
_ ][email protected]@@DA \\P
DKXTJ AW\ WG^DLQ\\KK
KD^ADEDP ]@DAL X
@WBLQRBZ UTR\AOJYVHD
[email protected]
SATVH]^JE\CWAUTWPJ []^ @ZV [email protected]DHSU]LAZ_\@JN WJF\@_ZBGK[email protected]]
M
_ ][email protected]@ [QSV

^WP
DKXTJ A[R
FCP_ LQ\\KK
KD^AD[email protected]]
 V\[email protected] X
@WBVZ_P ]R\AOJYVHD
WXR QRBZ H]^JE\CWAAZ_\AGH @ZV [email protected]D

[email protected]

P^^@JN WJF\@EDF \\RSHG ][email protected]@ []^ ^VP
DKXTJ ARR

AG^CLQ\\KK
KD^ADG]RAAZ_\L X
@WB
FGBP ]R\AOJYVHD
\__
[email protected]]
H]^JE\CWAEFQO []^ @ZV [email protected]DH ]RR

P^^@JN WJF\@QRBZ WAXPM
_ ][email protected]@AGPA \\P
DKXTJ ARR

\_ LQ\\KK
KD^ADS^S_
[^[email protected] X
@WB
[email protected]]
FR\AOJYVHD
[email protected]
S^[email protected]]^JE\CWA_Q]Z 
\XB @ZV [email protected]P ]XX] P^^@JN WJF\@QRBZ KWQRRM
_ ][email protected]@ []^V_VP
DKXTJ ARR
^[email protected]
LQ\\KK
KD^ADSXTEZ\\VL X
@WBL\DRR

AR\AOJYVHD
DFDL []^@LLGXJE\CWA
@GD] \TT @ZV [email protected]^SJRR

P^^@JN WJF\@QRBZ 
^W RM
_ ][email protected]@ YC^G \\P
DKXTJ AEA
[email protected]
LQ\\KK
KD^ADRRA
[email protected]]
M
_ ][email protected]@[email protected]
[^T @ZV [email protected]P ]@^UWR\AOJYVHD
  \\^] LQ\\KK
KD^ADG]GV[email protected]]
M
_ ][email protected]@[email protected]
CFP @ZV [email protected]D

UV\P ]R\AOJYVHD
DFDL[email protected]
LQ\\KK
KD^AD@VBG [email protected]]
M
_ ][email protected]@
[email protected]T[]V @ZV [email protected]G
KVRR

AR\AOJYVHD
DFDL []^A
 TCKK
KD^ADED\
[email protected]]
M U ][email protected]@ []^@ZVC @ZV [email protected]DAZ_\WR\AOJYVHD
ATV
[email protected]
LQ\\KK
KD^AD[email protected]]
\WSRM
_ ][email protected]@ []^R FZB @ZV [email protected]O []^ AR\AOJYVHD
DFDL[email protected]
DBKK
KD^AD[ABG[email protected]]
M
_ ][email protected]@ []^WAB @ZV [email protected]_GPZP ]R\AOJYVHD
[email protected]
Z\XPM
FZKK
KD^AD ^RRX C]RM
_ ][email protected]@@ER []^ @ZV [email protected]P ]A_
KR\AOJYVHD
RRV
@GBQ

LQ\\KK
KD^AD[email protected]]
NFD^A M
_ ][email protected]@
A_^G []^ @ZV [email protected]DH[email protected]]
HYR\AOJYVHD
CYR
[email protected]
LQ\\KK
KD^ADR SVAZ_\M
_ ][email protected]@
QX[R[WT @ZV [email protected]P ]]\
@_VAOJYVHD
R]_
@[email protected]
LQ\\KK
KD^AD[email protected]]
N_VB H] ][email protected]@
WAXRSPT @ZV [email protected]DH[email protected]]
KPR\AOJYVHD
[email protected]
VTF_UCKK
KD^AD[email protected]
^FS HY ][email protected]@[email protected]
[email protected]
@ZV [email protected]DHFY^P ]R\AOJYVHD
X [email protected]
LQ\\KK
KD^AD _CTA 
[email protected]]
M
_ ][email protected]@F\CP
^VC @ZV [email protected]@ ]]RR

