Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infostealer


  • This topic is locked This topic is locked
20 replies to this topic

#1 Kaptain Kurt

Kaptain Kurt

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:09:38 PM

Posted 21 July 2009 - 06:14 PM

Followed instructions from Rigel. Norton keeps finding infostealer. When I click on the info Norton has provided for infostealer it reads "[keygen.exe] inside of [c:\recycler\s-1-5-21-725345543-854245698-1004\dc748.rar]".
Posted logs below. Thanks, Kurt


DDS (Ver_09-06-26.01) - NTFSx86
Run by Kurt Rundel at 19:01:05.84 on 07/21/09
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1176 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kurt Rundel\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.hughes.net/mail?nimlet=showlogin
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = ;<local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - blank
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Disk Monitor] c:\program files\\ic card reader driver v1.8e2\Disk_Monitor.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38039.8350810185
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\syste

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kurtru~1\applic~1\mozilla\firefox\profiles\7mum7dnw.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.myhughesnet.com/index.php
FF - prefs.js: keyword.URL - hxxp://home.myhughesnet.com/google/index.php?src=toolbar2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\kurt rundel\application data\mozilla\firefox\profiles\7mum7dnw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-30 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-3-22 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-3-22 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-3-22 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090715.003\IDSXpx86.sys [2009-7-17 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-3-22 115560]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2005-7-3 180480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090721.006\NAVENG.SYS [2009-7-21 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090721.006\NAVEX15.SYS [2009-7-21 875728]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-30 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-30 1095560]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-8-3 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-8-3 73856]

=============== Created Last 30 ================

2009-07-07 09:30 2,752 a------- c:\windows\system32\tmp.reg
2009-07-02 12:56 <DIR> --d----- c:\program files\ESET

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-02 14:18 109,142 a------- c:\windows\hpoins08.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 14:15 90,598,330 a------- C:\SYM_REGISTRY_BACKUP.reg
2006-10-05 13:18 10,709,424 a------- c:\documents and settings\kurt rundel\InCD-4.3.23.2.exe
2005-11-19 02:38 36,264 a------- c:\docume~1\kurtru~1\applic~1\GDIPFONTCACHEV1.DAT
2002-07-26 17:02 153,088 a------- c:\program files\UNWISE.EXE
2001-03-25 22:43 1,526,272 a----r-- c:\documents and settings\kurt rundel\elves2.exe
1999-12-03 14:15 1,130,496 a----r-- c:\documents and settings\kurt rundel\elfbowl.exe
2004-08-07 11:46 11,388 a--sh--- c:\windows\abudu.dat
2004-08-03 09:46 11,388 a--sh--- c:\windows\acejq.dat
2004-10-01 22:45 11,388 a--sh--- c:\windows\ajzen.dat
2004-08-11 07:31 3,063 a--sh--- c:\windows\apcle.dat
2004-05-15 23:17 906 a--sh--- c:\windows\appka32.dll
2004-08-13 11:43 3,063 a--sh--- c:\windows\apslh.dat
2004-08-16 23:54 3,063 a--sh--- c:\windows\aqrkq.dat
2004-08-01 17:20 3,063 a--sh--- c:\windows\arguc.dat
2004-08-08 04:32 3,063 a--sh--- c:\windows\atffr.dat
2004-08-24 06:26 11,388 a--sh--- c:\windows\atqry.dat
2004-08-28 07:16 3,063 a--sh--- c:\windows\avzab.dat
2004-08-24 01:59 3,063 a--sh--- c:\windows\aymxo.dat
2004-08-28 11:27 0 a--sh--- c:\windows\bbrpw.dll
2004-08-23 22:14 3,063 a--sh--- c:\windows\bbyly.dat
2004-08-14 20:09 2,569 a--sh--- c:\windows\bdptb.dat
2004-08-25 15:47 3,063 a--sh--- c:\windows\bfgsv.dat
2004-11-11 07:04 3,362 a--sh--- c:\windows\bfhun.dat
2004-08-07 01:42 11,388 a--sh--- c:\windows\bfmqj.dat
2004-08-18 11:25 11,388 a--sh--- c:\windows\brpfp.dat
2004-09-26 20:42 3,063 a--sh--- c:\windows\bskdf.dat
2005-04-30 04:10 4,870 a--sh--- c:\windows\bsobt.dat
2005-03-16 21:51 4,870 a--sh--- c:\windows\bttkz.dat
2004-08-10 20:30 11,388 a--sh--- c:\windows\bujbe.dat
2004-08-07 00:56 3,063 a--sh--- c:\windows\bwiqz.dat
2004-05-30 20:42 11,388 a--sh--- c:\windows\bwtld.dat
2004-08-14 16:16 11,388 a--sh--- c:\windows\cczvd.dat
2004-08-01 22:38 11,388 a--sh--- c:\windows\cetxo.dat
2004-08-16 16:31 3,063 a--sh--- c:\windows\cfklj.dat
2004-08-14 07:26 11,388 a--sh--- c:\windows\cjnpy.dat
2004-08-02 00:17 11,388 a--sh--- c:\windows\cmeig.dat
2004-08-28 15:10 11,388 a--sh--- c:\windows\cmobq.dat
2004-11-19 22:15 11,388 a--sh--- c:\windows\cnlda.dat
2004-08-15 17:03 3,063 a--sh--- c:\windows\corzb.dat
2004-08-07 16:01 3,063 a--sh--- c:\windows\cozmo.dat
2004-08-11 02:24 3,063 a--sh--- c:\windows\cpvrm.dat
2004-08-25 11:58 11,388 a--sh--- c:\windows\cpxsu.dat
2004-08-05 12:42 11,388 a--sh--- c:\windows\crhbo.dat
2004-08-14 04:23 11,388 a--sh--- c:\windows\ctlsw.dat
2004-08-16 16:45 11,388 a--sh--- c:\windows\dapgi.dat
2004-10-10 01:43 11,388 a--sh--- c:\windows\daxah.dat
2004-08-05 12:29 11,388 a--sh--- c:\windows\dbgce.dat
2004-08-14 22:27 3,063 a--sh--- c:\windows\deiyx.dat
2004-08-16 06:25 11,388 a--sh--- c:\windows\dfjmm.dat
2004-08-07 23:46 11,388 a--sh--- c:\windows\dkaqn.dat
2004-08-21 09:52 3,063 a--sh--- c:\windows\dmhom.dat
2004-08-17 05:16 3,063 a--sh--- c:\windows\dorvw.dat
2004-08-30 15:37 0 a--sh--- c:\windows\dpdtj.dll
2004-08-08 03:02 11,388 a--sh--- c:\windows\drzrw.dat
2004-08-03 12:49 3,063 a--sh--- c:\windows\dsrbi.dat
2004-11-17 11:29 11,388 a--sh--- c:\windows\dswpv.dat
2004-05-23 03:15 11,388 a--sh--- c:\windows\ducir.dat
2004-08-24 20:49 11,388 a--sh--- c:\windows\dvdif.dat
2004-08-13 08:44 3,063 a--sh--- c:\windows\dxach.dat
2004-09-17 13:50 11,388 a--sh--- c:\windows\dxdrq.dat
2004-08-01 19:52 11,388 a--sh--- c:\windows\dzaff.dat
2004-08-08 04:57 3,063 a--sh--- c:\windows\dzcug.dat
2004-08-30 01:36 11,388 a--sh--- c:\windows\dzwbl.dat
2004-08-18 19:25 11,388 a--sh--- c:\windows\edcyq.dat
2004-08-19 12:33 11,388 a--sh--- c:\windows\edsjv.dat
2004-07-28 23:05 3,063 a--sh--- c:\windows\eepzo.dat
2004-08-01 02:30 3,063 a--sh--- c:\windows\efkcj.dat
2004-08-13 03:28 11,388 a--sh--- c:\windows\ehahg.dat
2004-08-17 00:40 11,388 a--sh--- c:\windows\ehiba.dat
2005-07-23 08:48 11,152 a--sh--- c:\windows\ekiof.dat
2004-07-27 03:35 11,388 a--sh--- c:\windows\elgom.dat
2004-08-05 00:37 11,388 a--sh--- c:\windows\emerg.dat
2004-08-01 13:18 11,388 a--sh--- c:\windows\emszd.dat
2004-06-04 20:54 11,388 a--sh--- c:\windows\emvix.dat
2004-08-13 13:50 3,063 a--sh--- c:\windows\epqsq.dat
2004-08-04 07:25 3,063 a--sh--- c:\windows\eqyga.dat
2004-08-05 18:24 3,063 a--sh--- c:\windows\evskm.dat
2004-11-07 23:38 11,388 a--sh--- c:\windows\evzyw.dat
2004-11-02 11:33 3,362 a--sh--- c:\windows\ewbvy.dat
2004-08-05 20:13 3,063 a--sh--- c:\windows\exejk.dat
2004-08-17 14:40 11,388 a--sh--- c:\windows\eyhtt.dat
2004-08-09 16:43 3,063 a--sh--- c:\windows\ezkmh.dat
2004-08-15 08:05 11,388 a--sh--- c:\windows\fahzk.dat
2004-07-26 20:05 3,063 a--sh--- c:\windows\ffmie.dat
2004-09-10 10:08 11,388 a--sh--- c:\windows\fivbm.dat
2004-08-14 08:55 11,388 a--sh--- c:\windows\fljpb.dat
2004-08-03 02:51 2,569 a--sh--- c:\windows\fmudt.dat
2004-08-03 17:30 11,388 a--sh--- c:\windows\fnazg.dat
2004-08-20 22:26 11,388 a--sh--- c:\windows\fpbhs.dat
2004-07-29 09:20 11,388 a--sh--- c:\windows\fqcus.dat
2004-08-19 05:33 3,063 a--sh--- c:\windows\fqeav.dat
2004-07-31 13:51 3,063 a--sh--- c:\windows\fqwab.dat
2004-08-01 15:02 11,388 a--sh--- c:\windows\ftuus.dat
2004-08-13 12:18 11,388 a--sh--- c:\windows\fubzx.dat
2004-08-22 02:44 11,388 a--sh--- c:\windows\fvkfc.dat
2004-08-18 08:01 11,388 a--sh--- c:\windows\fyzvp.dat
2004-08-08 01:08 11,388 a--sh--- c:\windows\fzhvv.dat
2004-11-06 20:47 3,362 a--sh--- c:\windows\fzjvj.dat
2004-08-23 23:03 11,388 a--sh--- c:\windows\gaujj.dat
2004-08-02 02:05 11,388 a--sh--- c:\windows\gdgul.dat
2004-08-18 06:19 3,063 a--sh--- c:\windows\gibhd.dat
2004-06-10 03:34 11,388 a--sh--- c:\windows\giexr.dat
2004-08-13 07:39 3,063 a--sh--- c:\windows\gjnri.dat
2004-08-26 03:56 11,388 a--sh--- c:\windows\gmvsr.dat
2004-06-05 08:57 3,063 a--sh--- c:\windows\gpaho.dat
2004-09-10 17:49 11,388 a--sh--- c:\windows\grswc.dat
2004-08-07 19:13 11,388 a--sh--- c:\windows\gucux.dat
2004-09-25 18:17 3,063 a--sh--- c:\windows\gutig.dat
2004-08-21 05:32 11,388 a--sh--- c:\windows\gutop.dat
2004-07-31 02:26 11,388 a--sh--- c:\windows\gvyos.dat
2004-07-31 15:34 11,388 a--sh--- c:\windows\gyvxe.dat
2004-08-14 14:20 11,388 a--sh--- c:\windows\hakql.dat
2004-07-23 12:36 11,388 a--sh--- c:\windows\hazae.dat
2004-08-06 03:53 11,388 a--sh--- c:\windows\hbclq.dat
2004-08-09 20:12 11,388 a--sh--- c:\windows\hcdka.dat
2004-08-29 06:08 11,388 a--sh--- c:\windows\hegxz.dat
2004-08-15 18:18 3,063 a--sh--- c:\windows\hfhpp.dat
2004-08-05 08:52 11,388 a--sh--- c:\windows\hhwpo.dat
2004-08-26 02:50 3,063 a--sh--- c:\windows\hlctb.dat
2004-08-30 04:00 11,388 a--sh--- c:\windows\hnduf.dat
2004-08-27 15:48 11,388 a--sh--- c:\windows\hnxrt.dat
2004-08-21 02:42 11,388 a--sh--- c:\windows\hoqwu.dat
2004-08-12 11:13 11,388 a--sh--- c:\windows\hrltr.dat
2004-08-20 02:38 3,063 a--sh--- c:\windows\hrqdx.dat
2004-09-14 13:29 11,388 a--sh--- c:\windows\huruk.dat
2004-08-01 00:26 3,063 a--sh--- c:\windows\huwjq.dat
2004-08-17 07:28 11,388 a--sh--- c:\windows\hysqx.dat
2004-08-12 18:01 3,063 a--sh--- c:\windows\hzyts.dat
2004-09-23 15:50 3,063 a--sh--- c:\windows\ietrj.dat
2004-09-07 08:20 3,063 a--sh--- c:\windows\igpdv.dat
2004-08-14 16:16 11,388 a--sh--- c:\windows\igzwh.dat
2005-07-15 02:27 11,152 a--sh--- c:\windows\iimtk.dat
2004-08-01 00:29 3,063 a--sh--- c:\windows\ikjtu.dat
2004-07-28 02:18 11,388 a--sh--- c:\windows\innjq.dat
2004-08-25 03:35 3,063 a--sh--- c:\windows\inqvz.dat
2004-08-02 19:07 11,388 a--sh--- c:\windows\ipjao.dat
2004-05-23 02:26 11,388 a--sh--- c:\windows\iqjal.dat
2004-08-20 06:01 3,063 a--sh--- c:\windows\ixpvb.dat
2004-08-29 02:02 3,063 a--sh--- c:\windows\izwli.dat
2004-11-19 01:41 11,388 a--sh--- c:\windows\jadfa.dat
2004-06-04 09:18 65,573 a--sh--- c:\windows\javapu32.dll
2004-08-16 17:55 3,063 a--sh--- c:\windows\jcfji.dat
2004-08-01 16:01 11,388 a--sh--- c:\windows\jckym.dat
2004-08-12 20:17 3,063 a--sh--- c:\windows\jclbj.dat
2004-08-14 20:31 11,388 a--sh--- c:\windows\jkdrp.dat
2004-05-27 17:35 11,388 a--sh--- c:\windows\jkfzs.dat
2004-07-29 14:13 3,063 a--sh--- c:\windows\jkwra.dat
2004-08-21 17:22 3,063 a--sh--- c:\windows\joxcq.dat
2004-08-24 05:45 11,388 a--sh--- c:\windows\jqjpp.dat
2004-08-26 15:48 3,063 a--sh--- c:\windows\jsfrh.dat
2004-08-16 01:21 11,388 a--sh--- c:\windows\jubjy.dat
2004-08-20 02:56 11,388 a--sh--- c:\windows\jwtkl.dat
2004-07-29 10:34 11,388 a--sh--- c:\windows\jzlqe.dat
2004-08-22 08:31 11,388 a--sh--- c:\windows\jzuup.dat
2004-09-27 06:48 11,388 a--sh--- c:\windows\kbipn.dat
2004-08-01 04:48 11,388 a--sh--- c:\windows\kceeq.dat
2004-06-01 11:06 3,063 a--sh--- c:\windows\kcrpf.dat
2004-08-18 06:13 11,388 a--sh--- c:\windows\kdwit.dat
2004-08-04 08:23 11,388 a--sh--- c:\windows\keggu.dat
2004-08-20 18:15 11,388 a--sh--- c:\windows\kgezp.dat
2004-08-30 11:50 11,388 a--sh--- c:\windows\klfpf.dat
2004-08-16 00:50 3,063 a--sh--- c:\windows\klgyl.dat
2004-08-21 09:19 11,388 a--sh--- c:\windows\klquf.dat
2004-09-23 14:49 11,388 a--sh--- c:\windows\kosri.dat
2004-08-03 21:08 11,388 a--sh--- c:\windows\ksyoz.dat
2004-05-26 15:27 3,063 a--sh--- c:\windows\kuleb.dat
2004-08-02 16:17 3,063 a--sh--- c:\windows\kvdto.dat
2003-08-02 10:12 3,063 a--sh--- c:\windows\lfscp.dat
2004-07-29 04:18 11,388 a--sh--- c:\windows\lfsgk.dat
2004-07-25 01:30 11,388 a--sh--- c:\windows\lgqve.dat
2004-08-09 08:15 11,388 a--sh--- c:\windows\liutw.dat
2004-07-19 18:57 3,063 a--sh--- c:\windows\lnlav.dat
2004-08-03 09:44 3,063 a--sh--- c:\windows\lnyje.dat
2004-09-19 01:17 11,388 a--sh--- c:\windows\lohmo.dat
2004-07-21 11:52 3,063 a--sh--- c:\windows\lpstr.dat
2004-08-19 16:13 11,388 a--sh--- c:\windows\lqnmn.dat
2004-05-27 10:04 3,063 a--sh--- c:\windows\lqoco.dat
2005-07-18 17:29 11,152 a--sh--- c:\windows\ltkyc.dat
2004-08-26 22:18 3,063 a--sh--- c:\windows\ltsgn.dat
2004-08-22 22:20 3,063 a--sh--- c:\windows\lxlgq.dat
2004-09-22 11:59 3,063 a--sh--- c:\windows\lzlnu.dat
2004-09-12 12:35 11,388 a--sh--- c:\windows\lzvji.dat
2004-06-02 04:26 11,388 a--sh--- c:\windows\manuk.dat
2004-07-10 01:53 3,063 a--sh--- c:\windows\mavls.dat
2004-08-02 13:08 3,063 a--sh--- c:\windows\mbvvj.dat
2004-08-16 06:41 3,063 a--sh--- c:\windows\mccjw.dat
2004-08-23 17:19 3,063 a--sh--- c:\windows\mhbac.dat
2004-07-28 04:53 3,063 a--sh--- c:\windows\miist.dat
2004-08-09 09:46 3,063 a--sh--- c:\windows\mjjzo.dat
2004-08-11 15:06 3,063 a--sh--- c:\windows\mnayz.dat
2004-08-17 16:19 3,063 a--sh--- c:\windows\mvuqr.dat
2004-08-31 12:50 11,388 a--sh--- c:\windows\ncaaw.dat
2004-08-14 14:06 11,388 a--sh--- c:\windows\nessg.dat
2004-08-11 07:06 11,388 a--sh--- c:\windows\nfdgl.dat
2005-08-09 00:04 11,152 a--sh--- c:\windows\nfvaa.dat
2004-08-18 14:56 11,388 a--sh--- c:\windows\ngbbj.dat
2004-11-11 02:54 3,362 a--sh--- c:\windows\ngxgp.dat
2004-08-08 02:02 3,063 a--sh--- c:\windows\nnvre.dat
2004-08-05 13:07 3,063 a--sh--- c:\windows\noaez.dat
2004-08-03 12:34 3,063 a--sh--- c:\windows\noohw.dat
2004-08-17 20:51 11,388 a--sh--- c:\windows\nsmym.dat
2005-07-27 06:43 11,151 a--sh--- c:\windows\nyafe.dat
2004-11-22 21:18 0 a--sh--- c:\windows\n_gqdvze.dat
2004-09-28 10:15 65,536 a--sh--- c:\windows\n_jocufm.dat
2005-01-19 19:06 0 a--sh--- c:\windows\n_pchneg.dat
2004-11-13 12:38 60,386 a--sh--- c:\windows\n_thbbub.dat
2005-08-11 00:28 0 a--sh--- c:\windows\n_wqnsxn.dat
2004-08-12 19:14 11,388 a--sh--- c:\windows\oaerz.dat
2004-08-17 00:06 3,063 a--sh--- c:\windows\oeivl.dat
2004-08-10 13:14 11,388 a--sh--- c:\windows\oemqu.dat
2004-08-23 21:48 11,388 a--sh--- c:\windows\ojcrm.dat
2004-08-03 16:14 3,063 a--sh--- c:\windows\okghx.dat
2004-05-26 18:54 3,063 a--sh--- c:\windows\okizq.dat
2005-07-05 02:05 11,152 a--sh--- c:\windows\omixo.dat
2004-08-03 11:34 3,063 a--sh--- c:\windows\oojme.dat
2004-08-19 03:52 11,388 a--sh--- c:\windows\oqejb.dat
2004-08-06 07:08 11,388 a--sh--- c:\windows\osqxp.dat
2004-08-11 05:56 3,063 a--sh--- c:\windows\oupsd.dat
2004-08-20 19:20 11,388 a--sh--- c:\windows\oykcy.dat
2004-08-16 00:27 3,063 a--sh--- c:\windows\ozark.dat
2004-08-05 14:37 3,063 a--sh--- c:\windows\ozwth.dat
2004-08-04 01:05 11,388 a--sh--- c:\windows\ozzkm.dat
2004-09-11 19:35 3,063 a--sh--- c:\windows\pawkb.dat
2004-08-11 15:32 3,063 a--sh--- c:\windows\pblnp.dat
2004-07-25 06:01 3,063 a--sh--- c:\windows\pemjv.dat
2005-08-07 16:04 11,388 a--sh--- c:\windows\pfrdf.dat
2004-06-25 13:14 11,388 a--sh--- c:\windows\pgcnd.dat
2004-08-18 05:01 11,388 a--sh--- c:\windows\pghnp.dat
2004-08-18 03:41 3,063 a--sh--- c:\windows\pgxsp.dat
2004-08-05 23:39 3,063 a--sh--- c:\windows\phhww.dat
2004-07-28 11:37 3,063 a--sh--- c:\windows\pjusl.dat
2004-08-10 08:46 11,388 a--sh--- c:\windows\pknem.dat
2004-08-16 07:45 11,388 a--sh--- c:\windows\pnrdj.dat
2004-08-26 07:08 3,063 a--sh--- c:\windows\pnudh.dat
2004-08-02 02:53 3,063 a--sh--- c:\windows\ppsqw.dat
2004-08-27 23:19 3,063 a--sh--- c:\windows\psfeb.dat
2005-07-03 12:36 11,152 a--sh--- c:\windows\psleu.dat
2004-08-03 19:23 11,388 a--sh--- c:\windows\pwbkv.dat
2004-08-18 07:51 3,063 a--sh--- c:\windows\pwjgj.dat
2004-08-25 20:10 3,063 a--sh--- c:\windows\pzikk.dat
2004-08-06 22:01 11,388 a--sh--- c:\windows\qfszi.dat
2004-08-29 18:49 11,388 a--sh--- c:\windows\qhgns.dat
2004-08-05 04:09 11,388 a--sh--- c:\windows\qiqdi.dat
2004-08-28 05:22 11,388 a--sh--- c:\windows\qkgzm.dat
2004-08-05 22:51 3,063 a--sh--- c:\windows\qmcjx.dat
2005-03-31 17:42 7,473 a--sh--- c:\windows\qmxgm.dat
2004-08-16 13:31 3,063 a--sh--- c:\windows\qncge.dat
2004-10-05 08:36 3,063 a--sh--- c:\windows\qtibo.dat
2004-08-28 13:22 11,388 a--sh--- c:\windows\qvnot.dat
2004-08-21 15:03 11,388 a--sh--- c:\windows\qwlwz.dat
2004-08-24 12:06 3,063 a--sh--- c:\windows\qyzeh.dat
2004-08-08 17:44 3,063 a--sh--- c:\windows\rhyqe.dat
2004-08-04 21:02 11,388 a--sh--- c:\windows\rjcxx.dat
2004-08-06 10:35 11,388 a--sh--- c:\windows\rjffu.dat
2004-07-31 23:48 3,063 a--sh--- c:\windows\roxzc.dat
2004-08-13 22:01 3,063 a--sh--- c:\windows\rqvle.dat
2004-08-26 15:15 3,063 a--sh--- c:\windows\rrwxh.dat
2004-05-23 20:23 11,388 a--sh--- c:\windows\rtklv.dat
2004-08-23 13:51 3,063 a--sh--- c:\windows\ruzis.dat
2004-08-16 13:11 11,388 a--sh--- c:\windows\rxbzu.dat
2004-08-18 17:42 11,388 a--sh--- c:\windows\rxvmd.dat
2004-09-21 06:33 3,063 a--sh--- c:\windows\ryouy.dat
2004-08-02 09:46 3,063 a--sh--- c:\windows\scrmd.dat
2005-07-05 06:27 11,152 a--sh--- c:\windows\sczln.dat
2005-07-24 17:04 11,152 a--sh--- c:\windows\seahk.dat
2004-06-18 10:06 11,388 a--sh--- c:\windows\slbam.dat
2004-08-13 17:36 11,388 a--sh--- c:\windows\sledy.dat
2004-06-29 19:21 3,063 a--sh--- c:\windows\smeym.dat
2004-05-28 11:15 11,388 a--sh--- c:\windows\sobpi.dat
2004-08-29 18:06 11,388 a--sh--- c:\windows\srvms.dat
2004-08-21 01:39 3,063 a--sh--- c:\windows\suksv.dat
2004-08-01 23:28 11,388 a--sh--- c:\windows\sxeyx.dat
2004-08-04 02:10 11,388 a--sh--- c:\windows\szbwu.dat
2004-08-02 08:24 3,063 a--sh--- c:\windows\szzkh.dat
2004-06-06 03:51 11,388 a--sh--- c:\windows\tbuoc.dat
2004-05-30 17:38 11,388 a--sh--- c:\windows\tdzmg.dat
2004-08-18 02:44 3,063 a--sh--- c:\windows\tfanv.dat
2004-08-09 09:31 11,388 a--sh--- c:\windows\thbgi.dat
2004-08-17 14:47 11,388 a--sh--- c:\windows\thgww.dat
2004-08-03 18:24 11,388 a--sh--- c:\windows\tikfn.dat
2004-06-02 22:47 11,388 a--sh--- c:\windows\tjehm.dat
2004-08-19 19:09 11,388 a--sh--- c:\windows\tkhdj.dat
2004-08-08 13:43 3,063 a--sh--- c:\windows\tlqvr.dat
2004-08-25 14:52 11,388 a--sh--- c:\windows\tphad.dat
2004-06-13 07:52 11,388 a--sh--- c:\windows\tqgnx.dat
2004-11-03 22:57 11,388 a--sh--- c:\windows\tqlas.dat
2004-08-25 12:21 11,388 a--sh--- c:\windows\trqqw.dat
2004-08-24 16:16 11,388 a--sh--- c:\windows\trxag.dat
2004-07-30 21:16 11,388 a--sh--- c:\windows\tsfzf.dat
2004-05-22 02:22 3,063 a--sh--- c:\windows\ttoky.dat
2004-06-04 12:15 3,063 a--sh--- c:\windows\tvelj.dat
2004-08-04 14:57 3,063 a--sh--- c:\windows\tvhrb.dat
2004-08-19 05:29 11,388 a--sh--- c:\windows\twqcp.dat
2004-08-10 22:46 11,388 a--sh--- c:\windows\twztk.dat
2004-08-08 15:44 0 a--sh--- c:\windows\tygja.dat
2004-08-02 06:13 11,388 a--sh--- c:\windows\typqt.dat
2004-08-05 14:20 3,063 a--sh--- c:\windows\ubqul.dat
2005-05-10 15:17 4,870 a--sh--- c:\windows\ucksp.dat
2004-11-11 10:27 3,362 a--sh--- c:\windows\udkpz.dat
2004-06-05 01:12 11,388 a--sh--- c:\windows\ugmtc.dat
2004-09-11 23:42 3,063 a--sh--- c:\windows\untkp.dat
2004-10-22 04:34 11,388 a--sh--- c:\windows\uppcs.dat
2004-07-30 15:45 11,388 a--sh--- c:\windows\urngu.dat
2004-08-14 14:43 11,388 a--sh--- c:\windows\utdww.dat
2004-11-06 13:07 11,388 a--sh--- c:\windows\uvttd.dat
2004-08-14 01:49 11,388 a--sh--- c:\windows\uysuf.dat
2004-08-05 09:17 3,063 a--sh--- c:\windows\uzfog.dat
2004-06-10 14:31 3,063 a--sh--- c:\windows\vbkcz.dat
2004-08-12 13:43 3,063 a--sh--- c:\windows\vdode.dat
2004-08-25 06:28 3,063 a--sh--- c:\windows\vecan.dat
2004-11-01 02:56 3,362 a--sh--- c:\windows\vmjrp.dat
2004-08-25 02:30 3,063 a--sh--- c:\windows\vmtkh.dat
2004-08-20 21:08 11,388 a--sh--- c:\windows\voaqu.dat
2004-08-13 02:58 3,063 a--sh--- c:\windows\vovpc.dat
2004-08-12 02:09 11,388 a--sh--- c:\windows\vpcbj.dat
2004-08-16 05:46 3,063 a--sh--- c:\windows\vqlnt.dat
2004-08-19 14:49 3,063 a--sh--- c:\windows\vsaau.dat
2004-08-02 15:22 3,063 a--sh--- c:\windows\vsntm.dat
2004-08-04 22:46 11,388 a--sh--- c:\windows\vturz.dat
2004-08-28 00:14 3,063 a--sh--- c:\windows\waflh.dat
2004-08-07 19:08 3,063 a--sh--- c:\windows\waqyq.dat
2004-08-12 10:21 11,388 a--sh--- c:\windows\wdirn.dat
2004-10-08 22:52 3,063 a--sh--- c:\windows\wdqwc.dat
2004-08-01 10:48 11,388 a--sh--- c:\windows\wghse.dat
2004-07-29 08:15 3,063 a--sh--- c:\windows\wgmaj.dat
2004-08-03 03:08 11,388 a--sh--- c:\windows\wgwqn.dat
2004-11-05 23:48 11,388 a--sh--- c:\windows\whmwr.dat
2004-08-14 12:04 3,063 a--sh--- c:\windows\wkbsd.dat
2004-08-06 10:57 3,063 a--sh--- c:\windows\wluod.dat
2004-07-28 15:12 3,063 a--sh--- c:\windows\wmmgj.dat
2004-08-08 16:29 3,063 a--sh--- c:\windows\wmtnv.dat
2004-08-18 13:05 11,388 a--sh--- c:\windows\wmzxv.dat
2004-08-24 23:57 3,063 a--sh--- c:\windows\wnncm.dat
2004-08-08 22:14 3,063 a--sh--- c:\windows\wnogt.dat
2004-08-18 13:16 3,063 a--sh--- c:\windows\woofj.dat
2004-08-09 17:26 3,063 a--sh--- c:\windows\wsjzf.dat
2005-01-22 06:54 3,547 a--sh--- c:\windows\wstle.dat
2004-09-29 10:04 11,388 a--sh--- c:\windows\wtuzx.dat
2004-08-21 14:20 3,063 a--sh--- c:\windows\wudnp.dat
2004-08-09 23:04 3,063 a--sh--- c:\windows\wugdl.dat
2004-08-23 22:08 3,063 a--sh--- c:\windows\wwozz.dat
2004-08-01 11:52 3,063 a--sh--- c:\windows\wykwr.dat
2004-06-07 19:07 3,063 a--sh--- c:\windows\xenew.dat
2004-08-06 21:51 11,388 a--sh--- c:\windows\xhtya.dat
2004-08-16 19:48 3,063 a--sh--- c:\windows\xhwck.dat
2004-05-26 02:39 11,388 a--sh--- c:\windows\xmgxo.dat
2004-07-30 23:25 3,063 a--sh--- c:\windows\xndqi.dat
2004-08-10 08:16 11,388 a--sh--- c:\windows\xqjsu.dat
2004-05-25 03:31 11,388 a--sh--- c:\windows\xrjro.dat
2004-07-05 17:30 11,388 a--sh--- c:\windows\xvide.dat
2004-07-28 00:06 3,063 a--sh--- c:\windows\xvqcq.dat
2004-08-19 02:36 11,388 a--sh--- c:\windows\xwkcq.dat
2004-08-10 04:31 3,063 a--sh--- c:\windows\ycdut.dat
2005-07-31 01:58 11,388 a--sh--- c:\windows\ydatb.dat
2004-08-17 05:46 11,388 a--sh--- c:\windows\ydnzz.dat
2005-07-15 19:20 11,388 a--sh--- c:\windows\yepts.dat
2004-08-26 02:45 3,063 a--sh--- c:\windows\ygnod.dat
2004-08-11 07:30 11,388 a--sh--- c:\windows\ygsnz.dat
2005-07-30 08:40 11,388 a--sh--- c:\windows\yhimr.dat
2004-08-27 14:10 3,063 a--sh--- c:\windows\yhjhi.dat
2004-08-01 13:38 3,063 a--sh--- c:\windows\yhxpw.dat
2004-08-14 02:04 11,388 a--sh--- c:\windows\ykuwa.dat
2004-08-27 19:44 3,063 a--sh--- c:\windows\ylbkg.dat
2004-08-10 17:07 11,388 a--sh--- c:\windows\ymkeg.dat
2004-11-07 03:03 11,388 a--sh--- c:\windows\ypkzt.dat
2004-07-29 01:48 11,388 a--sh--- c:\windows\ytevh.dat
2004-08-19 19:47 11,388 a--sh--- c:\windows\yublt.dat
2004-08-25 01:58 3,063 a--sh--- c:\windows\yunky.dat
2004-08-13 10:14 11,388 a--sh--- c:\windows\ywmfe.dat
2004-08-16 12:13 3,063 a--sh--- c:\windows\yzibi.dat
2004-08-23 11:57 3,063 a--sh--- c:\windows\zdtda.dat
2004-08-13 22:37 3,063 a--sh--- c:\windows\zgiap.dat
2004-05-24 16:17 3,063 a--sh--- c:\windows\zkfrc.dat
2005-06-21 18:01 11,152 a--sh--- c:\windows\zkoyj.dat
2004-08-17 06:03 11,388 a--sh--- c:\windows\zksmk.dat
2004-08-27 12:36 3,063 a--sh--- c:\windows\zmygd.dat
2004-08-14 20:39 11,388 a--sh--- c:\windows\zngls.dat
2004-10-12 15:47 3,063 a--sh--- c:\windows\zpsxu.dat
2004-06-13 23:32 11,388 a--sh--- c:\windows\zrcze.dat
2004-08-14 15:44 11,388 a--sh--- c:\windows\zspbi.dat
2004-08-21 13:39 11,388 a--sh--- c:\windows\zuavo.dat
2004-08-28 13:41 3,063 a--sh--- c:\windows\zwfph.dat
2004-07-31 14:54 3,063 a--sh--- c:\windows\zynpq.dat
2004-08-14 15:24 3,063 a--sh--- c:\windows\system32\aayah.dat
2004-08-03 01:28 3,063 a--sh--- c:\windows\system32\ababb.dat
2004-08-19 17:02 11,388 a--sh--- c:\windows\system32\abuqu.dat
2004-08-25 23:29 3,063 a--sh--- c:\windows\system32\aegna.dat
2004-08-13 15:01 11,388 a--sh--- c:\windows\system32\aeydu.dat
2004-08-13 03:35 3,063 a--sh--- c:\windows\system32\ahxmz.dat
2004-08-03 19:35 3,063 a--sh--- c:\windows\system32\ajnyk.dat
