Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With An Unkown Virus/malware Called Eking.bat


  • Please log in to reply
14 replies to this topic

#1 TooYoungForYa

TooYoungForYa

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 01 May 2008 - 02:33 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:33 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\pnp\mirc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,eking.bat
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRYYYYYYYYPH
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potf_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6787 bytes

BC AdBot (Login to Remove)

 


m

#2 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:05:06 PM

Posted 03 May 2008 - 03:12 AM

Hi,

Welcome to Bleeping Computer.

I'm researching your log now and will get back to you in a moment.

Thank you for your patience. :thumbsup:
Posted Image

Done your best? Really?


#3 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:05:06 PM

Posted 03 May 2008 - 03:48 AM

Hi,

Step 1
  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.
Step 2
  • Download FileFind.zip by Atribune and save it to your desktop.
  • Locate the FileFind.zip that you've downloaded earlier.
  • Right click on FileFind.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on FileFind.exe to run it.
  • Enter eking.bat into the File: box.
  • Click on the Search button.
  • After a while a list of file locations will appear in the List of Files: box.
  • Click on the Export button.
  • This will create a Notepad file named Export.txt located in C drive.
  • Please copy and paste it to your next reply.
In your next reply, please post:
  • Uninstall list (uninstall_list.txt)
  • Results of FileFind (C:\Export.txt)
  • A new HijackThis log

Posted Image

Done your best? Really?


#4 TooYoungForYa

TooYoungForYa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 07 May 2008 - 07:50 AM

Sorry for the delayed rep I was busy on school, anyway here is it

Attached Files



#5 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:05:06 PM

Posted 07 May 2008 - 10:04 AM

Hi,

Step 1

Please open HijackThis and select Do a system scan only.

Put a check (tick) next to this line:
F2 - REG:system.ini: UserInit=userinit.exe,eking.bat
Click Fix checked. Close HijackThis.

Step 2

Please open Notepad and copy and paste the following in the Code box into Notepad:

@echo off
echo The log can be found at C:\check.txt if Notepad doesn't open automatically.
sc config "Boonty Games" start= disabled
sc stop "Boonty Games"
sc delete "Boonty Games"
rmdir /s /q "C:\Program Files\Common Files\BOONTY Shared"
echo Checking if Boonty folder is still present... >> C:\check.txt
dir "C:\Program Files\Common Files\BOONTY Shared" >> C:\check.txt
echo. >> C:\check.txt
echo Contents of C:\eking.bat >> C:\check.txt
echo. >> C:\check.txt
type C:\eking.bat >> C:\check.txt
echo. >> C:\check.txt
echo Contents of C:\WINDOWS\system32\eking.bat >> C:\check.txt
echo. >> C:\check.txt
type C:\WINDOWS\system32\eking.bat >> C:\check.txt
notepad C:\check.txt

Click on File > Save As....

In the File Name box, copy and paste in del.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on del.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.

Step 3
  • Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
  • Save all your work and close all opened programs.
  • Double click on dss.exe to run it. Follow the prompts.
  • When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
  • Please post the contents of the 2 log files in your next reply. 1 log per reply please.
In your next reply, please post:
  • The 2 DSS reports
  • Contents of Notepad file from Step 2

Posted Image

Done your best? Really?


#6 TooYoungForYa

TooYoungForYa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 10 May 2008 - 09:45 AM

Here is the log for step 2 as for step 3 It keeps not responding when it says "Examining Registry" I waited for how many hours but it isn't loading at all, its stuck with "Examining Registry".

Checking if Boonty folder is still present...
Volume in drive C has no label.
Volume Serial Number is 9858-C650

Directory of C:\Program Files\Common Files


Contents of C:\eking.bat

@echo off
if exist .\eking.reg regedit /s .\eking.reg
if not "%1"=="" goto open
if exist eking.vbs start WScript.exe eking.vbs&exit
if exist %SYSTEMROOT%\system32\eking.vbs start WScript.exe %SYSTEMROOT%\system32\eking.vbs&exit
exit
:open
if not "%1"=="Open" goto next
start explorer .\
exit
:next
if "%1"=="+" attrib +s +a +h +r %2\eking.*
if "%1"=="+" attrib +s +a +h +r %2\autorun.inf
:end
Contents of C:\WINDOWS\system32\eking.bat

@echo off
if exist .\eking.reg regedit /s .\eking.reg
if not "%1"=="" goto open
if exist start wscript.exe eking.vbs&exit
if exist s start wscript.exe %systemroot%\system32\eking.vbs&exit
exit
:open
if not "%1"=="Open" goto next
start explorer .\
exit
:next
if "%1"=="+" attrib +s +a +h +r %2\eking.*
if "%1"=="+" attrib +s +a +h +r %2\autorun.inf
:end

#7 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:05:06 PM

Posted 11 May 2008 - 11:33 AM

Hi,

Please see this topic to disable Kapsersky Antivirus temporarily.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Then try running DSS again. If it doesn't work, please let me know.
Posted Image

Done your best? Really?