AR\AOJYVHD
DFDL []^Q

LQ\\KK
KD^AD]_UT[email protected]]
M
_ ][email protected]@ []^\ \VE @ZV [email protected]Q
]D_Q  [R\AOJYVHD
R\V
QRBZ L\VEKK
KD^AD^RHT[email protected]]
M
_ ][email protected]@ []^V\PT @ZV [email protected]DH[email protected]]
[email protected]PAOJYVHD
[email protected]
OBRCG L\VEKK
KD^AD[email protected]]
[email protected]M
_ ][email protected]@P_X]NSAB @ZV [email protected]P ]@EAKR\AOJYVHD
[email protected]
]\Z^
LQ\\KK
KD^ADS^S_S_PPM
_ ][email protected]@W^^ []^ @ZV [email protected]T
^FSP ]R\AOJYVHD
DFDL []^ALQ\\KK
KD^ADZ\FW
[email protected]]
M
_ ][email protected]@ _VCP []^ @ZV [email protected]U []TP ]R\AOJYVHD
PXG
[email protected]
LQ\\KK
KD^ADP\__
[email protected]]
M
_ ][email protected]@[email protected]
DVC @ZV [email protected]D SPZP ]R\AOJYVHD
QXT \\S\ LQ\\KK
KD^AD[email protected]]

AGTAM
_ ][email protected]@ []^[^VB @ZV [email protected]Z \VEP ]R\AOJYVHD
PPA
^[email protected]
LQ\\KK
KD^ADEDP ]CX^M
_ ][email protected]@  FVCQSAZ @ZV [email protected]P ]QP_
_R\AOJYVHD
R\V
[email protected]
L\VEKK
KD^AD ^RRX F\^_M
_ ][email protected]@P^W []^ @ZV [email protected]DH[email protected] ]R\AOJYVHD
[email protected]
WRCP
LQ\\KK
KD^AD
SAC\K[email protected]]
M
_ ][email protected]@[email protected]
STT @ZV [email protected]A
PVEP ]R\AOJYVHD
DFDL[email protected]
LQ\\KK
KD^AD \UX] [email protected]]
M
_ ][email protected]@ @ZRR []V
@ZV [email protected]Q

WABG
\R\AOJYVHD
ETT[email protected]
LQ\\KK
KD^AD^FSW [email protected]]
M
_ ][email protected]@
\VEC
Q_T @ZV [email protected]DH[email protected]]
Y_VAOJYVHD
QXT[email protected]
LQ\\KK
KD^ADFRC_
[email protected]]
M
_ ][email protected]@[email protected]
VTT @ZV [email protected]Q V\VP ]R\AOJYVHD
RR

^ZBG
LQ\\KK
KD^AD]A]W
DVVRM
_ ][email protected]@  WASV []^ @ZV [email protected]Q@APP ]R\AOJYVHD
UXE@[email protected]
LQ\\KK
KD^ADF_P]
[email protected]]
M
_ ][email protected]@ []^_URB @ZV [email protected]@  FPYP ]R\AOJYVHD
GXUmail protected]
LQ\\KK
KD^ADEDX
[email protected]
[email protected]JE\CWAER\[email protected]]
M
_ ][email protected]@ AZTFNAZ_\L X
@WB \\RZ[email protected] @ZV [email protected]Q[email protected]]
 VVP
DKXTJ AFDMAZ_\NAR\AOJYVHD
DFDL []^Z
P^^@JN WJF\@XRRX G]RG LQ\\KK
KD^ADEDT
QRBZ H]^JE\CWAERR

\UWMF ][email protected]@[email protected]
BJP
M X
@WBLQRBZ []V @ZV [email protected]P
 AVD^ \\P
DKXTJ AFDM
W^BP ]R\AOJYVHD
DFDL []^G
][email protected] WJF\@EDF \\Q