2004-10-21 12:56 3,362 a--sh--- c:\windows\system32\akapq.dat
2004-08-04 22:13 3,063 a--sh--- c:\windows\system32\aksea.dat
2004-08-10 10:38 11,388 a--sh--- c:\windows\system32\alzky.dat
2004-08-07 05:37 3,063 a--sh--- c:\windows\system32\amhkn.dat
2004-08-28 08:21 11,388 a--sh--- c:\windows\system32\avzvs.dat
2004-08-29 15:46 11,388 a--sh--- c:\windows\system32\bayqm.dat
2004-07-23 18:52 11,388 a--sh--- c:\windows\system32\bbvvt.dat
2005-01-12 14:29 11,592 a--sh--- c:\windows\system32\bdamn.dat
2004-08-02 05:54 3,063 a--sh--- c:\windows\system32\bgeti.dat
2004-08-04 18:13 3,063 a--sh--- c:\windows\system32\bgifq.dat
2004-08-11 03:36 3,063 a--sh--- c:\windows\system32\biarb.dat
2004-08-18 23:51 3,063 a--sh--- c:\windows\system32\bjwhp.dat
2004-09-26 20:47 11,388 a--sh--- c:\windows\system32\bkkdw.dat
2004-09-30 19:55 3,063 a--sh--- c:\windows\system32\bmraa.dat
2004-07-29 09:53 3,063 a--sh--- c:\windows\system32\bmzqe.dat
2004-08-16 15:32 11,388 a--sh--- c:\windows\system32\brjik.dat
2004-08-15 00:05 3,063 a--sh--- c:\windows\system32\brqsg.dat
2004-08-04 15:52 11,388 a--sh--- c:\windows\system32\bukqc.dat
2004-07-30 20:54 11,388 a--sh--- c:\windows\system32\byjnb.dat
2004-08-25 14:37 3,063 a--sh--- c:\windows\system32\bzyoa.dat
2004-05-29 17:51 3,063 a--sh--- c:\windows\system32\camhy.dat
2004-08-30 04:55 3,063 a--sh--- c:\windows\system32\cevob.dat
2004-07-31 07:16 3,063 a--sh--- c:\windows\system32\cgrxt.dat
2004-08-21 15:07 11,388 a--sh--- c:\windows\system32\cgxzx.dat
2004-07-30 05:47 11,388 a--sh--- c:\windows\system32\chfji.dat
2004-08-19 07:57 3,063 a--sh--- c:\windows\system32\cieon.dat
2004-06-06 01:06 11,388 a--sh--- c:\windows\system32\cjhgl.dat
2004-08-05 11:37 11,388 a--sh--- c:\windows\system32\cmdex.dat
2004-08-17 07:57 11,388 a--sh--- c:\windows\system32\codcg.dat
2004-05-23 09:31 3,063 a--sh--- c:\windows\system32\codtl.dat
2004-08-21 08:45 3,063 a--sh--- c:\windows\system32\cqhdi.dat
2004-08-12 09:28 11,388 a--sh--- c:\windows\system32\cqlpr.dat
2005-07-10 00:09 11,152 a--sh--- c:\windows\system32\crimp.dat
2004-08-25 01:40 3,063 a--sh--- c:\windows\system32\cskeo.dat
2004-06-12 09:27 3,063 a--sh--- c:\windows\system32\cvquf.dat
2004-10-23 08:04 11,388 a--sh--- c:\windows\system32\cwfuj.dat
2004-07-27 13:12 11,388 a--sh--- c:\windows\system32\cwqql.dat
2004-08-15 00:21 3,063 a--sh--- c:\windows\system32\cyvfs.dat
2004-09-20 18:29 11,388 a--sh--- c:\windows\system32\dbnse.dat
2004-09-10 06:40 3,063 a--sh--- c:\windows\system32\dgicu.dat
2004-08-01 04:04 3,063 a--sh--- c:\windows\system32\djhcy.dat
2004-08-11 07:12 3,063 a--sh--- c:\windows\system32\dkdic.dat
2004-08-05 06:05 3,063 a--sh--- c:\windows\system32\dqxwu.dat
2004-07-29 09:45 11,388 a--sh--- c:\windows\system32\dsaiv.dat
2004-08-24 16:27 3,063 a--sh--- c:\windows\system32\dtrux.dat
2004-08-12 10:42 3,063 a--sh--- c:\windows\system32\ducpo.dat
2004-08-10 20:16 3,063 a--sh--- c:\windows\system32\dvchs.dat
2004-10-05 10:01 11,388 a--sh--- c:\windows\system32\dyseh.dat
2004-08-05 00:59 3,063 a--sh--- c:\windows\system32\ecmpv.dat
2004-08-17 21:26 11,388 a--sh--- c:\windows\system32\edllg.dat
2004-08-22 23:48 3,063 a--sh--- c:\windows\system32\eeqvr.dat
2004-08-16 05:44 3,063 a--sh--- c:\windows\system32\egsyx.dat
2004-08-18 17:13 3,063 a--sh--- c:\windows\system32\eibuu.dat
2004-08-22 09:02 3,063 a--sh--- c:\windows\system32\einul.dat
2004-08-03 11:16 11,388 a--sh--- c:\windows\system32\ejizl.dat
2004-08-10 21:47 3,063 a--sh--- c:\windows\system32\ejlez.dat
2004-08-18 22:03 11,388 a--sh--- c:\windows\system32\ekkxi.dat
2004-07-22 17:54 3,063 a--sh--- c:\windows\system32\embff.dat
2004-08-11 23:24 11,388 a--sh--- c:\windows\system32\eppkt.dat
2004-11-05 13:39 3,362 a--sh--- c:\windows\system32\esdsg.dat
2004-08-14 14:17 11,388 a--sh--- c:\windows\system32\exzau.dat
2004-06-08 06:15 3,063 a--sh--- c:\windows\system32\eyija.dat
2004-08-11 22:48 3,063 a--sh--- c:\windows\system32\ezplw.dat
2004-08-13 22:13 0 a--sh--- c:\windows\system32\fecip.dll
2004-08-03 07:08 3,063 a--sh--- c:\windows\system32\fgktv.dat
2004-06-01 11:38 11,388 a--sh--- c:\windows\system32\fgntr.dat
2004-08-08 17:28 11,388 a--sh--- c:\windows\system32\filct.dat
2004-08-08 15:47 11,388 a--sh--- c:\windows\system32\fjxui.dat
2004-08-07 23:58 3,063 a--sh--- c:\windows\system32\flrwg.dat
2004-08-08 21:51 3,063 a--sh--- c:\windows\system32\flvis.dat
2004-06-17 16:59 11,388 a--sh--- c:\windows\system32\fmbfz.dat
2004-10-12 05:11 11,388 a--sh--- c:\windows\system32\fqlud.dat
2004-07-31 17:53 3,063 a--sh--- c:\windows\system32\fqlxz.dat
2004-11-16 06:24 11,388 a--sh--- c:\windows\system32\fvliy.dat
2004-10-04 00:11 3,063 a--sh--- c:\windows\system32\fxlrb.dat
2004-08-28 00:42 11,388 a--sh--- c:\windows\system32\fzdke.dat
2004-08-28 06:09 3,063 a--sh--- c:\windows\system32\fzjan.dat
2005-04-06 05:12 4,870 a--sh--- c:\windows\system32\gaybm.dat
2004-08-22 15:08 3,063 a--sh--- c:\windows\system32\gbhbn.dat
2004-08-16 16:58 3,063 a--sh--- c:\windows\system32\gfgxj.dat
2004-08-01 08:56 3,063 a--sh--- c:\windows\system32\gfqfm.dat
2005-07-21 09:19 0 a--sh--- c:\windows\system32\ginrk.dll
2004-06-18 02:37 3,063 a--sh--- c:\windows\system32\gitgu.dat
2004-08-07 14:26 3,063 a--sh--- c:\windows\system32\gjyxt.dat
2004-08-10 19:58 3,063 a--sh--- c:\windows\system32\gkzhr.dat
2004-08-12 22:56 11,388 a--sh--- c:\windows\system32\gltje.dat
2004-08-03 05:41 11,388 a--sh--- c:\windows\system32\gpmau.dat
2004-08-14 03:14 11,388 a--sh--- c:\windows\system32\grcio.dat
2004-09-20 12:52 3,063 a--sh--- c:\windows\system32\gruuw.dat
2004-08-17 19:01 3,063 a--sh--- c:\windows\system32\gtnth.dat
2004-08-13 09:17 11,388 a--sh--- c:\windows\system32\gtwyt.dat
2004-08-21 15:38 3,063 a--sh--- c:\windows\system32\gutom.dat
2004-06-05 08:46 11,388 a--sh--- c:\windows\system32\gwszs.dat
2004-08-07 02:34 3,063 a--sh--- c:\windows\system32\gwxmd.dat
2005-07-26 04:18 11,152 a--sh--- c:\windows\system32\gyyzx.dat
2004-08-13 08:06 11,388 a--sh--- c:\windows\system32\harzf.dat
2004-08-18 04:04 3,063 a--sh--- c:\windows\system32\hbtjr.dat
2004-08-19 13:56 11,388 a--sh--- c:\windows\system32\hghtl.dat
2004-09-25 14:57 3,063 a--sh--- c:\windows\system32\hmbla.dat
2004-08-06 18:41 11,388 a--sh--- c:\windows\system32\houhm.dat
2004-08-18 22:12 11,388 a--sh--- c:\windows\system32\hqhtb.dat
2004-08-18 16:45 3,063 a--sh--- c:\windows\system32\ieezz.dat
2004-08-17 04:08 11,388 a--sh--- c:\windows\system32\ipefq.dat
2004-08-16 10:31 3,063 a--sh--- c:\windows\system32\irgfa.dat
2004-08-12 03:21 3,063 a--sh--- c:\windows\system32\irnhi.dat
2004-12-28 10:04 4,402 a--sh--- c:\windows\system32\isdia.dat
2004-08-31 14:18 11,388 a--sh--- c:\windows\system32\iseme.dat
2004-07-28 20:17 11,388 a--sh--- c:\windows\system32\islxq.dat
2004-08-12 08:25 3,063 a--sh--- c:\windows\system32\isvkf.dat
2004-08-16 09:14 3,063 a--sh--- c:\windows\system32\iueui.dat
2004-08-13 18:51 3,063 a--sh--- c:\windows\system32\ixdlb.dat
2004-08-15 19:32 11,388 a--sh--- c:\windows\system32\jamzq.dat
2004-07-23 18:41 3,063 a--sh--- c:\windows\system32\jignf.dat
2004-08-11 14:59 3,063 a--sh--- c:\windows\system32\jjbhr.dat
2004-08-20 00:23 3,063 a--sh--- c:\windows\system32\jjsxj.dat
2004-08-27 23:59 11,388 a--sh--- c:\windows\system32\jkhth.dat
2005-01-19 18:49 0 a--sh--- c:\windows\system32\jlicd.dll
2004-08-18 13:39 3,063 a--sh--- c:\windows\system32\jmnvg.dat
2004-08-17 04:58 3,063 a--sh--- c:\windows\system32\jnukc.dat
2004-07-25 11:57 3,063 a--sh--- c:\windows\system32\joikh.dat
2004-07-27 07:04 3,063 a--sh--- c:\windows\system32\joojt.dat
2004-08-04 18:08 11,388 a--sh--- c:\windows\system32\joyqp.dat
2004-08-16 06:22 11,388 a--sh--- c:\windows\system32\jqmgg.dat
2004-08-05 19:49 3,063 a--sh--- c:\windows\system32\jrjhq.dat
2004-08-15 12:10 11,388 a--sh--- c:\windows\system32\jtfht.dat
2004-08-12 20:15 11,388 a--sh--- c:\windows\system32\jvggo.dat
2004-08-04 18:49 11,388 a--sh--- c:\windows\system32\jvscj.dat
2004-07-27 15:15 3,063 a--sh--- c:\windows\system32\jwepw.dat
2004-08-03 08:11 11,388 a--sh--- c:\windows\system32\jyhkb.dat
2004-07-31 02:33 11,388 a--sh--- c:\windows\system32\jzxfs.dat
2004-08-07 18:48 11,388 a--sh--- c:\windows\system32\kawls.dat
2004-08-09 08:32 3,063 a--sh--- c:\windows\system32\kbbcb.dat
2005-07-16 11:51 11,152 a--sh--- c:\windows\system32\kbbln.dat
2004-08-27 22:18 3,063 a--sh--- c:\windows\system32\kbgnn.dat
2004-08-18 21:08 11,388 a--sh--- c:\windows\system32\kcthc.dat
2004-12-24 01:49 4,402 a--sh--- c:\windows\system32\kcuuy.dat
2004-06-01 05:43 11,388 a--sh--- c:\windows\system32\kdphd.dat
2005-07-21 01:53 11,152 a--sh--- c:\windows\system32\khppt.dat
2004-08-21 12:28 11,388 a--sh--- c:\windows\system32\kjyuw.dat
2004-08-03 00:26 11,388 a--sh--- c:\windows\system32\kpjng.dat
2004-08-03 22:12 3,063 a--sh--- c:\windows\system32\kqfey.dat
2004-08-18 10:40 3,063 a--sh--- c:\windows\system32\kqoha.dat
2004-09-11 17:29 3,063 a--sh--- c:\windows\system32\kqpkh.dat
2004-11-13 08:36 11,388 a--sh--- c:\windows\system32\ksuvp.dat
2004-08-07 15:58 3,063 a--sh--- c:\windows\system32\ktvwm.dat
2004-08-03 03:10 3,063 a--sh--- c:\windows\system32\kvziv.dat
2004-06-04 12:26 3,063 a--sh--- c:\windows\system32\kxltx.dat
2005-01-17 23:02 11,592 a--sh--- c:\windows\system32\kywxl.dat
2004-08-26 22:34 3,063 a--sh--- c:\windows\system32\laxtz.dat
2004-08-07 17:00 11,388 a--sh--- c:\windows\system32\lbain.dat
2004-08-20 00:42 11,388 a--sh--- c:\windows\system32\lfkai.dat
2004-11-15 14:01 3,362 a--sh--- c:\windows\system32\lfocl.dat
2004-07-31 12:03 3,063 a--sh--- c:\windows\system32\lfxah.dat
2004-05-31 03:00 11,388 a--sh--- c:\windows\system32\lgadp.dat
2004-08-18 06:08 11,388 a--sh--- c:\windows\system32\lkxzc.dat
2004-08-10 15:01 11,388 a--sh--- c:\windows\system32\lmkmd.dat
2004-05-23 06:33 2,814 a--sh--- c:\windows\system32\lnhzc.dat
2004-08-07 13:54 11,388 a--sh--- c:\windows\system32\lotvg.dat
2004-08-02 22:28 3,063 a--sh--- c:\windows\system32\lptoi.dat
2004-06-06 22:40 11,388 a--sh--- c:\windows\system32\lrxdl.dat
2004-07-29 14:40 3,063 a--sh--- c:\windows\system32\luiqt.dat
2005-03-24 01:45 4,870 a--sh--- c:\windows\system32\lvsqz.dat
2004-09-26 04:08 11,388 a--sh--- c:\windows\system32\lwvuq.dat
2004-08-19 14:53 3,063 a--sh--- c:\windows\system32\lzfng.dat
2005-01-13 14:40 11,592 a--sh--- c:\windows\system32\manji.dat
2004-08-20 18:29 3,063 a--sh--- c:\windows\system32\mbjtg.dat
2004-08-01 23:20 11,388 a--sh--- c:\windows\system32\mhedp.dat
2004-05-21 14:42 3,063 a--sh--- c:\windows\system32\mhnvd.dat
2004-08-27 13:54 3,063 a--sh--- c:\windows\system32\mjeby.dat
2004-08-11 02:05 11,388 a--sh--- c:\windows\system32\mkdpn.dat
2004-08-20 09:15 11,388 a--sh--- c:\windows\system32\mkpsq.dat
2004-09-26 03:57 3,063 a--sh--- c:\windows\system32\mmbli.dat
2004-08-09 17:42 11,388 a--sh--- c:\windows\system32\mmlio.dat
2004-08-13 21:13 11,388 a--sh--- c:\windows\system32\mnhuh.dat
2004-08-17 23:08 3,063 a--sh--- c:\windows\system32\mpiqb.dat
2004-08-25 08:25 3,063 a--sh--- c:\windows\system32\mpmgo.dat
2004-08-13 04:34 3,063 a--sh--- c:\windows\system32\mqnim.dat
2004-07-29 20:12 65,731 a--sh--- c:\windows\system32\msoi.dll
2004-08-06 15:01 11,388 a--sh--- c:\windows\system32\msuah.dat
2004-07-28 20:40 3,063 a--sh--- c:\windows\system32\mulqd.dat
2004-09-07 07:09 11,388 a--sh--- c:\windows\system32\mvwvy.dat
2005-01-14 13:35 11,592 a--sh--- c:\windows\system32\myaas.dat
2004-08-29 14:00 11,388 a--sh--- c:\windows\system32\nfyte.dat
2004-08-24 07:33 3,063 a--sh--- c:\windows\system32\ngtdo.dat
2004-08-04 01:17 11,388 a--sh--- c:\windows\system32\nilaz.dat
2004-08-20 19:36 3,063 a--sh--- c:\windows\system32\nkrle.dat
2004-08-26 17:40 11,388 a--sh--- c:\windows\system32\nkwla.dat
2004-08-15 10:46 11,388 a--sh--- c:\windows\system32\nnwcd.dat
2005-06-14 00:27 9,237 a--sh--- c:\windows\system32\nrjyj.dat
2004-08-15 21:12 11,388 a--sh--- c:\windows\system32\nspqu.dat
2004-08-12 18:30 3,063 a--sh--- c:\windows\system32\nufvb.dat
2004-08-18 12:34 3,063 a--sh--- c:\windows\system32\nuhsp.dat
2004-10-09 07:20 11,388 a--sh--- c:\windows\system32\nurgw.dat
2004-08-03 06:10 11,388 a--sh--- c:\windows\system32\nvfam.dat
2004-08-20 08:05 11,388 a--sh--- c:\windows\system32\nvvus.dat
2004-08-01 15:27 3,063 a--sh--- c:\windows\system32\nybzy.dat
2004-08-11 11:55 3,063 a--sh--- c:\windows\system32\nzhvf.dat
2004-08-18 19:12 11,388 a--sh--- c:\windows\system32\nzynw.dat
2004-06-04 12:47 3,063 a--sh--- c:\windows\system32\oaagv.dat
2004-09-16 19:36 3,063 a--sh--- c:\windows\system32\odlfw.dat
2004-06-03 19:03 3,063 a--sh--- c:\windows\system32\odoij.dat
2004-07-30 03:27 3,063 a--sh--- c:\windows\system32\odtum.dat
2004-07-31 09:40 3,063 a--sh--- c:\windows\system32\odxtm.dat
2004-08-11 06:34 11,388 a--sh--- c:\windows\system32\ofrcu.dat
2004-09-02 10:33 11,388 a--sh--- c:\windows\system32\ohadp.dat
2004-08-15 03:08 11,388 a--sh--- c:\windows\system32\olcyz.dat
2004-08-12 21:27 3,063 a--sh--- c:\windows\system32\onlfr.dat
2004-08-16 15:04 11,388 a--sh--- c:\windows\system32\ooajz.dat
2004-08-05 02:06 11,388 a--sh--- c:\windows\system32\oodps.dat
2004-08-15 03:18 3,063 a--sh--- c:\windows\system32\oosaq.dat
2004-09-13 03:45 11,388 a--sh--- c:\windows\system32\ophqe.dat
2004-06-11 06:18 3,063 a--sh--- c:\windows\system32\orcfg.dat
2004-08-25 18:26 3,063 a--sh--- c:\windows\system32\otvzj.dat
2004-06-11 15:32 3,063 a--sh--- c:\windows\system32\ovdwx.dat
2004-08-07 03:49 3,063 a--sh--- c:\windows\system32\ovfyi.dat
2004-08-20 21:08 11,388 a--sh--- c:\windows\system32\oxylk.dat
2004-05-20 05:42 3,063 a--sh--- c:\windows\system32\oyfqv.dat
2004-08-17 15:42 11,388 a--sh--- c:\windows\system32\oyrir.dat
2004-08-09 16:59 11,388 a--sh--- c:\windows\system32\pbubf.dat
2004-08-18 22:31 3,063 a--sh--- c:\windows\system32\pdbtk.dat
2004-08-07 06:37 3,063 a--sh--- c:\windows\system32\pdybx.dat
2004-08-12 13:17 3,063 a--sh--- c:\windows\system32\pkhsv.dat
2004-08-15 01:58 11,388 a--sh--- c:\windows\system32\poijj.dat
2004-08-28 17:31 3,063 a--sh--- c:\windows\system32\ppcfn.dat
2004-08-03 17:58 3,063 a--sh--- c:\windows\system32\pqttp.dat
2004-08-17 14:14 3,063 a--sh--- c:\windows\system32\puprt.dat
2004-08-22 10:04 11,388 a--sh--- c:\windows\system32\pvlqs.dat
2004-05-20 22:33 11,388 a--sh--- c:\windows\system32\pvoxy.dat
2004-10-19 22:53 3,362 a--sh--- c:\windows\system32\pvtva.dat
2004-09-22 09:23 11,388 a--sh--- c:\windows\system32\pvvgl.dat
2004-08-26 03:23 3,063 a--sh--- c:\windows\system32\pzgpe.dat
2005-07-25 08:03 11,152 a--sh--- c:\windows\system32\pznek.dat
2004-08-21 05:10 11,388 a--sh--- c:\windows\system32\qawib.dat
2005-01-11 09:58 4,402 a--sh--- c:\windows\system32\qbrfx.dat
2004-08-03 11:05 11,388 a--sh--- c:\windows\system32\qdoab.dat
2004-09-15 16:16 3,063 a--sh--- c:\windows\system32\qdxum.dat
2004-08-25 04:01 11,388 a--sh--- c:\windows\system32\qjhni.dat
2004-08-01 06:15 3,063 a--sh--- c:\windows\system32\qkgjl.dat
2004-08-27 13:30 3,063 a--sh--- c:\windows\system32\qmfxn.dat
2004-12-26 03:35 4,402 a--sh--- c:\windows\system32\qpnhm.dat
2004-08-07 03:15 3,063 a--sh--- c:\windows\system32\qrtcx.dat
2004-08-22 19:39 3,063 a--sh--- c:\windows\system32\qtgzt.dat
2004-08-25 23:39 3,063 a--sh--- c:\windows\system32\qutco.dat
2004-08-10 19:24 11,388 a--sh--- c:\windows\system32\qxnck.dat
2004-05-31 20:29 11,388 a--sh--- c:\windows\system32\ragqm.dat
2004-05-30 06:56 11,388 a--sh--- c:\windows\system32\rarhy.dat
2004-08-10 15:35 11,388 a--sh--- c:\windows\system32\razpl.dat
2004-08-08 13:09 11,388 a--sh--- c:\windows\system32\reidz.dat
2004-08-16 04:09 3,063 a--sh--- c:\windows\system32\rgtnj.dat
2005-01-18 16:25 11,592 a--sh--- c:\windows\system32\rgtow.dat
2004-12-28 12:39 11,592 a--sh--- c:\windows\system32\riacz.dat
2003-08-05 06:05 11,388 a--sh--- c:\windows\system32\rkumr.dat
2004-08-16 01:14 11,388 a--sh--- c:\windows\system32\rlpxw.dat
2004-08-07 20:01 11,388 a--sh--- c:\windows\system32\rnfjl.dat
2004-08-21 16:07 3,063 a--sh--- c:\windows\system32\rpfjl.dat
2004-08-15 11:07 11,388 a--sh--- c:\windows\system32\rqlyt.dat
2004-08-08 07:22 11,388 a--sh--- c:\windows\system32\rrifm.dat
2004-08-08 07:33 3,063 a--sh--- c:\windows\system32\rspjt.dat
2004-08-25 23:00 11,388 a--sh--- c:\windows\system32\rtyhc.dat
2004-06-03 07:48 3,063 a--sh--- c:\windows\system32\rvkzx.dat
2004-08-16 22:10 3,063 a--sh--- c:\windows\system32\rxhca.dat
2004-07-31 09:00 11,388 a--sh--- c:\windows\system32\ryqdf.dat
2004-08-24 06:33 11,388 a--sh--- c:\windows\system32\scclb.dat
2005-07-14 18:23 11,152 a--sh--- c:\windows\system32\scjao.dat
2004-07-30 19:51 11,388 a--sh--- c:\windows\system32\senkx.dat
2004-08-15 08:03 3,063 a--sh--- c:\windows\system32\skecv.dat
2004-08-16 20:55 3,063 a--sh--- c:\windows\system32\sknuy.dat
2004-07-26 02:57 3,063 a--sh--- c:\windows\system32\skqye.dat
2004-05-30 01:58 11,388 a--sh--- c:\windows\system32\smgjz.dat
2004-08-11 07:11 11,388 a--sh--- c:\windows\system32\splle.dat
2004-11-12 13:17 11,388 a--sh--- c:\windows\system32\ssatm.dat
2003-08-08 20:18 11,388 a--sh--- c:\windows\system32\stuib.dat
2004-08-27 01:57 11,388 a--sh--- c:\windows\system32\suecp.dat
2004-09-25 06:37 3,063 a--sh--- c:\windows\system32\svqlo.dat
2004-08-09 01:49 3,063 a--sh--- c:\windows\system32\svwyh.dat
2004-08-13 13:50 11,388 a--sh--- c:\windows\system32\sxqrz.dat
2004-05-03 01:16 898 a--sh--- c:\windows\system32\sysdo.dll
2004-08-21 17:52 11,388 a--sh--- c:\windows\system32\szcuu.dat
2005-01-23 06:21 11,592 a--sh--- c:\windows\system32\taptz.dat
2004-05-25 00:49 11,388 a--sh--- c:\windows\system32\tbeoi.dat
2004-08-11 23:14 3,063 a--sh--- c:\windows\system32\tbjlv.dat
2004-08-08 12:49 11,388 a--sh--- c:\windows\system32\teneq.dat
2004-08-23 20:01 11,388 a--sh--- c:\windows\system32\tfadi.dat
2004-08-23 10:22 3,063 a--sh--- c:\windows\system32\tfbar.dat
2004-08-26 07:41 3,063 a--sh--- c:\windows\system32\tjqzt.dat
2004-08-07 20:19 11,388 a--sh--- c:\windows\system32\tklaz.dat
2004-08-16 11:42 11,388 a--sh--- c:\windows\system32\tlbtz.dat
2004-08-10 00:50 11,388 a--sh--- c:\windows\system32\tlnoi.dat
2004-08-27 13:07 3,063 a--sh--- c:\windows\system32\tnrgz.dat
2004-08-24 13:16 3,063 a--sh--- c:\windows\system32\trdmb.dat
2004-08-22 05:40 3,063 a--sh--- c:\windows\system32\ttnpo.dat
2004-08-04 16:20 3,063 a--sh--- c:\windows\system32\ttwsp.dat
2004-06-12 12:39 3,063 a--sh--- c:\windows\system32\tvpyw.dat
2004-08-22 10:42 11,388 a--sh--- c:\windows\system32\twcbx.dat
2004-08-18 09:17 3,063 a--sh--- c:\windows\system32\twuzy.dat
2004-08-24 18:13 11,388 a--sh--- c:\windows\system32\txqvd.dat
2004-08-25 23:41 3,063 a--sh--- c:\windows\system32\tyjst.dat
2004-08-20 18:57 11,388 a--sh--- c:\windows\system32\tzdmc.dat
2004-08-16 10:39 11,388 a--sh--- c:\windows\system32\ueblc.dat
2004-05-29 14:20 11,388 a--sh--- c:\windows\system32\ugyol.dat
2004-08-13 05:21 3,063 a--sh--- c:\windows\system32\uhnnt.dat
2004-06-08 08:06 11,388 a--sh--- c:\windows\system32\ulmej.dat
2005-06-12 00:12 11,152 a--sh--- c:\windows\system32\unirg.dat
2003-08-06 00:25 3,063 a--sh--- c:\windows\system32\upsgz.dat
2004-08-17 12:20 3,063 a--sh--- c:\windows\system32\urnze.dat
2004-08-31 16:07 3,063 a--sh--- c:\windows\system32\urvhf.dat
2004-08-08 05:20 11,388 a--sh--- c:\windows\system32\usedo.dat
2004-12-30 07:06 11,592 a--sh--- c:\windows\system32\uvbkf.dat
2004-08-15 18:54 11,388 a--sh--- c:\windows\system32\uvrzd.dat
2004-08-07 19:42 3,063 a--sh--- c:\windows\system32\uvxgi.dat
2004-07-27 11:35 11,388 a--sh--- c:\windows\system32\uyjqo.dat
2004-08-28 12:49 11,388 a--sh--- c:\windows\system32\uzqlh.dat
2005-05-24 08:27 4,870 a--sh--- c:\windows\system32\vbxla.dat
2004-08-31 11:08 11,388 a--sh--- c:\windows\system32\vdkjg.dat
2004-08-01 20:36 3,063 a--sh--- c:\windows\system32\vffoc.dat
2004-08-22 22:25 11,388 a--sh--- c:\windows\system32\vhvba.dat
2004-08-29 13:36 3,063 a--sh--- c:\windows\system32\vmhre.dat
2004-08-10 05:01 11,388 a--sh--- c:\windows\system32\vnsxk.dat
2004-08-10 11:42 3,063 a--sh--- c:\windows\system32\vqcbm.dat
2004-08-22 00:52 3,063 a--sh--- c:\windows\system32\vrgdi.dat
2004-08-25 03:33 3,063 a--sh--- c:\windows\system32\vsboc.dat
2004-08-06 13:28 3,063 a--sh--- c:\windows\system32\vszmi.dat
2004-08-04 23:40 11,388 a--sh--- c:\windows\system32\vtfib.dat
2004-08-19 07:05 11,388 a--sh--- c:\windows\system32\waugv.dat
2004-08-08 17:12 3,063 a--sh--- c:\windows\system32\wccms.dat
2004-08-15 02:35 11,388 a--sh--- c:\windows\system32\wdtfa.dat
2004-06-02 08:43 11,388 a--sh--- c:\windows\system32\wdydm.dat
2004-06-17 18:56 3,063 a--sh--- c:\windows\system32\wedfg.dat
2004-08-07 07:43 3,063 a--sh--- c:\windows\system32\wekkd.dat
2004-08-02 00:04 3,063 a--sh--- c:\windows\system32\widlm.dat
2004-07-20 13:12 279 a--sh--- c:\windows\system32\wingy.dll
2004-08-18 11:53 3,063 a--sh--- c:\windows\system32\wivwd.dat
2004-06-05 16:53 11,388 a--sh--- c:\windows\system32\wjnau.dat
2004-08-15 09:06 3,063 a--sh--- c:\windows\system32\wnkpd.dat
2004-08-24 13:19 11,388 a--sh--- c:\windows\system32\wpdyb.dat
2004-09-13 09:20 0 a--sh--- c:\windows\system32\wqdhk.dll
2004-08-16 01:30 11,388 a--sh--- c:\windows\system32\wtfob.dat
2004-06-15 06:26 11,388 a--sh--- c:\windows\system32\wurkh.dat
2004-06-17 17:35 3,063 a--sh--- c:\windows\system32\wwflx.dat
2004-05-31 17:06 3,063 a--sh--- c:\windows\system32\wxizu.dat
2004-08-29 18:10 11,388 a--sh--- c:\windows\system32\wyvnv.dat
2004-08-26 09:29 3,063 a--sh--- c:\windows\system32\xasly.dat
2004-07-22 16:40 3,063 a--sh--- c:\windows\system32\xatzc.dat
2004-08-19 05:36 3,063 a--sh--- c:\windows\system32\xgwfo.dat
2004-11-13 13:13 11,388 a--sh--- c:\windows\system32\xlaby.dat
2004-08-01 07:20 3,063 a--sh--- c:\windows\system32\xmgxx.dat
2004-08-03 02:51 11,388 a--sh--- c:\windows\system32\xmvha.dat
2004-08-20 16:55 11,388 a--sh--- c:\windows\system32\xontw.dat
2004-08-02 07:45 3,063 a--sh--- c:\windows\system32\xrybp.dat
2004-08-29 14:26 3,063 a--sh--- c:\windows\system32\xthbo.dat
2004-08-19 21:26 3,063 a--sh--- c:\windows\system32\xtncl.dat
2004-10-02 19:18 11,388 a--sh--- c:\windows\system32\xtqnu.dat
2004-08-12 01:45 3,063 a--sh--- c:\windows\system32\xxyzg.dat
2004-08-12 06:04 11,388 a--sh--- c:\windows\system32\xybgm.dat
2004-07-24 02:25 11,388 a--sh--- c:\windows\system32\ygegt.dat
2004-08-04 06:00 11,388 a--sh--- c:\windows\system32\yhilb.dat
2004-08-01 23:10 11,388 a--sh--- c:\windows\system32\yjpsa.dat
2004-08-14 16:31 3,063 a--sh--- c:\windows\system32\ykxib.dat
2004-08-16 22:24 3,063 a--sh--- c:\windows\system32\ynrde.dat
2004-08-24 18:46 11,388 a--sh--- c:\windows\system32\yphpu.dat
2004-08-23 19:44 11,388 a--sh--- c:\windows\system32\yqjmq.dat
2004-05-29 16:19 3,063 a--sh--- c:\windows\system32\yqpie.dat
2004-08-14 00:43 3,063 a--sh--- c:\windows\system32\ytmfu.dat
2004-07-25 01:49 11,388 a--sh--- c:\windows\system32\yymby.dat
2004-08-16 07:23 3,063 a--sh--- c:\windows\system32\zbcqv.dat
2004-08-21 08:20 11,388 a--sh--- c:\windows\system32\zckot.dat
2004-10-17 12:46 3,362 a--sh--- c:\windows\system32\zfbzr.dat
2004-08-05 05:28 3,063 a--sh--- c:\windows\system32\zfmnk.dat
2004-08-09 21:42 11,388 a--sh--- c:\windows\system32\ziwtg.dat
2004-08-16 13:44 3,063 a--sh--- c:\windows\system32\zkfqq.dat
2004-07-24 20:44 11,388 a--sh--- c:\windows\system32\zlbvy.dat
2004-08-18 20:08 11,388 a--sh--- c:\windows\system32\zloul.dat
2004-09-29 23:25 3,063 a--sh--- c:\windows\system32\zpoer.dat
2004-08-17 06:52 3,063 a--sh--- c:\windows\system32\zrvud.dat
2004-08-07 16:08 3,063 a--sh--- c:\windows\system32\zsjhu.dat
2004-08-14 15:41 3,063 a--sh--- c:\windows\system32\zuaju.dat
2004-08-04 06:37 11,388 a--sh--- c:\windows\system32\zvpjh.dat
2004-11-03 18:07 3,362 a--sh--- c:\windows\system32\zvppr.dat
2004-10-28 13:05 11,388 a--sh--- c:\windows\system32\zxpeq.dat
2004-07-23 01:50 3,063 a--sh--- c:\windows\system32\zyxbs.dat
2004-08-05 19:57 11,388 a--sh--- c:\windows\system32\zzpgz.dat
2008-11-03 08:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110320081104\index.dat