#8 TooYoungForYa

TooYoungForYa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 12 May 2008 - 10:36 PM

It still hangs in examining registry I've followed exactly the instructions on how to disable kaspersky and also I tried to end the process of it still the programs doesnt respond properly

#9 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:05:06 PM

Posted 13 May 2008 - 12:46 AM

Let's see if another tool works.

Make sure that Kaspersky is disabled temporarily before you run it.
  • Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
  • Double click on OTScanIt.exe to run it.
  • Click on Extract. Once done, you will be prompted. Click OK and click Close.
  • Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
  • Under Basic Scans section, use these settings:
    • Processes - Non-Microsoft
      Services - Non-Microsoft
      Drivers - Non-Microsoft
      Rootkit Search - Yes
      Files Created Within - 90 days
      Files Modified Within - 90 days
  • Under Additional Scans section, use these settings: Reg - BotCheck
    Reg - Disabled MS Config Items
    Reg - File Associations
    Reg - MountPoints2
    Reg - Safeboot Options
    Reg - Security Settings
    Reg - Software Policy Settings
    Reg - Uninstall List
    Evnt - EventViewer Errors/Warnings (last 7 days)
  • Click on the Run Scan button at the top left hand corner.
  • OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

Posted Image

Done your best? Really?


#10 TooYoungForYa

TooYoungForYa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 13 May 2008 - 09:48 AM

Here is the notepad. Sorry if I can't post the contents of it because it is too long.

Attached Files



#11 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:05:06 PM

Posted 15 May 2008 - 12:30 AM

Hi,

Please open Notepad and copy and paste the following in the Code box into Notepad:

regedit /e C:\look.txt "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2"
start notepad C:\look.txt

Click on File > Save As....

In the File Name box, copy and paste in look.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on look.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.
Posted Image

Done your best? Really?


#12 TooYoungForYa

TooYoungForYa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 15 May 2008 - 09:55 AM

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\A]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{070068d8-dd0c-11db-b941-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}\Shell]
@="Auto"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}\Shell\Auto]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}\Shell\Auto\command]
@="F:\\sal.xls.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16c9f784-98b0-11db-8a54-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16c9f784-98b0-11db-8a54-00142a84709e}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16c9f784-98b0-11db-8a54-00142a84709e}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16c9f784-98b0-11db-8a54-00142a84709e}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d037028-2b71-11db-88b2-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d037028-2b71-11db-88b2-00142a84709e}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d037028-2b71-11db-88b2-00142a84709e}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d037028-2b71-11db-88b2-00142a84709e}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell]
@="Open"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\AutoRun\command]
@="F:\\"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\explore]
@="explore"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\explore\Command]
@="WScript.exe .\\eking.vbs"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\open]
@="Open"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\open\Command]
@="WScript.exe .\\eking.vbs"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\Shell\open\Default]
@="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\_Autorun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}\_Autorun\DefaultIcon]
@="F:\\icon\\ako.ico"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f4-6cb5-11dc-bb82-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f4-6cb5-11dc-bb82-00142a84709e}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f4-6cb5-11dc-bb82-00142a84709e}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f4-6cb5-11dc-bb82-00142a84709e}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f5-6cb5-11dc-bb82-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f5-6cb5-11dc-bb82-00142a84709e}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f5-6cb5-11dc-bb82-00142a84709e}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f5-6cb5-11dc-bb82-00142a84709e}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f6-6cb5-11dc-bb82-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f6-6cb5-11dc-bb82-00142a84709e}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f6-6cb5-11dc-bb82-00142a84709e}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f6-6cb5-11dc-bb82-00142a84709e}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}\Shell]
@="Open"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}\Shell\AutoRun\command]
@="tmf3w3g0.com"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}\Shell\explore]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}\Shell\explore\Command]
@="tmf3w3g0.com"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}\Shell\open]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}\Shell\open\Command]
@="tmf3w3g0.com"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}\Shell\open\Default]
@="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,03,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell]
@="Open"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\AutoRun\command]
@="vyp2tbt.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\explore]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\explore\Command]
@="vyp2tbt.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\open]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\open\Command]
@="vyp2tbt.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}\Shell\open\Default]
@="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af73c342-9f4c-11da-aed8-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af73c343-9f4c-11da-aed8-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,60,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af73c343-9f4c-11da-aed8-806d6172696f}\Name]
@="NBA LIVE 07"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af73c343-9f4c-11da-aed8-806d6172696f}\_Autorun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af73c343-9f4c-11da-aed8-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\ubuntu.ico"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af73c344-9f4c-11da-aed8-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af73c345-9f4c-11da-aed8-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,02,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}\Shell]
@="0pen"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}\Shell\0pen]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}\Shell\0pen\command]
@="krag.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{af73c342-9f4c-11da-aed8-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,\
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
00,5f,00,44,00,52,00,49,00,56,00,45,00,23,00,35,00,26,00,36,00,65,00,64,00,\
62,00,61,00,62,00,26,00,30,00,26,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,\
00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,\
64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,\
00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,61,00,66,00,37,00,33,00,63,00,33,00,34,00,32,00,2d,00,39,00,66,\
00,34,00,63,00,2d,00,31,00,31,00,64,00,61,00,2d,00,61,00,65,00,64,00,38,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,10,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{af73c343-9f4c-11da-aed8-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,53,00,4f,00,4e,00,59,00,5f,00,43,00,44,00,2d,00,52,\
00,57,00,5f,00,5f,00,43,00,52,00,58,00,33,00,32,00,30,00,45,00,45,00,5f,00,\
5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,52,00,59,00,4b,00,33,00,5f,00,5f,00,\
5f,00,5f,00,23,00,33,00,30,00,33,00,32,00,33,00,35,00,33,00,30,00,33,00,30,\
00,33,00,31,00,33,00,30,00,33,00,31,00,33,00,30,00,33,00,30,00,33,00,32,00,\
33,00,30,00,33,00,31,00,33,00,39,00,33,00,30,00,33,00,30,00,32,00,30,00,32,\
00,30,00,32,00,30,00,32,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,\
33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,\
00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,\
31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,61,00,66,00,37,00,33,00,63,00,33,00,34,00,33,00,2d,00,39,00,66,\
00,34,00,63,00,2d,00,31,00,31,00,64,00,61,00,2d,00,61,00,65,00,64,00,38,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,1f,01,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{af73c344-9f4c-11da-aed8-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,36,00,44,00,41,00,30,00,36,00,44,\
00,41,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,4c,00,\
65,00,6e,00,67,00,74,00,68,00,34,00,41,00,38,00,35,00,32,00,38,00,32,00,30,\
00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,\
62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,\
00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,\
38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,61,00,66,00,37,00,33,00,63,00,33,00,34,00,34,00,2d,00,39,00,66,\
00,34,00,63,00,2d,00,31,00,31,00,64,00,61,00,2d,00,61,00,65,00,64,00,38,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,36,00,00,00,50,c6,58,98,00,00,00,00,00,00,00,30,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{af73c345-9f4c-11da-aed8-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,36,00,44,00,41,00,30,00,36,00,44,\
00,41,00,4f,00,66,00,66,00,73,00,65,00,74,00,34,00,41,00,38,00,35,00,33,00,\
37,00,45,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,00,37,\
00,44,00,35,00,30,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,\
36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,\
00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,\
39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,61,00,66,00,37,00,33,00,63,00,33,00,34,00,35,00,2d,00,39,00,66,\
00,34,00,63,00,2d,00,31,00,31,00,64,00,61,00,2d,00,61,00,65,00,64,00,38,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,81,ef,79,d8,00,00,00,00,00,00,00,30,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000002