FBKK
KD^AD[email protected]]
BR]^H]^JE\CWA[email protected]
[email protected]]
M
_ ][email protected]@W_RZAZ_\L X
@WB 
\_X] []^ @ZV [email protected]Q[email protected]]

[email protected]P
DKXTJ AFDM^FSP ]R\AOJYVHD
[email protected]
ZVRX
P^^@JN WJF\@PVBG \\UVLQ\\KK
KD^AD[ETA QRBZ H]^JE\CWAERR

JR_G

H@ ][email protected]@QWOQRBZ H
\_X]MX
@WB \\S\ [@E @ZV [email protected]DHQRCW \\P
DKXTJ A\F

S_]P ]R\AOJYVHD
DFDL[email protected]]
 P^^@JN WJF\@Z] [email protected]
LQ\\KK
KD^ADEDP ]RH]^JE\CWAF[DA [email protected]]
M
_ ][email protected]@SVU]]]Z AZ_\L X
@WBLQRBZ K[]T
@ZV [email protected]P ]WT_^VT DKXTJ AFDMAZ_\O[email protected]FAOJYVHD
 UZ [email protected]

P^^@JN WJF\@QRBZ O]]]Z H \U^KK
KD^ADED@
 QRBZ H]^JE\CWAERR

QA^D M
_ ][email protected]@XX]AZ_\L X
@WBL]]]Z AZ_\L@ZV [email protected]DH[email protected]]
GQP
DKXTJ AFDMSPYP ]R\AOJYVHD
DFDL []^ P^^@JN WJF\@PATR [email protected]
LQ\\KK
KD^AD[email protected] QRBZ H]^JE\CWA
GARR

UFXWM
_ ][email protected]@[email protected]
OEV]_L X
@WB 
ADTVYVB @ZV [email protected]D[email protected] \\P
DKXTJ AP^FRCP ]R\AOJYVHD
DFDL []^B P^^@JN WJF\@\J_J
^[email protected]
LQ\\KK
KD^ADEDQQRBZ H]^JE\CWAVR\__
[email protected]]
M
_ ][email protected]@
QX[R\GTAL X
@WB F[P
ISZ_
 @ZV [email protected]\  [email protected]
S]P
DKXTJ AFDM VZ^P ]R\AOJYVHD
BG \\^]
P^^@JN WJF\@EDF []^PLQ\\KK
KD^ADEDP ]@P_H]^JE\CWA_Z_T B\ZVM
_ ][email protected]@WA_ZAZ_\L X
@WB ^V_T []^ @ZV [email protected]DH[email protected]]
[email protected]P
DKXTJ AFDMAZ_\O [email protected]PAOJYVHD
DFDL Q[RR

A[email protected] WJF\@EDF[email protected]
LQ\\KK
KD^AD [email protected] ]@U
H]^JE\CWA[email protected]
[email protected]]
M
_ ][email protected]@FWTR []^@L X
@WB [IPA
VWB @ZV [email protected]DH[email protected]]
N FJ]DKXTJ AFDM@VBP ]R\AOJYVHD
G^C \\CV
P^^@JN WJF\@EDF \\CVL\VEKK
KD^AD@VTP ]@RR H]^JE\CWA DVC\[email protected]]
M
_ ][email protected]@[^\ AZ_\L X
@WBQRBZ S_B @ZV [email protected]DH
\_X]NAZ_\L @ZV [email protected]@ WETAO []^ @ZV [email protected]Q EZU\ []^ @ZV [email protected]DH[email protected]]
N WCAVL@ZV [email protected]P ]GCR
WDB @ZV [email protected]T
AT^_ []^ @ZV [email protected]DH
\_X]NAZ_\L @ZV [email protected]DH[email protected]]
A\] @ZV [email protected]DH GPZJ []^ @ZV [email protected]DH[email protected]]
N
_CB @ZV [email protected]DHGZUVP []^ @ZV [email protected]\  WRR