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:38 PM

Posted 01 August 2009 - 06:37 AM

Hello Kaptain Kurt,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Kaptain Kurt

Kaptain Kurt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:09:38 PM

Posted 02 August 2009 - 01:57 PM

Thanks for responding. I still have the same problem. Below is the log you requested. Thanks, Kurt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:59, on 08/02/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.hughes.net/mail?nimlet=showlogin
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6677 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:38 PM

Posted 02 August 2009 - 02:19 PM

Well okie dokie then.....I just read your original thread. Let's see what we can see to get you fixed up. :thumbup2:

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Kaptain Kurt

Kaptain Kurt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:09:38 PM

Posted 05 August 2009 - 12:27 PM

Followed instructions as requested. After boot up Norton still finds Infostealer and cannot remove it from an unsupported file. Info supplied by Norton about this virus is"[keygen.exe] inside of [c:\recycler\s-1-5-21-725345543-854245698-1004\dc748.rar]". Combofix log is below. What do we do next? Thanks, Kurt

ComboFix 09-08-04.03 - Kurt Rundel 08/05/09 11:55.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1459 [GMT -4:00]
Running from: c:\documents and settings\Kurt Rundel\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\abudu.dat
c:\windows\acejq.dat
c:\windows\ajzen.dat
c:\windows\atqry.dat
c:\windows\bfmqj.dat
c:\windows\brpfp.dat
c:\windows\bsobt.dat
c:\windows\bstwy.dat
c:\windows\bttkz.dat
c:\windows\bujbe.dat
c:\windows\busmw.dat
c:\windows\bwtld.dat
c:\windows\cczvd.dat
c:\windows\cetxo.dat
c:\windows\cjnpy.dat
c:\windows\cmeig.dat
c:\windows\cmobq.dat
c:\windows\cnlda.dat
c:\windows\cpxsu.dat
c:\windows\crhbo.dat
c:\windows\ctlsw.dat
c:\windows\dapgi.dat
c:\windows\daxah.dat
c:\windows\dbgce.dat
c:\windows\dfjmm.dat
c:\windows\dkaqn.dat
c:\windows\drzrw.dat
c:\windows\dswpv.dat
c:\windows\ducir.dat
c:\windows\dvdif.dat
c:\windows\dxdrq.dat
c:\windows\dzaff.dat
c:\windows\dzwbl.dat
c:\windows\edcyq.dat
c:\windows\edsjv.dat
c:\windows\ehahg.dat
c:\windows\ehiba.dat
c:\windows\ekiof.dat
c:\windows\elgom.dat
c:\windows\emerg.dat
c:\windows\emszd.dat
c:\windows\emvix.dat
c:\windows\evzyw.dat
c:\windows\eyhtt.dat
c:\windows\fahzk.dat
c:\windows\fivbm.dat
c:\windows\fljpb.dat
c:\windows\fnazg.dat
c:\windows\fpbhs.dat
c:\windows\fqcus.dat
c:\windows\ftuus.dat
c:\windows\fubzx.dat
c:\windows\fvkfc.dat
c:\windows\fyzvp.dat
c:\windows\fzhvv.dat
c:\windows\gaujj.dat
c:\windows\gdgul.dat
c:\windows\gdzso.dat
c:\windows\giexr.dat
c:\windows\gmvsr.dat
c:\windows\grswc.dat
c:\windows\gucux.dat
c:\windows\gutop.dat
c:\windows\gvyos.dat
c:\windows\gyvxe.dat
c:\windows\hakql.dat
c:\windows\hazae.dat
c:\windows\hbclq.dat
c:\windows\hcdka.dat
c:\windows\hegxz.dat
c:\windows\hhwpo.dat
c:\windows\hnduf.dat
c:\windows\hnxrt.dat
c:\windows\hoqwu.dat
c:\windows\hrltr.dat
c:\windows\huruk.dat
c:\windows\hysqx.dat
c:\windows\igzwh.dat
c:\windows\iimtk.dat
c:\windows\innjq.dat
c:\windows\Installer\1293d3.msi
c:\windows\Installer\2cd281ec.msi
c:\windows\Installer\2df506.msi
c:\windows\Installer\743c95b9.msi
c:\windows\Installer\9c5018.msi
c:\windows\Installer\9e8b7.msi
c:\windows\ipjao.dat
c:\windows\iqjal.dat
c:\windows\irfvr.dat
c:\windows\jadfa.dat
c:\windows\jckym.dat
c:\windows\jkdrp.dat
c:\windows\jkfzs.dat
c:\windows\jqjpp.dat
c:\windows\jubjy.dat
c:\windows\jwtkl.dat
c:\windows\jydiq.dat
c:\windows\jyxmf.dat
c:\windows\jzlqe.dat
c:\windows\jzuup.dat
c:\windows\kbipn.dat
c:\windows\kceeq.dat
c:\windows\kdwit.dat
c:\windows\keggu.dat
c:\windows\kgezp.dat
c:\windows\klfpf.dat
c:\windows\klquf.dat
c:\windows\kosri.dat
c:\windows\ksyoz.dat
c:\windows\lfsgk.dat
c:\windows\lgqve.dat
c:\windows\liutw.dat
c:\windows\lohmo.dat
c:\windows\lqnmn.dat
c:\windows\ltkyc.dat
c:\windows\lzvji.dat
c:\windows\manuk.dat
c:\windows\ncaaw.dat
c:\windows\nessg.dat
c:\windows\nfdgl.dat
c:\windows\nfvaa.dat
c:\windows\ngbbj.dat
c:\windows\nsmym.dat
c:\windows\nyafe.dat
c:\windows\oaerz.dat
c:\windows\oemqu.dat
c:\windows\ojcrm.dat
c:\windows\omixo.dat
c:\windows\oqejb.dat
c:\windows\osqxp.dat
c:\windows\oykcy.dat
c:\windows\ozzkm.dat
c:\windows\patch.exe
c:\windows\pclob.dat
c:\windows\pfrdf.dat
c:\windows\pgcnd.dat
c:\windows\pghnp.dat
c:\windows\pknem.dat
c:\windows\pnrdj.dat
c:\windows\psleu.dat
c:\windows\pwbkv.dat
c:\windows\qfszi.dat
c:\windows\qhgns.dat
c:\windows\qiqdi.dat
c:\windows\qkgzm.dat
c:\windows\qmxgm.dat
c:\windows\qvnot.dat
c:\windows\qwlwz.dat
c:\windows\rjcxx.dat
c:\windows\rjffu.dat
c:\windows\rpuet.dat
c:\windows\rtklv.dat
c:\windows\rxbzu.dat
c:\windows\rxvmd.dat
c:\windows\sczln.dat
c:\windows\seahk.dat
c:\windows\slbam.dat
c:\windows\sledy.dat
c:\windows\sobpi.dat
c:\windows\srvms.dat
c:\windows\sxeyx.dat
c:\windows\system32\abuqu.dat
c:\windows\system32\addab32.dll
c:\windows\system32\addad32.dll
c:\windows\system32\addat32.dll
c:\windows\system32\addcn32.dll
c:\windows\system32\addfh32.dll
c:\windows\system32\addgm.dll
c:\windows\system32\addhj32.dll
c:\windows\system32\addij32.dll
c:\windows\system32\addjf32.dll
c:\windows\system32\addjp32.dll
c:\windows\system32\addkc.dll
c:\windows\system32\addmh32.dll
c:\windows\system32\addmz.dll
c:\windows\system32\addok32.dll
c:\windows\system32\addqs32.dll
c:\windows\system32\addtb32.dll
c:\windows\system32\addtd32.dll
c:\windows\system32\addtp.dll
c:\windows\system32\adduf32.dll
c:\windows\system32\addxb32.dll
c:\windows\system32\addxd32.dll
c:\windows\system32\addyq.dll
c:\windows\system32\aeydu.dat
c:\windows\system32\alzky.dat
c:\windows\system32\apiak.dll
c:\windows\system32\apibm.dll
c:\windows\system32\apiby.dll
c:\windows\system32\apicn.dll
c:\windows\system32\apidd.dll
c:\windows\system32\apidm.dll
c:\windows\system32\apieg32.dll
c:\windows\system32\apiey.dll
c:\windows\system32\apife32.dll
c:\windows\system32\apiff32.dll
c:\windows\system32\apike32.dll
c:\windows\system32\apikg32.dll
c:\windows\system32\apiko32.dll
c:\windows\system32\apila32.dll
c:\windows\system32\apils32.dll
c:\windows\system32\apimw32.dll
c:\windows\system32\apinr32.dll
c:\windows\system32\apipq.dll
c:\windows\system32\apiqd.dll
c:\windows\system32\apisa32.dll
c:\windows\system32\apist32.dll
c:\windows\system32\apitq.dll
c:\windows\system32\apitx32.dll
c:\windows\system32\apitz.dll
c:\windows\system32\apiuo32.dll
c:\windows\system32\apiut.dll
c:\windows\system32\apivc.dll
c:\windows\system32\apiwg.dll
c:\windows\system32\apixc32.dll
c:\windows\system32\apixj.dll
c:\windows\system32\apixk32.dll
c:\windows\system32\apiya.dll
c:\windows\system32\apiyu32.dll
c:\windows\system32\apizn.dll
c:\windows\system32\appbq32.dll
c:\windows\system32\appcm.dll
c:\windows\system32\appdg32.dll
c:\windows\system32\appej.dll
c:\windows\system32\appey.dll
c:\windows\system32\appfm.dll
c:\windows\system32\appfq32.dll
c:\windows\system32\apphy32.dll
c:\windows\system32\appim.dll
c:\windows\system32\appir32.dll
c:\windows\system32\appiu32.dll
c:\windows\system32\appjn32.dll
c:\windows\system32\appjy.dll
c:\windows\system32\appkl.dll
c:\windows\system32\apply32.dll
c:\windows\system32\appmk32.dll
c:\windows\system32\appms.dll
c:\windows\system32\appmw32.dll
c:\windows\system32\apppg32.dll
c:\windows\system32\apppr.dll
c:\windows\system32\appqa.dll
c:\windows\system32\appqn32.dll
c:\windows\system32\appsg32.dll
c:\windows\system32\appsz.dll
c:\windows\system32\apptu.dll
c:\windows\system32\appwz32.dll
c:\windows\system32\appyo32.dll
c:\windows\system32\appzs.dll
c:\windows\system32\atlaz32.dll
c:\windows\system32\atldf32.dll
c:\windows\system32\atlen.dll
c:\windows\system32\atlet.dll
c:\windows\system32\atlfa.dll
c:\windows\system32\atlfc.dll
c:\windows\system32\atlfr.dll
c:\windows\system32\atlgc32.dll
c:\windows\system32\atlhb32.dll
c:\windows\system32\atlhs32.dll
c:\windows\system32\atlic.dll
c:\windows\system32\atlij32.dll
c:\windows\system32\atljv32.dll
c:\windows\system32\atlkq32.dll
c:\windows\system32\atlkt.dll
c:\windows\system32\atllm.dll
c:\windows\system32\atlmg.dll
c:\windows\system32\atlmo32.dll
c:\windows\system32\atlph.dll
c:\windows\system32\atlqd.dll
c:\windows\system32\atlsd.dll
c:\windows\system32\atlsv.dll
c:\windows\system32\atlsx32.dll
c:\windows\system32\atlug.dll
c:\windows\system32\atluw.dll
c:\windows\system32\atlvr32.dll
c:\windows\system32\atlwc.dll
c:\windows\system32\atlwe32.dll
c:\windows\system32\atlxz32.dll
c:\windows\system32\atlye.dll
c:\windows\system32\atlyp32.dll
c:\windows\system32\atlzz.dll
c:\windows\system32\avzvs.dat
c:\windows\system32\bayqm.dat
c:\windows\system32\bbvvt.dat
c:\windows\system32\bkkdw.dat
c:\windows\system32\brjik.dat
c:\windows\system32\bukqc.dat
c:\windows\system32\byjnb.dat
c:\windows\system32\cgxzx.dat
c:\windows\system32\chfji.dat
c:\windows\system32\cjhgl.dat
c:\windows\system32\cmdex.dat
c:\windows\system32\codcg.dat
c:\windows\system32\cqlpr.dat
c:\windows\system32\craa32.dll
c:\windows\system32\crcu.dll
c:\windows\system32\crcv.dll
c:\windows\system32\crdm.dll
c:\windows\system32\creo.dll
c:\windows\system32\crep32.dll
c:\windows\system32\crgx.dll
c:\windows\system32\crhp32.dll
c:\windows\system32\crhz.dll
c:\windows\system32\crid32.dll
c:\windows\system32\crik.dll
c:\windows\system32\crimp.dat
c:\windows\system32\crjn32.dll
c:\windows\system32\crjq.dll
c:\windows\system32\crkb.dll
c:\windows\system32\crld32.dll
c:\windows\system32\crlo32.dll
c:\windows\system32\crlq.dll
c:\windows\system32\crlu.dll
c:\windows\system32\crlz32.dll
c:\windows\system32\crmc.dll
c:\windows\system32\crml32.dll
c:\windows\system32\crnc32.dll
c:\windows\system32\crnf32.dll
c:\windows\system32\crnj32.dll
c:\windows\system32\crov32.dll
c:\windows\system32\crqa32.dll
c:\windows\system32\crrf.dll
c:\windows\system32\crrf32.dll
c:\windows\system32\crsb32.dll
c:\windows\system32\crsi32.dll
c:\windows\system32\crsp32.dll
c:\windows\system32\crsy.dll
c:\windows\system32\crtq32.dll
c:\windows\system32\crvq.dll
c:\windows\system32\crwd.dll
c:\windows\system32\crwf32.dll
c:\windows\system32\crwl32.dll
c:\windows\system32\crwo.dll
c:\windows\system32\crwq.dll
c:\windows\system32\crzn.dll
c:\windows\system32\cwfuj.dat
c:\windows\system32\cwqql.dat
c:\windows\system32\d3al32.dll
c:\windows\system32\d3ap32.dll
c:\windows\system32\d3aq32.dll
c:\windows\system32\d3bl.dll
c:\windows\system32\d3cr32.dll
c:\windows\system32\d3fc.dll
c:\windows\system32\d3fq.dll
c:\windows\system32\d3hn32.dll
c:\windows\system32\d3ii.dll
c:\windows\system32\d3is.dll
c:\windows\system32\d3iz.dll
c:\windows\system32\d3js32.dll
c:\windows\system32\d3kd32.dll
c:\windows\system32\d3kq32.dll
c:\windows\system32\d3kw32.dll
c:\windows\system32\d3lj32.dll
c:\windows\system32\d3lu.dll
c:\windows\system32\d3lw.dll
c:\windows\system32\d3po.dll
c:\windows\system32\d3rd32.dll
c:\windows\system32\d3rj32.dll
c:\windows\system32\d3rz32.dll
c:\windows\system32\d3tj.dll
c:\windows\system32\d3un32.dll
c:\windows\system32\d3vj32.dll
c:\windows\system32\d3vw32.dll
c:\windows\system32\d3wd32.dll
c:\windows\system32\d3wi.dll
c:\windows\system32\d3wj.dll
c:\windows\system32\d3ws32.dll
c:\windows\system32\d3wt.dll
c:\windows\system32\d3zw32.dll
c:\windows\system32\dbnse.dat
c:\windows\system32\dsaiv.dat
c:\windows\system32\dyseh.dat
c:\windows\system32\edllg.dat
c:\windows\system32\ejizl.dat
c:\windows\system32\ekkxi.dat
c:\windows\system32\eppkt.dat
c:\windows\system32\exzau.dat
c:\windows\system32\fecip.dll
c:\windows\system32\feerf.dat
c:\windows\system32\fgntr.dat
c:\windows\system32\filct.dat
c:\windows\system32\fjtiv.dll
c:\windows\system32\fjxui.dat
c:\windows\system32\fmbfz.dat
c:\windows\system32\fqlud.dat
c:\windows\system32\fvliy.dat
c:\windows\system32\fzdke.dat
c:\windows\system32\gaybm.dat
c:\windows\system32\ginrk.dll
c:\windows\system32\gltje.dat
c:\windows\system32\gpmau.dat
c:\windows\system32\grcio.dat
c:\windows\system32\gtwyt.dat
c:\windows\system32\gwszs.dat
c:\windows\system32\gyyzx.dat
c:\windows\system32\harzf.dat
c:\windows\system32\hghtl.dat
c:\windows\system32\houhm.dat
c:\windows\system32\hqhtb.dat
c:\windows\system32\ieaz32.dll
c:\windows\system32\iecs.dll
c:\windows\system32\iegp.dll
c:\windows\system32\iehf32.dll
c:\windows\system32\ieij32.dll
c:\windows\system32\iejh.dll
c:\windows\system32\iejn32.dll
c:\windows\system32\iekh.dll
c:\windows\system32\ieog32.dll
c:\windows\system32\ieor32.dll
c:\windows\system32\ieou.dll
c:\windows\system32\iepy32.dll
c:\windows\system32\ieqa.dll
c:\windows\system32\iequ.dll
c:\windows\system32\iers32.dll
c:\windows\system32\iesv.dll
c:\windows\system32\iesw.dll
c:\windows\system32\ieug.dll
c:\windows\system32\ieuj32.dll
c:\windows\system32\ieum32.dll
c:\windows\system32\ievn32.dll
c:\windows\system32\ievx.dll
c:\windows\system32\ievz.dll
c:\windows\system32\ieyb32.dll
c:\windows\system32\ieyp32.dll
c:\windows\system32\ieyr32.dll
c:\windows\system32\iezx32.dll
c:\windows\system32\ipag.dll
c:\windows\system32\ipan32.dll
c:\windows\system32\ipap.dll
c:\windows\system32\ipbj.dll
c:\windows\system32\ipbm32.dll
c:\windows\system32\ipbq32.dll
c:\windows\system32\ipco32.dll
c:\windows\system32\ipdw32.dll
c:\windows\system32\ipefq.dat
c:\windows\system32\ipes32.dll
c:\windows\system32\ipgk.dll
c:\windows\system32\ipgr.dll
c:\windows\system32\ipgr32.dll
c:\windows\system32\ipgt.dll
c:\windows\system32\iphb.dll
c:\windows\system32\iphi32.dll
c:\windows\system32\iphq.dll
c:\windows\system32\iphx32.dll
c:\windows\system32\ipii.dll
c:\windows\system32\ipix32.dll
c:\windows\system32\ipjk.dll
c:\windows\system32\ipkc32.dll
c:\windows\system32\ipkl32.dll
c:\windows\system32\ipnk.dll
c:\windows\system32\ipos32.dll
c:\windows\system32\ippa.dll
c:\windows\system32\ippt32.dll
c:\windows\system32\ipqw32.dll
c:\windows\system32\iptx32.dll
c:\windows\system32\ipvj32.dll
c:\windows\system32\ipwa.dll
c:\windows\system32\ipwt.dll
c:\windows\system32\ipxt.dll
c:\windows\system32\ipxy.dll
c:\windows\system32\ipxz32.dll
c:\windows\system32\ipzd.dll
c:\windows\system32\ipzw32.dll
c:\windows\system32\iseme.dat
c:\windows\system32\islxq.dat
c:\windows\system32\jamzq.dat
c:\windows\system32\javacj32.dll
c:\windows\system32\javadq.dll
c:\windows\system32\javaee32.dll
c:\windows\system32\javafa32.dll
c:\windows\system32\javafx.dll
c:\windows\system32\javaiw32.dll
c:\windows\system32\javajf32.dll
c:\windows\system32\javakt32.dll
c:\windows\system32\javanb32.dll
c:\windows\system32\javanh32.dll
c:\windows\system32\javark.dll
c:\windows\system32\javart.dll
c:\windows\system32\javase32.dll
c:\windows\system32\javasi32.dll
c:\windows\system32\javata32.dll
c:\windows\system32\javatm.dll
c:\windows\system32\javavi32.dll
c:\windows\system32\javavq.dll
c:\windows\system32\javawv32.dll
c:\windows\system32\javayd32.dll
c:\windows\system32\javayq.dll
c:\windows\system32\javayy32.dll
c:\windows\system32\javayz.dll
c:\windows\system32\javazc.dll
c:\windows\system32\jkhth.dat
c:\windows\system32\jlicd.dll
c:\windows\system32\joyqp.dat
c:\windows\system32\jqmgg.dat
c:\windows\system32\jtfht.dat
c:\windows\system32\jvggo.dat
c:\windows\system32\jvscj.dat
c:\windows\system32\jyhkb.dat
c:\windows\system32\jzxfs.dat
c:\windows\system32\kawls.dat
c:\windows\system32\kbbln.dat
c:\windows\system32\kcthc.dat
c:\windows\system32\kdphd.dat
c:\windows\system32\khppt.dat
c:\windows\system32\kjyuw.dat
c:\windows\system32\kpjng.dat
c:\windows\system32\ksuvp.dat
c:\windows\system32\lbain.dat
c:\windows\system32\lfkai.dat
c:\windows\system32\lgadp.dat
c:\windows\system32\lkxzc.dat
c:\windows\system32\lmkmd.dat
c:\windows\system32\lotvg.dat
c:\windows\system32\lrxdl.dat
c:\windows\system32\lvsqz.dat
c:\windows\system32\lwvuq.dat
c:\windows\system32\mfcbc.dll
c:\windows\system32\mfcbs32.dll
c:\windows\system32\mfcdi.dll
c:\windows\system32\mfcdq32.dll
c:\windows\system32\mfcee.dll
c:\windows\system32\mfcek.dll
c:\windows\system32\mfcex.dll
c:\windows\system32\mfcgg32.dll
c:\windows\system32\mfcli32.dll
c:\windows\system32\mfclx32.dll
c:\windows\system32\mfcnl.dll
c:\windows\system32\mfcns.dll
c:\windows\system32\mfcnw32.dll
c:\windows\system32\mfcob32.dll
c:\windows\system32\mfcqs.dll
c:\windows\system32\mfcrd32.dll
c:\windows\system32\mfcsd.dll
c:\windows\system32\mfcsh32.dll
c:\windows\system32\mfcsl.dll
c:\windows\system32\mfcso.dll
c:\windows\system32\mfcsu.dll
c:\windows\system32\mfcsx.dll
c:\windows\system32\mfcte.dll
c:\windows\system32\mfctm.dll
c:\windows\system32\mfcto.dll
c:\windows\system32\mfcud32.dll
c:\windows\system32\mfcwv32.dll
c:\windows\system32\mfcxm.dll
c:\windows\system32\mfcya.dll
c:\windows\system32\mfcyi.dll
c:\windows\system32\mfcyz32.dll
c:\windows\system32\mfczx32.dll
c:\windows\system32\mhedp.dat
c:\windows\system32\mkdpn.dat
c:\windows\system32\mkpsq.dat
c:\windows\system32\mmlio.dat
c:\windows\system32\mnhuh.dat
c:\windows\system32\msar32.dll
c:\windows\system32\msch32.dll
c:\windows\system32\msdd.dll
c:\windows\system32\msdw32.dll
c:\windows\system32\mset32.dll
c:\windows\system32\msgv.dll
c:\windows\system32\msgz.dll
c:\windows\system32\mshf.dll
c:\windows\system32\msja32.dll
c:\windows\system32\msjl32.dll
c:\windows\system32\msjq32.dll
c:\windows\system32\msku32.dll
c:\windows\system32\mskv.dll
c:\windows\system32\msls32.dll
c:\windows\system32\mslz32.dll
c:\windows\system32\msno32.dll
c:\windows\system32\msny.dll
c:\windows\system32\msoe.dll
c:\windows\system32\msou32.dll
c:\windows\system32\msqa.dll
c:\windows\system32\msqf32.dll
c:\windows\system32\msrh32.dll
c:\windows\system32\msro32.dll
c:\windows\system32\msrs32.dll
c:\windows\system32\mstn.dll
c:\windows\system32\msuah.dat
c:\windows\system32\msvp.dll
c:\windows\system32\mswx.dll
c:\windows\system32\mswy32.dll
c:\windows\system32\msxk32.dll
c:\windows\system32\msza.dll
c:\windows\system32\mvwvy.dat
c:\windows\system32\netab32.dll
c:\windows\system32\netam.dll
c:\windows\system32\netar32.dll
c:\windows\system32\netbd.dll
c:\windows\system32\netbx.dll
c:\windows\system32\netcz32.dll
c:\windows\system32\netdj32.dll
c:\windows\system32\netds32.dll
c:\windows\system32\netdy.dll
c:\windows\system32\netef.dll
c:\windows\system32\neten.dll
c:\windows\system32\neteo.dll
c:\windows\system32\netfe32.dll
c:\windows\system32\netff32.dll
c:\windows\system32\netfh32.dll
c:\windows\system32\netgm32.dll
c:\windows\system32\netic32.dll
c:\windows\system32\netiu.dll
c:\windows\system32\netkk32.dll
c:\windows\system32\netlr32.dll
c:\windows\system32\netmh.dll
c:\windows\system32\netmk.dll
c:\windows\system32\netnt32.dll
c:\windows\system32\netoa.dll
c:\windows\system32\netox32.dll
c:\windows\system32\netpn32.dll
c:\windows\system32\netpv.dll
c:\windows\system32\netpy32.dll
c:\windows\system32\netqp32.dll
c:\windows\system32\netrh.dll
c:\windows\system32\nettf32.dll
c:\windows\system32\netuw32.dll
c:\windows\system32\netvh32.dll
c:\windows\system32\netvy32.dll
c:\windows\system32\netwc32.dll
c:\windows\system32\netww.dll
c:\windows\system32\netxx32.dll
c:\windows\system32\nfyte.dat
c:\windows\system32\nilaz.dat
c:\windows\system32\nkwla.dat
c:\windows\system32\nnwcd.dat
c:\windows\system32\nrjyj.dat
c:\windows\system32\nspqu.dat
c:\windows\system32\ntag.dll
c:\windows\system32\ntbp.dll
c:\windows\system32\ntbw32.dll
c:\windows\system32\ntec32.dll
c:\windows\system32\ntek32.dll
c:\windows\system32\nter32.dll
c:\windows\system32\ntfg32.dll
c:\windows\system32\ntfm32.dll
c:\windows\system32\ntfo32.dll
c:\windows\system32\ntfr32.dll
c:\windows\system32\ntgz.dll
c:\windows\system32\ntil.dll
c:\windows\system32\ntim32.dll
c:\windows\system32\ntjl32.dll
c:\windows\system32\ntjp32.dll
c:\windows\system32\ntli.dll
c:\windows\system32\ntlp.dll
c:\windows\system32\ntmj.dll
c:\windows\system32\ntmz32.dll
c:\windows\system32\ntnc.dll
c:\windows\system32\ntoq32.dll
c:\windows\system32\ntpv.dll
c:\windows\system32\ntqu.dll
c:\windows\system32\ntss32.dll
c:\windows\system32\nttb32.dll
c:\windows\system32\ntth.dll
c:\windows\system32\ntud.dll
c:\windows\system32\ntuf32.dll
c:\windows\system32\ntul.dll
c:\windows\system32\ntum32.dll
c:\windows\system32\ntur32.dll
c:\windows\system32\ntvo32.dll
c:\windows\system32\ntxa32.dll
c:\windows\system32\ntxs32.dll
c:\windows\system32\ntye32.dll
c:\windows\system32\ntyl32.dll
c:\windows\system32\ntys32.dll
c:\windows\system32\nurgw.dat
c:\windows\system32\nvfam.dat
c:\windows\system32\nvvus.dat
c:\windows\system32\nzynw.dat
c:\windows\system32\ofrcu.dat
c:\windows\system32\ohadp.dat
c:\windows\system32\olcyz.dat
c:\windows\system32\ooajz.dat
c:\windows\system32\oodps.dat
c:\windows\system32\ophqe.dat
c:\windows\system32\oxylk.dat
c:\windows\system32\oyrir.dat
c:\windows\system32\pbubf.dat
c:\windows\system32\poijj.dat
c:\windows\system32\pvlqs.dat
c:\windows\system32\pvoxy.dat
c:\windows\system32\pvvgl.dat
c:\windows\system32\pznek.dat
c:\windows\system32\qawib.dat
c:\windows\system32\qdoab.dat
c:\windows\system32\qjhni.dat
c:\windows\system32\qxnck.dat
c:\windows\system32\ragqm.dat
c:\windows\system32\rarhy.dat
c:\windows\system32\razpl.dat
c:\windows\system32\reidz.dat
c:\windows\system32\rkumr.dat
c:\windows\system32\rlpxw.dat
c:\windows\system32\rnfjl.dat
c:\windows\system32\rqlyt.dat
c:\windows\system32\rrifm.dat
c:\windows\system32\rtyhc.dat
c:\windows\system32\ryqdf.dat
c:\windows\system32\scclb.dat
c:\windows\system32\scjao.dat
c:\windows\system32\sdkaa32.dll
c:\windows\system32\sdkac32.dll
c:\windows\system32\sdkah.dll
c:\windows\system32\sdkbh32.dll
c:\windows\system32\sdkbj.dll
c:\windows\system32\sdkbz.dll
c:\windows\system32\sdkew32.dll
c:\windows\system32\sdkff32.dll
c:\windows\system32\sdkfh.dll
c:\windows\system32\sdkfi.dll
c:\windows\system32\sdkgb32.dll
c:\windows\system32\sdkgv32.dll
c:\windows\system32\sdkhy32.dll
c:\windows\system32\sdkin32.dll
c:\windows\system32\sdkiw.dll
c:\windows\system32\sdkkv.dll
c:\windows\system32\sdkky.dll
c:\windows\system32\sdklc.dll
c:\windows\system32\sdkme.dll
c:\windows\system32\sdkna32.dll
c:\windows\system32\sdkng32.dll
c:\windows\system32\sdknn32.dll
c:\windows\system32\sdkqs.dll
c:\windows\system32\sdkrs.dll
c:\windows\system32\sdkub32.dll
c:\windows\system32\sdkym32.dll
c:\windows\system32\sdkzv.dll
c:\windows\system32\sdkzv32.dll
c:\windows\system32\senkx.dat
c:\windows\system32\smgjz.dat
c:\windows\system32\splle.dat
c:\windows\system32\ssatm.dat
c:\windows\system32\stuib.dat
c:\windows\system32\suecp.dat
c:\windows\system32\sxqrz.dat
c:\windows\system32\sysad.dll
c:\windows\system32\sysan.dll
c:\windows\system32\sysan32.dll
c:\windows\system32\sysca.dll
c:\windows\system32\sysdu.dll
c:\windows\system32\sysdz.dll
c:\windows\system32\sysgo32.dll
c:\windows\system32\syshl.dll
c:\windows\system32\syshm.dll
c:\windows\system32\sysmg.dll
c:\windows\system32\sysne32.dll
c:\windows\system32\sysol32.dll
c:\windows\system32\syspv32.dll
c:\windows\system32\sysqb.dll
c:\windows\system32\sysrn32.dll
c:\windows\system32\syssd.dll
c:\windows\system32\syssf32.dll
c:\windows\system32\syssp32.dll
c:\windows\system32\systd.dll
c:\windows\system32\sysvg32.dll
c:\windows\system32\syswc32.dll
c:\windows\system32\syswp.dll
c:\windows\system32\sysxa.dll
c:\windows\system32\sysxf32.dll
c:\windows\system32\sysyj32.dll
c:\windows\system32\sysyt32.dll
c:\windows\system32\szcuu.dat
c:\windows\system32\tbeoi.dat
c:\windows\system32\teneq.dat
c:\windows\system32\tfadi.dat
c:\windows\system32\tklaz.dat
c:\windows\system32\tlbtz.dat
c:\windows\system32\tlnoi.dat
c:\windows\system32\tmp.reg
c:\windows\system32\twcbx.dat
c:\windows\system32\txqvd.dat
c:\windows\system32\tzdmc.dat
c:\windows\system32\ueblc.dat
c:\windows\system32\ugyol.dat
c:\windows\system32\ulmej.dat
c:\windows\system32\unirg.dat
c:\windows\system32\usedo.dat
c:\windows\system32\uvrzd.dat
c:\windows\system32\uyjqo.dat
c:\windows\system32\uzqlh.dat
c:\windows\system32\vbxla.dat
c:\windows\system32\vdkjg.dat
c:\windows\system32\vhvba.dat
c:\windows\system32\vnsxk.dat
c:\windows\system32\vtfib.dat
c:\windows\system32\waugv.dat
c:\windows\system32\wdtfa.dat
c:\windows\system32\wdydm.dat
c:\windows\system32\winaf32.dll
c:\windows\system32\wincr32.dll
c:\windows\system32\windz.dll
c:\windows\system32\winga.dll
c:\windows\system32\wingh.dll
c:\windows\system32\winjf32.dll
c:\windows\system32\winjm32.dll
c:\windows\system32\winka.dll
c:\windows\system32\winkb32.dll
c:\windows\system32\winmh32.dll
c:\windows\system32\winmx.dll
c:\windows\system32\winoe32.dll
c:\windows\system32\winoj32.dll
c:\windows\system32\winol.dll
c:\windows\system32\winop32.dll
c:\windows\system32\winou.dll
c:\windows\system32\winow32.dll
c:\windows\system32\winpm32.dll
c:\windows\system32\winql32.dll
c:\windows\system32\winsd32.dll
c:\windows\system32\winsu.dll
c:\windows\system32\wintv32.dll
c:\windows\system32\winuo32.dll
c:\windows\system32\winxa32.dll
c:\windows\system32\winxp32.dll
c:\windows\system32\winye32.dll
c:\windows\system32\winzo.dll
c:\windows\system32\wjnau.dat
c:\windows\system32\wpdyb.dat
c:\windows\system32\wqdhk.dll
c:\windows\system32\wtfob.dat
c:\windows\system32\wurkh.dat
c:\windows\system32\wyvnv.dat
c:\windows\system32\xlaby.dat
c:\windows\system32\xmvha.dat
c:\windows\system32\xontw.dat
c:\windows\system32\xtqnu.dat
c:\windows\system32\xybgm.dat
c:\windows\system32\ygegt.dat
c:\windows\system32\yhilb.dat
c:\windows\system32\yjpsa.dat
c:\windows\system32\yphpu.dat
c:\windows\system32\yqjmq.dat
c:\windows\system32\yymby.dat
c:\windows\system32\zckot.dat
c:\windows\system32\ziwtg.dat
c:\windows\system32\zlbvy.dat
c:\windows\system32\zloul.dat
c:\windows\system32\zvpjh.dat
c:\windows\system32\zxpeq.dat
c:\windows\system32\zzpgz.dat
c:\windows\szbwu.dat
c:\windows\tbuoc.dat
c:\windows\tdzmg.dat
c:\windows\thbgi.dat
c:\windows\thgww.dat
c:\windows\tikfn.dat
c:\windows\tjehm.dat
c:\windows\tkhdj.dat
c:\windows\tphad.dat
c:\windows\tqgnx.dat
c:\windows\tqlas.dat
c:\windows\trqqw.dat
c:\windows\trxag.dat
c:\windows\tsfzf.dat
c:\windows\twqcp.dat
c:\windows\twztk.dat
c:\windows\typqt.dat
c:\windows\uatnh.dat
c:\windows\ucksp.dat
c:\windows\ufkke.dat
c:\windows\ugmtc.dat
c:\windows\uppcs.dat
c:\windows\urfsk.dat
c:\windows\urngu.dat
c:\windows\utdww.dat
c:\windows\uvttd.dat
c:\windows\uysuf.dat
c:\windows\voaqu.dat
c:\windows\vpcbj.dat
c:\windows\vturz.dat
c:\windows\wdirn.dat
c:\windows\wghse.dat
c:\windows\wgwqn.dat
c:\windows\whmwr.dat
c:\windows\wmzxv.dat
c:\windows\wtuzx.dat
c:\windows\xhtya.dat
c:\windows\xmgxo.dat
c:\windows\xqjsu.dat
c:\windows\xrjro.dat
c:\windows\xvide.dat
c:\windows\xvtbl.dat
c:\windows\xwkcq.dat
c:\windows\ydatb.dat
c:\windows\ydnzz.dat
c:\windows\yepts.dat
c:\windows\ygsnz.dat
c:\windows\yhimr.dat
c:\windows\yjlyz.dat
c:\windows\ykuwa.dat
c:\windows\ymkeg.dat
c:\windows\ypkzt.dat
c:\windows\ytevh.dat
c:\windows\yublt.dat
c:\windows\ywmfe.dat
c:\windows\zkoyj.dat
c:\windows\zksmk.dat
c:\windows\zngls.dat
c:\windows\zrcze.dat
c:\windows\zspbi.dat
c:\windows\zuavo.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 16:08 . 2009-02-27 11:02 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-08-05 07:35 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.040\NAVEX15.SYS
2009-08-05 07:35 . 2009-02-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.040\NAVENG32.DLL
2009-08-05 07:35 . 2009-02-19 09:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.040\NAVEX32A.DLL
2009-08-05 07:35 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.040\NAVENG.SYS
2009-08-05 07:35 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.040\EECTRL.SYS
2009-08-05 07:35 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.040\CCERASER.DLL
2009-08-05 07:35 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.040\ERASER.SYS
2009-08-05 07:35 . 2008-12-10 04:34 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.040\ECMSVR32.DLL
2009-08-02 18:55 . 2009-08-02 18:55 -------- d-----w- c:\program files\Trend Micro
2009-07-30 22:16 . 2009-07-12 05:15 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 22:16 . 2009-07-12 05:15 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 22:16 . 2009-07-12 05:15 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-30 22:16 . 2009-07-12 05:15 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 22:16 . 2009-07-12 05:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 18:32 . 2009-08-02 18:54 -------- d-----w- C:\HJT
2009-07-15 01:31 . 2009-07-12 05:15 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-15 01:31 . 2009-07-12 05:15 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-15 01:31 . 2009-07-12 05:15 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-15 01:31 . 2009-07-12 05:15 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-15 01:31 . 2009-07-12 05:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-09 13:04 . 2009-07-09 13:04 -------- d-sh--w- c:\documents and settings\Jackie Rundel\IETldCache
2009-07-07 15:21 . 2009-07-07 15:21 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 22:00 . 2008-12-05 19:54 -------- d-----w- c:\program files\Norton Security Scan
2009-07-07 15:21 . 2009-05-30 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 17:09 . 2004-02-06 22:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 20:53 . 2006-10-25 15:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-02 16:56 . 2009-07-02 16:56 -------- d-----w- c:\program files\ESET
2009-07-01 17:21 . 2006-01-26 17:50 -------- d-----w- c:\program files\Spyware Doctor