#13 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:05:06 PM

Posted 15 May 2008 - 10:37 AM

Hi,

Please backup your registry before proceeding to any of the steps.

Download ERUNT from Derfisch or Aumha and save it to your desktop.

Follow the steps from Creating a Backup Copy of the Windows XP Registry section of this site to back up your registry: http://billjr.spaces.live.com/blog/cns!28CBD6442F406227!292.entry




Step 1

Please open Notepad and copy and paste the following in the Code box into Notepad:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158fa6be-96ce-11dc-bc73-00142a84709e}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e32a9f3-6cb5-11dc-bb82-00142a84709e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9620ae1e-d2f8-11dc-bd66-00142a84709e}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87dd044-c03f-11dc-bd08-00142a84709e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12e9ef8-a675-11db-8a8d-00142a84709e}]

Click on File > Save As....

In the File Name box, copy and paste in fix.reg

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on fix.reg to run it. Windows will prompt if you want to merge this file with the registry. Click Yes.

Step 2

Please refer to this page to disable Kaspersky Antivirus temporarily - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:

Posted Image

Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:
  • Combofix log (C:\Combofix.txt)
  • A new HijackThis log

Posted Image

Done your best? Really?


#14 TooYoungForYa

TooYoungForYa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 19 May 2008 - 08:45 AM

Hello, sorry for the delayed reply about the Combofix I followed exactly the instructions on the site that you gave me and It run perfectly but It hangs on ( Scanning for infected files.. etc ). I have school that day so I leave the computer about 8 am and after I get back from home its around 5 pm its still on the process of ( Scanning for infected files.. etc ).
I already disabled my anti-virus and also I tried repeating it again and its hang on ( Scanning for infected files.. etc). Anyway you can suggest for another program same as that and here is the log for Hijack. I don't have problems on Step 1 only on Step 2. Thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:11 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRYYYYYYYYPH
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potf_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6426 bytes

Edited by TooYoungForYa, 19 May 2008 - 08:48 AM.


#15 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:05:06 PM

Posted 19 May 2008 - 10:01 AM

Run this batch file that you created earlier again - http://www.bleepingcomputer.com/forums/ind...st&p=825344
Posted Image

Done your best? Really?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users