AV\L @ZV [email protected]@DVVR []^ @ZV [email protected]DH[email protected]]
\VE @ZV [email protected]CF_DP []^ @ZV [email protected]DHVQRBZ _VB @ZV [email protected]EBR]^ []^ @ZV [email protected]\  [email protected]
O @ZV [email protected]DHS]H\ []^ @ZV [email protected]DHSCP]O []^ @ZV [email protected]EDZ]_ []^ @ZV [email protected]D
FATV []^ @ZV [email protected]DH[email protected]]

\FB @ZV [email protected]P ^R_P]AE @ZV [email protected]DH QRBZ VZP @ZV [email protected]DH]]EJ []^ @ZV [email protected]DHQG^C \\B @ZV [email protected]A
S_PP []^ @ZV [email protected]DHSA^F []^ @ZV [email protected]DHS^FRX []^ @ZV [email protected]DHQJSV []^ @ZV [email protected]DH]PP_ \\B @ZV [email protected]DH[email protected]]
M
_X]@ZV [email protected]DH[email protected]]
N]^^ @ZV [email protected]RSAZ_\ AVB @ZV [email protected]P ]APG
^FS @ZV [email protected]DHHVR[ \\B @ZV [email protected]DH[email protected]]
FFT_L @ZV [email protected]P ]R_K[PT @ZV [email protected]DH[email protected]]
[]P @ZV [email protected]DH[email protected]]
W @ZV [email protected]DH SAPX []^ @ZV [email protected]P ]Q^][WT @ZV [email protected]DH PVPG \\B @ZV [email protected]DH[email protected]]
B_H @ZV [email protected]@^Z_V \\B @ZV [email protected]TZ\EV []^ @ZV [email protected]\  WP ]@Z  @ZV [email protected]DH@VB[O []^ @ZV [email protected]DHS]H\ []^ @ZV [email protected]DH][PD []^ @ZV [email protected]DHGZUVO []^ @ZV [email protected]DHFAXF []^ @ZV [email protected]DHS]UZ []^ @ZV [email protected]Z QRBZ 
YVC @ZV [email protected]DHW^^] \\B @ZV [email protected]DH ]@YV []^ @ZV [email protected]DH WG\R []^ @ZV [email protected]P ]S\SAU @ZV [email protected]DH[email protected]]
NWAE @ZV [email protected]DH[email protected]]
NVD @ZV [email protected]DH
\_X]NAZ_\L@ZV [email protected]Q
BRCG []^ @ZV [email protected]DH]WXR []^ @ZV [email protected]DH[email protected] []^ @ZV [email protected]DH[email protected]]
 VV @ZV [email protected]P ]AR Q[T @ZV [email protected]DH
@RR_ []^ @ZV [email protected]R ][email protected] \\B @ZV [email protected]DH[email protected]]
KYR\L
@ZV [email protected]DHBRUV []^ @ZV [email protected]DH QRBZ 
\FB @ZV [email protected]P ]@^USZC @ZV [email protected]DH[email protected]]
NPR\L
@ZV [email protected]Q XRRXV[]V @ZV [email protected]P ]]F ]FCTL@ZV [email protected]TPR_X []^ @ZV [email protected]DH[email protected]]
 TF_ @ZV [email protected]DHSUPA []^ @ZV [email protected]DHW_P]
[]^ @ZV [email protected]DHW\A_ []^ @ZV [email protected]P ]CTA LTATVL@ZV [email protected]DHGCTAZ []^ @ZV [email protected]SN ^Z_VO []^@L@ZV [email protected]DHSAEV []^ @ZV [email protected]DHPQRBZ 
@_U @ZV [email protected]DHSAG^CO []^ @ZV [email protected]DH]XTAO []^ @ZV [email protected]DH[email protected]]
@CP @ZV [email protected]RAZ_\ WDB @ZV [email protected]Z VATV []^ @ZV [email protected]DH[email protected]]
N[R_ @ZV [email protected]P ]R\LSPZY
@ZV [email protected]PDVVR []^ @ZV [email protected]DH
\_X]NAZ_\L@ZV [email protected]A PV]_ []^ @ZV [email protected]T
\ATV []^ @ZV [email protected]\  [email protected]
WDB @ZV [email protected]DH[email protected]]
 FVC @ZV [email protected]DH[AEFAZ_\L@ZV [email protected]\  [email protected]