2009-06-17 15:27 . 2009-05-30 18:42 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-05-30 18:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2008-10-31 12:56 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-10-31 12:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-10-31 12:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 18:18 . 2009-06-02 17:03 109142 ----a-w- c:\windows\hpoins08.dat
2002-07-26 21:02 . 2005-07-03 02:47 153088 ----a-w- c:\program files\UNWISE.EXE
2004-08-11 11:31 . 2004-08-11 11:31 3063 --sha-w- c:\windows\apcle.dat
2004-05-16 03:17 . 2004-05-16 03:17 906 --sha-w- c:\windows\appka32.dll
2004-08-13 15:43 . 2004-08-13 15:43 3063 --sha-w- c:\windows\apslh.dat
2004-08-17 03:54 . 2004-08-17 03:54 3063 --sha-w- c:\windows\aqrkq.dat
2004-08-01 21:20 . 2004-08-01 21:20 3063 --sha-w- c:\windows\arguc.dat
2004-08-08 08:32 . 2004-08-08 08:32 3063 --sha-w- c:\windows\atffr.dat
2004-08-28 11:16 . 2004-08-28 11:16 3063 --sha-w- c:\windows\avzab.dat
2004-08-24 05:59 . 2004-08-24 05:59 3063 --sha-w- c:\windows\aymxo.dat
2004-08-28 15:27 . 2004-08-28 15:27 0 --sha-w- c:\windows\bbrpw.dll
2004-08-24 02:14 . 2004-08-24 02:14 3063 --sha-w- c:\windows\bbyly.dat
2004-08-15 00:09 . 2004-08-15 00:09 2569 --sha-w- c:\windows\bdptb.dat
2004-08-25 19:47 . 2004-08-25 19:47 3063 --sha-w- c:\windows\bfgsv.dat
2004-11-11 11:04 . 2004-11-11 11:04 3362 --sha-w- c:\windows\bfhun.dat
2004-09-27 00:42 . 2004-09-27 00:42 3063 --sha-w- c:\windows\bskdf.dat
2004-08-07 04:56 . 2004-08-07 04:56 3063 --sha-w- c:\windows\bwiqz.dat
2004-08-16 20:31 . 2004-08-16 20:31 3063 --sha-w- c:\windows\cfklj.dat
2004-08-15 21:03 . 2004-08-15 21:03 3063 --sha-w- c:\windows\corzb.dat
2004-08-07 20:01 . 2004-08-07 20:01 3063 --sha-w- c:\windows\cozmo.dat
2004-08-11 06:24 . 2004-08-11 06:24 3063 --sha-w- c:\windows\cpvrm.dat
2004-08-15 02:27 . 2004-08-15 02:27 3063 --sha-w- c:\windows\deiyx.dat
2004-08-21 13:52 . 2004-08-21 13:52 3063 --sha-w- c:\windows\dmhom.dat
2004-08-17 09:16 . 2004-08-17 09:16 3063 --sha-w- c:\windows\dorvw.dat
2004-08-30 19:37 . 2004-08-30 19:37 0 --sha-w- c:\windows\dpdtj.dll
2004-08-03 16:49 . 2004-08-03 16:49 3063 --sha-w- c:\windows\dsrbi.dat
2004-08-13 12:44 . 2004-08-13 12:44 3063 --sha-w- c:\windows\dxach.dat
2004-08-08 08:57 . 2004-08-08 08:57 3063 --sha-w- c:\windows\dzcug.dat
2004-07-29 03:05 . 2004-07-29 03:05 3063 --sha-w- c:\windows\eepzo.dat
2004-08-01 06:30 . 2004-08-01 06:30 3063 --sha-w- c:\windows\efkcj.dat
2004-08-13 17:50 . 2004-08-13 17:50 3063 --sha-w- c:\windows\epqsq.dat
2004-08-04 11:25 . 2004-08-04 11:25 3063 --sha-w- c:\windows\eqyga.dat
2004-08-05 22:24 . 2004-08-05 22:24 3063 --sha-w- c:\windows\evskm.dat
2004-11-02 15:33 . 2004-11-02 15:33 3362 --sha-w- c:\windows\ewbvy.dat
2004-08-06 00:13 . 2004-08-06 00:13 3063 --sha-w- c:\windows\exejk.dat
2004-08-09 20:43 . 2004-08-09 20:43 3063 --sha-w- c:\windows\ezkmh.dat
2004-07-27 00:05 . 2004-07-27 00:05 3063 --sha-w- c:\windows\ffmie.dat
2004-08-03 06:51 . 2004-08-03 06:51 2569 --sha-w- c:\windows\fmudt.dat
2004-08-19 09:33 . 2004-08-19 09:33 3063 --sha-w- c:\windows\fqeav.dat
2004-07-31 17:51 . 2004-07-31 17:51 3063 --sha-w- c:\windows\fqwab.dat
2004-11-07 00:47 . 2004-11-07 00:47 3362 --sha-w- c:\windows\fzjvj.dat
2004-08-18 10:19 . 2004-08-18 10:19 3063 --sha-w- c:\windows\gibhd.dat
2004-08-13 11:39 . 2004-08-13 11:39 3063 --sha-w- c:\windows\gjnri.dat
2004-06-05 12:57 . 2004-06-05 12:57 3063 --sha-w- c:\windows\gpaho.dat
2004-09-25 22:17 . 2004-09-25 22:17 3063 --sha-w- c:\windows\gutig.dat
2004-08-15 22:18 . 2004-08-15 22:18 3063 --sha-w- c:\windows\hfhpp.dat
2004-08-26 06:50 . 2004-08-26 06:50 3063 --sha-w- c:\windows\hlctb.dat
2004-08-20 06:38 . 2004-08-20 06:38 3063 --sha-w- c:\windows\hrqdx.dat
2004-08-01 04:26 . 2004-08-01 04:26 3063 --sha-w- c:\windows\huwjq.dat
2004-08-12 22:01 . 2004-08-12 22:01 3063 --sha-w- c:\windows\hzyts.dat
2004-09-23 19:50 . 2004-09-23 19:50 3063 --sha-w- c:\windows\ietrj.dat
2004-09-07 12:20 . 2004-09-07 12:20 3063 --sha-w- c:\windows\igpdv.dat
2004-08-01 04:29 . 2004-08-01 04:29 3063 --sha-w- c:\windows\ikjtu.dat
2004-08-25 07:35 . 2004-08-25 07:35 3063 --sha-w- c:\windows\inqvz.dat
2004-08-20 10:01 . 2004-08-20 10:01 3063 --sha-w- c:\windows\ixpvb.dat
2004-08-29 06:02 . 2004-08-29 06:02 3063 --sha-w- c:\windows\izwli.dat
2004-06-04 13:18 . 2004-06-04 13:18 65573 --sha-w- c:\windows\javapu32.dll
2004-08-16 21:55 . 2004-08-16 21:55 3063 --sha-w- c:\windows\jcfji.dat
2004-08-13 00:17 . 2004-08-13 00:17 3063 --sha-w- c:\windows\jclbj.dat
2004-07-29 18:13 . 2004-07-29 18:13 3063 --sha-w- c:\windows\jkwra.dat
2004-08-21 21:22 . 2004-08-21 21:22 3063 --sha-w- c:\windows\joxcq.dat
2004-08-26 19:48 . 2004-08-26 19:48 3063 --sha-w- c:\windows\jsfrh.dat
2004-06-01 15:06 . 2004-06-01 15:06 3063 --sha-w- c:\windows\kcrpf.dat
2004-08-16 04:50 . 2004-08-16 04:50 3063 --sha-w- c:\windows\klgyl.dat
2004-05-26 19:27 . 2004-05-26 19:27 3063 --sha-w- c:\windows\kuleb.dat
2004-08-02 20:17 . 2004-08-02 20:17 3063 --sha-w- c:\windows\kvdto.dat
2003-08-02 14:12 . 2003-08-02 14:12 3063 --sha-w- c:\windows\lfscp.dat
2004-07-19 22:57 . 2004-07-19 22:57 3063 --sha-w- c:\windows\lnlav.dat
2004-08-03 13:44 . 2004-08-03 13:44 3063 --sha-w- c:\windows\lnyje.dat
2004-07-21 15:52 . 2004-07-21 15:52 3063 --sha-w- c:\windows\lpstr.dat
2004-05-27 14:04 . 2004-05-27 14:04 3063 --sha-w- c:\windows\lqoco.dat
2004-08-27 02:18 . 2004-08-27 02:18 3063 --sha-w- c:\windows\ltsgn.dat
2004-08-23 02:20 . 2004-08-23 02:20 3063 --sha-w- c:\windows\lxlgq.dat
2004-09-22 15:59 . 2004-09-22 15:59 3063 --sha-w- c:\windows\lzlnu.dat
2004-07-10 05:53 . 2004-07-10 05:53 3063 --sha-w- c:\windows\mavls.dat
2004-08-02 17:08 . 2004-08-02 17:08 3063 --sha-w- c:\windows\mbvvj.dat
2004-08-16 10:41 . 2004-08-16 10:41 3063 --sha-w- c:\windows\mccjw.dat
2004-08-23 21:19 . 2004-08-23 21:19 3063 --sha-w- c:\windows\mhbac.dat
2004-07-28 08:53 . 2004-07-28 08:53 3063 --sha-w- c:\windows\miist.dat
2004-08-09 13:46 . 2004-08-09 13:46 3063 --sha-w- c:\windows\mjjzo.dat
2004-08-11 19:06 . 2004-08-11 19:06 3063 --sha-w- c:\windows\mnayz.dat
2004-08-17 20:19 . 2004-08-17 20:19 3063 --sha-w- c:\windows\mvuqr.dat
2004-11-11 06:54 . 2004-11-11 06:54 3362 --sha-w- c:\windows\ngxgp.dat
2004-08-08 06:02 . 2004-08-08 06:02 3063 --sha-w- c:\windows\nnvre.dat
2004-08-05 17:07 . 2004-08-05 17:07 3063 --sha-w- c:\windows\noaez.dat
2004-08-03 16:34 . 2004-08-03 16:34 3063 --sha-w- c:\windows\noohw.dat
2004-11-23 01:18 . 2004-11-23 01:18 0 --sha-w- c:\windows\n_gqdvze.dat
2004-09-28 14:15 . 2004-09-28 14:15 65536 --sha-w- c:\windows\n_jocufm.dat
2005-01-19 23:06 . 2005-01-19 23:06 0 --sha-w- c:\windows\n_pchneg.dat
2004-11-13 16:38 . 2004-11-13 16:38 60386 --sha-w- c:\windows\n_thbbub.dat
2005-08-11 04:28 . 2005-08-11 04:28 0 --sha-w- c:\windows\n_wqnsxn.dat
2004-08-17 04:06 . 2004-08-17 04:06 3063 --sha-w- c:\windows\oeivl.dat
2004-08-03 20:14 . 2004-08-03 20:14 3063 --sha-w- c:\windows\okghx.dat
2004-05-26 22:54 . 2004-05-26 22:54 3063 --sha-w- c:\windows\okizq.dat
2004-08-03 15:34 . 2004-08-03 15:34 3063 --sha-w- c:\windows\oojme.dat
2004-08-11 09:56 . 2004-08-11 09:56 3063 --sha-w- c:\windows\oupsd.dat
2004-08-16 04:27 . 2004-08-16 04:27 3063 --sha-w- c:\windows\ozark.dat
2004-08-05 18:37 . 2004-08-05 18:37 3063 --sha-w- c:\windows\ozwth.dat
2004-09-11 23:35 . 2004-09-11 23:35 3063 --sha-w- c:\windows\pawkb.dat
2004-08-11 19:32 . 2004-08-11 19:32 3063 --sha-w- c:\windows\pblnp.dat
2004-07-25 10:01 . 2004-07-25 10:01 3063 --sha-w- c:\windows\pemjv.dat
2004-08-18 07:41 . 2004-08-18 07:41 3063 --sha-w- c:\windows\pgxsp.dat
2004-08-06 03:39 . 2004-08-06 03:39 3063 --sha-w- c:\windows\phhww.dat
2004-07-28 15:37 . 2004-07-28 15:37 3063 --sha-w- c:\windows\pjusl.dat
2004-08-26 11:08 . 2004-08-26 11:08 3063 --sha-w- c:\windows\pnudh.dat
2004-08-02 06:53 . 2004-08-02 06:53 3063 --sha-w- c:\windows\ppsqw.dat
2004-08-28 03:19 . 2004-08-28 03:19 3063 --sha-w- c:\windows\psfeb.dat
2004-08-18 11:51 . 2004-08-18 11:51 3063 --sha-w- c:\windows\pwjgj.dat
2004-08-26 00:10 . 2004-08-26 00:10 3063 --sha-w- c:\windows\pzikk.dat
2004-08-06 02:51 . 2004-08-06 02:51 3063 --sha-w- c:\windows\qmcjx.dat
2004-08-16 17:31 . 2004-08-16 17:31 3063 --sha-w- c:\windows\qncge.dat
2004-10-05 12:36 . 2004-10-05 12:36 3063 --sha-w- c:\windows\qtibo.dat
2004-08-24 16:06 . 2004-08-24 16:06 3063 --sha-w- c:\windows\qyzeh.dat
2004-08-08 21:44 . 2004-08-08 21:44 3063 --sha-w- c:\windows\rhyqe.dat
2004-08-01 03:48 . 2004-08-01 03:48 3063 --sha-w- c:\windows\roxzc.dat
2004-08-14 02:01 . 2004-08-14 02:01 3063 --sha-w- c:\windows\rqvle.dat
2004-08-26 19:15 . 2004-08-26 19:15 3063 --sha-w- c:\windows\rrwxh.dat
2004-08-23 17:51 . 2004-08-23 17:51 3063 --sha-w- c:\windows\ruzis.dat
2004-09-21 10:33 . 2004-09-21 10:33 3063 --sha-w- c:\windows\ryouy.dat
2004-08-02 13:46 . 2004-08-02 13:46 3063 --sha-w- c:\windows\scrmd.dat
2004-06-29 23:21 . 2004-06-29 23:21 3063 --sha-w- c:\windows\smeym.dat
2004-08-21 05:39 . 2004-08-21 05:39 3063 --sha-w- c:\windows\suksv.dat
2004-08-02 12:24 . 2004-08-02 12:24 3063 --sha-w- c:\windows\szzkh.dat
2004-08-18 06:44 . 2004-08-18 06:44 3063 --sha-w- c:\windows\tfanv.dat
2004-08-08 17:43 . 2004-08-08 17:43 3063 --sha-w- c:\windows\tlqvr.dat
2004-05-22 06:22 . 2004-05-22 06:22 3063 --sha-w- c:\windows\ttoky.dat
2004-06-04 16:15 . 2004-06-04 16:15 3063 --sha-w- c:\windows\tvelj.dat
2004-08-04 18:57 . 2004-08-04 18:57 3063 --sha-w- c:\windows\tvhrb.dat
2004-08-08 19:44 . 2004-08-08 19:44 0 --sha-w- c:\windows\tygja.dat
2004-08-05 18:20 . 2004-08-05 18:20 3063 --sha-w- c:\windows\ubqul.dat
2004-11-11 14:27 . 2004-11-11 14:27 3362 --sha-w- c:\windows\udkpz.dat
2004-09-12 03:42 . 2004-09-12 03:42 3063 --sha-w- c:\windows\untkp.dat
2004-08-05 13:17 . 2004-08-05 13:17 3063 --sha-w- c:\windows\uzfog.dat
2004-06-10 18:31 . 2004-06-10 18:31 3063 --sha-w- c:\windows\vbkcz.dat
2004-08-12 17:43 . 2004-08-12 17:43 3063 --sha-w- c:\windows\vdode.dat
2004-08-25 10:28 . 2004-08-25 10:28 3063 --sha-w- c:\windows\vecan.dat
2004-11-01 06:56 . 2004-11-01 06:56 3362 --sha-w- c:\windows\vmjrp.dat
2004-08-25 06:30 . 2004-08-25 06:30 3063 --sha-w- c:\windows\vmtkh.dat
2004-08-13 06:58 . 2004-08-13 06:58 3063 --sha-w- c:\windows\vovpc.dat
2004-08-16 09:46 . 2004-08-16 09:46 3063 --sha-w- c:\windows\vqlnt.dat
2004-08-19 18:49 . 2004-08-19 18:49 3063 --sha-w- c:\windows\vsaau.dat
2004-08-02 19:22 . 2004-08-02 19:22 3063 --sha-w- c:\windows\vsntm.dat
2004-08-28 04:14 . 2004-08-28 04:14 3063 --sha-w- c:\windows\waflh.dat
2004-08-07 23:08 . 2004-08-07 23:08 3063 --sha-w- c:\windows\waqyq.dat
2004-10-09 02:52 . 2004-10-09 02:52 3063 --sha-w- c:\windows\wdqwc.dat
2004-07-29 12:15 . 2004-07-29 12:15 3063 --sha-w- c:\windows\wgmaj.dat
2004-08-14 16:04 . 2004-08-14 16:04 3063 --sha-w- c:\windows\wkbsd.dat
2004-08-06 14:57 . 2004-08-06 14:57 3063 --sha-w- c:\windows\wluod.dat
2004-07-28 19:12 . 2004-07-28 19:12 3063 --sha-w- c:\windows\wmmgj.dat
2004-08-08 20:29 . 2004-08-08 20:29 3063 --sha-w- c:\windows\wmtnv.dat
2004-08-25 03:57 . 2004-08-25 03:57 3063 --sha-w- c:\windows\wnncm.dat
2004-08-09 02:14 . 2004-08-09 02:14 3063 --sha-w- c:\windows\wnogt.dat
2004-08-18 17:16 . 2004-08-18 17:16 3063 --sha-w- c:\windows\woofj.dat
2004-08-09 21:26 . 2004-08-09 21:26 3063 --sha-w- c:\windows\wsjzf.dat
2005-01-22 10:54 . 2005-01-22 10:54 3547 --sha-w- c:\windows\wstle.dat
2004-08-21 18:20 . 2004-08-21 18:20 3063 --sha-w- c:\windows\wudnp.dat
2004-08-10 03:04 . 2004-08-10 03:04 3063 --sha-w- c:\windows\wugdl.dat
2004-08-24 02:08 . 2004-08-24 02:08 3063 --sha-w- c:\windows\wwozz.dat
2004-08-01 15:52 . 2004-08-01 15:52 3063 --sha-w- c:\windows\wykwr.dat
2004-06-07 23:07 . 2004-06-07 23:07 3063 --sha-w- c:\windows\xenew.dat
2004-08-16 23:48 . 2004-08-16 23:48 3063 --sha-w- c:\windows\xhwck.dat
2004-07-31 03:25 . 2004-07-31 03:25 3063 --sha-w- c:\windows\xndqi.dat
2004-07-28 04:06 . 2004-07-28 04:06 3063 --sha-w- c:\windows\xvqcq.dat
2004-08-10 08:31 . 2004-08-10 08:31 3063 --sha-w- c:\windows\ycdut.dat
2004-08-26 06:45 . 2004-08-26 06:45 3063 --sha-w- c:\windows\ygnod.dat
2004-08-27 18:10 . 2004-08-27 18:10 3063 --sha-w- c:\windows\yhjhi.dat
2004-08-01 17:38 . 2004-08-01 17:38 3063 --sha-w- c:\windows\yhxpw.dat
2004-08-27 23:44 . 2004-08-27 23:44 3063 --sha-w- c:\windows\ylbkg.dat
2004-08-25 05:58 . 2004-08-25 05:58 3063 --sha-w- c:\windows\yunky.dat
2004-08-16 16:13 . 2004-08-16 16:13 3063 --sha-w- c:\windows\yzibi.dat
2004-08-23 15:57 . 2004-08-23 15:57 3063 --sha-w- c:\windows\zdtda.dat
2004-08-14 02:37 . 2004-08-14 02:37 3063 --sha-w- c:\windows\zgiap.dat
2004-05-24 20:17 . 2004-05-24 20:17 3063 --sha-w- c:\windows\zkfrc.dat
2004-08-27 16:36 . 2004-08-27 16:36 3063 --sha-w- c:\windows\zmygd.dat
2004-10-12 19:47 . 2004-10-12 19:47 3063 --sha-w- c:\windows\zpsxu.dat
2004-08-28 17:41 . 2004-08-28 17:41 3063 --sha-w- c:\windows\zwfph.dat
2004-07-31 18:54 . 2004-07-31 18:54 3063 --sha-w- c:\windows\zynpq.dat
2004-08-14 19:24 . 2004-08-14 19:24 3063 --sha-w- c:\windows\system32\aayah.dat
2004-08-03 05:28 . 2004-08-03 05:28 3063 --sha-w- c:\windows\system32\ababb.dat
2004-08-26 03:29 . 2004-08-26 03:29 3063 --sha-w- c:\windows\system32\aegna.dat
2004-08-13 07:35 . 2004-08-13 07:35 3063 --sha-w- c:\windows\system32\ahxmz.dat
2004-08-03 23:35 . 2004-08-03 23:35 3063 --sha-w- c:\windows\system32\ajnyk.dat
2004-10-21 16:56 . 2004-10-21 16:56 3362 --sha-w- c:\windows\system32\akapq.dat
2004-08-05 02:13 . 2004-08-05 02:13 3063 --sha-w- c:\windows\system32\aksea.dat
2004-08-07 09:37 . 2004-08-07 09:37 3063 --sha-w- c:\windows\system32\amhkn.dat
2005-01-12 18:29 . 2005-01-12 18:29 11592 --sha-w- c:\windows\system32\bdamn.dat
2004-08-02 09:54 . 2004-08-02 09:54 3063 --sha-w- c:\windows\system32\bgeti.dat
2004-08-04 22:13 . 2004-08-04 22:13 3063 --sha-w- c:\windows\system32\bgifq.dat
2004-08-11 07:36 . 2004-08-11 07:36 3063 --sha-w- c:\windows\system32\biarb.dat
2004-08-19 03:51 . 2004-08-19 03:51 3063 --sha-w- c:\windows\system32\bjwhp.dat
2004-09-30 23:55 . 2004-09-30 23:55 3063 --sha-w- c:\windows\system32\bmraa.dat
2004-07-29 13:53 . 2004-07-29 13:53 3063 --sha-w- c:\windows\system32\bmzqe.dat
2004-08-15 04:05 . 2004-08-15 04:05 3063 --sha-w- c:\windows\system32\brqsg.dat
2004-08-25 18:37 . 2004-08-25 18:37 3063 --sha-w- c:\windows\system32\bzyoa.dat
2004-05-29 21:51 . 2004-05-29 21:51 3063 --sha-w- c:\windows\system32\camhy.dat
2004-08-30 08:55 . 2004-08-30 08:55 3063 --sha-w- c:\windows\system32\cevob.dat
2004-07-31 11:16 . 2004-07-31 11:16 3063 --sha-w- c:\windows\system32\cgrxt.dat
2004-08-19 11:57 . 2004-08-19 11:57 3063 --sha-w- c:\windows\system32\cieon.dat
2004-05-23 13:31 . 2004-05-23 13:31 3063 --sha-w- c:\windows\system32\codtl.dat
2004-08-21 12:45 . 2004-08-21 12:45 3063 --sha-w- c:\windows\system32\cqhdi.dat
2004-08-25 05:40 . 2004-08-25 05:40 3063 --sha-w- c:\windows\system32\cskeo.dat
2004-06-12 13:27 . 2004-06-12 13:27 3063 --sha-w- c:\windows\system32\cvquf.dat
2004-08-15 04:21 . 2004-08-15 04:21 3063 --sha-w- c:\windows\system32\cyvfs.dat
2004-09-10 10:40 . 2004-09-10 10:40 3063 --sha-w- c:\windows\system32\dgicu.dat
2004-08-01 08:04 . 2004-08-01 08:04 3063 --sha-w- c:\windows\system32\djhcy.dat
2004-08-11 11:12 . 2004-08-11 11:12 3063 --sha-w- c:\windows\system32\dkdic.dat
2004-08-05 10:05 . 2004-08-05 10:05 3063 --sha-w- c:\windows\system32\dqxwu.dat
2004-08-24 20:27 . 2004-08-24 20:27 3063 --sha-w- c:\windows\system32\dtrux.dat
2004-08-12 14:42 . 2004-08-12 14:42 3063 --sha-w- c:\windows\system32\ducpo.dat
2004-08-11 00:16 . 2004-08-11 00:16 3063 --sha-w- c:\windows\system32\dvchs.dat
2004-08-05 04:59 . 2004-08-05 04:59 3063 --sha-w- c:\windows\system32\ecmpv.dat
2004-08-23 03:48 . 2004-08-23 03:48 3063 --sha-w- c:\windows\system32\eeqvr.dat
2004-08-16 09:44 . 2004-08-16 09:44 3063 --sha-w- c:\windows\system32\egsyx.dat
2004-08-18 21:13 . 2004-08-18 21:13 3063 --sha-w- c:\windows\system32\eibuu.dat
2004-08-22 13:02 . 2004-08-22 13:02 3063 --sha-w- c:\windows\system32\einul.dat
2004-08-11 01:47 . 2004-08-11 01:47 3063 --sha-w- c:\windows\system32\ejlez.dat
2004-07-22 21:54 . 2004-07-22 21:54 3063 --sha-w- c:\windows\system32\embff.dat
2004-11-05 17:39 . 2004-11-05 17:39 3362 --sha-w- c:\windows\system32\esdsg.dat
2004-06-08 10:15 . 2004-06-08 10:15 3063 --sha-w- c:\windows\system32\eyija.dat
2004-08-12 02:48 . 2004-08-12 02:48 3063 --sha-w- c:\windows\system32\ezplw.dat
2004-08-03 11:08 . 2004-08-03 11:08 3063 --sha-w- c:\windows\system32\fgktv.dat
2004-08-08 03:58 . 2004-08-08 03:58 3063 --sha-w- c:\windows\system32\flrwg.dat
2004-08-09 01:51 . 2004-08-09 01:51 3063 --sha-w- c:\windows\system32\flvis.dat
2004-07-31 21:53 . 2004-07-31 21:53 3063 --sha-w- c:\windows\system32\fqlxz.dat
2004-10-04 04:11 . 2004-10-04 04:11 3063 --sha-w- c:\windows\system32\fxlrb.dat
2004-08-28 10:09 . 2004-08-28 10:09 3063 --sha-w- c:\windows\system32\fzjan.dat
2004-08-22 19:08 . 2004-08-22 19:08 3063 --sha-w- c:\windows\system32\gbhbn.dat
2004-08-16 20:58 . 2004-08-16 20:58 3063 --sha-w- c:\windows\system32\gfgxj.dat
2004-08-01 12:56 . 2004-08-01 12:56 3063 --sha-w- c:\windows\system32\gfqfm.dat
2004-06-18 06:37 . 2004-06-18 06:37 3063 --sha-w- c:\windows\system32\gitgu.dat
2004-08-07 18:26 . 2004-08-07 18:26 3063 --sha-w- c:\windows\system32\gjyxt.dat
2004-08-10 23:58 . 2004-08-10 23:58 3063 --sha-w- c:\windows\system32\gkzhr.dat
2004-09-20 16:52 . 2004-09-20 16:52 3063 --sha-w- c:\windows\system32\gruuw.dat
2004-08-17 23:01 . 2004-08-17 23:01 3063 --sha-w- c:\windows\system32\gtnth.dat
2004-08-21 19:38 . 2004-08-21 19:38 3063 --sha-w- c:\windows\system32\gutom.dat
2004-08-07 06:34 . 2004-08-07 06:34 3063 --sha-w- c:\windows\system32\gwxmd.dat
2004-08-18 08:04 . 2004-08-18 08:04 3063 --sha-w- c:\windows\system32\hbtjr.dat
2004-09-25 18:57 . 2004-09-25 18:57 3063 --sha-w- c:\windows\system32\hmbla.dat
2004-08-18 20:45 . 2004-08-18 20:45 3063 --sha-w- c:\windows\system32\ieezz.dat
2004-08-16 14:31 . 2004-08-16 14:31 3063 --sha-w- c:\windows\system32\irgfa.dat
2004-08-12 07:21 . 2004-08-12 07:21 3063 --sha-w- c:\windows\system32\irnhi.dat
2004-12-28 14:04 . 2004-12-28 14:04 4402 --sha-w- c:\windows\system32\isdia.dat
2004-08-12 12:25 . 2004-08-12 12:25 3063 --sha-w- c:\windows\system32\isvkf.dat
2004-08-16 13:14 . 2004-08-16 13:14 3063 --sha-w- c:\windows\system32\iueui.dat
2004-08-13 22:51 . 2004-08-13 22:51 3063 --sha-w- c:\windows\system32\ixdlb.dat
2004-07-23 22:41 . 2004-07-23 22:41 3063 --sha-w- c:\windows\system32\jignf.dat
2004-08-11 18:59 . 2004-08-11 18:59 3063 --sha-w- c:\windows\system32\jjbhr.dat
2004-08-20 04:23 . 2004-08-20 04:23 3063 --sha-w- c:\windows\system32\jjsxj.dat
2004-08-18 17:39 . 2004-08-18 17:39 3063 --sha-w- c:\windows\system32\jmnvg.dat
2004-08-17 08:58 . 2004-08-17 08:58 3063 --sha-w- c:\windows\system32\jnukc.dat
2004-07-25 15:57 . 2004-07-25 15:57 3063 --sha-w- c:\windows\system32\joikh.dat
2004-07-27 11:04 . 2004-07-27 11:04 3063 --sha-w- c:\windows\system32\joojt.dat
2004-08-05 23:49 . 2004-08-05 23:49 3063 --sha-w- c:\windows\system32\jrjhq.dat
2004-07-27 19:15 . 2004-07-27 19:15 3063 --sha-w- c:\windows\system32\jwepw.dat
2004-08-09 12:32 . 2004-08-09 12:32 3063 --sha-w- c:\windows\system32\kbbcb.dat
2004-08-28 02:18 . 2004-08-28 02:18 3063 --sha-w- c:\windows\system32\kbgnn.dat
2004-12-24 05:49 . 2004-12-24 05:49 4402 --sha-w- c:\windows\system32\kcuuy.dat
2004-08-04 02:12 . 2004-08-04 02:12 3063 --sha-w- c:\windows\system32\kqfey.dat
2004-08-18 14:40 . 2004-08-18 14:40 3063 --sha-w- c:\windows\system32\kqoha.dat
2004-09-11 21:29 . 2004-09-11 21:29 3063 --sha-w- c:\windows\system32\kqpkh.dat
2004-08-07 19:58 . 2004-08-07 19:58 3063 --sha-w- c:\windows\system32\ktvwm.dat
2004-08-03 07:10 . 2004-08-03 07:10 3063 --sha-w- c:\windows\system32\kvziv.dat
2004-06-04 16:26 . 2004-06-04 16:26 3063 --sha-w- c:\windows\system32\kxltx.dat
2005-01-18 03:02 . 2005-01-18 03:02 11592 --sha-w- c:\windows\system32\kywxl.dat
2004-08-27 02:34 . 2004-08-27 02:34 3063 --sha-w- c:\windows\system32\laxtz.dat
2004-11-15 18:01 . 2004-11-15 18:01 3362 --sha-w- c:\windows\system32\lfocl.dat
2004-07-31 16:03 . 2004-07-31 16:03 3063 --sha-w- c:\windows\system32\lfxah.dat
2004-05-23 10:33 . 2004-05-23 10:33 2814 --sha-w- c:\windows\system32\lnhzc.dat
2004-08-03 02:28 . 2004-08-03 02:28 3063 --sha-w- c:\windows\system32\lptoi.dat
2004-07-29 18:40 . 2004-07-29 18:40 3063 --sha-w- c:\windows\system32\luiqt.dat
2004-08-19 18:53 . 2004-08-19 18:53 3063 --sha-w- c:\windows\system32\lzfng.dat
2005-01-13 18:40 . 2005-01-13 18:40 11592 --sha-w- c:\windows\system32\manji.dat
2004-08-20 22:29 . 2004-08-20 22:29 3063 --sha-w- c:\windows\system32\mbjtg.dat
2004-05-21 18:42 . 2004-05-21 18:42 3063 --sha-w- c:\windows\system32\mhnvd.dat
2004-08-27 17:54 . 2004-08-27 17:54 3063 --sha-w- c:\windows\system32\mjeby.dat
2004-09-26 07:57 . 2004-09-26 07:57 3063 --sha-w- c:\windows\system32\mmbli.dat
2004-08-18 03:08 . 2004-08-18 03:08 3063 --sha-w- c:\windows\system32\mpiqb.dat
2004-08-25 12:25 . 2004-08-25 12:25 3063 --sha-w- c:\windows\system32\mpmgo.dat
2004-08-13 08:34 . 2004-08-13 08:34 3063 --sha-w- c:\windows\system32\mqnim.dat
2004-07-30 00:12 . 2004-07-30 00:12 65731 --sha-w- c:\windows\system32\msoi.dll
2004-07-29 00:40 . 2004-07-29 00:40 3063 --sha-w- c:\windows\system32\mulqd.dat
2005-01-14 17:35 . 2005-01-14 17:35 11592 --sha-w- c:\windows\system32\myaas.dat
2004-08-24 11:33 . 2004-08-24 11:33 3063 --sha-w- c:\windows\system32\ngtdo.dat
2004-08-20 23:36 . 2004-08-20 23:36 3063 --sha-w- c:\windows\system32\nkrle.dat
2004-08-12 22:30 . 2004-08-12 22:30 3063 --sha-w- c:\windows\system32\nufvb.dat
2004-08-18 16:34 . 2004-08-18 16:34 3063 --sha-w- c:\windows\system32\nuhsp.dat
2004-08-01 19:27 . 2004-08-01 19:27 3063 --sha-w- c:\windows\system32\nybzy.dat
2004-08-11 15:55 . 2004-08-11 15:55 3063 --sha-w- c:\windows\system32\nzhvf.dat
2004-06-04 16:47 . 2004-06-04 16:47 3063 --sha-w- c:\windows\system32\oaagv.dat
2004-09-16 23:36 . 2004-09-16 23:36 3063 --sha-w- c:\windows\system32\odlfw.dat
2004-06-03 23:03 . 2004-06-03 23:03 3063 --sha-w- c:\windows\system32\odoij.dat
2004-07-30 07:27 . 2004-07-30 07:27 3063 --sha-w- c:\windows\system32\odtum.dat
2004-07-31 13:40 . 2004-07-31 13:40 3063 --sha-w- c:\windows\system32\odxtm.dat
2004-08-13 01:27 . 2004-08-13 01:27 3063 --sha-w- c:\windows\system32\onlfr.dat
2004-08-15 07:18 . 2004-08-15 07:18 3063 --sha-w- c:\windows\system32\oosaq.dat
2004-06-11 10:18 . 2004-06-11 10:18 3063 --sha-w- c:\windows\system32\orcfg.dat
2004-08-25 22:26 . 2004-08-25 22:26 3063 --sha-w- c:\windows\system32\otvzj.dat
2004-06-11 19:32 . 2004-06-11 19:32 3063 --sha-w- c:\windows\system32\ovdwx.dat
2004-08-07 07:49 . 2004-08-07 07:49 3063 --sha-w- c:\windows\system32\ovfyi.dat
2004-05-20 09:42 . 2004-05-20 09:42 3063 --sha-w- c:\windows\system32\oyfqv.dat
2004-08-19 02:31 . 2004-08-19 02:31 3063 --sha-w- c:\windows\system32\pdbtk.dat
2004-08-07 10:37 . 2004-08-07 10:37 3063 --sha-w- c:\windows\system32\pdybx.dat
2004-08-12 17:17 . 2004-08-12 17:17 3063 --sha-w- c:\windows\system32\pkhsv.dat
2004-08-28 21:31 . 2004-08-28 21:31 3063 --sha-w- c:\windows\system32\ppcfn.dat
2004-08-03 21:58 . 2004-08-03 21:58 3063 --sha-w- c:\windows\system32\pqttp.dat
2004-08-17 18:14 . 2004-08-17 18:14 3063 --sha-w- c:\windows\system32\puprt.dat
2004-10-20 02:53 . 2004-10-20 02:53 3362 --sha-w- c:\windows\system32\pvtva.dat
2004-08-26 07:23 . 2004-08-26 07:23 3063 --sha-w- c:\windows\system32\pzgpe.dat
2005-01-11 13:58 . 2005-01-11 13:58 4402 --sha-w- c:\windows\system32\qbrfx.dat
2004-09-15 20:16 . 2004-09-15 20:16 3063 --sha-w- c:\windows\system32\qdxum.dat
2004-08-01 10:15 . 2004-08-01 10:15 3063 --sha-w- c:\windows\system32\qkgjl.dat
2004-08-27 17:30 . 2004-08-27 17:30 3063 --sha-w- c:\windows\system32\qmfxn.dat
2004-12-26 07:35 . 2004-12-26 07:35 4402 --sha-w- c:\windows\system32\qpnhm.dat
2004-08-07 07:15 . 2004-08-07 07:15 3063 --sha-w- c:\windows\system32\qrtcx.dat
2004-08-22 23:39 . 2004-08-22 23:39 3063 --sha-w- c:\windows\system32\qtgzt.dat
2004-08-26 03:39 . 2004-08-26 03:39 3063 --sha-w- c:\windows\system32\qutco.dat
2004-08-16 08:09 . 2004-08-16 08:09 3063 --sha-w- c:\windows\system32\rgtnj.dat
2005-01-18 20:25 . 2005-01-18 20:25 11592 --sha-w- c:\windows\system32\rgtow.dat
2004-12-28 16:39 . 2004-12-28 16:39 11592 --sha-w- c:\windows\system32\riacz.dat
2004-08-21 20:07 . 2004-08-21 20:07 3063 --sha-w- c:\windows\system32\rpfjl.dat
2004-08-08 11:33 . 2004-08-08 11:33 3063 --sha-w- c:\windows\system32\rspjt.dat
2004-06-03 11:48 . 2004-06-03 11:48 3063 --sha-w- c:\windows\system32\rvkzx.dat
2004-08-17 02:10 . 2004-08-17 02:10 3063 --sha-w- c:\windows\system32\rxhca.dat
2004-08-15 12:03 . 2004-08-15 12:03 3063 --sha-w- c:\windows\system32\skecv.dat
2004-08-17 00:55 . 2004-08-17 00:55 3063 --sha-w- c:\windows\system32\sknuy.dat
2004-07-26 06:57 . 2004-07-26 06:57 3063 --sha-w- c:\windows\system32\skqye.dat
2004-09-25 10:37 . 2004-09-25 10:37 3063 --sha-w- c:\windows\system32\svqlo.dat
2004-08-09 05:49 . 2004-08-09 05:49 3063 --sha-w- c:\windows\system32\svwyh.dat
2004-05-03 05:16 . 2004-05-03 05:16 898 --sha-w- c:\windows\system32\sysdo.dll
2005-01-23 10:21 . 2005-01-23 10:21 11592 --sha-w- c:\windows\system32\taptz.dat
2004-08-12 03:14 . 2004-08-12 03:14 3063 --sha-w- c:\windows\system32\tbjlv.dat
2004-08-23 14:22 . 2004-08-23 14:22 3063 --sha-w- c:\windows\system32\tfbar.dat
2004-08-26 11:41 . 2004-08-26 11:41 3063 --sha-w- c:\windows\system32\tjqzt.dat
2004-08-27 17:07 . 2004-08-27 17:07 3063 --sha-w- c:\windows\system32\tnrgz.dat
2004-08-24 17:16 . 2004-08-24 17:16 3063 --sha-w- c:\windows\system32\trdmb.dat
2004-08-22 09:40 . 2004-08-22 09:40 3063 --sha-w- c:\windows\system32\ttnpo.dat
2004-08-04 20:20 . 2004-08-04 20:20 3063 --sha-w- c:\windows\system32\ttwsp.dat
2004-06-12 16:39 . 2004-06-12 16:39 3063 --sha-w- c:\windows\system32\tvpyw.dat
2004-08-18 13:17 . 2004-08-18 13:17 3063 --sha-w- c:\windows\system32\twuzy.dat
2004-08-26 03:41 . 2004-08-26 03:41 3063 --sha-w- c:\windows\system32\tyjst.dat
2004-08-13 09:21 . 2004-08-13 09:21 3063 --sha-w- c:\windows\system32\uhnnt.dat
2003-08-06 04:25 . 2003-08-06 04:25 3063 --sha-w- c:\windows\system32\upsgz.dat
2004-08-17 16:20 . 2004-08-17 16:20 3063 --sha-w- c:\windows\system32\urnze.dat
2004-08-31 20:07 . 2004-08-31 20:07 3063 --sha-w- c:\windows\system32\urvhf.dat
2004-12-30 11:06 . 2004-12-30 11:06 11592 --sha-w- c:\windows\system32\uvbkf.dat
2004-08-07 23:42 . 2004-08-07 23:42 3063 --sha-w- c:\windows\system32\uvxgi.dat
2004-08-02 00:36 . 2004-08-02 00:36 3063 --sha-w- c:\windows\system32\vffoc.dat
2004-08-29 17:36 . 2004-08-29 17:36 3063 --sha-w- c:\windows\system32\vmhre.dat
2004-08-10 15:42 . 2004-08-10 15:42 3063 --sha-w- c:\windows\system32\vqcbm.dat
2004-08-22 04:52 . 2004-08-22 04:52 3063 --sha-w- c:\windows\system32\vrgdi.dat
2004-08-25 07:33 . 2004-08-25 07:33 3063 --sha-w- c:\windows\system32\vsboc.dat
2004-08-06 17:28 . 2004-08-06 17:28 3063 --sha-w- c:\windows\system32\vszmi.dat
2004-08-08 21:12 . 2004-08-08 21:12 3063 --sha-w- c:\windows\system32\wccms.dat
2004-06-17 22:56 . 2004-06-17 22:56 3063 --sha-w- c:\windows\system32\wedfg.dat
2004-08-07 11:43 . 2004-08-07 11:43 3063 --sha-w- c:\windows\system32\wekkd.dat
2004-08-02 04:04 . 2004-08-02 04:04 3063 --sha-w- c:\windows\system32\widlm.dat
2004-07-20 17:12 . 2004-07-20 17:12 279 --sha-w- c:\windows\system32\wingy.dll
2004-08-18 15:53 . 2004-08-18 15:53 3063 --sha-w- c:\windows\system32\wivwd.dat
2004-08-15 13:06 . 2004-08-15 13:06 3063 --sha-w- c:\windows\system32\wnkpd.dat
2004-06-17 21:35 . 2004-06-17 21:35 3063 --sha-w- c:\windows\system32\wwflx.dat
2004-05-31 21:06 . 2004-05-31 21:06 3063 --sha-w- c:\windows\system32\wxizu.dat
2004-08-26 13:29 . 2004-08-26 13:29 3063 --sha-w- c:\windows\system32\xasly.dat
2004-07-22 20:40 . 2004-07-22 20:40 3063 --sha-w- c:\windows\system32\xatzc.dat
2004-08-19 09:36 . 2004-08-19 09:36 3063 --sha-w- c:\windows\system32\xgwfo.dat
2004-08-01 11:20 . 2004-08-01 11:20 3063 --sha-w- c:\windows\system32\xmgxx.dat
2004-08-02 11:45 . 2004-08-02 11:45 3063 --sha-w- c:\windows\system32\xrybp.dat
2004-08-29 18:26 . 2004-08-29 18:26 3063 --sha-w- c:\windows\system32\xthbo.dat
2004-08-20 01:26 . 2004-08-20 01:26 3063 --sha-w- c:\windows\system32\xtncl.dat
2004-08-12 05:45 . 2004-08-12 05:45 3063 --sha-w- c:\windows\system32\xxyzg.dat
2004-08-14 20:31 . 2004-08-14 20:31 3063 --sha-w- c:\windows\system32\ykxib.dat
2004-08-17 02:24 . 2004-08-17 02:24 3063 --sha-w- c:\windows\system32\ynrde.dat
2004-05-29 20:19 . 2004-05-29 20:19 3063 --sha-w- c:\windows\system32\yqpie.dat
2004-08-14 04:43 . 2004-08-14 04:43 3063 --sha-w- c:\windows\system32\ytmfu.dat
2004-08-16 11:23 . 2004-08-16 11:23 3063 --sha-w- c:\windows\system32\zbcqv.dat
2004-10-17 16:46 . 2004-10-17 16:46 3362 --sha-w- c:\windows\system32\zfbzr.dat
2004-08-05 09:28 . 2004-08-05 09:28 3063 --sha-w- c:\windows\system32\zfmnk.dat
2004-08-16 17:44 . 2004-08-16 17:44 3063 --sha-w- c:\windows\system32\zkfqq.dat
2004-09-30 03:25 . 2004-09-30 03:25 3063 --sha-w- c:\windows\system32\zpoer.dat
2004-08-17 10:52 . 2004-08-17 10:52 3063 --sha-w- c:\windows\system32\zrvud.dat
2004-08-07 20:08 . 2004-08-07 20:08 3063 --sha-w- c:\windows\system32\zsjhu.dat
2004-08-14 19:41 . 2004-08-14 19:41 3063 --sha-w- c:\windows\system32\zuaju.dat
2004-11-03 22:07 . 2004-11-03 22:07 3362 --sha-w- c:\windows\system32\zvppr.dat
2004-07-23 05:50 . 2004-07-23 05:50 3063 --sha-w- c:\windows\system32\zyxbs.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Disk Monitor"="c:\program files\\IC Card Reader Driver v1.8e2\Disk_Monitor.exe" [2002-12-12 440832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6198:TCP"= 6198:TCP:Intouch Accelerator
"3126:TCP"= 3126:TCP:Intouch Accelerator
"3128:TCP"= 3128:TCP:Intouch Accelerator

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [04/30/09 1:00 PM 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [03/22/09 7:45 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [03/22/09 7:45 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [03/22/09 7:44 AM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys [07/30/09 6:16 PM 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/26/09 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/26/09 10:05 AM 72944]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [03/22/09 7:44 AM 115560]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [07/03/05 12:06 PM 180480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/05/09 3:35 AM 101936]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [04/19/07 11:09 AM 99200]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/26/09 10:05 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [04/30/09 1:00 PM 348752]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [08/03/08 5:36 PM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [08/03/08 5:35 PM 73856]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-02 c:\windows\Tasks\Norton Security Scan for Kurt Rundel.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.hughes.net/mail?nimlet=showlogin
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = ;<local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Kurt Rundel\Application Data\Mozilla\Firefox\Profiles\7mum7dnw.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.myhughesnet.com/index.php
FF - prefs.js: keyword.URL - hxxp://home.myhughesnet.com/google/index.php?src=toolbar2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Kurt Rundel\Application Data\Mozilla\Firefox\Profiles\7mum7dnw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 12:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-920026266-854245398-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{003156AA-B2AD-54C8-CF6D-1C992B937149}\Data]
@DACL=(02 0000)
@=hex:cd,18,c1,cd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00317A0E-1167-6D33-BFED-F012365FE844}\Data]
@DACL=(02 0000)
@=hex:74,3e,48,ca,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{011D0D79-1BD4-5167-DD32-029CC16A44CD}\Data]
@DACL=(02 0000)
@=hex:b2,06,61,17,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05B6EF02-FA16-A604-30E6-60FD64B064E4}\Data]
@DACL=(02 0000)
@=hex:53,ce,e9,5d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05B938F9-A35C-7FA5-AF7A-6515461F6EC5}\Data]
@DACL=(02 0000)
@=hex:f1,21,8f,5b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DA21C0-E89B-F673-539B-7408A5D9D6BF}\Data]
@DACL=(02 0000)
@=hex:d0,98,34,93,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{060E35E9-E407-EE2E-E95E-803984534324}\Data]
@DACL=(02 0000)
@=hex:5f,c0,fe,47,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0633A0E3-289A-7FC6-E116-FE2F8F786A3E}\Data]
@DACL=(02 0000)
@=hex:de,97,57,8c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0706312F-18E9-5AD9-3C66-187E150ABB2C}\Data]
@DACL=(02 0000)
@=hex:16,75,5b,36,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{070C0DA5-4571-4CFF-83F7-EC2132306285}\Data]
@DACL=(02 0000)
@=hex:99,ee,55,4f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08211965-D6A7-563C-FBDA-97E9626FA453}\Data]
@DACL=(02 0000)
@=hex:cf,e7,71,7f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0869D97A-D55F-0AF8-F956-F989A8B9E4F7}\Data]
@DACL=(02 0000)
@=hex:e6,6b,20,fc,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{088042C1-CF32-5709-F987-88BB55DF78A1}\Data]
@DACL=(02 0000)
@=hex:15,4b,e2,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08825590-1EFE-F0CD-6E7D-483B9B36E236}\Data]
@DACL=(02 0000)
@=hex:34,f7,b3,2b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{089822DD-A09F-FC5F-3372-8ED9AEC3F610}\Data]
@DACL=(02 0000)
@=hex:80,6d,49,0a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08A3F77E-B372-3B7C-92A6-F7BB57030BB6}\Data]
@DACL=(02 0000)
@=hex:f4,c5,a7,79,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0ADEDB63-B002-AD03-B35E-50A7032C9436}\Data]
@DACL=(02 0000)
@=hex:1d,b3,85,fd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0AEDFC8E-8254-1A42-22CC-200340F96270}\Data]
@DACL=(02 0000)
@=hex:00,68,e7,65,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E38DF3A-AB9F-0EFB-7061-A012D46F8C4F}\Data]
@DACL=(02 0000)
@=hex:66,63,4a,9c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F4FEF32-24AB-4CBF-ABBD-BBE0F286420F}\Data]
@DACL=(02 0000)
@=hex:ec,bb,e1,e7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F70277D-289E-55DF-CC2E-2ED795705AF8}\Data]
@DACL=(02 0000)
@=hex:b7,1a,21,8d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F8C2FF8-B84B-1234-32EF-FBA2FFCC592C}\Data]
@DACL=(02 0000)
@=hex:8f,38,98,30,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F8C4166-6513-FF22-D406-84A3652D603F}\Data]
@DACL=(02 0000)
@=hex:7b,77,06,5b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0FD58A22-5C44-FB03-1D4D-5C4F484499A9}\Data]
@DACL=(02 0000)
@=hex:ce,3e,8a,bd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{10E20286-B1F5-A99E-11C9-404DF4478A40}\Data]
@DACL=(02 0000)
@=hex:42,48,24,6e,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11897CC4-53D0-91EC-CD00-264D5155B63E}\Data]
@DACL=(02 0000)
@=hex:bc,6f,d2,6c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{12F72849-7A03-E428-0E12-0915087880FF}\Data]
@DACL=(02 0000)
@=hex:64,d8,f3,96,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13B86F72-7AF8-F8F0-286D-B850DB32EB1A}\Data]
@DACL=(02 0000)
@=hex:ab,86,fe,4e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13DBCABB-FD7C-1611-67C2-375DB0BAA138}\Data]
@DACL=(02 0000)
@=hex:28,f9,83,12,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13DFFD82-94B1-31CB-5C0B-300B9E37563F}\Data]
@DACL=(02 0000)
@=hex:0b,6a,f0,a6,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{153D10FB-F24E-58A4-1F55-99D6BD7AC8CA}\Data]
@DACL=(02 0000)
@=hex:ed,b0,03,78,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1611C67C-0375-B0BA-1389-98A68565F1BE}\Data]
@DACL=(02 0000)
@=hex:ce,18,a2,7f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1760E281-B7CE-24A2-166B-0B9F9BB7B8A9}\Data]
@DACL=(02 0000)
@=hex:12,18,b0,82,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{193E2789-81D0-3180-EBA7-955C06C40ED9}\Data]
@DACL=(02 0000)
@=hex:c4,4d,c8,23,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19C147DB-0AAE-4BC9-7FA4-0291F21C5F33}\Data]
@DACL=(02 0000)
@=hex:1c,e9,e6,e2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A21E60F-9064-1C70-8695-1C8674404125}\Data]
@DACL=(02 0000)
@=hex:12,a1,26,e3,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A3B9D49-1BA6-22D5-70F3-83C12EB31BE0}\Data]
@DACL=(02 0000)
@=hex:f3,3c,8a,44,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1B05716B-5FEA-54F5-0792-D4CE74369E8C}\Data]
@DACL=(02 0000)
@=hex:60,f8,04,6d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1BA9C0B2-7943-49BF-324C-FCAC5D057D6B}\Data]
@DACL=(02 0000)
@=hex:d5,83,ad,eb,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E8697B6-26C9-2DA4-515E-46E06F539C21}\Data]
@DACL=(02 0000)
@=hex:45,23,36,97,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1F225369-7AA5-B038-7715-1A0FBA6C875B}\Data]
@DACL=(02 0000)
@=hex:c1,bb,67,b6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1F2866A1-B3DE-97B8-4F2D-4A3C69C0ADD2}\Data]
@DACL=(02 0000)
@=hex:d7,99,37,e1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1F6B2AC9-8A18-97CC-C47B-CBBFB1EDBEF1}\Data]
@DACL=(02 0000)
@=hex:3a,4c,16,e3,aa,b9,ec,18,3b,00,e6,60,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1FA8DD65-B759-EB84-82D3-FD7C166E0ADA}\Data]
@DACL=(02 0000)
@=hex:8f,2c,08,4b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{207A8AD9-ECE4-DF9B-BAA6-47B4EB313BB1}\Data]
@DACL=(02 0000)
@=hex:3a,f1,d1,d7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{211BAA46-C3ED-E094-9CD9-1EF320595598}\Data]
@DACL=(02 0000)
@=hex:42,d9,bf,a8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{21289821-2649-FC5C-A0CD-7655D127CAC4}\Data]
@DACL=(02 0000)
@=hex:37,ea,2f,8b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{213EABCA-F47E-1BF9-B36D-049B7ADFEE6C}\Data]
@DACL=(02 0000)
@=hex:8c,e6,b1,16,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{21E6263F-2874-5A1C-6D04-EE75E88DF9A5}\Data]
@DACL=(02 0000)
@=hex:92,51,dc,ff,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2338B0A0-E6CD-B110-CFEA-3A0EFB09319C}\Data]
@DACL=(02 0000)
@=hex:1b,ca,a6,98,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23456A5B-81B1-B867-389A-B86F961B8573}\Data]
@DACL=(02 0000)
@=hex:4c,1a,6c,75,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{239909EF-A930-14A8-86CB-3552F80A8F71}\Data]
@DACL=(02 0000)
@=hex:0a,0c,17,e5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23DA50CE-1A25-2F1D-13E6-38C10B86A8F2}\Data]
@DACL=(02 0000)
@=hex:90,a5,24,68,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23F257E0-B066-AEB7-2685-85F0FCB6FA44}\Data]
@DACL=(02 0000)
@=hex:71,91,1d,9f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24E41A18-2315-5AAF-A8B7-7F94E6B27A67}\Data]
@DACL=(02 0000)
@=hex:8e,88,36,91,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{263D8EC6-3994-13AE-F18C-F072FE879294}\Data]
@DACL=(02 0000)
@=hex:6c,55,a8,60,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{278A4561-F3AF-BEC0-0916-B64763DD408A}\Data]
@DACL=(02 0000)
@=hex:49,b0,10,b8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27E2DB18-16CD-6D58-01D0-5369D7871013}\Data]
@DACL=(02 0000)
@=hex:96,20,5a,e2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2815DA3C-D289-035A-9DB6-347CF0FD05E7}\Data]
@DACL=(02 0000)
@=hex:4d,1a,cd,ad,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{29C196DF-2556-96EE-B27D-089B4B07F011}\Data]
@DACL=(02 0000)
@=hex:c9,b2,0e,e8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B33EA89-1D32-F522-553E-7D97ADB095BC}\Data]
@DACL=(02 0000)
@=hex:12,a2,57,3b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B56AA49-1949-09E1-63C4-F9A683F6EB92}\Data]
@DACL=(02 0000)
@=hex:dd,b3,80,e5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2CD07202-010F-F43B-5FF3-91C29B34AAF2}\Data]
@DACL=(02 0000)
@=hex:8e,3e,89,b5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EDD9108-F5D8-936A-8F9A-116CB847DCC0}\Data]
@DACL=(02 0000)
@=hex:59,c1,88,4e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2F8C43D7-9152-5DC8-F181-CA137FA22D8D}\Data]
@DACL=(02 0000)
@=hex:a9,f1,bf,f2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2FA8D287-38B2-1A13-9791-B664BD6315FF}\Data]
@DACL=(02 0000)
@=hex:8c,4a,0c,46,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2FEADC72-1B9D-0091-9E66-846197ADA43C}\Data]
@DACL=(02 0000)
@=hex:82,61,20,f1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3122ABBE-6828-8CEE-E5A1-60205805E8A5}\Data]
@DACL=(02 0000)
@=hex:f6,ab,20,fe,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{314309C8-8EB8-0650-32D6-81AE926F9A91}\Data]
@DACL=(02 0000)
@=hex:40,5d,2d,49,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{321E7DB5-7E69-6B08-ECF4-9FA71DECEBE5}\Data]
@DACL=(02 0000)
@=hex:5f,25,6f,2d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{35130E3B-2B48-9402-5711-16A74CA12FA4}\Data]
@DACL=(02 0000)
@=hex:07,7e,db,f9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{35D08C8B-50E3-5651-1681-D29FD49A9792}\Data]
@DACL=(02 0000)
@=hex:d5,23,82,cb,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{36827DEF-5DA1-1232-9B01-AAF544A94E07}\Data]
@DACL=(02 0000)
@=hex:08,19,eb,45,0e,1f,ac,d8,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3683F4A4-452A-6A66-D6CC-10F0E17747CC}\Data]
@DACL=(02 0000)
@=hex:44,5c,c0,32,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38683242-D589-5595-2821-3BE52429FEC3}\Data]
@DACL=(02 0000)
@=hex:5f,f7,76,70,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3A140E08-C802-67B8-809D-CF1DF9C20041}\Data]
@DACL=(02 0000)
@=hex:f2,2f,07,9a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3B9B5DF7-2AB9-16A6-4505-78AF14014B28}\Data]
@DACL=(02 0000)
@=hex:5c,88,0a,34,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3C7704C7-84F0-0346-63DA-6FA2CBE71EAC}\Data]
@DACL=(02 0000)
@=hex:41,76,4a,a1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3E674149-0E42-9847-49E1-A9DB0541FE7F}\Data]
@DACL=(02 0000)
@=hex:8d,5d,c6,4d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{41A0091F-BE0B-897D-16F8-5BD81668DD3F}\Data]
@DACL=(02 0000)
@=hex:ee,bc,93,f9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{41F1A433-B7E7-03CB-D4E6-C0B589B85E13}\Data]
@DACL=(02 0000)
@=hex:5c,fa,7c,2e,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42AC88EC-BEB7-7FA3-C151-FBC57C0E2E10}\Data]
@DACL=(02 0000)
@=hex:4e,5c,00,34,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42B4125A-8456-E674-1EAB-F008B3833B7C}\Data]
@DACL=(02 0000)
@=hex:df,9b,77,8c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42B625C4-F206-ADFA-4FA4-AC97FDC73591}\Data]
@DACL=(02 0000)
@=hex:74,69,00,19,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4410D8C5-0277-7086-4641-DD5178D4D6ED}\Data]
@DACL=(02 0000)
@=hex:ca,0c,12,fd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4478A40E-095C-9113-16CA-AAE4FCB0841A}\Data]
@DACL=(02 0000)
@=hex:09,b8,7f,c0,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44B5655E-B38E-E722-41EB-6C29C0B4E29C}\Data]
@DACL=(02 0000)
@=hex:19,d3,2f,fa,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44D535F2-FECD-125A-C19F-C5AAC1173651}\Data]
@DACL=(02 0000)
@=hex:3b,56,6e,a2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{455F2285-1668-E95D-E12C-6550E033EB3C}\Data]
@DACL=(02 0000)
@=hex:1d,e5,c6,e2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46015205-9C0D-68F5-0714-0BA8A0DA3C56}\Data]
@DACL=(02 0000)
@=hex:3c,6d,23,5b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{462883E9-9869-878F-6A41-D6CA207B325B}\Data]
@DACL=(02 0000)
@=hex:a7,df,1f,0f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,dc,a3,ae,2d,3c,
65,08,ee,c8,28,51,af,b0,29,a3,98,a6,d8,63,48,9b,b1,1d,83,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{480F3093-85F1-45A2-F3FD-5DC8ECE8C707}\Data]
@DACL=(02 0000)
@=hex:d6,97,cd,eb,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{486FB334-9056-7058-15E8-1E8523A2C936}\Data]
@DACL=(02 0000)
@=hex:80,68,e1,75,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4907C9FA-B308-2D69-C19A-9B28CC732FD5}\Data]
@DACL=(02 0000)
@=hex:2b,9c,8f,5f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{491E5956-61DF-54EE-988E-824B10E67852}\Data]
@DACL=(02 0000)
@=hex:d0,44,23,57,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4AA78A1C-2787-A2EF-75B3-675D072C942A}\Data]
@DACL=(02 0000)
@=hex:f7,e8,32,d3,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4AAFEDF6-1929-789B-05C6-5C1430ADEC3B}\Data]
@DACL=(02 0000)
@=hex:43,67,88,91,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B02E42A-B623-F767-2CF1-00AA0DD56907}\Data]
@DACL=(02 0000)
@=hex:1c,8c,14,c4,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C8A9B6F-E22A-47B8-3681-57CF60399D4A}\Data]
@DACL=(02 0000)
@=hex:f3,2f,1d,b7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4CA15212-241D-83F9-8520-4D56D83D2C0D}\Data]
@DACL=(02 0000)
@=hex:df,fe,f5,2a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4CD05B77-C677-4D01-5562-25BA68012376}\Data]
@DACL=(02 0000)
@=hex:8b,08,18,30,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D3F045A-9870-CF55-CF30-851993A3AF6F}\Data]
@DACL=(02 0000)
@=hex:64,cd,fe,1d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4E13D08B-8C7F-2D80-572A-D6E907D83EB5}\Data]
@DACL=(02 0000)
@=hex:31,20,86,63,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4F8547B7-04B0-41F9-47AE-F8C66702847B}\Data]
@DACL=(02 0000)
@=hex:db,f1,7a,67,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{50AA68D1-B792-9F1D-0E5A-E28E5958CC5B}\Data]
@DACL=(02 0000)
@=hex:73,f7,f6,68,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{518EB567-DF6D-E619-33DD-0FC405C8EE7D}\Data]
@DACL=(02 0000)
@=hex:5f,9a,7a,b4,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52BC631D-9C1A-0E41-A49D-4D4FD49D830C}\Data]
@DACL=(02 0000)
@=hex:cf,09,03,fd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52CABB3E-124F-55F3-EBCE-849CB9B62629}\Data]
@DACL=(02 0000)
@=hex:28,88,e6,60,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{545644A9-6FBE-18E7-255E-29EE10D8F3B7}\Data]
@DACL=(02 0000)
@=hex:7a,41,31,d6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{579C9366-3B77-3148-9401-BD4A5AAEAFE9}\Data]
@DACL=(02 0000)
@=hex:96,d3,4c,ad,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5883D979-5C1C-5AE9-C370-C39713BB8756}\Data]
@DACL=(02 0000)
@=hex:e6,93,4e,a3,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5959ADFC-13B9-0878-F99E-A0FDEE627DB4}\Data]
@DACL=(02 0000)
@=hex:d0,d9,8e,15,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5966FB2A-7126-2ECE-BB59-C94BE0786C01}\Data]
@DACL=(02 0000)
@=hex:3d,c1,9e,96,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5A1B061E-B088-9A88-3986-A4314318D27D}\Data]
@DACL=(02 0000)
@=hex:7b,4d,82,54,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AEC6D87-81A5-CABA-02D9-FCDF82279EFC}\Data]
@DACL=(02 0000)
@=hex:93,58,b0,df,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AF56848-9589-C8BE-DA68-602B3E69097E}\Data]
@DACL=(02 0000)
@=hex:c2,93,c7,b5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B81957C-668C-8DEE-B1F0-B56CE783D0E2}\Data]
@DACL=(02 0000)
@=hex:da,c2,55,2a,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5BCF260F-C801-D6F7-224D-7118C2A58518}\Data]
@DACL=(02 0000)
@=hex:cd,42,32,b6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5BDA8F14-8D6E-4411-DA8D-85E7E2FB3515}\Data]
@DACL=(02 0000)
@=hex:7d,32,8b,d1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C74F9CB-19A6-7A1A-EAF6-EB84A7061D05}\Data]
@DACL=(02 0000)
@=hex:ee,8b,d7,c1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5FF0D81A-2868-9B2D-7596-9078825C8E9F}\Data]
@DACL=(02 0000)
@=hex:47,bb,21,a4,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,84,f4,81,34,0e,
b7,0e,82,71,3b,04,66,8b,46,0d,96,f9,f0,fb,ca,59,01,15,f3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{62883FE9-57A7-4A38-F908-7FA3F3C59429}\Data]
@DACL=(02 0000)
@=hex:58,3a,8d,87,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{647DE399-C4EF-5619-7DFB-9F7343092A93}\Data]
@DACL=(02 0000)
@=hex:d7,96,7c,41,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{65518F0E-6F20-A94E-4B12-DBCBCE4D00AD}\Data]
@DACL=(02 0000)
@=hex:87,4e,10,0a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66BC6227-B851-2929-8008-EE055DC63DBF}\Data]
@DACL=(02 0000)
@=hex:72,13,90,0a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66E7A648-A2D0-B506-715E-8D564D8364C2}\Data]
@DACL=(02 0000)
@=hex:ba,fb,a3,f7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66F47A0F-B4AA-B23E-011C-BD3F255CFC72}\Data]
@DACL=(02 0000)
@=hex:1c,fc,c3,39,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{683C0904-4E3B-FF6C-DF50-A97D77AA4848}\Data]
@DACL=(02 0000)
@=hex:00,18,80,27,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,78,09,85,74,d3,
6f,54,22,25,da,ec,7e,55,20,c9,26,fe,6f,7c,5e,d8,d2,e1,e7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68EDD3F4-E8AE-FD59-74FA-262316976262}\Data]
@DACL=(02 0000)
@=hex:ff,79,41,4b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{690AE5A5-30DF-49AA-A2D5-D127DD764CB9}\Data]
@DACL=(02 0000)
@=hex:da,ce,0a,bf,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6ABE16EC-2865-6757-E089-B1FF48266EC5}\Data]
@DACL=(02 0000)
@=hex:b6,a2,43,a6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6C2A592C-2CEB-91F6-ABFC-8A6CAA196309}\Data]
@DACL=(02 0000)
@=hex:65,d1,09,49,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6C5AC397-D3E6-AE0D-3232-74CC2A71FDD4}\Data]
@DACL=(02 0000)
@=hex:61,33,48,c3,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6C7405AE-7CE7-A0CE-827C-F77DFA449D8D}\Data]
@DACL=(02 0000)
@=hex:d7,94,64,01,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6D01EBAA-6F3D-AC66-928F-DB23263E8763}\Data]
@DACL=(02 0000)
@=hex:d2,80,74,93,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6EE2D228-8C47-2595-45FB-1B7594A547E9}\Data]
@DACL=(02 0000)
@=hex:6c,ba,7d,28,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6F75ABBF-6008-EDA7-8453-2ADF8601ADFA}\Data]
@DACL=(02 0000)
@=hex:60,e9,e9,49,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{705AF3C3-2AF7-A829-0D6E-3F1C89AED034}\Data]
@DACL=(02 0000)
@=hex:ab,b6,71,f1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{70AADA51-3691-0336-8370-F073BF05AD05}\Data]
@DACL=(02 0000)
@=hex:36,e3,43,ab,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7239C462-6987-5177-AF61-FF4790041E7B}\Data]
@DACL=(02 0000)
@=hex:09,fd,4a,6d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{736A732C-C2C9-6CE6-0C3D-D550CF0B4ECE}\Data]
@DACL=(02 0000)
@=hex:84,5b,e3,ea,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73979FA3-E867-BFB9-AA46-E8A731179278}\Data]
@DACL=(02 0000)
@=hex:ce,00,20,15,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,25,61,54,d7,
84,aa,6e,3e,1e,9e,e0,57,5a,93,61,0d,bf,a1,92,ef,c3,42,0e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77787939-7B32-FD56-1833-EB1926FA4037}\Data]
@DACL=(02 0000)
@=hex:02,66,34,51,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7790970B-045A-8315-AD99-9B58C454F8FB}\Data]
@DACL=(02 0000)
@=hex:cf,3c,86,c0,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{795866A4-7064-4539-4538-2E6CC15F4BED}\Data]
@DACL=(02 0000)
@=hex:b0,08,da,5a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7ABEDA97-ADE8-D564-C19A-4D6D0E15F0CE}\Data]
@DACL=(02 0000)
@=hex:82,68,a2,c1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B61A44B-C8DE-8A2F-B354-D2C3D1FB42C1}\Data]
@DACL=(02 0000)
@=hex:c9,72,b2,b6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DA66F9C-7B7A-E161-BC1A-CC732D89BEB8}\Data]
@DACL=(02 0000)
@=hex:7a,75,80,8b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DB64B28-1BB0-D8F6-CB9A-E8FB11BD47AD}\Data]
@DACL=(02 0000)
@=hex:d3,4f,e9,a6,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DD77B7C-9B84-72EE-BD55-4F770792CF55}\Data]
@DACL=(02 0000)
@=hex:bb,4c,8b,6c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DD85366-D791-988B-E591-E8766F46FA72}\Data]
@DACL=(02 0000)
@=hex:45,83,c9,c7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7E5F5339-B261-84B1-0AA2-D4064BFC8CA4}\Data]
@DACL=(02 0000)
@=hex:c3,48,49,69,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,0c,b4,c8,61,8e,
42,84,46,cd,44,cd,b9,a6,33,6c,cd,53,a7,d3,b2,08,18,69,d2,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81815AAF-40F8-9C53-D04B-0430B91F30D4}\Data]
@DACL=(02 0000)
@=hex:02,69,bd,c9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8201E624-ECFD-6E0B-6630-9DA805DE083C}\Data]
@DACL=(02 0000)
@=hex:1a,f8,40,b7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8258FCB9-0CCF-8860-C3BB-B33CA3C0AD26}\Data]
@DACL=(02 0000)
@=hex:bb,56,68,b2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{827CDFA8-77CD-EDA5-3DCB-A73515055C0A}\Data]
@DACL=(02 0000)
@=hex:74,0c,c3,15,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{846C9BB6-DD44-7AC5-7649-16F81934AA00}\Data]
@DACL=(02 0000)
@=hex:a1,a3,02,ea,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{85C18F99-A819-E47E-9A0F-6E941AC13B95}\Data]
@DACL=(02 0000)
@=hex:de,91,47,0c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{870648F5-A8C2-1F23-347C-0DCED1F54785}\Data]
@DACL=(02 0000)
@=hex:d4,ad,ac,53,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{87716C8D-8534-BE5D-802D-4FD4A93168DF}\Data]
@DACL=(02 0000)
@=hex:c1,d2,0e,e9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{880FB29E-7E3C-ECF4-5735-4595B6AFF507}\Data]
@DACL=(02 0000)
@=hex:0c,17,eb,9d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{88270939-C5E8-9399-CE8C-ADD58CA09BD0}\Data]
@DACL=(02 0000)
@=hex:27,39,3b,e8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{883EDD1C-FC42-B1BC-75A1-920AD1D28523}\Data]
@DACL=(02 0000)
@=hex:1a,81,d2,fc,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8A766F6D-09E0-FC95-E63C-ECC0B49DBF51}\Data]
@DACL=(02 0000)
@=hex:43,62,90,51,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8D24EEA0-CCFD-2662-E69E-084B8B29DD85}\Data]
@DACL=(02 0000)
@=hex:4a,08,a0,d0,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8EAC964B-D91F-48F1-342B-7350D99F7128}\Data]
@DACL=(02 0000)
@=hex:ab,8a,a1,8e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F6D58EB-15A7-77E6-8F75-0C0FC6A733D0}\Data]
@DACL=(02 0000)
@=hex:fd,1f,dc,03,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{936AA364-95C3-AB06-8422-C5C12E153660}\Data]
@DACL=(02 0000)
@=hex:14,8a,97,3b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93FD03BB-BE2C-90D0-AFDC-EEA007E4254F}\Data]
@DACL=(02 0000)
@=hex:89,15,40,f0,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,c6,21,5a,74,e9,
9e,8b,e2,b0,18,ed,a7,3f,8d,37,a4,cc,8e,70,56,b3,eb,cb,79,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9567AEAF-59B7-5E8B-8F6C-5DD2344A72B3}\Data]
@DACL=(02 0000)
@=hex:ae,08,37,95,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9569D48E-2631-2D7C-A1D5-EDFA9B5AF4E1}\Data]
@DACL=(02 0000)
@=hex:ea,fb,56,df,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{97B85424-A22C-7E96-248F-F26E0CF0CBAC}\Data]
@DACL=(02 0000)
@=hex:c1,b3,4f,d7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98909ED7-3145-0593-2AEE-10D89F00BB4A}\Data]
@DACL=(02 0000)
@=hex:5f,c3,8f,9f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{994EAEDC-92B3-674C-EDD3-1C0AF1A726C5}\Data]
@DACL=(02 0000)
@=hex:e0,9f,91,83,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{99DB325C-EB88-33C3-7785-032CC2FC713B}\Data]
@DACL=(02 0000)
@=hex:93,93,0d,8e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9B27E389-B149-C2C8-758A-5712FE0B7F18}\Data]
@DACL=(02 0000)
@=hex:99,3e,58,1f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EFEF168-F265-5E63-FBC7-0122855E363D}\Data]
@DACL=(02 0000)
@=hex:16,ea,de,e0,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A1478393-27A6-A004-43B7-4A801508772A}\Data]
@DACL=(02 0000)
@=hex:70,28,73,94,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A19B27CF-5741-F8BA-D784-95739AD24FF8}\Data]
@DACL=(02 0000)
@=hex:b8,a4,21,5a,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A20292C9-BD8C-E2B5-6F9D-C1152381C653}\Data]
@DACL=(02 0000)
@=hex:70,f4,2d,49,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A206270B-3B8E-21AB-50B8-F1BFEE958D1C}\Data]
@DACL=(02 0000)
@=hex:2d,9c,df,21,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A242E683-72B0-E8A6-630D-7874F7A00AAC}\Data]
@DACL=(02 0000)
@=hex:80,6b,63,ea,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A2E1E8EF-A233-A236-1447-601D29FC6909}\Data]
@DACL=(02 0000)
@=hex:7f,75,6f,34,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A30060E0-10B2-647D-4800-6D1C8285DCB5}\Data]
@DACL=(02 0000)
@=hex:0c,2f,d5,7a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A3952B4F-6785-CB92-AF25-B6F52EFA13B8}\Data]
@DACL=(02 0000)
@=hex:bd,a9,fd,f9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A39786E1-B3F2-5AA0-9792-D30FF78E0B7B}\Data]
@DACL=(02 0000)
@=hex:6f,ba,24,96,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A398989A-7094-BD9E-0E29-9F952B2594B4}\Data]
@DACL=(02 0000)
@=hex:02,23,ca,bf,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A455DF6A-761C-84AC-C452-CF3486D353ED}\Data]
@DACL=(02 0000)
@=hex:52,9f,56,06,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A46FE085-9CBD-B597-DCBB-7280E33BA470}\Data]
@DACL=(02 0000)
@=hex:e3,e6,fd,47,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4838A56-770B-27B8-30FD-9B8732D6F5CE}\Data]
@DACL=(02 0000)
@=hex:c4,72,f1,4c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4AD3539-0968-3993-50E7-E0C21F34AD58}\Data]
@DACL=(02 0000)
@=hex:2f,99,c8,4c,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A5E6515E-9C3E-E2CD-B7B0-711BBF65D8E5}\Data]
@DACL=(02 0000)
@=hex:b1,04,fa,5a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A66CEBC1-5091-681D-D6F4-0AA0F961E0C3}\Data]
@DACL=(02 0000)
@=hex:7d,65,1d,ab,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6CD064A-8D58-DA2B-316A-5BE3A2FBF453}\Data]
@DACL=(02 0000)
@=hex:0a,f3,c2,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A771213E-BCAA-47E6-BF98-36D9049B7ADF}\Data]
@DACL=(02 0000)
@=hex:48,7f,96,96,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A97C0AE7-B4EF-5E62-D831-7DD175E72CE4}\Data]
@DACL=(02 0000)
@=hex:08,17,f6,60,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA1485D7-515B-7E22-9DA5-B4E151317124}\Data]
@DACL=(02 0000)
@=hex:5a,c0,20,d2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA1795A0-6BE1-73AF-E66B-ED071FF52D80}\Data]
@DACL=(02 0000)
@=hex:20,ea,fe,21,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA2FD1E9-7BAB-3225-E2A7-8FCEAC3D101F}\Data]
@DACL=(02 0000)
@=hex:80,7d,4b,2b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB6F81AC-6C76-BCBF-C021-1BA9321DF5F0}\Data]
@DACL=(02 0000)
@=hex:37,17,29,f7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABB1F3FE-0E46-961D-2C61-119316FBD320}\Data]
@DACL=(02 0000)
@=hex:1b,ce,0e,a2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,af,92,35,5c,4d,
2e,33,70,31,77,e1,ba,b1,f8,68,02,3e,7b,22,d1,fc,10,d1,60,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD1C10AB-B823-DD59-CC22-04E0B321DD28}\Data]
@DACL=(02 0000)
@=hex:68,9b,6e,9c,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADA45152-8EDB-2B5B-A957-F9E2AA68F8F1}\Data]
@DACL=(02 0000)
@=hex:8f,3f,1e,0a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF3C2F1D-02C2-9C3D-C522-16029F5CFF17}\Data]
@DACL=(02 0000)
@=hex:1b,cb,aa,b8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF4B5B80-CD07-0D06-FD03-077EBB4D0093}\Data]
@DACL=(02 0000)
@=hex:74,f5,a8,63,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B01F41A6-DABC-F76F-4F6D-43DD757CDBEB}\Data]
@DACL=(02 0000)
@=hex:33,2f,1f,a7,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B1E7A707-24E5-6544-421B-A738C2B36E3A}\Data]
@DACL=(02 0000)
@=hex:d1,92,04,13,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B1EBC237-3650-5E5C-6534-F15F6F9B3DC7}\Data]
@DACL=(02 0000)
@=hex:0d,32,1f,24,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B26E180E-6248-2EE2-55AE-C6CB785F21C4}\Data]
@DACL=(02 0000)
@=hex:9d,4b,ed,b2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B3490904-F3B6-8EA1-180E-4FB2A9AA166D}\Data]
@DACL=(02 0000)
@=hex:96,9e,89,b6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B37705C6-291F-4773-8C96-959FCAEC0B3D}\Data]
@DACL=(02 0000)
@=hex:87,6d,1d,0c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B4E22C18-C24F-5AC9-DC7D-49DCB6FB2E34}\Data]
@DACL=(02 0000)
@=hex:72,2e,0d,aa,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5BD7347-E7F1-E898-884B-31D57750CDD6}\Data]
@DACL=(02 0000)
@=hex:91,a2,99,37,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B7D83F45-8F8F-FC34-07CB-44D764802089}\Data]
@DACL=(02 0000)
@=hex:42,61,22,e1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BA97183C-849F-18AC-10FF-F7B7B52D6B07}\Data]
@DACL=(02 0000)
@=hex:7c,6c,25,6b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BAC97FD6-988F-B852-8955-5E97D09318F5}\Data]
@DACL=(02 0000)
@=hex:ab,8f,0c,8c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BAEA961E-A27E-4D7B-55F3-039B88D04CC3}\Data]
@DACL=(02 0000)
@=hex:62,dc,43,60,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BB129335-868B-4EFA-0F1E-40591E407F29}\Data]
@DACL=(02 0000)
@=hex:86,29,cc,92,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC875B7F-F1B9-A5C3-79CC-74EFBDC1B14B}\Data]
@DACL=(02 0000)
@=hex:b4,3e,4a,da,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD0D794C-2A97-758D-4064-04F8F30CC376}\Data]
@DACL=(02 0000)
@=hex:77,1d,91,d7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDA699FB-0E8D-A0B8-53AB-A0FCE79D4801}\Data]
@DACL=(02 0000)
@=hex:df,ef,1f,21,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDA8AF27-D057-4727-6CE7-CFF4CE61A0FD}\Data]
@DACL=(02 0000)
@=hex:43,61,83,39,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BE11BEE1-13AF-C553-014B-E5A1433E7C91}\Data]
@DACL=(02 0000)
@=hex:85,eb,ed,b1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C092BF96-AD27-8A9E-E146-A21BCEAC4EC3}\Data]
@DACL=(02 0000)
@=hex:ae,b5,bc,0c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C0C3A22C-1EB7-A108-F824-1678C8D550B4}\Data]
@DACL=(02 0000)
@=hex:70,39,e9,4a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2B02E4F-20EE-6A77-E92C-429B284CE8A2}\Data]
@DACL=(02 0000)
@=hex:30,2d,4e,1c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C375DE0D-F4D5-D76E-F451-DC7FECE368E5}\Data]
@DACL=(02 0000)
@=hex:34,2f,a5,37,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C489DBD0-D04C-21EA-33A1-50AEAAE893F1}\Data]
@DACL=(02 0000)
@=hex:af,98,cc,6c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5A0213F-9307-ECF1-A431-1EE7CE97B4D6}\Data]
@DACL=(02 0000)
@=hex:f0,28,e3,7b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5B507CE-7D99-C0A1-E430-1A0E0AEE7CEA}\Data]
@DACL=(02 0000)
@=hex:f7,2d,3c,6a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C6853EA9-44F9-8036-394C-7C3A396F3D33}\Data]
@DACL=(02 0000)
@=hex:f0,38,e3,7a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C6D86C28-57E7-AA77-D098-C622ABCA94EE}\Data]
@DACL=(02 0000)
@=hex:5e,d2,f1,ea,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C7CEA3E7-B58C-0117-58AA-8E0E57E0565E}\Data]
@DACL=(02 0000)
@=hex:8f,e7,72,77,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8B127F3-B154-FA38-4A64-BAAF01543DCD}\Data]
@DACL=(02 0000)
@=hex:c0,4b,e8,54,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA53A3A0-5446-9312-21AD-FC900350F307}\Data]
@DACL=(02 0000)
@=hex:d4,44,aa,5d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CAF6E144-63FF-5169-432A-A4605DE3B9A4}\Data]
@DACL=(02 0000)
@=hex:71,4e,56,32,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CB7D9C3B-E320-72B3-350D-7EFD4CB74CBF}\Data]
@DACL=(02 0000)
@=hex:17,96,79,59,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CC5B5524-AEF5-F97F-E4E0-90901289B58D}\Data]
@DACL=(02 0000)
@=hex:ce,0a,b1,4d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CDCBD6E1-BC0A-916F-85FA-99FE95DF6C93}\Data]
@DACL=(02 0000)
@=hex:31,06,f6,3a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CDFCC711-5B8F-E6AA-57FB-086AA2F5FF24}\Data]
@DACL=(02 0000)
@=hex:69,ab,49,91,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE40FC76-6F48-E648-5F16-33EAEF4DA9CF}\Data]
@DACL=(02 0000)
@=hex:1c,0b,0b,b7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE4EFCA5-BE39-72B1-86A3-43F1C9A037D4}\Data]
@DACL=(02 0000)
@=hex:1a,a6,d7,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE651824-5BDB-88D0-0970-4A8B2D75C5CF}\Data]
@DACL=(02 0000)
@=hex:de,f2,ac,b2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE7F55BB-9429-AC8A-D9FC-39604EE56230}\Data]
@DACL=(02 0000)
@=hex:8c,29,6d,55,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE8C95DF-A478-EE5C-E911-BE35E557C173}\Data]
@DACL=(02 0000)
@=hex:b4,f7,b5,3b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CF1C66A5-22A7-AA44-A767-EB79B05C5F1B}\Data]
@DACL=(02 0000)
@=hex:58,c6,35,11,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D0D6BE2E-E16D-30E4-6140-15086986EAA0}\Data]
@DACL=(02 0000)
@=hex:19,71,1f,92,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D0F11F9D-010F-7B6C-277F-8B403827B543}\Data]
@DACL=(02 0000)
@=hex:22,8f,96,59,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D3392890-1389-1643-1819-1732118F3F2E}\Data]
@DACL=(02 0000)
@=hex:12,10,dc,f2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D45F954C-7B53-AE0C-955A-307DD79D8456}\Data]
@DACL=(02 0000)
@=hex:53,48,fd,06,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D482621F-1486-6CD2-072D-057E621DEB3E}\Data]
@DACL=(02 0000)
@=hex:a8,8c,44,2f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D483F779-88F1-B64C-AE92-0CF26F6DF69B}\Data]
@DACL=(02 0000)
@=hex:9f,0a,28,9e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D4B31A11-235C-CDFA-B340-99C85D991149}\Data]
@DACL=(02 0000)
@=hex:08,08,71,9b,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D5430FF5-3038-BE1F-1D1A-A6A44847B77B}\Data]
@DACL=(02 0000)
@=hex:c9,1d,df,d8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6A0E97F-3C18-7E5D-E033-44852E515B86}\Data]
@DACL=(02 0000)
@=hex:d1,d5,a7,0d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D7595883-DFA2-3BDB-61CA-458C65127F0F}\Data]
@DACL=(02 0000)
@=hex:25,90,90,9a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D75C75FF-652B-22AE-1729-0F2B93683D04}\Data]
@DACL=(02 0000)
@=hex:a6,f4,ec,6d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D77AA238-8668-ADE2-CE7F-738195A0AAF0}\Data]
@DACL=(02 0000)
@=hex:c8,1b,f6,1d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D883CF02-7708-B4A7-E427-6CDEDB30AD25}\Data]
@DACL=(02 0000)
@=hex:59,b7,a2,74,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D8F86D1C-DCB4-B7F0-F514-1EC3928A742B}\Data]
@DACL=(02 0000)
@=hex:3f,7c,97,e6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DBCAF7B9-90DE-F394-8B27-99397DB98475}\Data]
@DACL=(02 0000)
@=hex:ff,7f,1c,04,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DBF01E90-2654-1D4D-B857-B1C3A0B33591}\Data]
@DACL=(02 0000)
@=hex:39,42,9e,22,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DBF9F02E-3228-CEAC-5B78-70AE0D8E8BEE}\Data]
@DACL=(02 0000)
@=hex:ab,89,7e,bc,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE3AE878-C016-F46D-089A-80B24A7316D7}\Data]
@DACL=(02 0000)
@=hex:3d,30,90,99,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e3,68,02,9a,73,
17,86,4a,83,6c,56,8b,a0,85,96,ab,d5,1c,d7,0a,68,2d,ce,c7,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DF77D786-7899-DE17-AC07-FBA8FA5E3372}\Data]
@DACL=(02 0000)
@=hex:de,f7,cd,ea,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E090AF9D-5BB5-11AF-EDC8-3CFC8DED11EC}\Data]
@DACL=(02 0000)
@=hex:47,62,8d,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0DE07B5-173A-9E15-4265-8EB6D5A181DF}\Data]
@DACL=(02 0000)
@=hex:3a,3a,5f,e5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E1757CF5-D1DE-B6BF-7313-71B514B2709D}\Data]
@DACL=(02 0000)
@=hex:a0,f8,e0,70,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E205E8BE-1426-8D62-5E34-05957690AEAA}\Data]
@DACL=(02 0000)
@=hex:9b,ec,50,92,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E207CDC7-CD26-369D-78B0-1A236861EDFA}\Data]
@DACL=(02 0000)
@=hex:58,e4,67,df,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E2FB32C9-6AF0-5A3B-B9D4-A25BA620435F}\Data]
@DACL=(02 0000)
@=hex:44,2f,16,97,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E374D485-455A-EA4B-4D0D-A9597EFAF27B}\Data]
@DACL=(02 0000)
@=hex:bb,2b,f2,88,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,2c,60,b8,ba,e0,
4f,7e,eb,51,fa,6e,91,28,9e,14,cc,98,c3,76,ea,2f,af,d4,64,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4C88E14-FD45-090A-3D96-32FA4B4D451F}\Data]
@DACL=(02 0000)
@=hex:94,ac,a3,7b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4D353C5-F038-4827-9CDA-ABDCF49E5AB5}\Data]
@DACL=(02 0000)
@=hex:08,05,22,7b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6920846-E0DC-E37F-F605-C70C4779094B}\Data]
@DACL=(02 0000)
@=hex:27,d9,33,ff,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6B5BD9E-F3FF-E5A3-4B37-210B4F9B2CFF}\Data]
@DACL=(02 0000)
@=hex:7c,75,a0,75,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E7CE865F-83BD-8B29-E37E-2FF507C083A3}\Data]
@DACL=(02 0000)
@=hex:78,48,e5,6a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E85D9E44-13DD-F6F9-1A2F-57B4D4A67617}\Data]
@DACL=(02 0000)
@=hex:d7,f9,7d,fd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E86BE419-1604-4EE0-BE0A-2F9928513BDC}\Data]
@DACL=(02 0000)
@=hex:eb,b2,6f,01,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8992FF6-B344-CB7A-C2FA-3478993CC962}\Data]
@DACL=(02 0000)
@=hex:c8,14,e7,18,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8A24F81-F9FE-B428-CFF6-913E5B4C1A5F}\Data]
@DACL=(02 0000)
@=hex:28,54,2e,42,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8A3A3D2-81BE-F4E1-1930-22B1DD3D9C09}\Data]
@DACL=(02 0000)
@=hex:bd,71,0c,52,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E904118E-1B8F-F317-ED73-F02C7E6CF6EE}\Data]
@DACL=(02 0000)
@=hex:82,d1,d6,c0,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E965124F-2039-AAE9-A8F3-6605F21AE8D3}\Data]
@DACL=(02 0000)
@=hex:ca,f1,df,f4,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EA0DBEF3-D854-011A-6794-0E147DB05646}\Data]
@DACL=(02 0000)
@=hex:f4,1c,c7,24,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,ba,f7,18,5e,49,
fb,42,3b,b1,cd,45,5a,a8,c4,f8,b9,4e,17,04,ec,a1,b0,3e,49,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EB3E405D-6CF7-0E4F-ADE3-5D1C4344CBB4}\Data]
@DACL=(02 0000)
@=hex:97,a5,9d,0e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC241FF0-652E-A2FA-E684-F15E5A9719CD}\Data]
@DACL=(02 0000)
@=hex:35,01,03,5a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EDD3E282-0B47-94DB-61A8-0B24B04D83DD}\Data]
@DACL=(02 0000)
@=hex:5d,b3,86,f5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EE593523-B318-24B1-0D54-282F680B1C8C}\Data]
@DACL=(02 0000)
@=hex:96,af,d4,16,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EE68202E-7278-D318-0378-FD11A3F795EB}\Data]
@DACL=(02 0000)
@=hex:be,81,5d,fa,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EEFC9626-8F99-DFF8-B1E8-69F02800DA3C}\Data]
@DACL=(02 0000)
@=hex:1f,f8,3e,d8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF00589F-4853-36A5-3704-A19633EDC95B}\Data]
@DACL=(02 0000)
@=hex:7d,72,1d,2a,9e,13,84,f5,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFE2401F-58EB-970A-B52C-25B8387442DA}\Data]
@DACL=(02 0000)
@=hex:8c,4f,14,86,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F19C092B-94D8-5E55-32D6-D05850CEB9A8}\Data]
@DACL=(02 0000)
@=hex:e9,90,5a,3c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F1AFF455-C4AD-46E3-1990-97F1E91C5B7B}\Data]
@DACL=(02 0000)
@=hex:d1,91,0c,53,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F309CC45-52CC-4EAB-BCBF-994374D3F452}\Data]
@DACL=(02 0000)
@=hex:44,7c,7c,f4,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F3A0E4F7-5A26-16D7-F285-82AF755C81E0}\Data]
@DACL=(02 0000)
@=hex:76,ab,26,ee,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F3C3DC70-25D1-3C6C-E10B-C6BF822AC5DA}\Data]
@DACL=(02 0000)
@=hex:8f,08,1e,e5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F3E99352-A6A5-0406-6727-CC5DD480E2A3}\Data]
@DACL=(02 0000)
@=hex:79,72,03,06,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F3EEA195-AF3F-9ADD-4663-C16BCEDF8199}\Data]
@DACL=(02 0000)
@=hex:b7,22,9c,8a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F46D5586-D033-2927-E708-C4C5ADFCAD24}\Data]
@DACL=(02 0000)
@=hex:cf,59,7a,f6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F4907C9F-9B30-22D6-7C19-69B28CC732FD}\Data]
@DACL=(02 0000)
@=hex:88,0b,f5,14,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F77B92FE-007F-550C-6210-910FC800897D}\Data]
@DACL=(02 0000)
@=hex:e2,d8,3d,30,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,75,79,d4,d2,2b,
c9,02,c9,e3,0e,66,d5,eb,bc,2f,6b,e2,52,2f,41,17,40,ef,c6,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F985E118-14A8-36FC-B2DB-957E8D850A8F}\Data]
@DACL=(02 0000)
@=hex:d5,29,f6,fb,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F99DA94E-8003-7D47-5B90-44A2088F5120}\Data]
@DACL=(02 0000)
@=hex:c8,1d,48,22,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F99FD3DD-B2A7-2E20-544D-4732FB1F2037}\Data]
@DACL=(02 0000)
@=hex:d3,b4,72,ff,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA9B33EE-6AA5-0861-55D2-E2A766D4C7CC}\Data]
@DACL=(02 0000)
@=hex:16,b9,ab,44,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB375D03-ADFB-A764-80E7-7750FF44A796}\Data]
@DACL=(02 0000)
@=hex:11,a1,8b,47,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FBD81A45-7D6E-CF78-2720-BF05C51B1F0E}\Data]
@DACL=(02 0000)
@=hex:10,af,57,58,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FC344FA8-CC15-2847-A8F1-50D9B4E50E70}\Data]
@DACL=(02 0000)
@=hex:04,4e,d9,5b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FC72CC24-F754-BD19-FD0E-852C1775E57D}\Data]
@DACL=(02 0000)
@=hex:9e,4b,22,f3,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FC97DD7A-EAF3-5C15-ED04-6CBD8788DF3C}\Data]
@DACL=(02 0000)
@=hex:ea,bd,47,41,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FCBEFCA2-4337-C522-B757-2FED10040650}\Data]
@DACL=(02 0000)
@=hex:41,73,52,61,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FCEBB27B-4E18-DA71-68DF-31397091EAF8}\Data]
@DACL=(02 0000)
@=hex:b1,35,9f,ba,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FD3DA53B-7B48-41D2-9F9A-F137210DEFBA}\Data]
@DACL=(02 0000)
@=hex:e3,34,e4,1a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE3D33D0-958B-2C94-A4A8-DB4A4566ED06}\Data]
@DACL=(02 0000)
@=hex:09,fe,5e,0d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE91B9D4-3653-458A-EDE1-263E7454EF29}\Data]
@DACL=(02 0000)
@=hex:79,f9,71,ee,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEC37FE7-FCAF-0C3B-CBFE-983F52ABE09F}\Data]
@DACL=(02 0000)
@=hex:e2,52,c0,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3e,39,0f,4e,f4,
d5,7c,09,fa,ea,66,7f,d4,3b,6b,70,c6,fd,fd,19,45,e1,87,07,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FF5B4CBC-CE93-4290-8860-69D7C23478BE}\Data]
@DACL=(02 0000)
@=hex:b3,f7,f3,70,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FF6D79FE-4452-C373-6850-EFD03145949C}\Data]
@DACL=(02 0000)
@=hex:8d,32,19,34,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FF8F3EAB-3991-A7D5-F170-5ED0347927A1}\Data]
@DACL=(02 0000)
@=hex:6c,ad,fe,1c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3292)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-05 12:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 16:19