W_A @ZV [email protected]DH[email protected]]
VVB @ZV [email protected]CFA^P []^ @ZV [email protected]P ]]^E
FZP @ZV [email protected]G
WC]R []^ @ZV [email protected]EPATR []^ @ZV [email protected]P ]@P


@WT @ZV [email protected]DHW]^AO []^ @ZV [email protected]A@RV\ []^ @ZV [email protected]DH SGDAAZ_\L X
@WBLQ[D^[email protected]]
M
_ ][email protected]@@ZJ
QRBZ H]^JE\CWAEZZ 
[email protected]
LQ\\KK
KD^AD[_]Z

 @VRR

P^^@JN WJF\@A_^G
[]T\
FR\AOJYVHD
[email protected]NAZ_\O [email protected]P
DKXTJ AFDM@\B \\B @ZV [email protected]DHZRERAZ_\L X
@WBLUR]R \\B HY ][email protected]@RKZ^]
QRBZ H]^JE\CWASPZY

\GYVLQ\\KK
KD^ADEDD
@@RR

P^^@JN WJF\@^FRX
UVEP ]R\AOJYVHD
T^_]^[email protected] \\P
DKXTJ AFDMAZ_\O]AX_L@ZV [email protected]DH[email protected]
UV_GL X
@WBLUAP] []^ H @ ][email protected]@C]RMAZ_\L LGXJE\CWA
@GD]
[email protected]
LQ\\KK
KD^ADEDA [email protected]]
M
_[email protected] WJF\@EDF]GBP ]R\AOJYVHD
DFDLU\]W \\P
DKXTJ AFDM AZUV \\B @ZV [email protected]P ][email protected]
@]TJL X
@WB
^VF\
[email protected]]
M
_ ][email protected]@
F^PP

QRBZ H]^JE\CWAEBG [email protected]
LQ\\KK
KD^AD[email protected]]
 [email protected] P^^@JN WJF\@EDF \\R[
@R\AOJYVHD
RS ^Z_V \\P
DKXTJ AFDMWO^FRX []^ @ZV [email protected]DH[email protected]

AZ_\L X
@WBLSK \\B HY ][email protected]@ [email protected]
WEXVH]^JE\CWA]GB\  [email protected]
LQ\\KK
KD^ADEDP ]GCR\[email protected] WJF\@EDF \\ARLQ\F AOJYVHD
T^_[TTA \\P
DKXTJ AFDMAZ_\ A[@ @ZV [email protected]DH[]RZAZ_\L X
@WB
W]BG[email protected]]
M
_ ][email protected]@[email protected]
@VTW
H]^JE\CWA
Z]AR[email protected]
LQ\\KK
KD^AD[AEF FJRR

P^^@JN WJF\@QRBZ 
KR]V
^R\AOJYVHD
DFDL []^R_\P
DKXTJ AFDM ^Z_VO []^@L @ZV [email protected]DHS_PI AZ_\L X
@WBSSK
\_X]NAZ_\M
_ ][email protected]@_PFK[email protected]]
H]^JE\CWAAZ_\O
W]BJ WTKK
KD^AD[R\\ GQRR

P^^@JN WJF\@EDF P\FP ]R\AOJYVHD
DFDL
BZRR \\P
DKXTJ AFDM
]_RR []^ @ZV [email protected]DH
\]Z AZ_\L X
@WB 
]URR[email protected]]
M
_ ][email protected]@\]W QRBZ H]^JE\CWAEBR [email protected]
LQ\\KK
KD^ADEDP ]ATE P^^@JN WJF\@EDF [_]P ]R\AOJYVHD
DFDL
[ETP ]@P
DKXTJ AYZ [email protected] \\B @ZV [email protected]TQRBZ \ZRVL X
@WBLQRBZ 
A^^C
HW ][email protected]@W\A\ ^[email protected] H]^JE\CWAAZ_\ WACRL RDKK
KD^AD ^RRX PR]_ P^^@JN WJF\@PVBG \\[email protected]FR\AOJYVHD
DFDL []^Q