Pre-Run: 116,441,935,872 bytes free
Post-Run: 116,822,560,768 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /bootlog

2524 --- E O F --- 2009-07-30 07:01

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:38 PM

Posted 05 August 2009 - 03:02 PM

Hello,

Well no wonder.....in addition to what ComboFix did remove there was 5.89 tons still left on the system. This took quite a while to put together. :thumbup2:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

KILLALL::
File::
c:\windows\apslh.dat
c:\windows\aqrkq.dat
c:\windows\arguc.dat
c:\windows\atffr.dat
c:\windows\avzab.dat
c:\windows\aymxo.dat
c:\windows\bbrpw.dll
c:\windows\bbyly.dat
c:\windows\bdptb.dat
c:\windows\bfgsv.dat
c:\windows\bfhun.dat
c:\windows\bskdf.dat
c:\windows\bwiqz.dat
c:\windows\cfklj.dat
c:\windows\corzb.dat
c:\windows\cozmo.dat
c:\windows\cpvrm.dat
c:\windows\deiyx.dat
c:\windows\dmhom.dat
c:\windows\dorvw.dat
c:\windows\dpdtj.dll
c:\windows\dsrbi.dat
c:\windows\dxach.dat
c:\windows\dzcug.dat
c:\windows\eepzo.dat
c:\windows\efkcj.dat
c:\windows\epqsq.dat
c:\windows\eqyga.dat
c:\windows\evskm.dat
c:\windows\ewbvy.dat
c:\windows\exejk.dat
c:\windows\ezkmh.dat
c:\windows\ffmie.dat
c:\windows\fmudt.dat
c:\windows\fqeav.dat
c:\windows\fqwab.dat
c:\windows\fzjvj.dat
c:\windows\gibhd.dat
c:\windows\gjnri.dat
c:\windows\gpaho.dat
c:\windows\gutig.dat
c:\windows\hfhpp.dat
c:\windows\hlctb.dat
c:\windows\hrqdx.dat
c:\windows\huwjq.dat
c:\windows\hzyts.dat
c:\windows\ietrj.dat
c:\windows\igpdv.dat
c:\windows\ikjtu.dat
c:\windows\inqvz.dat
c:\windows\ixpvb.dat
c:\windows\izwli.dat
c:\windows\javapu32.dll
c:\windows\jcfji.dat
c:\windows\jclbj.dat
c:\windows\jkwra.dat
c:\windows\joxcq.dat
c:\windows\jsfrh.dat
c:\windows\kcrpf.dat
c:\windows\klgyl.dat
c:\windows\kuleb.dat
c:\windows\kvdto.dat
c:\windows\lfscp.dat
c:\windows\lnlav.dat
c:\windows\lnyje.dat
c:\windows\lpstr.dat
c:\windows\lqoco.dat
c:\windows\ltsgn.dat
c:\windows\lxlgq.dat
c:\windows\lzlnu.dat
c:\windows\mavls.dat
c:\windows\mbvvj.dat
c:\windows\mccjw.dat
c:\windows\mhbac.dat
c:\windows\miist.dat
c:\windows\mjjzo.dat
c:\windows\mnayz.dat
c:\windows\mvuqr.dat
c:\windows\ngxgp.dat
c:\windows\nnvre.dat
c:\windows\noaez.dat
c:\windows\noohw.dat
c:\windows\n_gqdvze.dat
c:\windows\n_jocufm.dat
c:\windows\n_pchneg.dat
c:\windows\n_thbbub.dat
c:\windows\n_wqnsxn.dat
c:\windows\oeivl.dat
c:\windows\okghx.dat
c:\windows\okizq.dat
c:\windows\oojme.dat
c:\windows\oupsd.dat
c:\windows\ozark.dat
c:\windows\ozwth.dat
c:\windows\pawkb.dat
c:\windows\pblnp.dat
c:\windows\pemjv.dat
c:\windows\pgxsp.dat
c:\windows\phhww.dat
c:\windows\pjusl.dat
c:\windows\pnudh.dat
c:\windows\ppsqw.dat
c:\windows\psfeb.dat
c:\windows\pwjgj.dat
c:\windows\pzikk.dat
c:\windows\qmcjx.dat
c:\windows\qncge.dat
c:\windows\qtibo.dat
c:\windows\qyzeh.dat
c:\windows\rhyqe.dat
c:\windows\roxzc.dat
c:\windows\rqvle.dat
c:\windows\rrwxh.dat
c:\windows\ruzis.dat
c:\windows\ryouy.dat
c:\windows\scrmd.dat
c:\windows\smeym.dat
c:\windows\suksv.dat
c:\windows\szzkh.dat
c:\windows\tfanv.dat
c:\windows\tlqvr.dat
c:\windows\ttoky.dat
c:\windows\tvelj.dat
c:\windows\tvhrb.dat
c:\windows\tygja.dat
c:\windows\ubqul.dat
c:\windows\udkpz.dat
c:\windows\untkp.dat
c:\windows\uzfog.dat
c:\windows\vbkcz.dat
c:\windows\vdode.dat
c:\windows\vecan.dat
c:\windows\vmjrp.dat
c:\windows\vmtkh.dat
c:\windows\vovpc.dat
c:\windows\vqlnt.dat
c:\windows\vsaau.dat
c:\windows\vsntm.dat
c:\windows\waflh.dat
c:\windows\waqyq.dat
c:\windows\wdqwc.dat
c:\windows\wgmaj.dat
c:\windows\wkbsd.dat
c:\windows\wluod.dat
c:\windows\wmmgj.dat
c:\windows\wmtnv.dat
c:\windows\wnncm.dat
c:\windows\wnogt.dat
c:\windows\woofj.dat
c:\windows\wsjzf.dat
c:\windows\wstle.dat
c:\windows\wudnp.dat
c:\windows\wugdl.dat
c:\windows\wwozz.dat
c:\windows\wykwr.dat
c:\windows\xenew.dat
c:\windows\xhwck.dat
c:\windows\xndqi.dat
c:\windows\xvqcq.dat
c:\windows\ycdut.dat
c:\windows\ygnod.dat
c:\windows\yhjhi.dat
c:\windows\yhxpw.dat
c:\windows\ylbkg.dat
c:\windows\yunky.dat
c:\windows\yzibi.dat
c:\windows\zdtda.dat
c:\windows\zgiap.dat
c:\windows\zkfrc.dat
c:\windows\zmygd.dat
c:\windows\zpsxu.dat
c:\windows\zwfph.dat
c:\windows\zynpq.dat
c:\windows\system32\aayah.dat
c:\windows\system32\ababb.dat
c:\windows\system32\aegna.dat
c:\windows\system32\ahxmz.dat
c:\windows\system32\ajnyk.dat
c:\windows\system32\akapq.dat
c:\windows\system32\aksea.dat
c:\windows\system32\amhkn.dat
c:\windows\system32\bdamn.dat
c:\windows\system32\bgeti.dat
c:\windows\system32\bgifq.dat
c:\windows\system32\biarb.dat
c:\windows\system32\bjwhp.dat
c:\windows\system32\bmraa.dat
c:\windows\system32\bmzqe.dat
c:\windows\system32\brqsg.dat
c:\windows\system32\bzyoa.dat
c:\windows\system32\camhy.dat
c:\windows\system32\cevob.dat
c:\windows\system32\cgrxt.dat
c:\windows\system32\cieon.dat
c:\windows\system32\codtl.dat
c:\windows\system32\cqhdi.dat
c:\windows\system32\cskeo.dat
c:\windows\system32\cvquf.dat
c:\windows\system32\cyvfs.dat
c:\windows\system32\dgicu.dat
c:\windows\system32\djhcy.dat
c:\windows\system32\dkdic.dat
c:\windows\system32\dqxwu.dat
c:\windows\system32\dtrux.dat
c:\windows\system32\ducpo.dat
c:\windows\system32\dvchs.dat
c:\windows\system32\ecmpv.dat
c:\windows\system32\eeqvr.dat
c:\windows\system32\egsyx.dat
c:\windows\system32\eibuu.dat
c:\windows\system32\einul.dat
c:\windows\system32\ejlez.dat
c:\windows\system32\embff.dat
c:\windows\system32\esdsg.dat
c:\windows\system32\eyija.dat
c:\windows\system32\ezplw.dat
c:\windows\system32\fgktv.dat
c:\windows\system32\flrwg.dat
c:\windows\system32\flvis.dat
c:\windows\system32\fqlxz.dat
c:\windows\system32\fxlrb.dat
c:\windows\system32\fzjan.dat
c:\windows\system32\gbhbn.dat
c:\windows\system32\gfgxj.dat
c:\windows\system32\gfqfm.dat
c:\windows\system32\gitgu.dat
c:\windows\system32\gjyxt.dat
c:\windows\system32\gkzhr.dat
c:\windows\system32\gruuw.dat
c:\windows\system32\gtnth.dat
c:\windows\system32\gutom.dat
c:\windows\system32\gwxmd.dat
c:\windows\system32\hbtjr.dat
c:\windows\system32\hmbla.dat
c:\windows\system32\ieezz.dat
c:\windows\system32\irgfa.dat
c:\windows\system32\irnhi.dat
c:\windows\system32\isdia.dat
c:\windows\system32\isvkf.dat
c:\windows\system32\iueui.dat
c:\windows\system32\ixdlb.dat
c:\windows\system32\jignf.dat
c:\windows\system32\jjbhr.dat
c:\windows\system32\jjsxj.dat
c:\windows\system32\jmnvg.dat
c:\windows\system32\jnukc.dat
c:\windows\system32\joikh.dat
c:\windows\system32\joojt.dat
c:\windows\system32\jrjhq.dat
c:\windows\system32\jwepw.dat
c:\windows\system32\kbbcb.dat
c:\windows\system32\kbgnn.dat
c:\windows\system32\kcuuy.dat
c:\windows\system32\kqfey.dat
c:\windows\system32\kqoha.dat
c:\windows\system32\kqpkh.dat
c:\windows\system32\ktvwm.dat
c:\windows\system32\kvziv.dat
c:\windows\system32\kxltx.dat
c:\windows\system32\kywxl.dat
c:\windows\system32\laxtz.dat
c:\windows\system32\lfocl.dat
c:\windows\system32\lfxah.dat
c:\windows\system32\lnhzc.dat
c:\windows\system32\lptoi.dat
c:\windows\system32\luiqt.dat
c:\windows\system32\lzfng.dat
c:\windows\system32\manji.dat
c:\windows\system32\mbjtg.dat
c:\windows\system32\mhnvd.dat
c:\windows\system32\mjeby.dat
c:\windows\system32\mmbli.dat
c:\windows\system32\mpiqb.dat
c:\windows\system32\mpmgo.dat
c:\windows\system32\mqnim.dat
c:\windows\system32\msoi.dll
c:\windows\system32\mulqd.dat
c:\windows\system32\myaas.dat
c:\windows\system32\ngtdo.dat
c:\windows\system32\nkrle.dat
c:\windows\system32\nufvb.dat
c:\windows\system32\nuhsp.dat
c:\windows\system32\nybzy.dat
c:\windows\system32\nzhvf.dat
c:\windows\system32\oaagv.dat
c:\windows\system32\odlfw.dat
c:\windows\system32\odoij.dat
c:\windows\system32\odtum.dat
c:\windows\system32\odxtm.dat
c:\windows\system32\onlfr.dat
c:\windows\system32\oosaq.dat
c:\windows\system32\orcfg.dat
c:\windows\system32\otvzj.dat
c:\windows\system32\ovdwx.dat
c:\windows\system32\ovfyi.dat
c:\windows\system32\oyfqv.dat
c:\windows\system32\pdbtk.dat
c:\windows\system32\pdybx.dat
c:\windows\system32\pkhsv.dat
c:\windows\system32\ppcfn.dat
c:\windows\system32\pqttp.dat
c:\windows\system32\puprt.dat
c:\windows\system32\pvtva.dat
c:\windows\system32\pzgpe.dat
c:\windows\system32\qbrfx.dat
c:\windows\system32\qdxum.dat
c:\windows\system32\qkgjl.dat
c:\windows\system32\qmfxn.dat
c:\windows\system32\qpnhm.dat
c:\windows\system32\qrtcx.dat
c:\windows\system32\qtgzt.dat
c:\windows\system32\qutco.dat
c:\windows\system32\rgtnj.dat
c:\windows\system32\rgtow.dat
c:\windows\system32\riacz.dat
c:\windows\system32\rpfjl.dat
c:\windows\system32\rspjt.dat
c:\windows\system32\rvkzx.dat
c:\windows\system32\rxhca.dat
c:\windows\system32\skecv.dat
c:\windows\system32\sknuy.dat
c:\windows\system32\skqye.dat
c:\windows\system32\svqlo.dat
c:\windows\system32\svwyh.dat
c:\windows\system32\sysdo.dll
c:\windows\system32\taptz.dat
c:\windows\system32\tbjlv.dat
c:\windows\system32\tfbar.dat
c:\windows\system32\tjqzt.dat
c:\windows\system32\tnrgz.dat
c:\windows\system32\trdmb.dat
c:\windows\system32\ttnpo.dat
c:\windows\system32\ttwsp.dat
c:\windows\system32\tvpyw.dat
c:\windows\system32\twuzy.dat
c:\windows\system32\tyjst.dat
c:\windows\system32\uhnnt.dat
c:\windows\system32\upsgz.dat
c:\windows\system32\urnze.dat
c:\windows\system32\urvhf.dat
c:\windows\system32\uvbkf.dat
c:\windows\system32\uvxgi.dat
c:\windows\system32\vffoc.dat
c:\windows\system32\vmhre.dat
c:\windows\system32\vqcbm.dat
c:\windows\system32\vrgdi.dat
c:\windows\system32\vsboc.dat
c:\windows\system32\vszmi.dat
c:\windows\system32\wccms.dat
c:\windows\system32\wedfg.dat
c:\windows\system32\wekkd.dat
c:\windows\system32\widlm.dat
c:\windows\system32\wingy.dll
c:\windows\system32\wivwd.dat
c:\windows\system32\wnkpd.dat
c:\windows\system32\wwflx.dat
c:\windows\system32\wxizu.dat
c:\windows\system32\xasly.dat
c:\windows\system32\xatzc.dat
c:\windows\system32\xgwfo.dat
c:\windows\system32\xmgxx.dat
c:\windows\system32\xrybp.dat
c:\windows\system32\xthbo.dat
c:\windows\system32\xtncl.dat
c:\windows\system32\xxyzg.dat
c:\windows\system32\ykxib.dat
c:\windows\system32\ynrde.dat
c:\windows\system32\yqpie.dat
c:\windows\system32\ytmfu.dat
c:\windows\system32\zbcqv.dat
c:\windows\system32\zfbzr.dat
c:\windows\system32\zfmnk.dat
c:\windows\system32\zkfqq.dat
c:\windows\system32\zpoer.dat
c:\windows\system32\zrvud.dat
c:\windows\system32\zsjhu.dat
c:\windows\system32\zuaju.dat
c:\windows\system32\zvppr.dat
c:\windows\system32\zyxbs.dat

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{003156AA-B2AD-54C8-CF6D-1C992B937149}\Data]
@DACL=(02 0000)
@=hex:cd,18,c1,cd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00317A0E-1167-6D33-BFED-F012365FE844}\Data]
@DACL=(02 0000)
@=hex:74,3e,48,ca,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{011D0D79-1BD4-5167-DD32-029CC16A44CD}\Data]
@DACL=(02 0000)
@=hex:b2,06,61,17,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05B6EF02-FA16-A604-30E6-60FD64B064E4}\Data]
@DACL=(02 0000)
@=hex:53,ce,e9,5d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05B938F9-A35C-7FA5-AF7A-6515461F6EC5}\Data]
@DACL=(02 0000)
@=hex:f1,21,8f,5b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DA21C0-E89B-F673-539B-7408A5D9D6BF}\Data]
@DACL=(02 0000)
@=hex:d0,98,34,93,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{060E35E9-E407-EE2E-E95E-803984534324}\Data]
@DACL=(02 0000)
@=hex:5f,c0,fe,47,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0633A0E3-289A-7FC6-E116-FE2F8F786A3E}\Data]
@DACL=(02 0000)
@=hex:de,97,57,8c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0706312F-18E9-5AD9-3C66-187E150ABB2C}\Data]
@DACL=(02 0000)
@=hex:16,75,5b,36,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{070C0DA5-4571-4CFF-83F7-EC2132306285}\Data]
@DACL=(02 0000)
@=hex:99,ee,55,4f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08211965-D6A7-563C-FBDA-97E9626FA453}\Data]
@DACL=(02 0000)
@=hex:cf,e7,71,7f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0869D97A-D55F-0AF8-F956-F989A8B9E4F7}\Data]
@DACL=(02 0000)
@=hex:e6,6b,20,fc,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{088042C1-CF32-5709-F987-88BB55DF78A1}\Data]
@DACL=(02 0000)
@=hex:15,4b,e2,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08825590-1EFE-F0CD-6E7D-483B9B36E236}\Data]
@DACL=(02 0000)
@=hex:34,f7,b3,2b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{089822DD-A09F-FC5F-3372-8ED9AEC3F610}\Data]
@DACL=(02 0000)
@=hex:80,6d,49,0a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08A3F77E-B372-3B7C-92A6-F7BB57030BB6}\Data]
@DACL=(02 0000)
@=hex:f4,c5,a7,79,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0ADEDB63-B002-AD03-B35E-50A7032C9436}\Data]
@DACL=(02 0000)
@=hex:1d,b3,85,fd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0AEDFC8E-8254-1A42-22CC-200340F96270}\Data]
@DACL=(02 0000)
@=hex:00,68,e7,65,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E38DF3A-AB9F-0EFB-7061-A012D46F8C4F}\Data]
@DACL=(02 0000)
@=hex:66,63,4a,9c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F4FEF32-24AB-4CBF-ABBD-BBE0F286420F}\Data]
@DACL=(02 0000)
@=hex:ec,bb,e1,e7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F70277D-289E-55DF-CC2E-2ED795705AF8}\Data]
@DACL=(02 0000)
@=hex:b7,1a,21,8d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F8C2FF8-B84B-1234-32EF-FBA2FFCC592C}\Data]
@DACL=(02 0000)
@=hex:8f,38,98,30,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F8C4166-6513-FF22-D406-84A3652D603F}\Data]
@DACL=(02 0000)
@=hex:7b,77,06,5b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0FD58A22-5C44-FB03-1D4D-5C4F484499A9}\Data]
@DACL=(02 0000)
@=hex:ce,3e,8a,bd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{10E20286-B1F5-A99E-11C9-404DF4478A40}\Data]
@DACL=(02 0000)
@=hex:42,48,24,6e,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11897CC4-53D0-91EC-CD00-264D5155B63E}\Data]
@DACL=(02 0000)
@=hex:bc,6f,d2,6c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{12F72849-7A03-E428-0E12-0915087880FF}\Data]
@DACL=(02 0000)
@=hex:64,d8,f3,96,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13B86F72-7AF8-F8F0-286D-B850DB32EB1A}\Data]
@DACL=(02 0000)
@=hex:ab,86,fe,4e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13DBCABB-FD7C-1611-67C2-375DB0BAA138}\Data]
@DACL=(02 0000)
@=hex:28,f9,83,12,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13DFFD82-94B1-31CB-5C0B-300B9E37563F}\Data]
@DACL=(02 0000)
@=hex:0b,6a,f0,a6,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{153D10FB-F24E-58A4-1F55-99D6BD7AC8CA}\Data]
@DACL=(02 0000)
@=hex:ed,b0,03,78,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1611C67C-0375-B0BA-1389-98A68565F1BE}\Data]
@DACL=(02 0000)
@=hex:ce,18,a2,7f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1760E281-B7CE-24A2-166B-0B9F9BB7B8A9}\Data]
@DACL=(02 0000)
@=hex:12,18,b0,82,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{193E2789-81D0-3180-EBA7-955C06C40ED9}\Data]
@DACL=(02 0000)
@=hex:c4,4d,c8,23,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19C147DB-0AAE-4BC9-7FA4-0291F21C5F33}\Data]
@DACL=(02 0000)
@=hex:1c,e9,e6,e2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A21E60F-9064-1C70-8695-1C8674404125}\Data]
@DACL=(02 0000)
@=hex:12,a1,26,e3,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A3B9D49-1BA6-22D5-70F3-83C12EB31BE0}\Data]
@DACL=(02 0000)
@=hex:f3,3c,8a,44,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1B05716B-5FEA-54F5-0792-D4CE74369E8C}\Data]
@DACL=(02 0000)
@=hex:60,f8,04,6d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1BA9C0B2-7943-49BF-324C-FCAC5D057D6B}\Data]
@DACL=(02 0000)
@=hex:d5,83,ad,eb,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E8697B6-26C9-2DA4-515E-46E06F539C21}\Data]
@DACL=(02 0000)
@=hex:45,23,36,97,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1F225369-7AA5-B038-7715-1A0FBA6C875B}\Data]
@DACL=(02 0000)
@=hex:c1,bb,67,b6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1F2866A1-B3DE-97B8-4F2D-4A3C69C0ADD2}\Data]
@DACL=(02 0000)
@=hex:d7,99,37,e1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1F6B2AC9-8A18-97CC-C47B-CBBFB1EDBEF1}\Data]
@DACL=(02 0000)
@=hex:3a,4c,16,e3,aa,b9,ec,18,3b,00,e6,60,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1FA8DD65-B759-EB84-82D3-FD7C166E0ADA}\Data]
@DACL=(02 0000)
@=hex:8f,2c,08,4b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{207A8AD9-ECE4-DF9B-BAA6-47B4EB313BB1}\Data]
@DACL=(02 0000)
@=hex:3a,f1,d1,d7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{211BAA46-C3ED-E094-9CD9-1EF320595598}\Data]
@DACL=(02 0000)
@=hex:42,d9,bf,a8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{21289821-2649-FC5C-A0CD-7655D127CAC4}\Data]
@DACL=(02 0000)
@=hex:37,ea,2f,8b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{213EABCA-F47E-1BF9-B36D-049B7ADFEE6C}\Data]
@DACL=(02 0000)
@=hex:8c,e6,b1,16,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{21E6263F-2874-5A1C-6D04-EE75E88DF9A5}\Data]
@DACL=(02 0000)
@=hex:92,51,dc,ff,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2338B0A0-E6CD-B110-CFEA-3A0EFB09319C}\Data]
@DACL=(02 0000)
@=hex:1b,ca,a6,98,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23456A5B-81B1-B867-389A-B86F961B8573}\Data]
@DACL=(02 0000)
@=hex:4c,1a,6c,75,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{239909EF-A930-14A8-86CB-3552F80A8F71}\Data]
@DACL=(02 0000)
@=hex:0a,0c,17,e5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23DA50CE-1A25-2F1D-13E6-38C10B86A8F2}\Data]
@DACL=(02 0000)
@=hex:90,a5,24,68,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23F257E0-B066-AEB7-2685-85F0FCB6FA44}\Data]
@DACL=(02 0000)
@=hex:71,91,1d,9f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24E41A18-2315-5AAF-A8B7-7F94E6B27A67}\Data]
@DACL=(02 0000)
@=hex:8e,88,36,91,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{263D8EC6-3994-13AE-F18C-F072FE879294}\Data]
@DACL=(02 0000)
@=hex:6c,55,a8,60,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{278A4561-F3AF-BEC0-0916-B64763DD408A}\Data]
@DACL=(02 0000)
@=hex:49,b0,10,b8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27E2DB18-16CD-6D58-01D0-5369D7871013}\Data]
@DACL=(02 0000)
@=hex:96,20,5a,e2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2815DA3C-D289-035A-9DB6-347CF0FD05E7}\Data]
@DACL=(02 0000)
@=hex:4d,1a,cd,ad,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{29C196DF-2556-96EE-B27D-089B4B07F011}\Data]
@DACL=(02 0000)
@=hex:c9,b2,0e,e8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B33EA89-1D32-F522-553E-7D97ADB095BC}\Data]
@DACL=(02 0000)
@=hex:12,a2,57,3b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B56AA49-1949-09E1-63C4-F9A683F6EB92}\Data]
@DACL=(02 0000)
@=hex:dd,b3,80,e5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2CD07202-010F-F43B-5FF3-91C29B34AAF2}\Data]
@DACL=(02 0000)
@=hex:8e,3e,89,b5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EDD9108-F5D8-936A-8F9A-116CB847DCC0}\Data]
@DACL=(02 0000)
@=hex:59,c1,88,4e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2F8C43D7-9152-5DC8-F181-CA137FA22D8D}\Data]
@DACL=(02 0000)
@=hex:a9,f1,bf,f2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2FA8D287-38B2-1A13-9791-B664BD6315FF}\Data]
@DACL=(02 0000)
@=hex:8c,4a,0c,46,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2FEADC72-1B9D-0091-9E66-846197ADA43C}\Data]
@DACL=(02 0000)
@=hex:82,61,20,f1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3122ABBE-6828-8CEE-E5A1-60205805E8A5}\Data]
@DACL=(02 0000)
@=hex:f6,ab,20,fe,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{314309C8-8EB8-0650-32D6-81AE926F9A91}\Data]
@DACL=(02 0000)
@=hex:40,5d,2d,49,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{321E7DB5-7E69-6B08-ECF4-9FA71DECEBE5}\Data]
@DACL=(02 0000)
@=hex:5f,25,6f,2d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{35130E3B-2B48-9402-5711-16A74CA12FA4}\Data]
@DACL=(02 0000)
@=hex:07,7e,db,f9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{35D08C8B-50E3-5651-1681-D29FD49A9792}\Data]
@DACL=(02 0000)
@=hex:d5,23,82,cb,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{36827DEF-5DA1-1232-9B01-AAF544A94E07}\Data]
@DACL=(02 0000)
@=hex:08,19,eb,45,0e,1f,ac,d8,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3683F4A4-452A-6A66-D6CC-10F0E17747CC}\Data]
@DACL=(02 0000)
@=hex:44,5c,c0,32,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38683242-D589-5595-2821-3BE52429FEC3}\Data]
@DACL=(02 0000)
@=hex:5f,f7,76,70,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3A140E08-C802-67B8-809D-CF1DF9C20041}\Data]
@DACL=(02 0000)
@=hex:f2,2f,07,9a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3B9B5DF7-2AB9-16A6-4505-78AF14014B28}\Data]
@DACL=(02 0000)
@=hex:5c,88,0a,34,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3C7704C7-84F0-0346-63DA-6FA2CBE71EAC}\Data]
@DACL=(02 0000)
@=hex:41,76,4a,a1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3E674149-0E42-9847-49E1-A9DB0541FE7F}\Data]
@DACL=(02 0000)
@=hex:8d,5d,c6,4d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{41A0091F-BE0B-897D-16F8-5BD81668DD3F}\Data]
@DACL=(02 0000)
@=hex:ee,bc,93,f9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{41F1A433-B7E7-03CB-D4E6-C0B589B85E13}\Data]
@DACL=(02 0000)
@=hex:5c,fa,7c,2e,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42AC88EC-BEB7-7FA3-C151-FBC57C0E2E10}\Data]
@DACL=(02 0000)
@=hex:4e,5c,00,34,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42B4125A-8456-E674-1EAB-F008B3833B7C}\Data]
@DACL=(02 0000)
@=hex:df,9b,77,8c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42B625C4-F206-ADFA-4FA4-AC97FDC73591}\Data]
@DACL=(02 0000)
@=hex:74,69,00,19,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4410D8C5-0277-7086-4641-DD5178D4D6ED}\Data]
@DACL=(02 0000)
@=hex:ca,0c,12,fd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4478A40E-095C-9113-16CA-AAE4FCB0841A}\Data]
@DACL=(02 0000)
@=hex:09,b8,7f,c0,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44B5655E-B38E-E722-41EB-6C29C0B4E29C}\Data]
@DACL=(02 0000)
@=hex:19,d3,2f,fa,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44D535F2-FECD-125A-C19F-C5AAC1173651}\Data]
@DACL=(02 0000)
@=hex:3b,56,6e,a2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{455F2285-1668-E95D-E12C-6550E033EB3C}\Data]
@DACL=(02 0000)
@=hex:1d,e5,c6,e2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46015205-9C0D-68F5-0714-0BA8A0DA3C56}\Data]
@DACL=(02 0000)
@=hex:3c,6d,23,5b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{462883E9-9869-878F-6A41-D6CA207B325B}\Data]
@DACL=(02 0000)
@=hex:a7,df,1f,0f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{480F3093-85F1-45A2-F3FD-5DC8ECE8C707}\Data]
@DACL=(02 0000)
@=hex:d6,97,cd,eb,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{486FB334-9056-7058-15E8-1E8523A2C936}\Data]
@DACL=(02 0000)
@=hex:80,68,e1,75,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4907C9FA-B308-2D69-C19A-9B28CC732FD5}\Data]
@DACL=(02 0000)
@=hex:2b,9c,8f,5f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{491E5956-61DF-54EE-988E-824B10E67852}\Data]
@DACL=(02 0000)
@=hex:d0,44,23,57,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4AA78A1C-2787-A2EF-75B3-675D072C942A}\Data]
@DACL=(02 0000)
@=hex:f7,e8,32,d3,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4AAFEDF6-1929-789B-05C6-5C1430ADEC3B}\Data]
@DACL=(02 0000)
@=hex:43,67,88,91,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B02E42A-B623-F767-2CF1-00AA0DD56907}\Data]
@DACL=(02 0000)
@=hex:1c,8c,14,c4,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C8A9B6F-E22A-47B8-3681-57CF60399D4A}\Data]
@DACL=(02 0000)
@=hex:f3,2f,1d,b7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4CA15212-241D-83F9-8520-4D56D83D2C0D}\Data]
@DACL=(02 0000)
@=hex:df,fe,f5,2a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4CD05B77-C677-4D01-5562-25BA68012376}\Data]
@DACL=(02 0000)
@=hex:8b,08,18,30,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D3F045A-9870-CF55-CF30-851993A3AF6F}\Data]
@DACL=(02 0000)
@=hex:64,cd,fe,1d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4E13D08B-8C7F-2D80-572A-D6E907D83EB5}\Data]
@DACL=(02 0000)
@=hex:31,20,86,63,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4F8547B7-04B0-41F9-47AE-F8C66702847B}\Data]
@DACL=(02 0000)
@=hex:db,f1,7a,67,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{50AA68D1-B792-9F1D-0E5A-E28E5958CC5B}\Data]
@DACL=(02 0000)
@=hex:73,f7,f6,68,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{518EB567-DF6D-E619-33DD-0FC405C8EE7D}\Data]
@DACL=(02 0000)
@=hex:5f,9a,7a,b4,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52BC631D-9C1A-0E41-A49D-4D4FD49D830C}\Data]
@DACL=(02 0000)
@=hex:cf,09,03,fd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52CABB3E-124F-55F3-EBCE-849CB9B62629}\Data]
@DACL=(02 0000)
@=hex:28,88,e6,60,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{545644A9-6FBE-18E7-255E-29EE10D8F3B7}\Data]
@DACL=(02 0000)
@=hex:7a,41,31,d6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{579C9366-3B77-3148-9401-BD4A5AAEAFE9}\Data]
@DACL=(02 0000)
@=hex:96,d3,4c,ad,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5883D979-5C1C-5AE9-C370-C39713BB8756}\Data]
@DACL=(02 0000)
@=hex:e6,93,4e,a3,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5959ADFC-13B9-0878-F99E-A0FDEE627DB4}\Data]
@DACL=(02 0000)
@=hex:d0,d9,8e,15,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5966FB2A-7126-2ECE-BB59-C94BE0786C01}\Data]
@DACL=(02 0000)
@=hex:3d,c1,9e,96,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5A1B061E-B088-9A88-3986-A4314318D27D}\Data]
@DACL=(02 0000)
@=hex:7b,4d,82,54,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AEC6D87-81A5-CABA-02D9-FCDF82279EFC}\Data]
@DACL=(02 0000)
@=hex:93,58,b0,df,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AF56848-9589-C8BE-DA68-602B3E69097E}\Data]
@DACL=(02 0000)
@=hex:c2,93,c7,b5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B81957C-668C-8DEE-B1F0-B56CE783D0E2}\Data]
@DACL=(02 0000)
@=hex:da,c2,55,2a,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5BCF260F-C801-D6F7-224D-7118C2A58518}\Data]
@DACL=(02 0000)
@=hex:cd,42,32,b6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5BDA8F14-8D6E-4411-DA8D-85E7E2FB3515}\Data]
@DACL=(02 0000)
@=hex:7d,32,8b,d1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C74F9CB-19A6-7A1A-EAF6-EB84A7061D05}\Data]
@DACL=(02 0000)
@=hex:ee,8b,d7,c1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5FF0D81A-2868-9B2D-7596-9078825C8E9F}\Data]
@DACL=(02 0000)
@=hex:47,bb,21,a4,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{62883FE9-57A7-4A38-F908-7FA3F3C59429}\Data]
@DACL=(02 0000)
@=hex:58,3a,8d,87,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{647DE399-C4EF-5619-7DFB-9F7343092A93}\Data]
@DACL=(02 0000)
@=hex:d7,96,7c,41,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{65518F0E-6F20-A94E-4B12-DBCBCE4D00AD}\Data]
@DACL=(02 0000)
@=hex:87,4e,10,0a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66BC6227-B851-2929-8008-EE055DC63DBF}\Data]
@DACL=(02 0000)
@=hex:72,13,90,0a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66E7A648-A2D0-B506-715E-8D564D8364C2}\Data]
@DACL=(02 0000)
@=hex:ba,fb,a3,f7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66F47A0F-B4AA-B23E-011C-BD3F255CFC72}\Data]
@DACL=(02 0000)
@=hex:1c,fc,c3,39,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{683C0904-4E3B-FF6C-DF50-A97D77AA4848}\Data]
@DACL=(02 0000)
@=hex:00,18,80,27,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68EDD3F4-E8AE-FD59-74FA-262316976262}\Data]
@DACL=(02 0000)
@=hex:ff,79,41,4b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{690AE5A5-30DF-49AA-A2D5-D127DD764CB9}\Data]
@DACL=(02 0000)
@=hex:da,ce,0a,bf,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6ABE16EC-2865-6757-E089-B1FF48266EC5}\Data]
@DACL=(02 0000)
@=hex:b6,a2,43,a6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6C2A592C-2CEB-91F6-ABFC-8A6CAA196309}\Data]
@DACL=(02 0000)
@=hex:65,d1,09,49,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6C5AC397-D3E6-AE0D-3232-74CC2A71FDD4}\Data]
@DACL=(02 0000)
@=hex:61,33,48,c3,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6C7405AE-7CE7-A0CE-827C-F77DFA449D8D}\Data]
@DACL=(02 0000)
@=hex:d7,94,64,01,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6D01EBAA-6F3D-AC66-928F-DB23263E8763}\Data]
@DACL=(02 0000)
@=hex:d2,80,74,93,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6EE2D228-8C47-2595-45FB-1B7594A547E9}\Data]
@DACL=(02 0000)
@=hex:6c,ba,7d,28,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6F75ABBF-6008-EDA7-8453-2ADF8601ADFA}\Data]
@DACL=(02 0000)
@=hex:60,e9,e9,49,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{705AF3C3-2AF7-A829-0D6E-3F1C89AED034}\Data]
@DACL=(02 0000)
@=hex:ab,b6,71,f1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{70AADA51-3691-0336-8370-F073BF05AD05}\Data]
@DACL=(02 0000)
@=hex:36,e3,43,ab,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7239C462-6987-5177-AF61-FF4790041E7B}\Data]
@DACL=(02 0000)
@=hex:09,fd,4a,6d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{736A732C-C2C9-6CE6-0C3D-D550CF0B4ECE}\Data]
@DACL=(02 0000)
@=hex:84,5b,e3,ea,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73979FA3-E867-BFB9-AA46-E8A731179278}\Data]
@DACL=(02 0000)
@=hex:ce,00,20,15,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77787939-7B32-FD56-1833-EB1926FA4037}\Data]
@DACL=(02 0000)
@=hex:02,66,34,51,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7790970B-045A-8315-AD99-9B58C454F8FB}\Data]
@DACL=(02 0000)
@=hex:cf,3c,86,c0,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{795866A4-7064-4539-4538-2E6CC15F4BED}\Data]
@DACL=(02 0000)
@=hex:b0,08,da,5a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7ABEDA97-ADE8-D564-C19A-4D6D0E15F0CE}\Data]
@DACL=(02 0000)
@=hex:82,68,a2,c1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B61A44B-C8DE-8A2F-B354-D2C3D1FB42C1}\Data]
@DACL=(02 0000)
@=hex:c9,72,b2,b6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DA66F9C-7B7A-E161-BC1A-CC732D89BEB8}\Data]
@DACL=(02 0000)
@=hex:7a,75,80,8b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DB64B28-1BB0-D8F6-CB9A-E8FB11BD47AD}\Data]
@DACL=(02 0000)
@=hex:d3,4f,e9,a6,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DD77B7C-9B84-72EE-BD55-4F770792CF55}\Data]
@DACL=(02 0000)
@=hex:bb,4c,8b,6c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DD85366-D791-988B-E591-E8766F46FA72}\Data]
@DACL=(02 0000)
@=hex:45,83,c9,c7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7E5F5339-B261-84B1-0AA2-D4064BFC8CA4}\Data]
@DACL=(02 0000)
@=hex:c3,48,49,69,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81815AAF-40F8-9C53-D04B-0430B91F30D4}\Data]
@DACL=(02 0000)
@=hex:02,69,bd,c9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8201E624-ECFD-6E0B-6630-9DA805DE083C}\Data]
@DACL=(02 0000)
@=hex:1a,f8,40,b7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8258FCB9-0CCF-8860-C3BB-B33CA3C0AD26}\Data]
@DACL=(02 0000)
@=hex:bb,56,68,b2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{827CDFA8-77CD-EDA5-3DCB-A73515055C0A}\Data]
@DACL=(02 0000)
@=hex:74,0c,c3,15,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{846C9BB6-DD44-7AC5-7649-16F81934AA00}\Data]
@DACL=(02 0000)
@=hex:a1,a3,02,ea,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{85C18F99-A819-E47E-9A0F-6E941AC13B95}\Data]
@DACL=(02 0000)
@=hex:de,91,47,0c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{870648F5-A8C2-1F23-347C-0DCED1F54785}\Data]
@DACL=(02 0000)
@=hex:d4,ad,ac,53,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{87716C8D-8534-BE5D-802D-4FD4A93168DF}\Data]
@DACL=(02 0000)
@=hex:c1,d2,0e,e9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{880FB29E-7E3C-ECF4-5735-4595B6AFF507}\Data]
@DACL=(02 0000)
@=hex:0c,17,eb,9d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{88270939-C5E8-9399-CE8C-ADD58CA09BD0}\Data]
@DACL=(02 0000)
@=hex:27,39,3b,e8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{883EDD1C-FC42-B1BC-75A1-920AD1D28523}\Data]
@DACL=(02 0000)
@=hex:1a,81,d2,fc,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8A766F6D-09E0-FC95-E63C-ECC0B49DBF51}\Data]
@DACL=(02 0000)
@=hex:43,62,90,51,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8D24EEA0-CCFD-2662-E69E-084B8B29DD85}\Data]
@DACL=(02 0000)
@=hex:4a,08,a0,d0,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8EAC964B-D91F-48F1-342B-7350D99F7128}\Data]
@DACL=(02 0000)
@=hex:ab,8a,a1,8e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F6D58EB-15A7-77E6-8F75-0C0FC6A733D0}\Data]
@DACL=(02 0000)
@=hex:fd,1f,dc,03,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{936AA364-95C3-AB06-8422-C5C12E153660}\Data]
@DACL=(02 0000)
@=hex:14,8a,97,3b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93FD03BB-BE2C-90D0-AFDC-EEA007E4254F}\Data]
@DACL=(02 0000)
@=hex:89,15,40,f0,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9567AEAF-59B7-5E8B-8F6C-5DD2344A72B3}\Data]
@DACL=(02 0000)
@=hex:ae,08,37,95,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9569D48E-2631-2D7C-A1D5-EDFA9B5AF4E1}\Data]
@DACL=(02 0000)
@=hex:ea,fb,56,df,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{97B85424-A22C-7E96-248F-F26E0CF0CBAC}\Data]
@DACL=(02 0000)
@=hex:c1,b3,4f,d7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98909ED7-3145-0593-2AEE-10D89F00BB4A}\Data]
@DACL=(02 0000)
@=hex:5f,c3,8f,9f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{994EAEDC-92B3-674C-EDD3-1C0AF1A726C5}\Data]
@DACL=(02 0000)
@=hex:e0,9f,91,83,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{99DB325C-EB88-33C3-7785-032CC2FC713B}\Data]
@DACL=(02 0000)
@=hex:93,93,0d,8e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9B27E389-B149-C2C8-758A-5712FE0B7F18}\Data]
@DACL=(02 0000)
@=hex:99,3e,58,1f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EFEF168-F265-5E63-FBC7-0122855E363D}\Data]
@DACL=(02 0000)
@=hex:16,ea,de,e0,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A1478393-27A6-A004-43B7-4A801508772A}\Data]
@DACL=(02 0000)
@=hex:70,28,73,94,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A19B27CF-5741-F8BA-D784-95739AD24FF8}\Data]
@DACL=(02 0000)
@=hex:b8,a4,21,5a,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A20292C9-BD8C-E2B5-6F9D-C1152381C653}\Data]
@DACL=(02 0000)
@=hex:70,f4,2d,49,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A206270B-3B8E-21AB-50B8-F1BFEE958D1C}\Data]
@DACL=(02 0000)
@=hex:2d,9c,df,21,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A242E683-72B0-E8A6-630D-7874F7A00AAC}\Data]
@DACL=(02 0000)
@=hex:80,6b,63,ea,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A2E1E8EF-A233-A236-1447-601D29FC6909}\Data]
@DACL=(02 0000)
@=hex:7f,75,6f,34,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A30060E0-10B2-647D-4800-6D1C8285DCB5}\Data]
@DACL=(02 0000)
@=hex:0c,2f,d5,7a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A3952B4F-6785-CB92-AF25-B6F52EFA13B8}\Data]
@DACL=(02 0000)
@=hex:bd,a9,fd,f9,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A39786E1-B3F2-5AA0-9792-D30FF78E0B7B}\Data]
@DACL=(02 0000)
@=hex:6f,ba,24,96,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A398989A-7094-BD9E-0E29-9F952B2594B4}\Data]
@DACL=(02 0000)
@=hex:02,23,ca,bf,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A455DF6A-761C-84AC-C452-CF3486D353ED}\Data]
@DACL=(02 0000)
@=hex:52,9f,56,06,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A46FE085-9CBD-B597-DCBB-7280E33BA470}\Data]
@DACL=(02 0000)
@=hex:e3,e6,fd,47,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4838A56-770B-27B8-30FD-9B8732D6F5CE}\Data]
@DACL=(02 0000)
@=hex:c4,72,f1,4c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4AD3539-0968-3993-50E7-E0C21F34AD58}\Data]
@DACL=(02 0000)
@=hex:2f,99,c8,4c,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A5E6515E-9C3E-E2CD-B7B0-711BBF65D8E5}\Data]
@DACL=(02 0000)
@=hex:b1,04,fa,5a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A66CEBC1-5091-681D-D6F4-0AA0F961E0C3}\Data]
@DACL=(02 0000)
@=hex:7d,65,1d,ab,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6CD064A-8D58-DA2B-316A-5BE3A2FBF453}\Data]
@DACL=(02 0000)
@=hex:0a,f3,c2,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A771213E-BCAA-47E6-BF98-36D9049B7ADF}\Data]
@DACL=(02 0000)
@=hex:48,7f,96,96,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A97C0AE7-B4EF-5E62-D831-7DD175E72CE4}\Data]
@DACL=(02 0000)
@=hex:08,17,f6,60,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA1485D7-515B-7E22-9DA5-B4E151317124}\Data]
@DACL=(02 0000)
@=hex:5a,c0,20,d2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA1795A0-6BE1-73AF-E66B-ED071FF52D80}\Data]
@DACL=(02 0000)
@=hex:20,ea,fe,21,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA2FD1E9-7BAB-3225-E2A7-8FCEAC3D101F}\Data]
@DACL=(02 0000)
@=hex:80,7d,4b,2b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB6F81AC-6C76-BCBF-C021-1BA9321DF5F0}\Data]
@DACL=(02 0000)
@=hex:37,17,29,f7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABB1F3FE-0E46-961D-2C61-119316FBD320}\Data]
@DACL=(02 0000)
@=hex:1b,ce,0e,a2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD1C10AB-B823-DD59-CC22-04E0B321DD28}\Data]
@DACL=(02 0000)
@=hex:68,9b,6e,9c,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADA45152-8EDB-2B5B-A957-F9E2AA68F8F1}\Data]
@DACL=(02 0000)
@=hex:8f,3f,1e,0a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF3C2F1D-02C2-9C3D-C522-16029F5CFF17}\Data]
@DACL=(02 0000)
@=hex:1b,cb,aa,b8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF4B5B80-CD07-0D06-FD03-077EBB4D0093}\Data]
@DACL=(02 0000)
@=hex:74,f5,a8,63,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B01F41A6-DABC-F76F-4F6D-43DD757CDBEB}\Data]
@DACL=(02 0000)
@=hex:33,2f,1f,a7,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B1E7A707-24E5-6544-421B-A738C2B36E3A}\Data]
@DACL=(02 0000)
@=hex:d1,92,04,13,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B1EBC237-3650-5E5C-6534-F15F6F9B3DC7}\Data]
@DACL=(02 0000)
@=hex:0d,32,1f,24,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B26E180E-6248-2EE2-55AE-C6CB785F21C4}\Data]
@DACL=(02 0000)
@=hex:9d,4b,ed,b2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B3490904-F3B6-8EA1-180E-4FB2A9AA166D}\Data]
@DACL=(02 0000)
@=hex:96,9e,89,b6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B37705C6-291F-4773-8C96-959FCAEC0B3D}\Data]
@DACL=(02 0000)
@=hex:87,6d,1d,0c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B4E22C18-C24F-5AC9-DC7D-49DCB6FB2E34}\Data]
@DACL=(02 0000)
@=hex:72,2e,0d,aa,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5BD7347-E7F1-E898-884B-31D57750CDD6}\Data]
@DACL=(02 0000)
@=hex:91,a2,99,37,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B7D83F45-8F8F-FC34-07CB-44D764802089}\Data]
@DACL=(02 0000)
@=hex:42,61,22,e1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BA97183C-849F-18AC-10FF-F7B7B52D6B07}\Data]
@DACL=(02 0000)
@=hex:7c,6c,25,6b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BAC97FD6-988F-B852-8955-5E97D09318F5}\Data]
@DACL=(02 0000)
@=hex:ab,8f,0c,8c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BAEA961E-A27E-4D7B-55F3-039B88D04CC3}\Data]
@DACL=(02 0000)
@=hex:62,dc,43,60,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BB129335-868B-4EFA-0F1E-40591E407F29}\Data]
@DACL=(02 0000)
@=hex:86,29,cc,92,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC875B7F-F1B9-A5C3-79CC-74EFBDC1B14B}\Data]
@DACL=(02 0000)
@=hex:b4,3e,4a,da,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD0D794C-2A97-758D-4064-04F8F30CC376}\Data]
@DACL=(02 0000)
@=hex:77,1d,91,d7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDA699FB-0E8D-A0B8-53AB-A0FCE79D4801}\Data]
@DACL=(02 0000)
@=hex:df,ef,1f,21,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDA8AF27-D057-4727-6CE7-CFF4CE61A0FD}\Data]
@DACL=(02 0000)
@=hex:43,61,83,39,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BE11BEE1-13AF-C553-014B-E5A1433E7C91}\Data]
@DACL=(02 0000)
@=hex:85,eb,ed,b1,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C092BF96-AD27-8A9E-E146-A21BCEAC4EC3}\Data]
@DACL=(02 0000)
@=hex:ae,b5,bc,0c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C0C3A22C-1EB7-A108-F824-1678C8D550B4}\Data]
@DACL=(02 0000)
@=hex:70,39,e9,4a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2B02E4F-20EE-6A77-E92C-429B284CE8A2}\Data]
@DACL=(02 0000)
@=hex:30,2d,4e,1c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C375DE0D-F4D5-D76E-F451-DC7FECE368E5}\Data]
@DACL=(02 0000)
@=hex:34,2f,a5,37,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C489DBD0-D04C-21EA-33A1-50AEAAE893F1}\Data]
@DACL=(02 0000)
@=hex:af,98,cc,6c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5A0213F-9307-ECF1-A431-1EE7CE97B4D6}\Data]
@DACL=(02 0000)
@=hex:f0,28,e3,7b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5B507CE-7D99-C0A1-E430-1A0E0AEE7CEA}\Data]
@DACL=(02 0000)
@=hex:f7,2d,3c,6a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C6853EA9-44F9-8036-394C-7C3A396F3D33}\Data]
@DACL=(02 0000)
@=hex:f0,38,e3,7a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C6D86C28-57E7-AA77-D098-C622ABCA94EE}\Data]
@DACL=(02 0000)
@=hex:5e,d2,f1,ea,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C7CEA3E7-B58C-0117-58AA-8E0E57E0565E}\Data]
@DACL=(02 0000)
@=hex:8f,e7,72,77,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8B127F3-B154-FA38-4A64-BAAF01543DCD}\Data]
@DACL=(02 0000)
@=hex:c0,4b,e8,54,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA53A3A0-5446-9312-21AD-FC900350F307}\Data]
@DACL=(02 0000)
@=hex:d4,44,aa,5d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CAF6E144-63FF-5169-432A-A4605DE3B9A4}\Data]
@DACL=(02 0000)
@=hex:71,4e,56,32,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CB7D9C3B-E320-72B3-350D-7EFD4CB74CBF}\Data]
@DACL=(02 0000)
@=hex:17,96,79,59,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CC5B5524-AEF5-F97F-E4E0-90901289B58D}\Data]
@DACL=(02 0000)
@=hex:ce,0a,b1,4d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CDCBD6E1-BC0A-916F-85FA-99FE95DF6C93}\Data]
@DACL=(02 0000)
@=hex:31,06,f6,3a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CDFCC711-5B8F-E6AA-57FB-086AA2F5FF24}\Data]
@DACL=(02 0000)
@=hex:69,ab,49,91,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE40FC76-6F48-E648-5F16-33EAEF4DA9CF}\Data]
@DACL=(02 0000)
@=hex:1c,0b,0b,b7,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE4EFCA5-BE39-72B1-86A3-43F1C9A037D4}\Data]
@DACL=(02 0000)
@=hex:1a,a6,d7,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE651824-5BDB-88D0-0970-4A8B2D75C5CF}\Data]
@DACL=(02 0000)
@=hex:de,f2,ac,b2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE7F55BB-9429-AC8A-D9FC-39604EE56230}\Data]
@DACL=(02 0000)
@=hex:8c,29,6d,55,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE8C95DF-A478-EE5C-E911-BE35E557C173}\Data]
@DACL=(02 0000)
@=hex:b4,f7,b5,3b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CF1C66A5-22A7-AA44-A767-EB79B05C5F1B}\Data]
@DACL=(02 0000)
@=hex:58,c6,35,11,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D0D6BE2E-E16D-30E4-6140-15086986EAA0}\Data]
@DACL=(02 0000)
@=hex:19,71,1f,92,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D0F11F9D-010F-7B6C-277F-8B403827B543}\Data]
@DACL=(02 0000)
@=hex:22,8f,96,59,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D3392890-1389-1643-1819-1732118F3F2E}\Data]
@DACL=(02 0000)
@=hex:12,10,dc,f2,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D45F954C-7B53-AE0C-955A-307DD79D8456}\Data]
@DACL=(02 0000)
@=hex:53,48,fd,06,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D482621F-1486-6CD2-072D-057E621DEB3E}\Data]
@DACL=(02 0000)
@=hex:a8,8c,44,2f,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D483F779-88F1-B64C-AE92-0CF26F6DF69B}\Data]
@DACL=(02 0000)
@=hex:9f,0a,28,9e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D4B31A11-235C-CDFA-B340-99C85D991149}\Data]
@DACL=(02 0000)
@=hex:08,08,71,9b,55,18,3f,b2,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D5430FF5-3038-BE1F-1D1A-A6A44847B77B}\Data]
@DACL=(02 0000)
@=hex:c9,1d,df,d8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6A0E97F-3C18-7E5D-E033-44852E515B86}\Data]
@DACL=(02 0000)
@=hex:d1,d5,a7,0d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D7595883-DFA2-3BDB-61CA-458C65127F0F}\Data]
@DACL=(02 0000)
@=hex:25,90,90,9a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D75C75FF-652B-22AE-1729-0F2B93683D04}\Data]
@DACL=(02 0000)
@=hex:a6,f4,ec,6d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D77AA238-8668-ADE2-CE7F-738195A0AAF0}\Data]
@DACL=(02 0000)
@=hex:c8,1b,f6,1d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D883CF02-7708-B4A7-E427-6CDEDB30AD25}\Data]
@DACL=(02 0000)
@=hex:59,b7,a2,74,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D8F86D1C-DCB4-B7F0-F514-1EC3928A742B}\Data]
@DACL=(02 0000)
@=hex:3f,7c,97,e6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DBCAF7B9-90DE-F394-8B27-99397DB98475}\Data]
@DACL=(02 0000)
@=hex:ff,7f,1c,04,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DBF01E90-2654-1D4D-B857-B1C3A0B33591}\Data]
@DACL=(02 0000)
@=hex:39,42,9e,22,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DBF9F02E-3228-CEAC-5B78-70AE0D8E8BEE}\Data]
@DACL=(02 0000)
@=hex:ab,89,7e,bc,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE3AE878-C016-F46D-089A-80B24A7316D7}\Data]
@DACL=(02 0000)
@=hex:3d,30,90,99,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DF77D786-7899-DE17-AC07-FBA8FA5E3372}\Data]
@DACL=(02 0000)
@=hex:de,f7,cd,ea,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E090AF9D-5BB5-11AF-EDC8-3CFC8DED11EC}\Data]
@DACL=(02 0000)
@=hex:47,62,8d,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0DE07B5-173A-9E15-4265-8EB6D5A181DF}\Data]
@DACL=(02 0000)
@=hex:3a,3a,5f,e5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E1757CF5-D1DE-B6BF-7313-71B514B2709D}\Data]
@DACL=(02 0000)
@=hex:a0,f8,e0,70,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E205E8BE-1426-8D62-5E34-05957690AEAA}\Data]
@DACL=(02 0000)
@=hex:9b,ec,50,92,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E207CDC7-CD26-369D-78B0-1A236861EDFA}\Data]
@DACL=(02 0000)
@=hex:58,e4,67,df,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E2FB32C9-6AF0-5A3B-B9D4-A25BA620435F}\Data]
@DACL=(02 0000)
@=hex:44,2f,16,97,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E374D485-455A-EA4B-4D0D-A9597EFAF27B}\Data]
@DACL=(02 0000)
@=hex:bb,2b,f2,88,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4C88E14-FD45-090A-3D96-32FA4B4D451F}\Data]
@DACL=(02 0000)
@=hex:94,ac,a3,7b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4D353C5-F038-4827-9CDA-ABDCF49E5AB5}\Data]
@DACL=(02 0000)
@=hex:08,05,22,7b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6920846-E0DC-E37F-F605-C70C4779094B}\Data]
@DACL=(02 0000)
@=hex:27,d9,33,ff,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6B5BD9E-F3FF-E5A3-4B37-210B4F9B2CFF}\Data]
@DACL=(02 0000)
@=hex:7c,75,a0,75,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E7CE865F-83BD-8B29-E37E-2FF507C083A3}\Data]
@DACL=(02 0000)
@=hex:78,48,e5,6a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E85D9E44-13DD-F6F9-1A2F-57B4D4A67617}\Data]
@DACL=(02 0000)
@=hex:d7,f9,7d,fd,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E86BE419-1604-4EE0-BE0A-2F9928513BDC}\Data]
@DACL=(02 0000)
@=hex:eb,b2,6f,01,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8992FF6-B344-CB7A-C2FA-3478993CC962}\Data]
@DACL=(02 0000)
@=hex:c8,14,e7,18,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8A24F81-F9FE-B428-CFF6-913E5B4C1A5F}\Data]
@DACL=(02 0000)
@=hex:28,54,2e,42,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8A3A3D2-81BE-F4E1-1930-22B1DD3D9C09}\Data]
@DACL=(02 0000)
@=hex:bd,71,0c,52,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E904118E-1B8F-F317-ED73-F02C7E6CF6EE}\Data]
@DACL=(02 0000)
@=hex:82,d1,d6,c0,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E965124F-2039-AAE9-A8F3-6605F21AE8D3}\Data]
@DACL=(02 0000)
@=hex:ca,f1,df,f4,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EA0DBEF3-D854-011A-6794-0E147DB05646}\Data]
@DACL=(02 0000)
@=hex:f4,1c,c7,24,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EB3E405D-6CF7-0E4F-ADE3-5D1C4344CBB4}\Data]
@DACL=(02 0000)
@=hex:97,a5,9d,0e,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC241FF0-652E-A2FA-E684-F15E5A9719CD}\Data]
@DACL=(02 0000)
@=hex:35,01,03,5a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EDD3E282-0B47-94DB-61A8-0B24B04D83DD}\Data]
@DACL=(02 0000)
@=hex:5d,b3,86,f5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EE593523-B318-24B1-0D54-282F680B1C8C}\Data]
@DACL=(02 0000)
@=hex:96,af,d4,16,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EE68202E-7278-D318-0378-FD11A3F795EB}\Data]
@DACL=(02 0000)
@=hex:be,81,5d,fa,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EEFC9626-8F99-DFF8-B1E8-69F02800DA3C}\Data]
@DACL=(02 0000)
@=hex:1f,f8,3e,d8,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF00589F-4853-36A5-3704-A19633EDC95B}\Data]
@DACL=(02 0000)
@=hex:7d,72,1d,2a,9e,13,84,f5,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFE2401F-58EB-970A-B52C-25B8387442DA}\Data]
@DACL=(02 0000)
@=hex:8c,4f,14,86,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F19C092B-94D8-5E55-32D6-D05850CEB9A8}\Data]
@DACL=(02 0000)
@=hex:e9,90,5a,3c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F1AFF455-C4AD-46E3-1990-97F1E91C5B7B}\Data]
@DACL=(02 0000)
@=hex:d1,91,0c,53,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F309CC45-52CC-4EAB-BCBF-994374D3F452}\Data]
@DACL=(02 0000)
@=hex:44,7c,7c,f4,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F3A0E4F7-5A26-16D7-F285-82AF755C81E0}\Data]
@DACL=(02 0000)
@=hex:76,ab,26,ee,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F3C3DC70-25D1-3C6C-E10B-C6BF822AC5DA}\Data]
@DACL=(02 0000)
@=hex:8f,08,1e,e5,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F3E99352-A6A5-0406-6727-CC5DD480E2A3}\Data]
@DACL=(02 0000)
@=hex:79,72,03,06,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F3EEA195-AF3F-9ADD-4663-C16BCEDF8199}\Data]
@DACL=(02 0000)
@=hex:b7,22,9c,8a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F46D5586-D033-2927-E708-C4C5ADFCAD24}\Data]
@DACL=(02 0000)
@=hex:cf,59,7a,f6,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F4907C9F-9B30-22D6-7C19-69B28CC732FD}\Data]
@DACL=(02 0000)
@=hex:88,0b,f5,14,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F77B92FE-007F-550C-6210-910FC800897D}\Data]
@DACL=(02 0000)
@=hex:e2,d8,3d,30,e4,e4,68,2f,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F985E118-14A8-36FC-B2DB-957E8D850A8F}\Data]
@DACL=(02 0000)
@=hex:d5,29,f6,fb,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F99DA94E-8003-7D47-5B90-44A2088F5120}\Data]
@DACL=(02 0000)
@=hex:c8,1d,48,22,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F99FD3DD-B2A7-2E20-544D-4732FB1F2037}\Data]
@DACL=(02 0000)
@=hex:d3,b4,72,ff,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA9B33EE-6AA5-0861-55D2-E2A766D4C7CC}\Data]
@DACL=(02 0000)
@=hex:16,b9,ab,44,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB375D03-ADFB-A764-80E7-7750FF44A796}\Data]
@DACL=(02 0000)
@=hex:11,a1,8b,47,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FBD81A45-7D6E-CF78-2720-BF05C51B1F0E}\Data]
@DACL=(02 0000)
@=hex:10,af,57,58,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FC344FA8-CC15-2847-A8F1-50D9B4E50E70}\Data]
@DACL=(02 0000)
@=hex:04,4e,d9,5b,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FC72CC24-F754-BD19-FD0E-852C1775E57D}\Data]
@DACL=(02 0000)
@=hex:9e,4b,22,f3,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FC97DD7A-EAF3-5C15-ED04-6CBD8788DF3C}\Data]
@DACL=(02 0000)
@=hex:ea,bd,47,41,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FCBEFCA2-4337-C522-B757-2FED10040650}\Data]
@DACL=(02 0000)
@=hex:41,73,52,61,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FCEBB27B-4E18-DA71-68DF-31397091EAF8}\Data]
@DACL=(02 0000)
@=hex:b1,35,9f,ba,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FD3DA53B-7B48-41D2-9F9A-F137210DEFBA}\Data]
@DACL=(02 0000)
@=hex:e3,34,e4,1a,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE3D33D0-958B-2C94-A4A8-DB4A4566ED06}\Data]
@DACL=(02 0000)
@=hex:09,fe,5e,0d,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE91B9D4-3653-458A-EDE1-263E7454EF29}\Data]
@DACL=(02 0000)
@=hex:79,f9,71,ee,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEC37FE7-FCAF-0C3B-CBFE-983F52ABE09F}\Data]
@DACL=(02 0000)
@=hex:e2,52,c0,ac,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FF5B4CBC-CE93-4290-8860-69D7C23478BE}\Data]
@DACL=(02 0000)
@=hex:b3,f7,f3,70,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FF6D79FE-4452-C373-6850-EFD03145949C}\Data]
@DACL=(02 0000)
@=hex:8d,32,19,34,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FF8F3EAB-3991-A7D5-F170-5ED0347927A1}\Data]
@DACL=(02 0000)
@=hex:6c,ad,fe,1c,aa,b9,ec,18,0f,25,1a,8d,45,9d,e5,40,a2,93,00,00,00,00,00,00


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Kaptain Kurt

Kaptain Kurt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:09:38 PM

Posted 06 August 2009 - 07:58 AM

tea,
Followed instructions. Computer locked up when Windows was shutting down. Had to reset. Did I do something wrong? Should I run it again? Infostealer still detected by Norton when the computer boots up. Thanks, Kurt