[email protected]\DKXTJ AFDMGQGZ []^ @ZV [email protected]P ]QTG
S_TAL X
@WBL\VFJ

[email protected]]
M
_ ][email protected]@WPCZ QRBZ H]^JE\CWAERQRBZ L]AVKK
KD^ADED@@RR

P^^@JN WJF\@EDF \\T_ V\PAOJYVHD
DFDL^[email protected] \\P
DKXTJ AFDMAZ_\OKPZ @ZV [email protected]\  WRR

[^^M
X
@WBZ[^O]]]Z K[email protected]]
M
_ ][email protected]@[email protected]
ZREVH]^JE\CWAERR

AFCU
LQ\\KK
KD^ADEDP ]AT[  P^^@JN WJF\@EDF ]CPP ]R\AOJYVHD
[email protected]
S^S_
L[ P
DKXTJ ACZ
ST^_ []^ @ZV [email protected]DHS^T_
AZ_\L X
@WBSZ_P

[email protected]]
M
_ ][email protected]@ []^C [email protected]H]^JE\CWAEEF
[email protected]
LQ\\KK
KD^ADP^]
[email protected]
P^^@JN WJF\@EDF
[TYP ]R\AOJYVHD
C]RQ_DQ \\P
DKXTJ AFDMAZ_\
FFE @ZV [email protected]DH[email protected]]
SZSVL X
@WBLZ\CZ [email protected]]
M
_ ][email protected]@CPP QRBZ H]^JE\CWAERR

W_C\
LQ\\KK
KD^ADGZRX

WARR

P^^@JN WJF\@EDF ^VP ]R\AOJYVHD
DFDL []^
P^DKXTJ AFDM
AVSF []^ @ZV [email protected]T
\QP_AZ_\L X
@WBLQRBZ Y\_\M
_ ][email protected]@P ][^FH]^JE\CWAEXF NAZ_\M
FZKK
KD^AD
\_X] []^ P^^@JN WJF\@EDF
QVP ]R\AOJYVHD
DFDLQR]@ \\P
DKXTJ AFDM [email protected] \\B @ZV [email protected]DHB\CGM
_RR

X
@WB \\B\E\C_M
_ ][email protected]@^ZP^


QRBZ H]^JE\CWAERR

^RGVLQ\\KK
KD^AD[email protected]]
N]^^G P^^@JN WJF\@_ZRX^FSP ]R\AOJYVHD
RBG
PZ^ MQRBZ DKXTJ AFDMQ
\_X] []^ @ZV [email protected]DHWGBD
AZ_\L X
@WB
A\__
[email protected]]
M
_ ][email protected]@[^G
QRBZ H]^JE\CWA^@ER
@GBQ

LQ\\KK
KD^AD
\_X]MAZ_\
P^^@JN WJF\@EDF \\E\LQ\F AOJYVHD
[email protected]
OARX]WAH @ZV [email protected]DH[email protected]]
[@XV M
_ ][email protected]@]T\ [email protected]
LQ\\KK
KD^ADEDG
QVBP ]R\AOJYVHD
DFDLWXX] []^ @ZV [email protected]T
\CP_ [email protected]]
M
_ ][email protected]@[email protected]
OF\[email protected] LQ\\KK
KD^ADEDP ]ETA
AR\AOJYVHD
DFDLWC]R []^ @ZV [email protected]SRK
\_X]NAZ_\M
_ ][email protected]@[email protected]
[]E[
LQ\\KK
KD^ADEDA