ComboFix 09-08-04.03 - Kurt Rundel 08/06/09 7:54.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1539 [GMT -4:00]
Running from: c:\documents and settings\Kurt Rundel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kurt Rundel\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FILE ::
"c:\windows\apslh.dat"
"c:\windows\aqrkq.dat"
"c:\windows\arguc.dat"
"c:\windows\atffr.dat"
"c:\windows\avzab.dat"
"c:\windows\aymxo.dat"
"c:\windows\bbrpw.dll"
"c:\windows\bbyly.dat"
"c:\windows\bdptb.dat"
"c:\windows\bfgsv.dat"
"c:\windows\bfhun.dat"
"c:\windows\bskdf.dat"
"c:\windows\bwiqz.dat"
"c:\windows\cfklj.dat"
"c:\windows\corzb.dat"
"c:\windows\cozmo.dat"
"c:\windows\cpvrm.dat"
"c:\windows\deiyx.dat"
"c:\windows\dmhom.dat"
"c:\windows\dorvw.dat"
"c:\windows\dpdtj.dll"
"c:\windows\dsrbi.dat"
"c:\windows\dxach.dat"
"c:\windows\dzcug.dat"
"c:\windows\eepzo.dat"
"c:\windows\efkcj.dat"
"c:\windows\epqsq.dat"
"c:\windows\eqyga.dat"
"c:\windows\evskm.dat"
"c:\windows\ewbvy.dat"
"c:\windows\exejk.dat"
"c:\windows\ezkmh.dat"
"c:\windows\ffmie.dat"
"c:\windows\fmudt.dat"
"c:\windows\fqeav.dat"
"c:\windows\fqwab.dat"
"c:\windows\fzjvj.dat"
"c:\windows\gibhd.dat"
"c:\windows\gjnri.dat"
"c:\windows\gpaho.dat"
"c:\windows\gutig.dat"
"c:\windows\hfhpp.dat"
"c:\windows\hlctb.dat"
"c:\windows\hrqdx.dat"
"c:\windows\huwjq.dat"
"c:\windows\hzyts.dat"
"c:\windows\ietrj.dat"
"c:\windows\igpdv.dat"
"c:\windows\ikjtu.dat"
"c:\windows\inqvz.dat"
"c:\windows\ixpvb.dat"
"c:\windows\izwli.dat"
"c:\windows\javapu32.dll"
"c:\windows\jcfji.dat"
"c:\windows\jclbj.dat"
"c:\windows\jkwra.dat"
"c:\windows\joxcq.dat"
"c:\windows\jsfrh.dat"
"c:\windows\kcrpf.dat"
"c:\windows\klgyl.dat"
"c:\windows\kuleb.dat"
"c:\windows\kvdto.dat"
"c:\windows\lfscp.dat"
"c:\windows\lnlav.dat"
"c:\windows\lnyje.dat"
"c:\windows\lpstr.dat"
"c:\windows\lqoco.dat"
"c:\windows\ltsgn.dat"
"c:\windows\lxlgq.dat"
"c:\windows\lzlnu.dat"
"c:\windows\mavls.dat"
"c:\windows\mbvvj.dat"
"c:\windows\mccjw.dat"
"c:\windows\mhbac.dat"
"c:\windows\miist.dat"
"c:\windows\mjjzo.dat"
"c:\windows\mnayz.dat"
"c:\windows\mvuqr.dat"
"c:\windows\n_gqdvze.dat"
"c:\windows\n_jocufm.dat"
"c:\windows\n_pchneg.dat"
"c:\windows\n_thbbub.dat"
"c:\windows\n_wqnsxn.dat"
"c:\windows\ngxgp.dat"
"c:\windows\nnvre.dat"
"c:\windows\noaez.dat"
"c:\windows\noohw.dat"
"c:\windows\oeivl.dat"
"c:\windows\okghx.dat"
"c:\windows\okizq.dat"
"c:\windows\oojme.dat"
"c:\windows\oupsd.dat"
"c:\windows\ozark.dat"
"c:\windows\ozwth.dat"
"c:\windows\pawkb.dat"
"c:\windows\pblnp.dat"
"c:\windows\pemjv.dat"
"c:\windows\pgxsp.dat"
"c:\windows\phhww.dat"
"c:\windows\pjusl.dat"
"c:\windows\pnudh.dat"
"c:\windows\ppsqw.dat"
"c:\windows\psfeb.dat"
"c:\windows\pwjgj.dat"
"c:\windows\pzikk.dat"
"c:\windows\qmcjx.dat"
"c:\windows\qncge.dat"
"c:\windows\qtibo.dat"
"c:\windows\qyzeh.dat"
"c:\windows\rhyqe.dat"
"c:\windows\roxzc.dat"
"c:\windows\rqvle.dat"
"c:\windows\rrwxh.dat"
"c:\windows\ruzis.dat"
"c:\windows\ryouy.dat"
"c:\windows\scrmd.dat"
"c:\windows\smeym.dat"
"c:\windows\suksv.dat"
"c:\windows\system32\aayah.dat"
"c:\windows\system32\ababb.dat"
"c:\windows\system32\aegna.dat"
"c:\windows\system32\ahxmz.dat"
"c:\windows\system32\ajnyk.dat"
"c:\windows\system32\akapq.dat"
"c:\windows\system32\aksea.dat"
"c:\windows\system32\amhkn.dat"
"c:\windows\system32\bdamn.dat"
"c:\windows\system32\bgeti.dat"
"c:\windows\system32\bgifq.dat"
"c:\windows\system32\biarb.dat"
"c:\windows\system32\bjwhp.dat"
"c:\windows\system32\bmraa.dat"
"c:\windows\system32\bmzqe.dat"
"c:\windows\system32\brqsg.dat"
"c:\windows\system32\bzyoa.dat"
"c:\windows\system32\camhy.dat"
"c:\windows\system32\cevob.dat"
"c:\windows\system32\cgrxt.dat"
"c:\windows\system32\cieon.dat"
"c:\windows\system32\codtl.dat"
"c:\windows\system32\cqhdi.dat"
"c:\windows\system32\cskeo.dat"
"c:\windows\system32\cvquf.dat"
"c:\windows\system32\cyvfs.dat"
"c:\windows\system32\dgicu.dat"
"c:\windows\system32\djhcy.dat"
"c:\windows\system32\dkdic.dat"
"c:\windows\system32\dqxwu.dat"
"c:\windows\system32\dtrux.dat"
"c:\windows\system32\ducpo.dat"
"c:\windows\system32\dvchs.dat"
"c:\windows\system32\ecmpv.dat"
"c:\windows\system32\eeqvr.dat"
"c:\windows\system32\egsyx.dat"
"c:\windows\system32\eibuu.dat"
"c:\windows\system32\einul.dat"
"c:\windows\system32\ejlez.dat"
"c:\windows\system32\embff.dat"
"c:\windows\system32\esdsg.dat"
"c:\windows\system32\eyija.dat"
"c:\windows\system32\ezplw.dat"
"c:\windows\system32\fgktv.dat"
"c:\windows\system32\flrwg.dat"
"c:\windows\system32\flvis.dat"
"c:\windows\system32\fqlxz.dat"
"c:\windows\system32\fxlrb.dat"
"c:\windows\system32\fzjan.dat"
"c:\windows\system32\gbhbn.dat"
"c:\windows\system32\gfgxj.dat"
"c:\windows\system32\gfqfm.dat"
"c:\windows\system32\gitgu.dat"
"c:\windows\system32\gjyxt.dat"
"c:\windows\system32\gkzhr.dat"
"c:\windows\system32\gruuw.dat"
"c:\windows\system32\gtnth.dat"
"c:\windows\system32\gutom.dat"
"c:\windows\system32\gwxmd.dat"
"c:\windows\system32\hbtjr.dat"
"c:\windows\system32\hmbla.dat"
"c:\windows\system32\ieezz.dat"
"c:\windows\system32\irgfa.dat"
"c:\windows\system32\irnhi.dat"
"c:\windows\system32\isdia.dat"
"c:\windows\system32\isvkf.dat"
"c:\windows\system32\iueui.dat"
"c:\windows\system32\ixdlb.dat"
"c:\windows\system32\jignf.dat"
"c:\windows\system32\jjbhr.dat"
"c:\windows\system32\jjsxj.dat"
"c:\windows\system32\jmnvg.dat"
"c:\windows\system32\jnukc.dat"
"c:\windows\system32\joikh.dat"
"c:\windows\system32\joojt.dat"
"c:\windows\system32\jrjhq.dat"
"c:\windows\system32\jwepw.dat"
"c:\windows\system32\kbbcb.dat"
"c:\windows\system32\kbgnn.dat"
"c:\windows\system32\kcuuy.dat"
"c:\windows\system32\kqfey.dat"
"c:\windows\system32\kqoha.dat"
"c:\windows\system32\kqpkh.dat"
"c:\windows\system32\ktvwm.dat"
"c:\windows\system32\kvziv.dat"
"c:\windows\system32\kxltx.dat"
"c:\windows\system32\kywxl.dat"
"c:\windows\system32\laxtz.dat"
"c:\windows\system32\lfocl.dat"
"c:\windows\system32\lfxah.dat"
"c:\windows\system32\lnhzc.dat"
"c:\windows\system32\lptoi.dat"
"c:\windows\system32\luiqt.dat"
"c:\windows\system32\lzfng.dat"
"c:\windows\system32\manji.dat"
"c:\windows\system32\mbjtg.dat"
"c:\windows\system32\mhnvd.dat"
"c:\windows\system32\mjeby.dat"
"c:\windows\system32\mmbli.dat"
"c:\windows\system32\mpiqb.dat"
"c:\windows\system32\mpmgo.dat"
"c:\windows\system32\mqnim.dat"
"c:\windows\system32\msoi.dll"
"c:\windows\system32\mulqd.dat"
"c:\windows\system32\myaas.dat"
"c:\windows\system32\ngtdo.dat"
"c:\windows\system32\nkrle.dat"
"c:\windows\system32\nufvb.dat"
"c:\windows\system32\nuhsp.dat"
"c:\windows\system32\nybzy.dat"
"c:\windows\system32\nzhvf.dat"
"c:\windows\system32\oaagv.dat"
"c:\windows\system32\odlfw.dat"
"c:\windows\system32\odoij.dat"
"c:\windows\system32\odtum.dat"
"c:\windows\system32\odxtm.dat"
"c:\windows\system32\onlfr.dat"
"c:\windows\system32\oosaq.dat"
"c:\windows\system32\orcfg.dat"
"c:\windows\system32\otvzj.dat"
"c:\windows\system32\ovdwx.dat"
"c:\windows\system32\ovfyi.dat"
"c:\windows\system32\oyfqv.dat"
"c:\windows\system32\pdbtk.dat"
"c:\windows\system32\pdybx.dat"
"c:\windows\system32\pkhsv.dat"
"c:\windows\system32\ppcfn.dat"
"c:\windows\system32\pqttp.dat"
"c:\windows\system32\puprt.dat"
"c:\windows\system32\pvtva.dat"
"c:\windows\system32\pzgpe.dat"
"c:\windows\system32\qbrfx.dat"
"c:\windows\system32\qdxum.dat"
"c:\windows\system32\qkgjl.dat"
"c:\windows\system32\qmfxn.dat"
"c:\windows\system32\qpnhm.dat"
"c:\windows\system32\qrtcx.dat"
"c:\windows\system32\qtgzt.dat"
"c:\windows\system32\qutco.dat"
"c:\windows\system32\rgtnj.dat"
"c:\windows\system32\rgtow.dat"
"c:\windows\system32\riacz.dat"
"c:\windows\system32\rpfjl.dat"
"c:\windows\system32\rspjt.dat"
"c:\windows\system32\rvkzx.dat"
"c:\windows\system32\rxhca.dat"
"c:\windows\system32\skecv.dat"
"c:\windows\system32\sknuy.dat"
"c:\windows\system32\skqye.dat"
"c:\windows\system32\svqlo.dat"
"c:\windows\system32\svwyh.dat"
"c:\windows\system32\sysdo.dll"
"c:\windows\system32\taptz.dat"
"c:\windows\system32\tbjlv.dat"
"c:\windows\system32\tfbar.dat"
"c:\windows\system32\tjqzt.dat"
"c:\windows\system32\tnrgz.dat"
"c:\windows\system32\trdmb.dat"
"c:\windows\system32\ttnpo.dat"
"c:\windows\system32\ttwsp.dat"
"c:\windows\system32\tvpyw.dat"
"c:\windows\system32\twuzy.dat"
"c:\windows\system32\tyjst.dat"
"c:\windows\system32\uhnnt.dat"
"c:\windows\system32\upsgz.dat"
"c:\windows\system32\urnze.dat"
"c:\windows\system32\urvhf.dat"
"c:\windows\system32\uvbkf.dat"
"c:\windows\system32\uvxgi.dat"
"c:\windows\system32\vffoc.dat"
"c:\windows\system32\vmhre.dat"
"c:\windows\system32\vqcbm.dat"
"c:\windows\system32\vrgdi.dat"
"c:\windows\system32\vsboc.dat"
"c:\windows\system32\vszmi.dat"
"c:\windows\system32\wccms.dat"
"c:\windows\system32\wedfg.dat"
"c:\windows\system32\wekkd.dat"
"c:\windows\system32\widlm.dat"
"c:\windows\system32\wingy.dll"
"c:\windows\system32\wivwd.dat"
"c:\windows\system32\wnkpd.dat"
"c:\windows\system32\wwflx.dat"
"c:\windows\system32\wxizu.dat"
"c:\windows\system32\xasly.dat"
"c:\windows\system32\xatzc.dat"
"c:\windows\system32\xgwfo.dat"
"c:\windows\system32\xmgxx.dat"
"c:\windows\system32\xrybp.dat"
"c:\windows\system32\xthbo.dat"
"c:\windows\system32\xtncl.dat"
"c:\windows\system32\xxyzg.dat"
"c:\windows\system32\ykxib.dat"
"c:\windows\system32\ynrde.dat"
"c:\windows\system32\yqpie.dat"
"c:\windows\system32\ytmfu.dat"
"c:\windows\system32\zbcqv.dat"
"c:\windows\system32\zfbzr.dat"
"c:\windows\system32\zfmnk.dat"
"c:\windows\system32\zkfqq.dat"
"c:\windows\system32\zpoer.dat"
"c:\windows\system32\zrvud.dat"
"c:\windows\system32\zsjhu.dat"
"c:\windows\system32\zuaju.dat"
"c:\windows\system32\zvppr.dat"
"c:\windows\system32\zyxbs.dat"
"c:\windows\szzkh.dat"
"c:\windows\tfanv.dat"
"c:\windows\tlqvr.dat"
"c:\windows\ttoky.dat"
"c:\windows\tvelj.dat"
"c:\windows\tvhrb.dat"
"c:\windows\tygja.dat"
"c:\windows\ubqul.dat"
"c:\windows\udkpz.dat"
"c:\windows\untkp.dat"
"c:\windows\uzfog.dat"
"c:\windows\vbkcz.dat"
"c:\windows\vdode.dat"
"c:\windows\vecan.dat"
"c:\windows\vmjrp.dat"
"c:\windows\vmtkh.dat"
"c:\windows\vovpc.dat"
"c:\windows\vqlnt.dat"
"c:\windows\vsaau.dat"
"c:\windows\vsntm.dat"
"c:\windows\waflh.dat"
"c:\windows\waqyq.dat"
"c:\windows\wdqwc.dat"
"c:\windows\wgmaj.dat"
"c:\windows\wkbsd.dat"
"c:\windows\wluod.dat"
"c:\windows\wmmgj.dat"
"c:\windows\wmtnv.dat"
"c:\windows\wnncm.dat"
"c:\windows\wnogt.dat"
"c:\windows\woofj.dat"
"c:\windows\wsjzf.dat"
"c:\windows\wstle.dat"
"c:\windows\wudnp.dat"
"c:\windows\wugdl.dat"
"c:\windows\wwozz.dat"
"c:\windows\wykwr.dat"
"c:\windows\xenew.dat"
"c:\windows\xhwck.dat"
"c:\windows\xndqi.dat"
"c:\windows\xvqcq.dat"
"c:\windows\ycdut.dat"
"c:\windows\ygnod.dat"
"c:\windows\yhjhi.dat"
"c:\windows\yhxpw.dat"
"c:\windows\ylbkg.dat"
"c:\windows\yunky.dat"
"c:\windows\yzibi.dat"
"c:\windows\zdtda.dat"
"c:\windows\zgiap.dat"
"c:\windows\zkfrc.dat"
"c:\windows\zmygd.dat"
"c:\windows\zpsxu.dat"
"c:\windows\zwfph.dat"
"c:\windows\zynpq.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\apslh.dat
c:\windows\aqrkq.dat
c:\windows\arguc.dat
c:\windows\atffr.dat
c:\windows\avzab.dat
c:\windows\aymxo.dat
c:\windows\bbrpw.dll
c:\windows\bbyly.dat
c:\windows\bdptb.dat
c:\windows\bfgsv.dat
c:\windows\bfhun.dat
c:\windows\bskdf.dat
c:\windows\bwiqz.dat
c:\windows\cfklj.dat
c:\windows\corzb.dat
c:\windows\cozmo.dat
c:\windows\cpvrm.dat
c:\windows\deiyx.dat
c:\windows\dmhom.dat
c:\windows\dorvw.dat
c:\windows\dpdtj.dll
c:\windows\dsrbi.dat
c:\windows\dxach.dat
c:\windows\dzcug.dat
c:\windows\eepzo.dat
c:\windows\efkcj.dat
c:\windows\epqsq.dat
c:\windows\eqyga.dat
c:\windows\evskm.dat
c:\windows\ewbvy.dat
c:\windows\exejk.dat
c:\windows\ezkmh.dat
c:\windows\ffmie.dat
c:\windows\fmudt.dat
c:\windows\fqeav.dat
c:\windows\fqwab.dat
c:\windows\fzjvj.dat
c:\windows\gibhd.dat
c:\windows\gjnri.dat
c:\windows\gpaho.dat
c:\windows\gutig.dat
c:\windows\hfhpp.dat
c:\windows\hlctb.dat
c:\windows\hrqdx.dat
c:\windows\huwjq.dat
c:\windows\hzyts.dat
c:\windows\ietrj.dat
c:\windows\igpdv.dat
c:\windows\ikjtu.dat
c:\windows\inqvz.dat
c:\windows\ixpvb.dat
c:\windows\izwli.dat
c:\windows\javapu32.dll
c:\windows\jcfji.dat
c:\windows\jclbj.dat
c:\windows\jkwra.dat
c:\windows\joxcq.dat
c:\windows\jsfrh.dat
c:\windows\kcrpf.dat
c:\windows\klgyl.dat
c:\windows\kuleb.dat
c:\windows\kvdto.dat
c:\windows\lfscp.dat
c:\windows\lnlav.dat
c:\windows\lnyje.dat
c:\windows\lpstr.dat
c:\windows\lqoco.dat
c:\windows\ltsgn.dat
c:\windows\lxlgq.dat
c:\windows\lzlnu.dat
c:\windows\mavls.dat
c:\windows\mbvvj.dat
c:\windows\mccjw.dat
c:\windows\mhbac.dat
c:\windows\miist.dat
c:\windows\mjjzo.dat
c:\windows\mnayz.dat
c:\windows\mvuqr.dat
c:\windows\n_gqdvze.dat
c:\windows\n_jocufm.dat
c:\windows\n_pchneg.dat
c:\windows\n_thbbub.dat
c:\windows\n_wqnsxn.dat
c:\windows\ngxgp.dat
c:\windows\nnvre.dat
c:\windows\noaez.dat
c:\windows\noohw.dat
c:\windows\oeivl.dat
c:\windows\okghx.dat
c:\windows\okizq.dat
c:\windows\oojme.dat
c:\windows\oupsd.dat
c:\windows\ozark.dat
c:\windows\ozwth.dat
c:\windows\pawkb.dat
c:\windows\pblnp.dat
c:\windows\pemjv.dat
c:\windows\pgxsp.dat
c:\windows\phhww.dat
c:\windows\pjusl.dat
c:\windows\pnudh.dat
c:\windows\ppsqw.dat
c:\windows\psfeb.dat
c:\windows\pwjgj.dat
c:\windows\pzikk.dat
c:\windows\qmcjx.dat
c:\windows\qncge.dat
c:\windows\qtibo.dat
c:\windows\qyzeh.dat
c:\windows\rhyqe.dat
c:\windows\roxzc.dat
c:\windows\rqvle.dat
c:\windows\rrwxh.dat
c:\windows\ruzis.dat
c:\windows\ryouy.dat
c:\windows\scrmd.dat
c:\windows\smeym.dat
c:\windows\suksv.dat
c:\windows\system32\aayah.dat
c:\windows\system32\ababb.dat
c:\windows\system32\aegna.dat
c:\windows\system32\ahxmz.dat
c:\windows\system32\ajnyk.dat
c:\windows\system32\akapq.dat
c:\windows\system32\aksea.dat
c:\windows\system32\amhkn.dat
c:\windows\system32\bdamn.dat
c:\windows\system32\bgeti.dat
c:\windows\system32\bgifq.dat
c:\windows\system32\biarb.dat
c:\windows\system32\bjwhp.dat
c:\windows\system32\bmraa.dat
c:\windows\system32\bmzqe.dat
c:\windows\system32\brqsg.dat
c:\windows\system32\bzyoa.dat
c:\windows\system32\camhy.dat
c:\windows\system32\cevob.dat
c:\windows\system32\cgrxt.dat
c:\windows\system32\cieon.dat
c:\windows\system32\codtl.dat
c:\windows\system32\cqhdi.dat
c:\windows\system32\cskeo.dat
c:\windows\system32\cvquf.dat
c:\windows\system32\cyvfs.dat
c:\windows\system32\dgicu.dat
c:\windows\system32\djhcy.dat
c:\windows\system32\dkdic.dat
c:\windows\system32\dqxwu.dat
c:\windows\system32\dtrux.dat
c:\windows\system32\ducpo.dat
c:\windows\system32\dvchs.dat
c:\windows\system32\ecmpv.dat
c:\windows\system32\eeqvr.dat
c:\windows\system32\egsyx.dat
c:\windows\system32\eibuu.dat
c:\windows\system32\einul.dat
c:\windows\system32\ejlez.dat
c:\windows\system32\embff.dat
c:\windows\system32\esdsg.dat
c:\windows\system32\eyija.dat
c:\windows\system32\ezplw.dat
c:\windows\system32\fgktv.dat
c:\windows\system32\flrwg.dat
c:\windows\system32\flvis.dat
c:\windows\system32\fqlxz.dat
c:\windows\system32\fxlrb.dat
c:\windows\system32\fzjan.dat
c:\windows\system32\gbhbn.dat
c:\windows\system32\gfgxj.dat
c:\windows\system32\gfqfm.dat
c:\windows\system32\gitgu.dat
c:\windows\system32\gjyxt.dat
c:\windows\system32\gkzhr.dat
c:\windows\system32\gruuw.dat
c:\windows\system32\gtnth.dat
c:\windows\system32\gutom.dat
c:\windows\system32\gwxmd.dat
c:\windows\system32\hbtjr.dat
c:\windows\system32\hmbla.dat
c:\windows\system32\ieezz.dat
c:\windows\system32\irgfa.dat
c:\windows\system32\irnhi.dat
c:\windows\system32\isdia.dat
c:\windows\system32\isvkf.dat
c:\windows\system32\iueui.dat
c:\windows\system32\ixdlb.dat
c:\windows\system32\jignf.dat
c:\windows\system32\jjbhr.dat
c:\windows\system32\jjsxj.dat
c:\windows\system32\jmnvg.dat
c:\windows\system32\jnukc.dat
c:\windows\system32\joikh.dat
c:\windows\system32\joojt.dat
c:\windows\system32\jrjhq.dat
c:\windows\system32\jwepw.dat
c:\windows\system32\kbbcb.dat
c:\windows\system32\kbgnn.dat
c:\windows\system32\kcuuy.dat
c:\windows\system32\kqfey.dat
c:\windows\system32\kqoha.dat
c:\windows\system32\kqpkh.dat
c:\windows\system32\ktvwm.dat
c:\windows\system32\kvziv.dat
c:\windows\system32\kxltx.dat
c:\windows\system32\kywxl.dat
c:\windows\system32\laxtz.dat
c:\windows\system32\lfocl.dat
c:\windows\system32\lfxah.dat
c:\windows\system32\lnhzc.dat
c:\windows\system32\lptoi.dat
c:\windows\system32\luiqt.dat
c:\windows\system32\lzfng.dat
c:\windows\system32\manji.dat
c:\windows\system32\mbjtg.dat
c:\windows\system32\mhnvd.dat
c:\windows\system32\mjeby.dat
c:\windows\system32\mmbli.dat
c:\windows\system32\mpiqb.dat
c:\windows\system32\mpmgo.dat
c:\windows\system32\mqnim.dat
c:\windows\system32\msoi.dll
c:\windows\system32\mulqd.dat
c:\windows\system32\myaas.dat
c:\windows\system32\ngtdo.dat
c:\windows\system32\nkrle.dat
c:\windows\system32\nufvb.dat
c:\windows\system32\nuhsp.dat
c:\windows\system32\nybzy.dat
c:\windows\system32\nzhvf.dat
c:\windows\system32\oaagv.dat
c:\windows\system32\odlfw.dat
c:\windows\system32\odoij.dat
c:\windows\system32\odtum.dat
c:\windows\system32\odxtm.dat
c:\windows\system32\onlfr.dat
c:\windows\system32\oosaq.dat
c:\windows\system32\orcfg.dat
c:\windows\system32\otvzj.dat
c:\windows\system32\ovdwx.dat
c:\windows\system32\ovfyi.dat
c:\windows\system32\oyfqv.dat
c:\windows\system32\pdbtk.dat
c:\windows\system32\pdybx.dat
c:\windows\system32\pkhsv.dat
c:\windows\system32\ppcfn.dat
c:\windows\system32\pqttp.dat
c:\windows\system32\puprt.dat
c:\windows\system32\pvtva.dat
c:\windows\system32\pzgpe.dat
c:\windows\system32\qbrfx.dat
c:\windows\system32\qdxum.dat
c:\windows\system32\qkgjl.dat
c:\windows\system32\qmfxn.dat
c:\windows\system32\qpnhm.dat
c:\windows\system32\qrtcx.dat
c:\windows\system32\qtgzt.dat
c:\windows\system32\qutco.dat
c:\windows\system32\rgtnj.dat
c:\windows\system32\rgtow.dat
c:\windows\system32\riacz.dat
c:\windows\system32\rpfjl.dat
c:\windows\system32\rspjt.dat
c:\windows\system32\rvkzx.dat
c:\windows\system32\rxhca.dat
c:\windows\system32\skecv.dat
c:\windows\system32\sknuy.dat
c:\windows\system32\skqye.dat
c:\windows\system32\svqlo.dat
c:\windows\system32\svwyh.dat
c:\windows\system32\sysdo.dll
c:\windows\system32\taptz.dat
c:\windows\system32\tbjlv.dat
c:\windows\system32\tfbar.dat
c:\windows\system32\tjqzt.dat
c:\windows\system32\tnrgz.dat
c:\windows\system32\trdmb.dat
c:\windows\system32\ttnpo.dat
c:\windows\system32\ttwsp.dat
c:\windows\system32\tvpyw.dat
c:\windows\system32\twuzy.dat
c:\windows\system32\tyjst.dat
c:\windows\system32\uhnnt.dat
c:\windows\system32\upsgz.dat
c:\windows\system32\urnze.dat
c:\windows\system32\urvhf.dat
c:\windows\system32\uvbkf.dat
c:\windows\system32\uvxgi.dat
c:\windows\system32\vffoc.dat
c:\windows\system32\vmhre.dat
c:\windows\system32\vqcbm.dat
c:\windows\system32\vrgdi.dat
c:\windows\system32\vsboc.dat
c:\windows\system32\vszmi.dat
c:\windows\system32\wccms.dat
c:\windows\system32\wedfg.dat
c:\windows\system32\wekkd.dat
c:\windows\system32\widlm.dat
c:\windows\system32\wingy.dll
c:\windows\system32\wivwd.dat
c:\windows\system32\wnkpd.dat
c:\windows\system32\wwflx.dat
c:\windows\system32\wxizu.dat
c:\windows\system32\xasly.dat
c:\windows\system32\xatzc.dat
c:\windows\system32\xgwfo.dat
c:\windows\system32\xmgxx.dat
c:\windows\system32\xrybp.dat
c:\windows\system32\xthbo.dat
c:\windows\system32\xtncl.dat
c:\windows\system32\xxyzg.dat
c:\windows\system32\ykxib.dat
c:\windows\system32\ynrde.dat
c:\windows\system32\yqpie.dat
c:\windows\system32\ytmfu.dat
c:\windows\system32\zbcqv.dat
c:\windows\system32\zfbzr.dat
c:\windows\system32\zfmnk.dat
c:\windows\system32\zkfqq.dat
c:\windows\system32\zpoer.dat
c:\windows\system32\zrvud.dat
c:\windows\system32\zsjhu.dat
c:\windows\system32\zuaju.dat
c:\windows\system32\zvppr.dat
c:\windows\system32\zyxbs.dat
c:\windows\szzkh.dat
c:\windows\tfanv.dat
c:\windows\tlqvr.dat
c:\windows\ttoky.dat
c:\windows\tvelj.dat
c:\windows\tvhrb.dat
c:\windows\tygja.dat
c:\windows\ubqul.dat
c:\windows\udkpz.dat
c:\windows\untkp.dat
c:\windows\uzfog.dat
c:\windows\vbkcz.dat
c:\windows\vdode.dat
c:\windows\vecan.dat
c:\windows\vmjrp.dat
c:\windows\vmtkh.dat
c:\windows\vovpc.dat
c:\windows\vqlnt.dat
c:\windows\vsaau.dat
c:\windows\vsntm.dat
c:\windows\waflh.dat
c:\windows\waqyq.dat
c:\windows\wdqwc.dat
c:\windows\wgmaj.dat
c:\windows\wkbsd.dat
c:\windows\wluod.dat
c:\windows\wmmgj.dat
c:\windows\wmtnv.dat
c:\windows\wnncm.dat
c:\windows\wnogt.dat
c:\windows\woofj.dat
c:\windows\wsjzf.dat
c:\windows\wstle.dat
c:\windows\wudnp.dat
c:\windows\wugdl.dat
c:\windows\wwozz.dat
c:\windows\wykwr.dat
c:\windows\xenew.dat
c:\windows\xhwck.dat
c:\windows\xndqi.dat
c:\windows\xvqcq.dat
c:\windows\ycdut.dat
c:\windows\ygnod.dat
c:\windows\yhjhi.dat
c:\windows\yhxpw.dat
c:\windows\ylbkg.dat
c:\windows\yunky.dat
c:\windows\yzibi.dat
c:\windows\zdtda.dat
c:\windows\zgiap.dat
c:\windows\zkfrc.dat
c:\windows\zmygd.dat
c:\windows\zpsxu.dat
c:\windows\zwfph.dat
c:\windows\zynpq.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 12:23 . 2009-02-27 11:02 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-08-06 07:09 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090805.049\NAVENG.SYS
2009-08-06 07:09 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090805.049\NAVEX15.SYS
2009-08-06 07:09 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090805.049\EECTRL.SYS
2009-08-06 07:09 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090805.049\CCERASER.DLL
2009-08-06 07:09 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090805.049\ERASER.SYS
2009-08-06 07:09 . 2009-02-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090805.049\NAVENG32.DLL
2009-08-06 07:09 . 2009-02-19 09:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090805.049\NAVEX32A.DLL
2009-08-06 07:09 . 2008-12-10 04:34 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090805.049\ECMSVR32.DLL
2009-08-02 18:55 . 2009-08-02 18:55 -------- d-----w- c:\program files\Trend Micro
2009-07-30 22:16 . 2009-07-12 05:15 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 22:16 . 2009-07-12 05:15 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 22:16 . 2009-07-12 05:15 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-30 22:16 . 2009-07-12 05:15 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 22:16 . 2009-07-12 05:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 18:32 . 2009-08-06 11:49 -------- d-----w- C:\HJT
2009-07-15 01:31 . 2009-07-12 05:15 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-15 01:31 . 2009-07-12 05:15 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-15 01:31 . 2009-07-12 05:15 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-15 01:31 . 2009-07-12 05:15 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-15 01:31 . 2009-07-12 05:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-09 13:04 . 2009-07-09 13:04 -------- d-sh--w- c:\documents and settings\Jackie Rundel\IETldCache
2009-07-07 15:21 . 2009-07-07 15:21 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 22:00 . 2008-12-05 19:54 -------- d-----w- c:\program files\Norton Security Scan
2009-07-07 15:21 . 2009-05-30 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 17:09 . 2004-02-06 22:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 20:53 . 2006-10-25 15:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-02 16:56 . 2009-07-02 16:56 -------- d-----w- c:\program files\ESET
2009-07-01 17:21 . 2006-01-26 17:50 -------- d-----w- c:\program files\Spyware Doctor
2009-06-17 15:27 . 2009-05-30 18:42 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-05-30 18:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2008-10-31 12:56 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-10-31 12:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-10-31 12:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 18:18 . 2009-06-02 17:03 109142 ----a-w- c:\windows\hpoins08.dat
2002-07-26 21:02 . 2005-07-03 02:47 153088 ----a-w- c:\program files\UNWISE.EXE
2004-08-11 11:31 . 2004-08-11 11:31 3063 --sha-w- c:\windows\apcle.dat
2004-05-16 03:17 . 2004-05-16 03:17 906 --sha-w- c:\windows\appka32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-05_16.12.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 12:24 . 2009-08-06 12:24 16384 c:\windows\Temp\Perflib_Perfdata_3b0.dat
+ 2001-08-18 12:00 . 2009-08-05 17:16 68670 c:\windows\system32\perfc009.dat
- 2001-08-18 12:00 . 2009-08-05 16:13 68670 c:\windows\system32\perfc009.dat
+ 2001-08-18 12:00 . 2009-08-05 17:16 456776 c:\windows\system32\perfh009.dat
- 2001-08-18 12:00 . 2009-08-05 16:13 456776 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Disk Monitor"="c:\program files\\IC Card Reader Driver v1.8e2\Disk_Monitor.exe" [2002-12-12 440832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6198:TCP"= 6198:TCP:Intouch Accelerator
"3126:TCP"= 3126:TCP:Intouch Accelerator
"3128:TCP"= 3128:TCP:Intouch Accelerator

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [04/30/09 1:00 PM 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [03/22/09 7:45 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [03/22/09 7:45 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [03/22/09 7:44 AM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys [07/30/09 6:16 PM 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/26/09 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/26/09 10:05 AM 72944]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [03/22/09 7:44 AM 115560]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [07/03/05 12:06 PM 180480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/05/09 3:35 AM 101936]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [04/19/07 11:09 AM 99200]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/26/09 10:05 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [04/30/09 1:00 PM 348752]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [08/03/08 5:36 PM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [08/03/08 5:35 PM 73856]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\Norton Security Scan for Kurt Rundel.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.hughes.net/mail?nimlet=showlogin
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = ;<local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Kurt Rundel\Application Data\Mozilla\Firefox\Profiles\7mum7dnw.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.myhughesnet.com/index.php
FF - prefs.js: keyword.URL - hxxp://home.myhughesnet.com/google/index.php?src=toolbar2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Kurt Rundel\Application Data\Mozilla\Firefox\Profiles\7mum7dnw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 08:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-920026266-854245398-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,dc,a3,ae,2d,3c,
65,08,ee,c8,28,51,af,b0,29,a3,98,a6,d8,63,48,9b,b1,1d,83,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,84,f4,81,34,0e,
b7,0e,82,71,3b,04,66,8b,46,0d,96,f9,f0,fb,ca,59,01,15,f3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,78,09,85,74,d3,
6f,54,22,25,da,ec,7e,55,20,c9,26,fe,6f,7c,5e,d8,d2,e1,e7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,25,61,54,d7,
84,aa,6e,3e,1e,9e,e0,57,5a,93,61,0d,bf,a1,92,ef,c3,42,0e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,0c,b4,c8,61,8e,
42,84,46,cd,44,cd,b9,a6,33,6c,cd,53,a7,d3,b2,08,18,69,d2,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,c6,21,5a,74,e9,
9e,8b,e2,b0,18,ed,a7,3f,8d,37,a4,cc,8e,70,56,b3,eb,cb,79,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,af,92,35,5c,4d,
2e,33,70,31,77,e1,ba,b1,f8,68,02,3e,7b,22,d1,fc,10,d1,60,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e3,68,02,9a,73,
17,86,4a,83,6c,56,8b,a0,85,96,ab,d5,1c,d7,0a,68,2d,ce,c7,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,2c,60,b8,ba,e0,
4f,7e,eb,51,fa,6e,91,28,9e,14,cc,98,c3,76,ea,2f,af,d4,64,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,ba,f7,18,5e,49,
fb,42,3b,b1,cd,45,5a,a8,c4,f8,b9,4e,17,04,ec,a1,b0,3e,49,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,75,79,d4,d2,2b,
c9,02,c9,e3,0e,66,d5,eb,bc,2f,6b,e2,52,2f,41,17,40,ef,c6,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3e,39,0f,4e,f4,
d5,7c,09,fa,ea,66,7f,d4,3b,6b,70,c6,fd,fd,19,45,e1,87,07,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
.
**************************************************************************
.
Completion time: 2009-08-06 8:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 12:30
ComboFix2.txt 2009-08-05 16:19

Pre-Run: 116,830,756,864 bytes free
Post-Run: 116,773,289,984 bytes free

1042 --- E O F --- 2009-07-30 07:01

Edited by Kaptain Kurt, 06 August 2009 - 07:59 AM.


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:38 PM

Posted 06 August 2009 - 01:01 PM

Hello,

Did I do something wrong?

Yes, but not what you might think. You should know that you're actually doing more harm than good by running 2 Anti Virus programs. (Norton and SpywareDoctor) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. Those particular two together must be a nightmare. :thumbup2: I recommend that you choose the one you want to keep, update it, disable or uninstall the other one, and use it as an on demand only scan occasionally.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

I have a question....where did the keygen come from? What was it used for?

Please post a new HijackThis log in your reply. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Kaptain Kurt

Kaptain Kurt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:09:38 PM

Posted 10 August 2009 - 06:38 PM

Tea,
Just got back in town. Removed all old Java files and downloaded new one as instructed. Update 16 was available instead of 14. Spyware Doctor has been disabled.

As far as the keygen goes, I have no idea where it came from. I thought the virus created it. It is in the information Norton gives me when it finds infostealer at startup. It says it cannot remove "[keygen.exe] inside of [c:\recycler\s-1-5-21-725345543-854245698-1004\dc748.rar]" from an unsupported file. I have no clue about the keygen. Below is the new HJT Log. Thanks, Kurt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:17, on 08/10/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.hughes.net/mail?nimlet=showlogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7139 bytes

Edited by Kaptain Kurt, 10 August 2009 - 06:40 PM.


#10 Kaptain Kurt

Kaptain Kurt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:09:38 PM

Posted 14 August 2009 - 08:06 AM

tea,
Have we given up? I don't know what to do next. Any ideas? Thanks, Kurt

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 21 August 2009 - 04:24 PM

Hello.

Teacup is currently unavailable so I will continue to help you here.

I need to see an update of the condition of your system so please do the following:

Download and run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results soon.
  • Follow the instructions that pop up for posting the results and then click Ok.
  • The black and message box window shall then disappear.
  • Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Posted Image tab at the bottom.
  • Now press the Posted Image button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
Post those logs back in your next reply.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 Kaptain Kurt

Kaptain Kurt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:09:38 PM

Posted 22 August 2009 - 10:10 AM

Thanks for taking over. I know you guys must be very busy. I ran a new DDS, results are below. I posted the last Root Repeal done on 7-8-9. I have been at this since May. Did you need an updated Root Repeal? The only thing that has changed is the programs I have been instructed to download from you guys. Thanks, Kurt


DDS (Ver_09-06-26.01) - NTFSx86
Run by Kurt Rundel at 11:00:07.77 on 08/22/09
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1414 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.10\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.10\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Documents and Settings\Kurt Rundel\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.hughes.net/mail?nimlet=showlogin
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = ;<local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\16.7.2.10\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - blank
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Disk Monitor] c:\program files\\ic card reader driver v1.8e2\Disk_Monitor.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38039.8350810185
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kurtru~1\applic~1\mozilla\firefox\profiles\7mum7dnw.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.myhughesnet.com/index.php
FF - prefs.js: keyword.URL - hxxp://home.myhughesnet.com/google/index.php?src=toolbar2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\kurt rundel\application data\mozilla\firefox\profiles\7mum7dnw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-30 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1007020.00a\SymEFA.sys [2009-8-18 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1007020.00a\BHDrvx86.sys [2009-8-18 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1007020.00a\cchpx86.sys [2009-8-18 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090810.001\IDSXpx86.sys [2009-8-11 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\16.7.2.10\ccSvcHst.exe [2009-8-18 117640]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2005-7-3 180480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-5 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090821.039\NAVENG.SYS [2009-8-22 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090821.039\NAVEX15.SYS [2009-8-22 875728]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-30 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-30 1095560]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-8-3 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-8-3 73856]

=============== Created Last 30 ================

2009-08-12 18:28 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 18:28 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-10 19:20 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-10 19:20 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-06 08:34 <DIR> --d----- C:\ComboFix
2009-08-05 12:17 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-05 11:54 <DIR> a-dshr-- C:\cmdcons
2009-08-05 11:51 219,648 a------- c:\windows\PEV.exe
2009-08-05 11:51 161,792 a------- c:\windows\SWREG.exe
2009-08-05 11:51 98,816 a------- c:\windows\sed.exe
2009-08-05 05:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 14:55 <DIR> --d----- c:\program files\Trend Micro
2009-07-30 14:32 <DIR> --d----- C:\HJT
2009-07-26 15:45 3,244 a------- c:\windows\system32\wbem\Outlook_01ca0e29a8e84310.mof

==================== Find3M ====================

2009-08-18 21:38 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 21:38 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-08-18 21:38 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-18 21:38 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-18 14:59 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-02 14:18 109,142 a------- c:\windows\hpoins08.dat
2006-10-05 13:18 10,709,424 a------- c:\documents and settings\kurt rundel\InCD-4.3.23.2.exe
2005-11-19 02:38 36,264 a------- c:\docume~1\kurtru~1\applic~1\GDIPFONTCACHEV1.DAT
2002-07-26 17:02 153,088 a------- c:\program files\UNWISE.EXE
2001-03-25 22:43 1,526,272 a----r-- c:\documents and settings\kurt rundel\elves2.exe
1999-12-03 14:15 1,130,496 a----r-- c:\documents and settings\kurt rundel\elfbowl.exe
2004-08-11 07:31 3,063 a--sh--- c:\windows\apcle.dat
2004-05-15 23:17 906 a--sh--- c:\windows\appka32.dll
2008-11-03 08:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110320081104\index.dat

============= FINISH: 11:01:34.89 ===============



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/07/08 12:55
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA0D8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79D3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6728000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF741C000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\kurt rundel\local settings\temp\etilqs_kj3eujnp2bxlt3fkjkhf
Status: Allocation size mismatch (API: 32768, Raw: 0)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89cc5230

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x89c79400

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8909e8c0

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x89c6e050

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89d13830

#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7483514

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x89239008

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7472282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7472474

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x890b0098

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8908eae0

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x891bf050

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7483d00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7483fb8

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x89089aa0

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8909f8c0

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8923a6f0

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x89c78980

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x89cd1548

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x890a3248

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x89b92050

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf74823fa

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x890aeb30

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x89d12130

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x89c6f050

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x89089b70

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x890b0168

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7484422

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x89cfc200

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x89cfc5e8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8908bdb8

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x89233050

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf74837d8

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x891c0050

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x89c97e08

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7471f32

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89c9f888

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x89d270b8

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8909e7f0

==EOF==

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 22 August 2009 - 10:28 AM

Hello.

Yes, I would like an update run of RootRepeal.

Please also, give me an update of the current condition of your machine. What problems or symptoms you may still have.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 Kaptain Kurt

Kaptain Kurt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:09:38 PM

Posted 23 August 2009 - 12:18 PM

Extremeboy,
After boot up Norton finds Infostealer and says it cannot remove it from an unsupported file. Info supplied by Norton about this virus is"[keygen.exe] inside of [c:\recycler\s-1-5-21-725345543-854245698-1004\dc748.rar]". tea asked me where the keygen came from. I have no idea. I thought it was created by the virus. If it was created by another program I couldn't tell you which program or where it is.
Thanks, Kurt

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/23 12:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA2F3000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79CF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA685F000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF741C000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x88324c28

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x88517e30

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x885f3c28

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8876ae30

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x894a7898

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa370130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x881df9b8

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7472282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7472474

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x88805ef0

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89507440

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8876ace8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa3703b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa370910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8875e5f0

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8865ff68

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8864d7d8

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x88523918

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8941eb10

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x881e9c78

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8875dbc0

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf74823fa

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8860ead8

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8853c6f0

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x88313c50

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x893e1e30

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x881dc708

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7484422

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x894b70e0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x885ef2b8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x885f99c8

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x886539a8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa370b60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x88419e30

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8831e098

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x881f3e58

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x888c87e8

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x88784e98

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8875e640

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x881d9630

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x883287f0

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x88470440

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x88517df0

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x887635e0

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x885df4f0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8a4eeeb0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x88760a68

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x8875d5e0

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x885226b0

==EOF==

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 23 August 2009 - 12:30 PM

Hello.

Let's deal with that then.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Please delete the Combofix.exe you currently have.

Re-download from one of the two links below and run it again.

Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.

Post back with the Combofix log once it's done. If Combofix doesn't remove that RECYCLER infection, then we will do it next round :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users