S]UP ]R\AOJYVHD
QEWO []T \\B @ZV [email protected]R FZRP [email protected]]
M
_ ][email protected]@F\_JNSPZY
LQ\\KK
KD^ADEDR
PRP ]R\AOJYVHD
DFDL\WRR

A^_ @ZV [email protected]P ]@PF^RBZM
_ ][email protected]@ATR [email protected]
LQ\\KK
KD^AD []V]\VBP ]R\AOJYVHD
DFDL WAEJ \\B @ZV [email protected]DH@\AZ
[email protected]]
MF ][email protected]@SVR \  [email protected]
LQ\\KK
KD^AD [][email protected]
 S]BP ]R\AOJYVHD
[email protected]NAZ_\O O\VE @ZV [email protected]DH@\F] \\P
HG ][email protected]@QXT \\VF LQ\\KK
KD^ADEDC
 [KP ]R\AOJYVHD
O []T \\B @ZV [email protected]DHSQRBZ FZ_TM
_ ][email protected]@\]J[email protected]
L\VEKK
KD^ADEDP

QG^P ]R\AOJYVHD
DFDL []^@O \VC @ZV [email protected]DH]]EV[email protected]]
M
_ ][email protected]@[email protected]
[_UDLQ\\KK
KD^ADEDP ]^^\ ER\AOJYVHD
DFDL []^Q @VBGL @ZV [email protected]P ]@]\P_X]M
_ ][email protected]@[email protected]
OB[PA LQ\\KK
KD^ADEDP ]EXA ]R\AOJYVHD
GCVWG^^ []^ @ZV [email protected]DH[email protected]]
 SABGHW ][email protected]@ PZV\  [email protected]
LQ\\KK
KD^AD[_GV ^RCP ]R\AOJYVHD
DFDLS]EZ []^ @ZV [email protected]\  WQTG
PFUWM
_ ][email protected]@CX] [email protected]
LQ\\KK
KD^ADEDTSJRR

AR\AOJYVHD
GYVO []T \\B @ZV [email protected]DHWWBG

[email protected]]
M
_ ][email protected]@C^XAZ_\M
FZKK
KD^AD@RGZM
[email protected]

AR\AOJYVHD
DFDL _\UV []^ @ZV [email protected]DH [email protected]
K[email protected]]
M
_ ][email protected]@GC\
\RRR

[DKK
KD^ADEDP ]V]VW_VAOJYVHD
DFDL []^G
W]E @ZV [email protected]DHZVC\ [email protected]]
M
_ ][email protected]@W^A
mail protected]
LQ\\KK
KD^ADEDP ]^PA 
SR\AOJYVHD
Q^^ 
\_X] []^ @ZV [email protected]DH]CD_AZ_\MF ][email protected]@DTQ \\R\LQ\\KK
KD^ADED^P\IP ]R\AOJYVHD
DFDLWA Z []^ @ZV [email protected]DH[email protected] [email protected]]
MF ][email protected]@CCV
[email protected]
LQ\\KK
KD^ADEDD

]RZP ]R\AOJYVHD
DFDL 
QGPD \\B @ZV [email protected]R K
\_X]NAZ_\M
_ ][email protected]@@ER QRBZ LQ\\KK
KD^ADEDU[^TP ]R\AOJYVHD
DFDL []^T
 ]\Z @ZV [email protected]DH@VTX[email protected]]
M
_ ][email protected]@[email protected]

]GAZLQ\\KK
KD^AD^\CZH[email protected]]
KR\AOJYVHD
R]_O []^ AVB @ZV [email protected]Q@JR\[email protected]]
M
_ ][email protected]@[^G@[email protected]
LQ\\KK
KD^ADEDQ[email protected]]

PR\AOJYVHD
DFDL []^
\ZR @ZV [email protected]DH[email protected] [email protected]]
M
_ ][email protected]@P]Z
[email protected]
LQ\\KK
KD^ADED \\B\  W_VAOJYVHD
DFDLK@VPGO []^ @ZV [email protected]V SX][email protected]]
M
_ ][email protected]@[email protected]
[GHPLQ\\KK
KD^AD[email protected] ^RCP ]R\AOJYVHD
DFDL TATV \\B @ZV [email protected]DH[email protected]]
_R\VM
_ ][email protected]@EVBG \\VF LQ\\KK
KD^ADEDT
 SABP ]R\AOJYVHD
DFDL
QXRR []^ @ZV [email protected] O]]]Z K[email protected]]
M
_ ][email protected]@^[email protected] [email protected]
LQ\\KK
KD^ADS^[email protected] []TP ]R\AOJYVHD
DFDL^\UT []^ @ZV [email protected]P ]UVO FATRM
_ ][email protected]@[email protected]
Z\FW
L\VEKK
KD^ADEDW
K]^P ]R\AOJYVHD
DFDL
KAXP
[]^ @ZV [email protected]DHST]V[email protected]]
M
_ ][email protected]@DTQ \\S\ LQ\\KK
KD^ADEDP]]RR

P^DKXTJ AFDMWFRR

TP^M
_ ][email protected]@ETTSGRR

P^^@JN WJF\@EDF \\PF^ZP @ZV [email protected]DHZVVZ QRBZ H]^JE\CWAE]F]_UP ]R\AOJYVHD
DFDL QRBZ [email protected] X
@WBLBAXE [email protected]
LQ\\KK
KD^ADEDP ]D^A[email protected]P
DKXTJ AFDM
_^T][email protected]]
M
_ ][email protected]@ []T �
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hmmmm....that's not going to be helpful.

Let's have another go at it.

Please make sure that you can View Hidden Files
  • Click Start -> My Computer
  • Select Tools -> Folder options
  • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
  • Also make sure that 'Display the contents of system folders' is checked.
  • Make sure "Hide extensions for known file types" is unchecked
  • Make sure "Hide protected operating system files (recommended)" is unchecked
  • For more info on how to show hidden files click here.

Now it should be visible to you if you navigate to the C:\Windows\System32 folder.
Double click on it and see if it opens with readable text this time.
If so, post that text here.


If you still get gibberish, I'd like to have you send it to me via email.
Email it as an attachment to sampson_32 AT hotmail.com
  • 0

Advertisements


#11
themoirae

themoirae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Sam,
I had already tried "show hidden files..." but tried again. This time, at least, I found it is Search but still got gibberish so I have emailed the file to you. The letters of this file are the same, I think, as the Virtumond virus only switched around. Check our previous logs when dealing with that problem to be sure. Be careful; TiA
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I got it, thanks. It's definitely corrupted though.

Go ahead and delete these files.

C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\vsconfig.xml
C:\WINDOWS\system32\zllictbl.dat



Now let's take a look at another log.
Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
  • 0

#13
themoirae

themoirae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Sam,
I couldn't delete vsconfig.xml as I got the message that it was being used; wouldn't it be nice if Windows would tell you what process was using it? I closed everything I could, then brought it up in Search, and still it would not delete. Any suggestions?
Here is the log from Black light:
12/05/05 11:51:41 [Info]: BlackLight Engine 1.0.25 initialized
12/05/05 11:51:41 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/05/05 11:51:41 [Note]: 4019 4
12/05/05 11:51:41 [Note]: 4005 0
12/05/05 11:51:48 [Note]: 4006 0
12/05/05 11:51:48 [Note]: 4011 1500
12/05/05 11:51:49 [Note]: FSRAW library version 1.7.1013
12/05/05 11:54:24 [Note]: 4007 0

t
  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's leave that file for now. In that location it may be getting used by Zone Alarm.

Please check to see if this folder is present on your computer and let me know.

C:\Windows\Microsoft.Net\Framework\v1.0.3705\


Is there any change in the way your computer is working?

Edited by Buckeye_Sam, 05 December 2005 - 05:39 PM.

  • 0

#15
themoirae

themoirae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Yes, the folder is present with 4 files. My computer is much, much quieter without any of those super warp CPU surges, thank-you! What's next?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP