Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble


  • This topic is locked This topic is locked
15 replies to this topic

#1 kleopat

kleopat

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 21 July 2006 - 08:04 AM

here's my situation:

my computer and internet explorer often freeze (not responding). I shut the app down, try few times more and eventually it works.

my CPU is often at 97-100% (it seems that these applications are randomlly switching. 1 is taking 97-100% CPU for few minutes, and then the other one comes at 97-100%- and the previous one is back at 0%)

this are some of the applications which cause problems:
ctfmon.exe
ati2evxx.exe
NvMixerTray.exe
PCMService.exe
PDVDServ.ee
avgcc.exe
realsched.exe
jusched.exe
zlclient.exe
wuanclt.exe

i checked that applications with Security Task Manager and it doesn't complain on that applications.

I did that step with cleanmgr.
when running Ad-Aware, it blocks in folder HKEY_LOCAL_MACHINE\Software\..
everytime it gets at that folder, the program is not responding.

when running Spybot SD, it blocks at (running bot-check) "Baciami" whatever that is.
the program doesn't freeze, but it stays there for ages.
i want to delete that bleeping Baciami. i tried to search for it, but couldn't find it.
EDIT: after some time, it did continue, but it stuck at some other applications, but it eventually continued.
After 6 hours of running Spybot, it finally stuck at "X-Driver" (still running bot-check).
there was a message:
"Error during check!
Win32.Sober [16] [Access violation at address 00D45779. Read of address 00F1004}"
Spybot is still responding, but it hasn't moved from that "X-Driver" for a long time.
if sth changes, I'll edit it again.
But I'm not even sure if Spybot is still doing sth or if it's terminated after that error.


i tried Housecall Anti Virus also, but it said that it would took 7 hours,
so I need to do that in the morning (I can't sleep when the computer is working over night)

I don't know what to do.

here's hijack log:


Logfile of HijackThis v1.99.1
Scan saved at 2:55:44 PM, on 7/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {275EA60A-4C96-C469-A50E-C2150A3AADE3} - ftbar.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: IExplorerHelper Class - {BA12780E-B91E-41A7-A51A-528CBD64284E} - C:\WINDOWS\System32\IeHelperEx.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe
O4 - HKLM\..\Run: [jbgdg.exe] C:\WINDOWS\System32\jbgdg.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [trycrt] AliceSD.exe
O4 - HKLM\..\Run: [driver32] iehelper.exe
O4 - HKLM\..\Run: [dmnzx.exe] C:\WINDOWS\System32\dmnzx.exe
O4 - HKLM\..\Run: [sbdog.exe] C:\WINDOWS\System32\sbdog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [stuffmon] corrida.exe
O4 - HKCU\..\Run: [slamm] ExchangeMaster.exe
O4 - HKCU\..\Run: [newbreed] Uint32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Games\Heroes 5\registration\RegistrationReminder.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: DvdEncoderTvTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SimHID.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153480060915
O17 - HKLM\System\CCS\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C4534B2-1B3C-42A0-9072-B25BB3F9EC8C}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0D6DA99-839E-4BB5-8606-7C86F3D8B846}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PS: I was running Spybot and Adaware in the past and I cleaned what he had found. I also have a lot of files blocked (immunized) on Spybot.

PPS: I don't know english that well, so I hope there will be no long unknown words in your replies. :thumbsup: :flowers:
just try to talk to me as to a kid. sorry.

Edited by kleopat, 21 July 2006 - 02:23 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:15 PM

Posted 22 July 2006 - 09:10 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 22 July 2006 - 12:31 PM

hello. and thank you.

I did all that you said. all went fine.

I have 1 question. Did fixwareout delete those files in "C:\WINDOWS\system32"
such as {32EC0E85-6836-46BF-9A40-9D87BE0658EF}.exe

because today all day I was receiving messages from AVG-
he was every 10 minutes reporting about trojans found on my comptuer.
i allways replied "Heal", but every 10 minutes, a new one appeared,
with different code in {...}.exe

and today in the morning, I've updated AVG (so maybe I had that on my system for a long time,
but AVG couldn't recognize it because of lack of updates).

do I need to delete those files or did fixwareout delete them?

PS: the computer seems to be working faster allready.

And here are the logs.

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45E47AC6571F-E58A-D614-659B-206E46C0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D4183E89F9A-4B8A-0F24-C2CA-F8D2824F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}030325574012-FC3A-48F4-542C-1DB60233{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}89B73AA2CBC2-F489-6214-9A05-40E1877D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC7F75268F7D-996B-5DD4-313E-020960E7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6FEA73B50129-116B-B2B4-B904-D724E2E4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC19042B96AB-AA4B-4EC4-AB4B-B64F4110{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F93A5082B882-996A-BC94-8D6C-B9078E50{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4A6AD883B29F-481B-D2D4-4119-15265DA7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F270300168BD-7929-1894-F0EF-D0E67E50{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}78FE889CD0CA-4D7B-6CF4-E69A-DAE521F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2FFCB43E83B1-1359-D1D4-9659-2598088B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9BD9B17CBBCA-F538-D634-006B-02815B1B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3A1B3A388ABB-B56B-6694-57E7-920E2249{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B75402F7416-567A-2A74-6635-DA558A12{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0542F3D04DA4-5128-DD54-D823-BFF95DEB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4160FC1B9020-D13B-4464-0C33-1D99C7D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}43837BC9B5AD-ABBA-D624-CC0F-154D00CF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D0AB0F26B79-C5E8-1B54-B4ED-3CB797CC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6549595C9ED4-F8CB-9E04-1C42-0A341158{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A2A351F1BBC-9CFA-4D64-E283-196F4564{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}207BDF8A45AA-51BA-4434-C930-C43634EC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}763DBC08ACF9-BE99-A1E4-6B50-0F055B6E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E735C51382E9-38B8-46F4-12FA-830566DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F15B27223010-C519-AF44-4422-F8C90569{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AEF4F91D9FF9-3E7A-7114-105F-17A164F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C20FFE0CAADC-D2A8-8D24-2AD4-440B61F5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}564782930DA2-38F9-7344-E5A9-E006C8B2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C1F8444F70D4-A2D8-5EA4-0FD1-5B3C3356{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F8F1471E311A-3479-5824-40C8-E700A6FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C9710A92F77D-F189-2274-B2E7-CA65D825{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0662397EFC6C-3E48-7354-D687-532547B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F11588509A5-E99B-6054-838A-B3DE041C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}53AC5B9DF779-B21B-EF34-2EA8-40C8D500{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B72720D14724-ADAA-3EE4-CF06-DBB6CF34{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}66C28D67E61F-93EA-8744-DFE4-018BADEE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FFC3ADE8BDE9-7198-8FB4-4CED-B3BFCC71{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2488A32D2518-768B-FD64-6BD1-79B7372E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E94BE484952E-E199-2CE4-1196-2D617F1A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9014AA3612E0-76E9-9AB4-44EB-7D112CC2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB41B3BAE1CE-240A-E934-A73E-B1C3A829{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E8C1E732ABF2-9209-17A4-3CE8-24BA2D9F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}37B743769805-6BB8-91D4-41E2-CB7E12B3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F75FC2B286D8-5D49-8994-1A93-C4A788B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BB15FA4781FF-A548-FD94-A256-7A6EC858{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8F5EF23BC14F-7ED8-A3F4-0C0C-5D3E876D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}582EA9A3D4E0-73DB-FF44-49FB-C6A3D1DF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D842628967C0-C698-E664-9FA6-2F5DDE56{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}893FC9F94190-BE4B-BAE4-2525-5F9C1B92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}56C32D5D7678-124A-6C24-B626-E819DC9E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A6F1148D733F-4838-1844-A645-0BA2DE35{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DC0A725756EA-0A89-5AE4-AD2F-EE7EB17C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B395D7D2144-6ECB-3344-0C6F-386B9211{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}454BAB52E097-2548-9314-DDF5-25C8A85D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F0785DE93C62-D1BA-3034-2E91-DE807C02{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7197A658D954-8C2A-B3C4-C787-572CFE7D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB9AF097405B-28DB-E994-8B47-DA3F7896{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}62145A4728A7-C809-A4C4-D4C8-D20BEE7D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CEEB4B7E6743-CA1B-1FD4-649A-7D926672{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A2D650304F7-F749-FD64-09C6-635773F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DFA4582F87EA-925B-D544-4CF1-1D84E4CD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}705AD857DD30-494B-9B94-EC7F-FB4627E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7DBBF9F9C760-0428-8404-3845-E608819A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}596FBA2CF73C-D739-D8B4-571A-7DF0131E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}151B45973B86-EA89-1F14-B29B-C057EFB0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}969E4E8CD283-EFCB-97D4-8DE7-5964FE3E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}68843F69693B-BFDA-3484-CFED-31BB66B8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E619F1E195EE-DBB9-3A84-2A4D-FD9F87E4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38AFF5972EE0-5DB8-AD74-4FED-52886D00{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}12DF9697A826-545A-25C4-946D-B5ECFBAA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84E616B8CC1C-807A-28A4-6BAE-B7961FAF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DE13CE494253-C939-9ED4-8B61-DA2A897A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}93B98D11A9AA-1498-DD94-F5F2-8A734CD8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}949DA47917F2-6D49-37A4-8327-360463D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2738578AF106-F7EB-7D04-AEC2-E7CBA5E0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}16241523BF52-6BB8-64F4-8F50-048691B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD971EACC10F-AB29-34A4-BAFB-E34243A8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EBEA1201C26F-EC88-87D4-1735-193DA6BD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}570D22B1D47E-2029-BF14-2596-838A5C25{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}697B7F9F2F60-89D8-A334-5167-7AEF8878{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F36390FBD1E-B7E8-CF04-38A2-936A2686{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}781C8924751E-3BD9-C794-6734-47F10B90{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8126518C3239-BC4A-4F44-AC04-7302B260{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8BF914E5F9A7-E33A-F3F4-425A-8BF60D38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A3A4445BDEA-A5A9-5CA4-81A7-CCE848FD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BCAFF03A777-0ADB-B1E4-91F5-C736444C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2D221034A9F2-9F78-EDE4-EECE-4B12CA38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}61EC5EB03965-9F7B-90D4-1609-A78D610A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}81842C853D2C-D64B-66F4-84E0-9D2F8DA1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3DBE205F7BC1-C9CB-6214-DD7B-AEF96B0F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}412CEF3FF09C-09DA-BE44-49EC-3FE5006C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21637ADFEFD1-AC28-C614-E460-2ECDEBBE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C633939AD0A7-DFE8-A9C4-43FA-4EC82450{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}15656EC7F50A-421B-DE34-0899-90079F4F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1103E582E206-D37A-F074-46A9-577D8F71{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B80F9EDB1E08-E7DA-4CE4-6700-009BDF42{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B120FAC1C4A6-2D9B-54E4-7C93-93E6E54D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23431773DD79-DBC8-4D34-5E3D-B6C1E6CB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}831D055131FA-A0EB-1674-2BC0-7E74768E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2ABCE68519FD-0A9A-2924-E2D5-AE001F48{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1792047883C4-FA9B-18B4-A31A-093BA386{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5FDC4D9A837A-50D9-DF74-9E94-710F9815{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}567BFD7FEE4F-A588-B694-EEFE-C2F14AF7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B7806CD8231-F1FB-2324-3172-30AC4B55{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D413689C4C2E-0ECB-89E4-E4C5-7860C505{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}00E9A6D69727-DCAA-AEC4-25A5-E33BD0BD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01BBB7AB5DE4-AF6A-7634-AFCF-87442CD6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E319048F628-56BA-A0B4-528D-BDC93B9D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2A755367AC9A-B41B-0264-04EC-691C450E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}126E10C90993-AD9A-A124-87CB-BBEB66C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E0B3426FE4E4-5C7B-61F4-4DD7-586A386F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F177BE8C42D-6B1B-9E64-C966-3AE7565C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F2B9ACA90A72-846B-3364-9A1D-75EA2D47{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9AACDCE8390D-73D9-6034-6260-CBF41861{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E2D7ABA6BEE8-9639-C034-B554-359E7466{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FE07FD4E7D6D-D36A-0A84-5AA1-B030CB2D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}08D867BE6787-AB6B-2654-3B91-FA5EE7BA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}448040C917EC-A8EA-F004-F894-DDDE9B28{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45FB90D6D926-C069-4924-4E9D-AFDE1C8A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8DB4B16E1FE-AF48-34A4-A5CC-7F24397D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84A74A295696-E6FA-7124-9D84-89F86E67{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}78BE8FD1F2BF-1EA9-CAB4-8453-85048CBB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E56513BA721A-454A-6434-4BEB-3CADFBCC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3EFFFC91EC04-19B8-8224-A546-FEFE87CF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}69FA80F90E13-532A-06A4-DF50-6E251F94{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3BF1566EB8E-D29B-08C4-C835-B3844E08{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FBCB942258A5-8DE9-8ED4-058F-5AE10F69{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2AED1B345032-C9D8-2624-C41E-1FD5158D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9CBC0CE8A004-5818-A954-1451-9BFD82DF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}06AEF11432A0-978A-B204-2B20-8B6D2EA0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}57B5931F4547-AC4B-4CB4-E6F0-6DEC5565{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}335E31F10482-E078-D114-1739-47A311D1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D423C337EFB-AF18-D384-188A-CCFDA97C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}13BCEBC34D13-0B9B-60F4-382A-8F455605{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45D41B3A3AD4-239B-85F4-95F9-76B908F5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3036488F847D-AA09-5214-874F-62FB908E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2E7C9FBA838C-BF2A-92F4-4A8E-FC193DB3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E8AD5D2F8553-022B-1C74-AC7E-C073585D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7AC50D8637F9-A858-C624-D186-4A3F92D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB86BB434754-3CEA-BA74-BB66-A60E9644{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2C1742D4D869-2A5A-D3F4-86A3-ACA12AA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}64114F5A6969-0D7B-0C34-1E1D-E7C6126E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B53EF6731C6-54F9-40C4-8037-3A0CA696{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E98666490EC0-0DE8-4B94-6087-AD5377F7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}00C54315DD2B-B898-FA54-EE62-38BCC0DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8438F97B3FA1-7B08-3644-A28A-3F3EAA5D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}57A9311F1E8B-53C8-9FF4-94CF-A950F72C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C80D5B98FD88-D008-2634-0FDC-BC644783{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F326A3ABA3D1-F4B9-BAF4-B359-C4A33785{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C689A3DB588B-5E6B-2C54-71E9-31426BE6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8315F68D25B1-B70A-F674-E598-F845B105{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}326E76710B48-890B-2B14-9E61-BD98DFA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B3733385088A-317A-5624-C85C-575E8CA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3AACFEBD9109-8A59-5ED4-6468-254649FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A119771B0DE-CFEA-0EA4-F452-8EFDD792{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}724454D84E2F-1978-1F54-8694-1CA5B06A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A45752226750-B079-CFF4-10F1-65D10086{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B8379DD2DFB7-A748-88F4-A2A9-FF116E5D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9178AD49B438-93F9-4214-BC52-474A459E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D52B8CEA960B-73AB-2154-D3B2-EC8F83B2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC50D2A70B10-79B9-64B4-6F2C-101F563B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}934682C4400B-72B9-C1D4-7985-76E86ED8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D56505509A8-256B-5264-95E0-709092CE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F8FAE1B98A6D-A38A-9B34-5090-333AF542{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}627A889AE8FB-686A-A7D4-0E64-9E0479C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CDD1BD0262C6-DF38-B7C4-F6DA-FE879CA5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B29279526706-0F8A-C414-2A68-7363BC78{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}10A421756436-AD39-2844-1347-C3728065{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6EA65ED09CE5-6AFB-3B44-59D3-818CE614{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}53DAE117A421-2C0B-6144-A424-30808D4B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E636E54CDC7F-8C19-3B34-28EF-F2F2AF2E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2E320C04BEF3-3F1B-D5A4-4D9C-C1703EBE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE7178EFA7BD-A0DA-A304-CC5C-8454D1C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A8E720DF828-B7A9-9344-E781-D88F51C7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ADE92E3E2A87-21DB-3424-2973-A343F501{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}601E3E43DB6D-B3C8-48B4-21E9-8ECCC96E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A46A31F0547-01E8-C544-0327-2C42AAB0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD6136EE0880-0819-7644-5C04-06956CB5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}24D5988B5E3D-DA49-7514-9338-CF53D258{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}10E5FD81E3AC-18B9-D054-2D9F-1C9D2B6C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}738BFF80724C-8509-4544-ABF0-87827CAF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A76E9CD7F517-4189-79E4-D11E-AE3FD80C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67E680C38F42-F218-64E4-2DD5-6DE62F28{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}59DEFBE449CA-2509-DD84-98B5-0EB394D9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3DE93850CA2-CB49-91D4-2326-84660246{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2E12D4433B60-0038-2214-622A-91558DCB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1FD25675547E-8AF8-FFE4-8F98-13756492{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FBEB1DF2E4BD-0E88-D834-F85F-32E366FA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4170914A32FC-05BB-58D4-1ACB-3D7D9AFA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FA927F0278B8-4AE9-7FA4-EFD3-1A3D12EE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B69754A9C64-E28A-93F4-86D0-2B196875{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2DCF68726605-BE7A-9964-F1E2-948D8BC1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DDE609C4D114-68CB-8404-9CD9-B1B0C04C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}96F7B80E9BF4-07E9-C4C4-CF9C-144D45C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}542FEC58F935-0C49-A0B4-295F-3C08B1D7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B910DBA1A749-56DB-D704-65D0-D5A43577{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A36A3370FECD-1EAA-3C54-CD90-63AEBCC7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}08F1F2664559-6D1A-8564-8DBB-3E98E9BA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE13355CE7A3-64CA-86E4-E478-C41699A3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F85E86621CB2-A85A-4A04-730C-F1BBD345{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CDEA5DF5DAA2-CE69-9FE4-9EB5-9248567A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6DAE2C62ED6B-8738-9744-7C26-A3DF44FD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5C666376AD49-7188-9894-ACD5-6A574578{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01887B1F0D1F-63A9-ED54-9900-FB0E2352{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9574A7E2A0D-958A-AEB4-C787-2E3DD0FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2BEFA219DF69-080B-2A84-BDE1-4790DA80{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}363B58AEE52D-BEF9-AE54-AAA9-E192A8D7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C3EB7B826C61-A1E9-8E04-6335-CC34E953{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B47FB676ABA1-7018-D354-DBDF-D042E447{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ADEB260F23D0-698B-3A14-CD26-8139F0F7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E5C0D12C4B96-979A-C004-F813-A286C98F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8D859AAC39AA-DE7A-F3B4-FE33-F4F0D101{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}473A97FDF4CA-46F8-1764-E3DD-5A5E7B96{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A6B38B6F5872-A1EB-1B64-C6A0-AFD1CDA3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}00E455B451F9-B1CA-3504-F2CF-76E5610A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}474C3EE9A815-89EB-D8B4-7D8D-82CC09B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}677F4060157B-6F39-4544-C85C-C3E3B9D3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A4FB55F08763-D1AA-C294-375E-054E57E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}11C7B9CCBC59-83DA-2944-BB51-9613C123{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D03AE3ECD3B3-B74B-E284-A9D4-66B72B43{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}397F545E9E6D-51F8-5CD4-A3F6-A66F6CDC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38D959324848-9BCB-2DA4-C21A-FDB7FAD3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21868C91EC1D-CC69-CA74-4E80-EC108860{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8F1220317504-373B-F9B4-9753-6DD3E67C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8226E0E8DCA-0B78-60D4-6877-A53C25DE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35A1E46E3A1C-6059-BA24-2431-B977DBFE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5EB01E6D9E3-1E29-1654-374F-E1244535{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E1FBE3496B89-D199-9E64-8865-69B27313{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D420C6111CF-41BB-AC84-B4BD-5187FC74{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}03FB46EFC459-F849-3104-E770-70BB1CA0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8832CAF3EE8-644B-C1B4-ABC9-490DA1BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}349758BF994D-28AA-ADA4-8DFA-BA9DCA0E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}75680C35E46A-ED7A-7C84-982B-CF2E89F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB757BCFC201-CE5A-8434-EE32-72FC7807{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB2E107A28D6-7F3B-4E94-99A2-21ECF0A2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4CE817268172-F5EB-68B4-0945-FC3794B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}00A84031B586-8349-4244-A0A7-6FF2E779{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BE3E7AC7C1B-AAC9-FB74-3416-81436895{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2AF8ABD83D78-83DB-3D74-A83C-9A9949ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}128F5A12AECB-1D4B-4344-CAE6-F9699BEF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21464F0E478F-C729-3574-90F3-75A95587{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CFAD44102FC-21DB-42B4-2B53-9181088A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}56C8F9A34E9A-699B-0294-9D56-89C4808B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C20F2080DF41-ADAA-D9B4-4BCB-A417A93B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8850268BA092-18A8-6B84-A9D4-78FAC766{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B97A752EC00-2F88-9384-A67E-618ADCFC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D347BC090FF5-2FC9-2704-8225-7EB9B2AA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1EFEA1B84A96-27CB-E784-CAF5-3AC47EAC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D4A3F5947E4-2AEB-E394-CD6D-AA75AFCE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1418E93EE8B7-F20A-E494-2921-5E838498{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A10343C65800-67A8-BFA4-85FF-CBDF48A2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A6F916AE5BE-D728-8F64-1359-4CCE4FEF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5AD7BA661314-63E8-CB24-D2B5-D2C80464{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA334D830314-4C5A-1574-972F-B40F0956{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}250DF598DA23-36E8-B6F4-C4DA-38D2FB16{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B2F98FEFEFC6-ACA8-CB94-D95D-49EB48E3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6DD1CA85FF48-CD9B-3344-EEA4-E4AB6928{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}57BBD4977B72-F249-5524-F8AE-09B11B63{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}95964BBAEE06-048B-0A84-961A-E6E0FA51{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F420B2E706C-AC1B-4844-99EB-E243CE61{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9A2F9721BAB2-C3C8-96B4-61DF-794152B1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B11740F3164-7CCA-1034-AC05-E28AAAFA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB26B8B1D691-1558-C764-4342-C1CD0B49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}226B875D9A10-7CFA-AA44-F517-9288F2CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4814B41CE85E-A1B8-9394-1B72-2B598AB6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AF80922252F6-44CA-F864-08B3-64741560{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B849164830A-04D8-2A24-D9B3-99DADF58{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E6222F5415E9-C2B9-E744-C7AF-084E328F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E533FF1F54B4-D378-BC94-9870-7EDA9025{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}66D601DFE70E-C458-ED34-6CE2-276A355B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7CA92EB0C766-43BB-6544-A6F4-9A58860A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}75FD3A35B616-2B4B-0324-113A-73F1FF94{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC428DB90E26-1599-AE94-BF1D-1F6BBCFA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F6BEB08B9BD0-E0C8-55C4-48C2-10DEF803{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EC25FA20DF5C-6F9A-8F54-8EF4-0CEED5CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A8E7E62399C8-634A-B314-628D-C13D0699{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6B16EDC611D8-9BF8-A3A4-1AAF-38DDC9BA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0BC7483790C0-0E5B-4874-4AF5-8158B93A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58E0AD91A115-B21A-1024-B268-A9287B76{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D0C496C90DB-EA78-46D4-186C-0B54A2CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D7CDE83A6A7-C10B-A494-7312-0464E5B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5979FFA96F3C-8C7B-0E14-ED85-81804326{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}56F188D90BB3-5B18-D244-4AC8-32A62E01{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}169FD9A3AEB8-9B0B-C9B4-2CD2-28DA87BD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9933045F839B-A84A-BE14-8436-9737BC79{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FE79E418C8C-671B-F4A4-5FDC-FF2FAFB1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C0929DBEC8BB-1278-4BE4-4419-3D440E3D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF5A0E3448E0-B24B-4AA4-0E86-FD64C784{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0B39BA1ED3C6-3B0B-3D64-ED26-950B40E6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CFC9CB16C22A-26F8-DB14-0326-B292DFF5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}372B56029686-075A-C4A4-B3C0-6C205A16{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3FCB7DB3FFD5-EB88-F6D4-159E-BB2029B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BCA454B2D6F-AB0B-EEC4-62E9-8BC4E019{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35629E500303-9399-F4F4-84BE-1DAF5E19{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D92FB537A6A6-C389-1744-15B3-82569833{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}49DC9CD78745-FB98-71D4-8A46-302DB260{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0596B012E6A2-915A-56F4-01B6-0AB41AC2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E544C8579955-F229-5794-6DCB-9C58B14F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}301F50E4E43D-80FA-B514-B529-0581AFF3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}091FFC171464-10EA-9AD4-C4DF-25D83E2F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6ECB4D9F253A-B799-0004-6FFA-E0C448D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}54A1EF4304E0-455B-2E24-DE0F-660425CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F22CA9334106-DA0A-3514-114B-EF06386C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AFFFAEC23192-63E9-6104-DC77-94196AC0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D167E1BAAB2-E7CA-3A94-64B1-095B5580{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01008E3057CF-414A-B954-0C21-DEBB4EE6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8C53634ECF09-9819-17C4-B501-AD056A6A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1D6A53CD699F-CC29-7CA4-509C-262A0A0C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}037659978EC0-4F0B-27B4-4783-B356DB39{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5F80655DDF26-801A-4C84-9C66-658CA35F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C98E6820165-5739-D4E4-879D-20D94F33{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}79F519BC11E8-F0EA-DCB4-B6C4-80CB0886{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E69603D36FE-20B9-9614-AEA6-EFF96618{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7598479DC96A-93A8-EA54-C7F1-5801FDFF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F65CDD8F225C-62EA-3284-D237-663C4FFC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}372FD75EB331-041B-C634-32D8-C8C2DEDA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE5DEC27B973-3C49-2DA4-FA3E-4E85B98D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D5B4CC291B7-B94A-37F4-43AB-4C1A1ECF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E1DCDE327A8C-A3B9-4C14-20F1-45D6749E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}47311A6AA09E-BEBA-C084-E13F-CD213243{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1362FA16AFC9-5A39-AB44-D5F1-70131DFD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EB0BF8D5D600-FB5A-EE04-891B-39D386E3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E10EA8B90170-0D08-BF04-54C9-1138EA41{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}56060600E181-CD99-20A4-F6B7-F56F48BA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8D54BC233219-3B68-5A84-C479-AEA3AF69{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E72DDD656DFB-685A-E2D4-AF3B-B4FF51AA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}89BD77708A5A-2E3B-89E4-7D3D-529128C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4250EA7A2965-5918-5CE4-4DA9-D78A5AC9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}72DF7CC886A4-D519-EEE4-CD3E-019843B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9EC14F360EB5-3B1B-4BA4-B663-C93471F4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC28C552050A-B36B-C384-F25B-D1462BDC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C54240F58B72-D278-9474-621D-12FF1487{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}47C9BE7A9552-E8A9-99E4-96AC-10A8382D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6997835A105A-932B-3EA4-D0AE-39593867{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D180CBE859D7-DB08-36D4-C018-6561B7DF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}721829FAC7F1-66EB-8FE4-2D00-39CC334D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9CEC092DA0B2-91D9-7804-8B72-306265A3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F86771755913-667B-DF34-D119-7A7E4C75{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9A35792B3D0B-4799-6374-BDBE-AA1C2D72{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}655A2BA8EC5E-2319-8274-4E66-D7EBCCEF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}09B7284005F9-F458-40F4-EB1E-95185A49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}50975B82D307-8DBB-51D4-F3CE-CCA8FA6C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9A6CE59139DF-E80B-5344-22C9-6096C0F1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}91D737C4A220-140A-6B84-44C7-076EDDD3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}630B71A865B9-D1BB-C214-9A46-E428C132{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EEC9F6E5E305-1639-0074-5FB6-629745BD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D723EA60E6B3-FC38-3BF4-7277-A58AD940{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}51FB2BEA6BF4-01CB-CFD4-97FA-378B904F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}301B28C05826-F71B-9974-8B85-C499C77A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A5FF6DEA21E4-6E58-B804-D3DC-B400D081{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}702164684B66-605B-2B34-E286-CAD6B959{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C2D42C7D0B7D-C0EB-1354-609D-7B797F06{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BFF4285DA5D1-647A-3564-5D36-F2CA2E56{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B83DF5F8630D-038A-0B84-F665-A763C437{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0864E5941653-B43B-B014-B3F1-29D3799B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}583F45EF452A-9189-9534-7A14-E62DF55E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB5F09976B9C-2BD8-C334-38F6-6AD0A595{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD8D4E6889D5-8B38-F544-AD78-1633ECF6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9E062CD95414-2D6B-38F4-8A97-CF963D44{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A1B1D021D2BC-A169-6DC4-35CC-69E0055A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1348C0EEA2E4-D47A-EAC4-0631-3BF9C516{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD3E6D269ED1-93A9-6474-7A52-C2247DBE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BCEDC30F6282-CC99-46D4-38D7-06DF8ED5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A38883C3402C-C25B-13F4-99EF-27BBD35F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}864F46602F44-D9E8-2054-F5F0-9E33F49B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F6A4BBFFE868-3788-8364-E99C-90DAA6C2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}814F3FF107DF-4588-9824-1694-EFA530BB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F39F3C046A1-0198-B744-BFC2-6ADA1ED1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}589D501A9CEA-19AB-5684-628F-D5B231B1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1B372E5BBA30-DC2B-A694-0D89-92B1AE83{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A57601DE5C9A-F388-23C4-D1BB-AF11E482{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B75DEB98DF70-9E88-4C04-6BBF-A8BDD337{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}175A75D6BFD6-36EA-B4F4-ECD3-C55C0046{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CE7EE7D1B269-BC18-7C84-653F-B462168E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B67C574511C5-031A-E354-186B-DB138CCF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5EFB8D2433E9-64F8-A0C4-2C23-4E261855{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}612DDF18E06B-F029-8964-5C20-50A2CDEB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB4F944EA870-9EE9-86F4-3D9E-EE4459BA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1649256F01C4-B768-D624-947D-2B2866DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5C26DA38C19F-568B-F9B4-C457-5A7B2B96{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C8B5528CDE6-EA38-AC34-98BC-E5DB12AB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B2BA496645B2-1C88-A614-C629-7A81B8B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}313F9CB8F86B-0BAB-1FB4-334E-391E400C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F54B40E7991A-88A8-B234-3E07-8288DE05{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AC25EB8B447E-0ABA-35C4-79C4-772367FA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A9024A0A4107-D17B-5DD4-8036-94CC6FA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70A26B1B82AE-15CA-94E4-2CA1-6754B48E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B0BB7A1C802-FEBA-5E84-835C-4C15F52C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F8EE487C0728-3A18-0A44-A058-E73CADBE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8C5521F423FB-CEFA-48F4-252D-F3A3557A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F905D0E65FDA-C39B-58C4-8E76-59386E1D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}62CD1739216B-9758-2BA4-69FB-107A19FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}669279DF1476-A8DB-B7B4-CE5C-99B6D528{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0BCB0FF8479-15E9-BCE4-209D-8AD309B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF2EAB6D9E8A-9EA9-9764-39D8-5429D33A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6E3AC638C3D5-9C78-5074-E5A7-CBFEE390{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2821EB32A696-597B-AC94-88AD-B2BF0307{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B8B8E92E283F-1C6A-D644-DCE0-69C657AF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC860355EB21-0E29-2274-41D8-D25F1485{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2C66131D5ED0-3FAB-2424-FC10-FD3C6163{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F4480A57E0C3-87EB-4074-17C3-3A9DCF75{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B4331B5202C7-200A-F3C4-9C7B-83CC3B97{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C75C4BCABBF0-4CBA-D694-FC74-18EFEE8E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}37E485FAA28C-8A3B-F6A4-B175-EA090521{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23EFDB1F8955-9D79-2314-460C-7A26C8ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9B93E6404C3-FEEA-BA84-A69B-3F2CDDF7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B26B6EDE54E7-F4DB-D0F4-A805-961DB071{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BA1850DD904-7C98-F144-F371-05B317AE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD218241CDFC-EEE9-7A14-E724-912948F5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D497E0D890D-9A88-A234-4C39-8CEE25A4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}590469CD0478-19DB-FBE4-78FB-B2DD693B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4574CEACF96B-703A-5D14-43C0-2CCB061F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}96E3B181CC1F-167B-1044-3610-636B0FD3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A789425EBFB2-7E19-E5A4-A378-4214C327{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB4B91C4A489-22AA-4584-187C-2C44D661{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8EF05B41595D-67F8-B1D4-69E1-95488B66{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1FEFFAD74FEE-927B-A544-7DDC-33C23C04{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D006C24B71E-56CA-0854-0A99-0E04597F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8E6D3205E8F-B19A-7644-6A8A-38A88A38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A68CD35DE0A-6009-C214-CEB3-3423A251{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C58B3915C0FC-3E3B-FE04-D5EC-75858554{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}993B6E43128E-174A-1A94-BEEB-423A71FD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E81D667EA4AF-4D99-72F4-214E-46172434{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EF6A24307018-192A-4474-8E5C-0E2D8C21{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}69DD9FB0FB2F-0E4B-D2E4-BBC8-7DB188C1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DFB53C2EA55-8C88-63E4-4A35-C8218AA1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D2DE4D308C02-1218-1A14-8114-76E26FD7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\iexmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6CAF1F14DA8D-E61B-2C64-5598-50257E02{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F3F70E595E98-0188-0094-A252-78C44598{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8A15CF0A970-ECBA-D5D4-334C-4932197D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6CA5A6B6852E-6C4A-19F4-D85B-4C806F03{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8AC32602118B-D3A8-9EF4-44CA-2197DEA4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D0ABDF2AACC-6709-3B04-F2E6-60121767{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A4188A877A1E-15A8-6424-D68B-13111101{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}833DDC1649BB-193A-22E4-53F1-F1FC083E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45C7E540FB7E-5BAB-CB24-095C-77EE7DEF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}744AF8900503-971B-36D4-D03B-9811B444{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}463A4F374A8C-8CEB-D344-811D-495AD0A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F4F5F153C363-3CD9-7874-F61F-367ADB85{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DC9961F21E98-0A1A-D144-F8DD-6723DBCE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4CF05A5C9076-3E5B-7744-F6FB-D1C68D49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}103A459B62C8-F84B-B034-9A19-26138DF9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}564348481E6D-7079-B4B4-10E6-8AFD343D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0ED4250BFF64-A759-DA44-7EC7-6CB3F341{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E1644077BF89-8E98-F5C4-D98B-1728407F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E13428BB2B7A-F0AB-65B4-B874-4ABD1206{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CA216A614014-2718-C7B4-BE33-1914A3E2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0809782F2663-A9CB-2974-8018-68CEDEB2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D5ED83178519-09C9-6154-19A2-E3BC0349{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2AF4AF91EEF8-87BB-2A24-F9EE-0C31BA27{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8954A597F355-FD88-C034-61B6-5A05E7F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F74FD23B440-E22A-2AE4-54E3-61C4C695{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6AF4BBA6711E-D70B-4FF4-C8E1-3A863D51{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4643B335078B-1DB8-1054-598F-31221E66{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}117E0D050AF7-F1A9-36C4-82B5-1B1D1DAA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5F5E35C558C-3598-A414-1C47-40845099{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B39D06B5B944-CA18-8294-C46A-E

Edited by kleopat, 22 July 2006 - 12:51 PM.


#4 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 22 July 2006 - 12:35 PM

NOTE: i didn't cut that previous post where this one begins (i have skipped maybe some HKEY* files).
I don't think you need them all to tell me what's wrong. They're all the same.
If all of them need to be listed, let me know and I'll post again.

...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8F3E940BF98E-E5B9-BE94-6C60-A9FAC0B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}89FA0E4C6EDB-9878-8614-C5C5-4EA59101{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}13D1FFE7E274-4C69-5E14-8FA1-15BC95D8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}98646AEBC7EB-888B-07C4-9BD3-A2B77086{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}874A60AE7AD8-3BBB-ADA4-79A4-11EBCEF6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}849193EB999A-2328-74B4-0D87-8C0A8549{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CD3A65A007DC-FFF8-6C84-43FF-68C3398A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}50792D7539BE-2FAA-AFE4-AEB5-4A8E0B17{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}431C8962A923-314A-E924-15D3-24252741{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}27E9A2D3A534-5039-C614-53FD-A078CA9A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}275B504D6E47-0D29-EAA4-791D-D9AAFC1A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}080961D5EB77-767A-4F94-B58F-18AEC39E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B501DC702AD-872A-8294-1540-4FCA2659{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A9ACFAF4C891-7D8A-A624-4976-BDD44D12{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}181E75E2ED4C-1F18-F164-DCFA-D444E92D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}638CAFED168D-D97B-2494-84AC-4360992B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EA217556028-582A-B8C4-C97C-D3FCE87F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E76F871B493-17B8-DA34-3EDB-C9F674B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FE8560EB78D9-04A9-FB64-6386-58E0CE23{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}283E1666C84E-E669-2B54-0E8C-604AA1AB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D1932816A069-7569-3D54-295D-D7ACBD02{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nbilbaj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft Windows Script Host Version 5.6
Random Runs removed from HKLM
"jbgdg.exe"=-
"dmxei.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

Search by size and names...
One or more CON code pages invalid for given keyboard code
* csr.exe C:\WINDOWS\System32\CSYTN.EXE

Misc files

Checking for older varients covered by the Rem3 tool


Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSYTN.EXE 51,236 2006-06-29
C:\WINDOWS\SYSTEM32\DMXEI.EXE 44,032 2002-08-29
Other suspects
Directory of C:\WINDOWS\system32
{32EC0E85-6836-46BF-9A40-9D87BE0658EF}.exe
{10195AE4-5C5C-4168-8789-BDE6C4E0AF98}.exe
{47F99965-69E4-44D2-8242-F9B9458454DC}.exe
{2DF96F15-BC87-4775-AD50-79AE12777242}.exe
{9430CB3E-2A91-4516-9C90-91587138DE5D}.exe
{2E3A4191-33EB-4B7C-8172-410416A612AC}.exe
{6021DBA4-478B-4B56-BA0F-A7B2BB82431E}.exe
{F7048271-B89D-4C5F-89E8-98FB7704461E}.exe
{4AED7912-AC44-4FE9-8A3D-B81120623CA8}.exe
{89544C87-252A-4900-8810-89E595E07F3F}.exe
{7DF62E67-4118-41A1-8121-20C803D4ED2D}.exe
{1AA8128C-53A4-4E36-88C8-55AE2C35BFD5}.exe
{1C881BD7-8CBB-4E2D-B4E0-F2BF0BF9DD96}.exe
{12C8D2E0-C5E8-4744-A291-81070342A6FE}.exe
{43427164-E412-4F27-99D4-FA4AE766D18E}.exe
{DF17A324-BEEB-49A1-A471-E82134E6B399}.exe
{45585857-CE5D-40EF-B3E3-CF0C5193B85C}.exe
{152A3243-3BEC-412C-9006-A0ED53DC86A8}.exe
{83A88A83-A8A6-4467-A91B-F8E5023D6E8D}.exe
{F79540E0-99A0-4580-AC65-E17B42C600D9}.exe
{40C32C33-CDD7-445A-B729-EEF47DAFFEF1}.exe
{66B88459-1E96-4D1B-8F76-D59514B50FE8}.exe
{166D44C2-C781-4854-AA22-984A4C19B4BC}.exe
{723C4124-873A-4A5E-91E7-2BFBE524987A}.exe
{3DF0B636-0163-4401-B761-F1CC181B3E69}.exe
{F160BCC2-0C34-41D5-A307-B69FCAEC4754}.exe
{B396DD2B-BF87-4EBF-BD91-8740DC964095}.exe
{4A52EEC8-93C4-432A-88A9-D098D0E794D9}.exe
{5F849219-427E-41A7-9EEE-CFDC142812DB}.exe
{EA713B50-173F-441F-89C7-409DD0581AB7}.exe
{170BD169-508A-4F0D-BD4F-7E45EDE6B62B}.exe
{7FDDC2F3-B96A-48AB-AEEF-3C4046E39B9D}.exe
{DE8C62A7-C064-4132-97D9-5598F1BDFE32}.exe
{125090AE-571B-4A6F-B3A8-C82AAF584E73}.exe
{E8EEFE81-47CF-496D-ABC4-0FBBACB4C57C}.exe
{79B3CC38-B7C9-4C3F-A002-7C2025B1334B}.exe
{57FCD9A3-3C71-4704-BE78-3C0E75A0844F}.exe
{3616C3DF-01CF-4242-BAF3-0DE5D13166C2}.exe
{5841F52D-8D14-4722-92E0-12BE553068CF}.exe
{FA756C96-0ECD-446D-A6C1-F382E29E8B8B}.exe
{7030FB2B-DA88-49CA-B795-696A23BE1282}.exe
{093EEFBC-7A5E-4705-87C9-5D3C836CA3E6}.exe
{A33D9245-8D93-4679-9AE9-A8E9D6BAE2FB}.exe
{7B903DA8-D902-4ECB-9E51-9748FF0BCB0A}.exe
{825D6B99-C5EC-4B7B-BD8A-6741FD972966}.exe
{EF91A701-BF96-4AB2-8579-B6129371DC26}.exe
{D1E68395-67E8-4C85-B93C-ADF56E0D509F}.exe
{A7553A3F-D252-4F84-AFEC-BF324F1255C8}.exe
{EBDAC37E-850A-44A0-81A3-8270C784EE8F}.exe
{C25F51C4-C538-48E5-ABEF-208C1A7BB0B4}.exe
{E84B4576-1AC2-4E49-AC51-EA28B1B62A07}.exe
{2AF6CC49-6308-4DD5-B71D-7014A0A4209A}.exe
{AF763277-4C97-4C53-ABA0-E744B8BE52CA}.exe
{50ED8828-70E3-432B-8A88-A1997E04B45F}.exe
{C004E193-E433-4BF1-BAB0-B68F8BC9F313}.exe
{7B8B18A7-926C-416A-88C1-2B546694AB2B}.exe
{BA21BD5E-CB89-43CA-83AE-6EDC8255B8C3}.exe
{69B2B7A5-754C-4B9F-B865-F91C83AD62C5}.exe
{AD6682B2-D749-426D-867B-4C10F6529461}.exe
{AB9544EE-E9D3-4F68-9EE9-078AE449F4BC}.exe
{BEDC2A05-02C5-4698-920F-B60E81FDD216}.exe
{558162E4-32C2-4C0A-8F46-9E3342D8BFE5}.exe
{FCC831BD-B681-453E-A130-5C115475C76B}.exe
{E861264B-F356-48C7-81CB-962B1D7EE7EC}.exe
{6400C55C-3DCE-4F4B-AE63-6DFB6D57A571}.exe
{733DDB8A-FBB6-40C4-88E9-07FD89BED57B}.exe
{284E11FA-BB1D-4C32-883F-A9C5ED10675A}.exe
{38EA1B29-98D0-496A-B2CD-03ABB5E273B1}.exe
{1B132B5D-F826-4865-BA91-AEC9A105D985}.exe
{1DE1ADA6-2CFB-447B-8910-1A640C3F93F9}.exe
{BB035AFE-4961-4289-8854-FD701FF3F418}.exe
{2C6AAD09-C99E-4638-8873-868EFFBB4A6F}.exe
{B94F33E9-0F5F-4502-8E9D-44F20664F468}.exe
{F53DBB72-FE99-4F31-B52C-C2043C38883A}.exe
{5DE8FD60-7D83-4D64-99CC-2826F03CDECB}.exe
{EBD7422C-25A7-4746-9A39-1DE962D6E3DA}.exe
{615C9FB3-1360-4CAE-A74D-4E2AEE0C8431}.exe
{A5500E96-CC53-4CD6-961A-CB2D120D1B1A}.exe
{44D369FC-79A8-4F83-B6D2-41459DC260E9}.exe
{6FCE3361-87DA-445F-83B8-5D9886E4D8DB}.exe
{595A0DA6-6F83-433C-8DB2-C9B67990F5BC}.exe
{E55FD26E-41A7-4359-9819-A254FE54F385}.exe
{B9973D92-1F3B-410B-B34B-3561495E4680}.exe
{734C367A-566F-48B0-A830-D0368F5FD38B}.exe
{65E2AC2F-63D5-4653-A746-1D5AD5824FFB}.exe
{60F797B7-D906-4531-BE0C-D7B0D7C24D2C}.exe
{959B6DAC-682E-43B2-B506-66B486461207}.exe
{180D004B-CD3D-408B-85E6-4E12AED6FF5A}.exe
{A77C994C-58B8-4799-B17F-62850C82B103}.exe
{F409B873-AF79-4DFC-BC10-4FB6AEB2BF15}.exe
{049DA85A-7727-4FB3-83CF-3B6E06AE327D}.exe
{DB547926-6BF5-4700-9361-503E5E6F9CEE}.exe
{231C824E-64A9-412C-BB1D-9B568A17B036}.exe
{3DDDE670-7C44-48B6-A041-022A4C737D19}.exe
{1F0C6906-9C22-4435-B08E-FD93195EC6A9}.exe
{C6AF8ACC-EC3F-4D15-BBD8-703D28B57905}.exe
{94A58159-E1BE-4F04-854F-9F5004827B90}.exe
{FECCBE7D-66E4-4728-9132-E5CE8AB2A556}.exe
{27D2C1AA-EBDB-4736-9974-B0D3B29753A9}.exe
{57C4E7A7-911D-43FD-B766-31955717768F}.exe
{3A562603-27B8-4087-9D19-2B0AD290CEC9}.exe
{D433CC93-00D2-4EF8-BE66-1F7CAF928127}.exe
{FD7B1656-810C-4D63-80BD-7D958EBC081D}.exe
{76839593-EA0D-4AE3-B239-A501A5387996}.exe
{D2838A01-CA69-4E99-9A8E-2559A7EB9C74}.exe
{7841FF21-D126-4749-872D-27B85F04245C}.exe
{CDB2641D-B52F-483C-B63B-A050255C82CF}.exe
{4F17439C-366B-4AB4-B1B3-5BE063F41CE9}.exe
{4B348910-E3DC-4EEE-915D-4A688CC7FD27}.exe
{9CA5A87D-9AD4-4EC5-8195-5692A7AE0524}.exe
{9C821925-D3D7-4E98-B3E2-A5A80777DB98}.exe
{AA15FF4B-B3FA-4D2E-A586-BFD656DDD27E}.exe
{96FA3AEA-974C-48A5-86B3-912332CB45D8}.exe
{AB84F65F-7B6F-4A02-99DC-181E00606065}.exe
{14AE8311-9C45-40FB-80D0-07109B8AE01E}.exe
{3E683D93-B198-40EE-A5BF-006D5D8FB0BE}.exe
{DFD13107-1F5D-44BA-93A5-9CFA61AF2631}.exe
{342312DC-F31E-480C-ABEB-E90AA6A11374}.exe
{E9476D54-1F02-41C4-9B3A-C8A723EDCD1E}.exe
{FCE1A1C4-BA34-4F73-A49B-7B192CC4B5D4}.exe
{D89B58E4-E3AF-4AD2-94C3-379B72CED5EA}.exe
{ADED2C8C-8D23-436C-B140-133BE57DF273}.exe
{CFF4C366-732D-4823-AE26-C522F8DDC56F}.exe
{FFDF1085-1F7C-45AE-8A39-A69CD9748957}.exe
{81669FFE-6AEA-4169-9B02-EF63D30696E4}.exe
{6880BC08-4C6B-4BCD-AE0F-8E11CB915F97}.exe
{33F49D02-D978-4E4D-9375-5610286E89C0}.exe
{F53AC856-66C9-48C4-A108-62FDD55608F5}.exe
{93BD653B-3874-4B72-B0F4-0CE879956730}.exe
{C0A0A262-C905-4AC7-92CC-F996DC35A6D1}.exe
{A6A650DA-105B-4C71-9189-90FCE43635C8}.exe
{6EE4BBED-12C0-459B-A414-FC7503E80010}.exe
{0855B590-1B46-49A3-AC7E-2BAAB1E761D6}.exe
{0CA69149-77CD-4016-9E36-29132CEAFFFA}.exe
{C68360FE-B411-4153-A0AD-6014339AC22F}.exe
{AC524066-F0ED-42E2-B554-0E4034FE1A45}.exe
{4D844C0E-AFF6-4000-997B-A352F9D4BCE6}.exe
{F2E38D52-FD4C-4DA9-AE01-464171CFF190}.exe
{3FFA1850-925B-415B-AF08-D34E4E05F103}.exe
{F41B85C9-BCD6-4975-922F-5599758C445E}.exe
{2CA14BA0-6B10-4F65-A519-2A6E210B6950}.exe
{062BD203-64A8-4D17-89BF-54787DC9CD94}.exe
{33896528-3B51-4471-983C-6A6A735BF29D}.exe
{91E5FAD1-EB48-4F4F-9939-303005E92653}.exe
{910E4CB8-9E26-4CEE-B0BA-F6D2B454ACB7}.exe
{6B9202BB-E951-4D6F-88BE-5DFF3BD7BCF3}.exe
{61A502C6-0C3B-4A4C-A570-68692065B273}.exe
{5FFD292B-6230-41BD-8F62-A22C61BC9CFC}.exe
{6E04B059-62DE-46D3-B0B3-6C3DE1AB93B0}.exe
{487C46DF-68E0-4AA4-B42B-0E8443E0A5FB}.exe
{D3E044D3-9144-4EB4-8721-BB8CEBD9290C}.exe
{1BFAF2FF-CDF5-4A4F-B176-C8C814E97EF4}.exe
{97CB7379-6348-41EB-A48A-B938F5403399}.exe
{DB78AD82-2DC2-4B9C-B0B9-8BEA3A9DF961}.exe
{10E26A23-8CA4-442D-81B5-3BB09D881F65}.exe
{62340818-58DE-41E0-B7C8-C3F69AFF9795}.exe
{0B5E4640-2137-494A-B01C-7A6A38EDC7D5}.exe
{AC2A45B0-C681-4D64-87AE-BD09C694C0D5}.exe
{67B7829A-862B-4201-A12B-511A19DA0E85}.exe
{A39B8518-5FA4-4784-B5E0-0C0973847CB0}.exe
{AB9CDD83-FAA1-4A3A-8FB9-8D116CDE61B6}.exe
{9960D31C-D826-413B-A436-8C99326E7E8A}.exe
{AC5DEEC0-4FE8-45F8-A9F6-C5FD02AF52CE}.exe
{308FED01-2C84-4C55-8C0E-0DB9B80BEB6F}.exe
{AFCBB6F1-D1FB-49EA-9951-62E09BD824CB}.exe
{49FF1F37-A311-4230-B4B2-616B53A3DF57}.exe
{A06885A9-4F6A-4456-BB34-667C0BE29AC7}.exe
{B553A672-2EC6-43DE-854C-E07EFD106D66}.exe
{5209ADE7-0789-49CB-873D-4B45F1FF335E}.exe
{F823E480-FA7C-447E-9B2C-9E5145F2226E}.exe
{85FDAD99-3B9D-42A2-8D40-A038461948B4}.exe
{06514746-3B80-468F-AC44-6F25222908FA}.exe
{6BA895B2-27B1-4939-8B1A-E58EC14B4184}.exe
{AC2F8829-715F-44AA-AFC7-01A9D578B622}.exe
{0114F46B-B4BA-4CE4-B4AA-BA69B24091CF}.exe
{4E2E427D-409B-4B2B-B611-92105B37AEF6}.exe
{7E069020-E313-4DD5-B699-D7F86257F7CF}.exe
{33206BD1-C245-4F84-A3CF-210475523030}.exe







HIJACK


Logfile of HijackThis v1.99.1
Scan saved at 7:22:32 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {275EA60A-4C96-C469-A50E-C2150A3AADE3} - ftbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: IExplorerHelper Class - {BA12780E-B91E-41A7-A51A-528CBD64284E} - C:\WINDOWS\System32\IeHelperEx.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [trycrt] AliceSD.exe
O4 - HKLM\..\Run: [driver32] iehelper.exe
O4 - HKLM\..\Run: [lfquy.exe] C:\WINDOWS\System32\lfquy.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [stuffmon] corrida.exe
O4 - HKCU\..\Run: [slamm] ExchangeMaster.exe
O4 - HKCU\..\Run: [newbreed] Uint32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Games\Heroes 5\registration\RegistrationReminder.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: DvdEncoderTvTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SimHID.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153480060915
O17 - HKLM\System\CCS\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C4534B2-1B3C-42A0-9072-B25BB3F9EC8C}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0D6DA99-839E-4BB5-8606-7C86F3D8B846}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-end of note-

Edited by kleopat, 22 July 2006 - 12:37 PM.


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:15 PM

Posted 22 July 2006 - 10:01 PM

Fixwareout just deleted the registry entries and listed the files. We will need to determine if they're bad and then get rid of them. We'll try Ewido first before you resort to manually deleting them.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {275EA60A-4C96-C469-A50E-C2150A3AADE3} - ftbar.dll (file missing)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: IExplorerHelper Class - {BA12780E-B91E-41A7-A51A-528CBD64284E} - C:\WINDOWS\System32\IeHelperEx.dll (file missing)
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe
O4 - HKLM\..\Run: [trycrt] AliceSD.exe
O4 - HKLM\..\Run: [driver32] iehelper.exe
O4 - HKLM\..\Run: [lfquy.exe] C:\WINDOWS\System32\lfquy.exe
O4 - HKCU\..\Run: [stuffmon] corrida.exe
O4 - HKCU\..\Run: [slamm] ExchangeMaster.exe
O4 - HKCU\..\Run: [newbreed] Uint32.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C4534B2-1B3C-42A0-9072-B25BB3F9EC8C}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0D6DA99-839E-4BB5-8606-7C86F3D8B846}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{016E97AA-6C19-4992-91D6-150C0B9ECB0E}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5



==============


Now lets check some settings on your system.
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen and reboot if it asks
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)



==============


Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido scan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 23 July 2006 - 09:09 AM

I did all what you said,
except this one:
I didn't delete this file with hijack.
It's just that "inet" reminded me of my national telephone company (in Croatia) which gives the service of DSL.

So, if you're completely sure I don't need this file, I'll delete it.
If not, maybe it would be better if it stayed.
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe

And here are the logs.

Logfile of HijackThis v1.99.1
Scan saved at 3:58:55 PM, on 7/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\imapi.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Games\Heroes 5\registration\RegistrationReminder.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: DvdEncoderTvTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SimHID.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153480060915
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


EWIDO

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:53:34 PM 7/23/2006

+ Scan result:



C:\WINDOWS\system32\{049DA85A-7727-4FB3-83CF-3B6E06AE327D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{062BD203-64A8-4D17-89BF-54787DC9CD94}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{06514746-3B80-468F-AC44-6F25222908FA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0855B590-1B46-49A3-AC7E-2BAAB1E761D6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{093EEFBC-7A5E-4705-87C9-5D3C836CA3E6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0B5E4640-2137-494A-B01C-7A6A38EDC7D5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0CA69149-77CD-4016-9E36-29132CEAFFFA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{10195AE4-5C5C-4168-8789-BDE6C4E0AF98}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{10E26A23-8CA4-442D-81B5-3BB09D881F65}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{125090AE-571B-4A6F-B3A8-C82AAF584E73}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{12C8D2E0-C5E8-4744-A291-81070342A6FE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{14AE8311-9C45-40FB-80D0-07109B8AE01E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{152A3243-3BEC-412C-9006-A0ED53DC86A8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{166D44C2-C781-4854-AA22-984A4C19B4BC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{170BD169-508A-4F0D-BD4F-7E45EDE6B62B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{180D004B-CD3D-408B-85E6-4E12AED6FF5A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1AA8128C-53A4-4E36-88C8-55AE2C35BFD5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1B132B5D-F826-4865-BA91-AEC9A105D985}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1BFAF2FF-CDF5-4A4F-B176-C8C814E97EF4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1C881BD7-8CBB-4E2D-B4E0-F2BF0BF9DD96}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1DE1ADA6-2CFB-447B-8910-1A640C3F93F9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1F0C6906-9C22-4435-B08E-FD93195EC6A9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{231C824E-64A9-412C-BB1D-9B568A17B036}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{27D2C1AA-EBDB-4736-9974-B0D3B29753A9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{284E11FA-BB1D-4C32-883F-A9C5ED10675A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2AF6CC49-6308-4DD5-B71D-7014A0A4209A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2C6AAD09-C99E-4638-8873-868EFFBB4A6F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2CA14BA0-6B10-4F65-A519-2A6E210B6950}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2DF96F15-BC87-4775-AD50-79AE12777242}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2E3A4191-33EB-4B7C-8172-410416A612AC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{308FED01-2C84-4C55-8C0E-0DB9B80BEB6F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{32EC0E85-6836-46BF-9A40-9D87BE0658EF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{33896528-3B51-4471-983C-6A6A735BF29D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{33F49D02-D978-4E4D-9375-5610286E89C0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{342312DC-F31E-480C-ABEB-E90AA6A11374}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3616C3DF-01CF-4242-BAF3-0DE5D13166C2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{38EA1B29-98D0-496A-B2CD-03ABB5E273B1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3A562603-27B8-4087-9D19-2B0AD290CEC9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3DDDE670-7C44-48B6-A041-022A4C737D19}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3DF0B636-0163-4401-B761-F1CC181B3E69}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3E683D93-B198-40EE-A5BF-006D5D8FB0BE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3FFA1850-925B-415B-AF08-D34E4E05F103}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{40C32C33-CDD7-445A-B729-EEF47DAFFEF1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{43427164-E412-4F27-99D4-FA4AE766D18E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{44D369FC-79A8-4F83-B6D2-41459DC260E9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{45585857-CE5D-40EF-B3E3-CF0C5193B85C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{47F99965-69E4-44D2-8242-F9B9458454DC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{487C46DF-68E0-4AA4-B42B-0E8443E0A5FB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{49FF1F37-A311-4230-B4B2-616B53A3DF57}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4A52EEC8-93C4-432A-88A9-D098D0E794D9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4AED7912-AC44-4FE9-8A3D-B81120623CA8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4B348910-E3DC-4EEE-915D-4A688CC7FD27}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4D844C0E-AFF6-4000-997B-A352F9D4BCE6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4F17439C-366B-4AB4-B1B3-5BE063F41CE9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{50ED8828-70E3-432B-8A88-A1997E04B45F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5209ADE7-0789-49CB-873D-4B45F1FF335E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{558162E4-32C2-4C0A-8F46-9E3342D8BFE5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{57C4E7A7-911D-43FD-B766-31955717768F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{57FCD9A3-3C71-4704-BE78-3C0E75A0844F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5841F52D-8D14-4722-92E0-12BE553068CF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{595A0DA6-6F83-433C-8DB2-C9B67990F5BC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5DE8FD60-7D83-4D64-99CC-2826F03CDECB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5F849219-427E-41A7-9EEE-CFDC142812DB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5FFD292B-6230-41BD-8F62-A22C61BC9CFC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6021DBA4-478B-4B56-BA0F-A7B2BB82431E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{60F797B7-D906-4531-BE0C-D7B0D7C24D2C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{615C9FB3-1360-4CAE-A74D-4E2AEE0C8431}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{61A502C6-0C3B-4A4C-A570-68692065B273}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{62340818-58DE-41E0-B7C8-C3F69AFF9795}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6400C55C-3DCE-4F4B-AE63-6DFB6D57A571}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{65E2AC2F-63D5-4653-A746-1D5AD5824FFB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{66B88459-1E96-4D1B-8F76-D59514B50FE8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{67B7829A-862B-4201-A12B-511A19DA0E85}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6880BC08-4C6B-4BCD-AE0F-8E11CB915F97}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{69B2B7A5-754C-4B9F-B865-F91C83AD62C5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6B9202BB-E951-4D6F-88BE-5DFF3BD7BCF3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6BA895B2-27B1-4939-8B1A-E58EC14B4184}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6E04B059-62DE-46D3-B0B3-6C3DE1AB93B0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6EE4BBED-12C0-459B-A414-FC7503E80010}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6FCE3361-87DA-445F-83B8-5D9886E4D8DB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7030FB2B-DA88-49CA-B795-696A23BE1282}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{723C4124-873A-4A5E-91E7-2BFBE524987A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{733DDB8A-FBB6-40C4-88E9-07FD89BED57B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{734C367A-566F-48B0-A830-D0368F5FD38B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{76839593-EA0D-4AE3-B239-A501A5387996}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7841FF21-D126-4749-872D-27B85F04245C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{79B3CC38-B7C9-4C3F-A002-7C2025B1334B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7B8B18A7-926C-416A-88C1-2B546694AB2B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7B903DA8-D902-4ECB-9E51-9748FF0BCB0A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7DF62E67-4118-41A1-8121-20C803D4ED2D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7FDDC2F3-B96A-48AB-AEEF-3C4046E39B9D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{81669FFE-6AEA-4169-9B02-EF63D30696E4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{825D6B99-C5EC-4B7B-BD8A-6741FD972966}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{83A88A83-A8A6-4467-A91B-F8E5023D6E8D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{85FDAD99-3B9D-42A2-8D40-A038461948B4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{89544C87-252A-4900-8810-89E595E07F3F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{910E4CB8-9E26-4CEE-B0BA-F6D2B454ACB7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{91E5FAD1-EB48-4F4F-9939-303005E92653}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{93BD653B-3874-4B72-B0F4-0CE879956730}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9430CB3E-2A91-4516-9C90-91587138DE5D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{94A58159-E1BE-4F04-854F-9F5004827B90}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{959B6DAC-682E-43B2-B506-66B486461207}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{96FA3AEA-974C-48A5-86B3-912332CB45D8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{97CB7379-6348-41EB-A48A-B938F5403399}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9960D31C-D826-413B-A436-8C99326E7E8A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9C821925-D3D7-4E98-B3E2-A5A80777DB98}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9CA5A87D-9AD4-4EC5-8195-5692A7AE0524}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A06885A9-4F6A-4456-BB34-667C0BE29AC7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A33D9245-8D93-4679-9AE9-A8E9D6BAE2FB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A39B8518-5FA4-4784-B5E0-0C0973847CB0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A5500E96-CC53-4CD6-961A-CB2D120D1B1A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A6A650DA-105B-4C71-9189-90FCE43635C8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A7553A3F-D252-4F84-AFEC-BF324F1255C8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A77C994C-58B8-4799-B17F-62850C82B103}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AA15FF4B-B3FA-4D2E-A586-BFD656DDD27E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AB84F65F-7B6F-4A02-99DC-181E00606065}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AB9544EE-E9D3-4F68-9EE9-078AE449F4BC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AB9CDD83-FAA1-4A3A-8FB9-8D116CDE61B6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AC2A45B0-C681-4D64-87AE-BD09C694C0D5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AC2F8829-715F-44AA-AFC7-01A9D578B622}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AC524066-F0ED-42E2-B554-0E4034FE1A45}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AC5DEEC0-4FE8-45F8-A9F6-C5FD02AF52CE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AD6682B2-D749-426D-867B-4C10F6529461}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{ADED2C8C-8D23-436C-B140-133BE57DF273}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AF763277-4C97-4C53-ABA0-E744B8BE52CA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AFCBB6F1-D1FB-49EA-9951-62E09BD824CB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B396DD2B-BF87-4EBF-BD91-8740DC964095}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B553A672-2EC6-43DE-854C-E07EFD106D66}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B94F33E9-0F5F-4502-8E9D-44F20664F468}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B9973D92-1F3B-410B-B34B-3561495E4680}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BA21BD5E-CB89-43CA-83AE-6EDC8255B8C3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BB035AFE-4961-4289-8854-FD701FF3F418}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BEDC2A05-02C5-4698-920F-B60E81FDD216}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C004E193-E433-4BF1-BAB0-B68F8BC9F313}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C0A0A262-C905-4AC7-92CC-F996DC35A6D1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C25F51C4-C538-48E5-ABEF-208C1A7BB0B4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C68360FE-B411-4153-A0AD-6014339AC22F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C6AF8ACC-EC3F-4D15-BBD8-703D28B57905}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CDB2641D-B52F-483C-B63B-A050255C82CF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CFF4C366-732D-4823-AE26-C522F8DDC56F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D1E68395-67E8-4C85-B93C-ADF56E0D509F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D2838A01-CA69-4E99-9A8E-2559A7EB9C74}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D3E044D3-9144-4EB4-8721-BB8CEBD9290C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D433CC93-00D2-4EF8-BE66-1F7CAF928127}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D89B58E4-E3AF-4AD2-94C3-379B72CED5EA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DB547926-6BF5-4700-9361-503E5E6F9CEE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DB78AD82-2DC2-4B9C-B0B9-8BEA3A9DF961}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DE8C62A7-C064-4132-97D9-5598F1BDFE32}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DF17A324-BEEB-49A1-A471-E82134E6B399}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DFD13107-1F5D-44BA-93A5-9CFA61AF2631}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E55FD26E-41A7-4359-9819-A254FE54F385}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E84B4576-1AC2-4E49-AC51-EA28B1B62A07}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E861264B-F356-48C7-81CB-962B1D7EE7EC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E8EEFE81-47CF-496D-ABC4-0FBBACB4C57C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E9476D54-1F02-41C4-9B3A-C8A723EDCD1E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EA713B50-173F-441F-89C7-409DD0581AB7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EBD7422C-25A7-4746-9A39-1DE962D6E3DA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EBDAC37E-850A-44A0-81A3-8270C784EE8F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EF91A701-BF96-4AB2-8579-B6129371DC26}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F160BCC2-0C34-41D5-A307-B69FCAEC4754}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F2E38D52-FD4C-4DA9-AE01-464171CFF190}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F409B873-AF79-4DFC-BC10-4FB6AEB2BF15}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F41B85C9-BCD6-4975-922F-5599758C445E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F53AC856-66C9-48C4-A108-62FDD55608F5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F53DBB72-FE99-4F31-B52C-C2043C38883A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F7048271-B89D-4C5F-89E8-98FB7704461E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F79540E0-99A0-4580-AC65-E17B42C600D9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F823E480-FA7C-447E-9B2C-9E5145F2226E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FA756C96-0ECD-446D-A6C1-F382E29E8B8B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FCC831BD-B681-453E-A130-5C115475C76B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FCE1A1C4-BA34-4F73-A49B-7B192CC4B5D4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FD7B1656-810C-4D63-80BD-7D958EBC081D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FECCBE7D-66E4-4728-9132-E5CE8AB2A556}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FFDF1085-1F7C-45AE-8A39-A69CD9748957}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7E069020-E313-4DD5-B699-D7F86257F7CF}.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csytn.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@planetout.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@e-2dj6wflosmazeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@e-2dj6wjnyuidzgap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\ime\Cookies\ime@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmxei.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4E2E427D-409B-4B2B-B611-92105B37AEF6}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1009.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld12E9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld132.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld13EE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1593.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld15C8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld16F5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld171C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld180E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1882.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1A61.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1A65.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1AFD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1C49.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1CE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1D24.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1D64.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1DDD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1E3B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1F39.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1F86.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2023.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld21D2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2285.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2341.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld24C1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2597.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2621.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2647.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld27A1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2876.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2900.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2926.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2B56.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2C06.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2C24.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2C37.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2C7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2F04.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2F56.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld31F3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3235.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld328.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3314.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld34BA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3622.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3799.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld383C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld386B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3950.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld397.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3A98.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3E7E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld400C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4129.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld416D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld42D3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld42EB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4437.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld444D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld45CB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld45E2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld47F2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4862.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld48D1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld48D6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld48E3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4973.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4B38.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4B51.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4BC6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4BD2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4BE4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4D89.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4E7F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4EB2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4ED5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4EE1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4F3F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5175.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5212.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld527.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5454.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5511.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5734.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5AFA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5CC7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5D48.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5DD4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5DEA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5EA4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5FB6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6037.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld60B4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld60D9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld61A3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6296.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6317.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld637.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6394.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld64B0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6531.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld655D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld67FD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6810.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld695.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6AEC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6AF0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6B03.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6E22.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6E3F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6EC8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld711F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7121.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld71A8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld73FF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7497.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld78E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A03.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A61.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A85.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7B30.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7C33.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7CE3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7D50.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7D75.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7E1F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7EA0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7F22.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7FD2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld803F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld810F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld816B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld826.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld845A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld848D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld873A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld87AB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld87BE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8AAE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8AFB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8B83.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8CC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8D8E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8DEA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8E63.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld90BA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9152.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld95B0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld969F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld96A3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld971C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9890.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld98C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld999E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld99F0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9A0B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9A4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9B70.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9C7E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9CDB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9D6C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9E26.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA106.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA3F5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA489.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA6E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA769.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA773.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA7C5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA9D5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAA3F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAA49.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAAA1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAAA5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldACB5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAD85.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldADDF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB051.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB27B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB35A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB3E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB43A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB55B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB64A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB6D6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB73.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB82B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB8A1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB929.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB9A6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBAE1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBBB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBBF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBDD1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC0B0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC154.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC306.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC3A1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC434.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WIN

#7 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 23 July 2006 - 09:11 AM

C:\WINDOWS\system32\1024\ld180E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1882.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1A61.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1A65.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1AFD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1C49.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1CE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1D24.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1D64.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1DDD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1E3B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1F39.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1F86.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2023.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld21D2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2285.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2341.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld24C1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2597.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2621.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2647.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld27A1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2876.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2900.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2926.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2B56.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2C06.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2C24.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2C37.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2C7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2F04.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2F56.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld31F3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3235.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld328.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3314.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld34BA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3622.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3799.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld383C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld386B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3950.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld397.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3A98.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3E7E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld400C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4129.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld416D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld42D3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld42EB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4437.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld444D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld45CB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld45E2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld47F2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4862.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld48D1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld48D6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld48E3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4973.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4B38.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4B51.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4BC6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4BD2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4BE4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4D89.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4E7F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4EB2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4ED5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4EE1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4F3F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5175.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5212.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld527.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5454.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5511.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5734.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5AFA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5CC7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5D48.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5DD4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5DEA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5EA4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5FB6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6037.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld60B4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld60D9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld61A3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6296.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6317.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld637.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6394.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld64B0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6531.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld655D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld67FD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6810.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld695.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6AEC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6AF0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6B03.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6E22.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6E3F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6EC8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld711F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7121.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld71A8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld73FF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7497.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld78E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A03.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A61.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A85.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7B30.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7C33.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7CE3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7D50.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7D75.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7E1F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7EA0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7F22.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7FD2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld803F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld810F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld816B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld826.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld845A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld848D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld873A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld87AB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld87BE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8AAE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8AFB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8B83.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8CC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8D8E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8DEA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8E63.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld90BA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9152.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld95B0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld969F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld96A3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld971C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9890.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld98C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld999E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld99F0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9A0B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9A4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9B70.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9C7E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9CDB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9D6C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9E26.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA106.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA3F5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA489.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA6E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA769.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA773.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA7C5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA9D5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAA3F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAA49.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAAA1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAAA5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldACB5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAD85.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldADDF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB051.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB27B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB35A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB3E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB43A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB55B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB64A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB6D6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB73.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB82B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB8A1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB929.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB9A6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBAE1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBBB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBBF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBDD1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC0B0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC154.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC306.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC3A1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC434.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC471.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC672.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC690.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC713.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC770.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC7BD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC8B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC970.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC9A0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCA50.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCB3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCC04.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCF36.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD025.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD082.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD210.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD226.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD305.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD372.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD4F6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD5E4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD661.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD79C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD99C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDA8C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDC7C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDD6B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDE1F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDEC7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDF5C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDF73.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE04C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE0FE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE12C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE204.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE252.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE33C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE3DB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE3DE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE40C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE542.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE551.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE62B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE6EA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE6EB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE8B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE8F8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEA08.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEA48.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEBE7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEC01.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEC63.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldECE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldECE0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldED37.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEEE6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEEF0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEF71.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEFCF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF046.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF1D0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF290.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF2AF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF35D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF648.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF6A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF708.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF937.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFA17.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFADA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFB63.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFBC0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFC17.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFDA9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFDC9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFE52.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFE6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFEBF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFFD8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\zhopaizdupla.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{33206BD1-C245-4F84-A3CF-210475523030}.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).
::Report end

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:15 PM

Posted 23 July 2006 - 03:16 PM

That file is malicious and should be deleted. Here is some more info.

http://www.sophos.com/virusinfo/analyses/trojkrepperg.html


Download SmitfraudFix (by S!Ri) to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.



Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 23 July 2006 - 04:54 PM

ok.

i've deleted that file with hijack. (\inet...\something.exe) it's gone.

and I did that Smitfraudfix.

here's the log:


C:\WINDOWS\Web

C:\WINDOWS\Web\desktop.html FOUND !

C:\WINDOWS\system32

C:\WINDOWS\system32\dlh9jkdq?.exe FOUND !
C:\WINDOWS\system32\ld???.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\whitevx.lst FOUND !

C:\Documents and Settings\ime\Application Data


Start Menu


C:\DOCUME~1\ime\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.ninisworld.com/imagesandwords/desktops/the_desktops/summerwood2.jpg"
"SubscribedURL"="http://www.ninisworld.com/imagesandwords/desktops/the_desktops/summerwood2.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\WINDOWS\\desktop.html"
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
"FriendlyName"="Security"

Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Scanning wininet.dll infection


End





seeing this, 2 things crossed my mind:

1. I have problems with my mouse (it's wireless).
sometimes it seems that wheel is allways active. when I'm on internet, then the page allways go up & down. Same thing with Microsoft word. Whenever I move the mouse, the pages go up\down without me even touching the wheel of the mouse.
(but most of the time, everything is OK)
can this problem have something to do with those "infected keys" which Smitfraudfix is talking about?

2. I have problems with my background on desktop. I can't change it to normal. There's no background, it just blinks weirdly. From white to dark gray. I've had this problem for ages, so I've ignored it.
Is that related with desktop.html file which Stimfraudfix also mentions?
The picture of normal desktop shows only when I'm shutting the computer down (few seconds before it turns off)

BTW, the computer is doing 100x better now.
Although, whenever I go to Task Menager, there is no more problem with that 100% CPU,
but everytime "System Idle Process" is at 97% of CPU (although the computer is working fine; at normal speed).
is that normal or should I worry about that?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:15 PM

Posted 23 July 2006 - 08:16 PM

Although, whenever I go to Task Menager, there is no more problem with that 100% CPU,
but everytime "System Idle Process" is at 97% of CPU (although the computer is working fine; at normal speed).
is that normal or should I worry about that?

That's normal and nothing to be concerned about.

Your other concerns we can hopefully take care of in this next step.


Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections then choose clean and click Ok.

Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close Ewido and Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 24 July 2006 - 08:16 AM

computer status report:
-still having problems with mouse. nothing has changed.
there is a possibility that there's something wrong with the mouse itself.

-normal speed

-annoying blinking background is gone.
now there is a blue background.
can I change it to sth else?
i don't want to touch anything unless you say it's ok.

quick notes while I was doing what you said:

this thing didn't happen:

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.


nothing has changed by doing this

Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK


no entries at all. so i couldn't delete anything at this point.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.


ewido found nothing

and here are the files:


SmitFraudFix v2.74

Scan done at 13:47:23.85, Mon 07/24/2006
Run from C:\Documents and Settings\ime\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\warnhp.html Deleted
C:\WINDOWS\Web\desktop.html Deleted
C:\WINDOWS\system32\dlh9jkdq?.exe Deleted
C:\WINDOWS\system32\ld???.tmp Deleted
C:\WINDOWS\system32\whitevx.lst Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:54:40 PM 7/24/2006

+ Scan result:



Nothing found.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 3:03:41 PM, on 7/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Games\Heroes 5\registration\RegistrationReminder.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: DvdEncoderTvTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SimHID.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153480060915
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:15 PM

Posted 24 July 2006 - 04:20 PM

You should be able to change your desktop to whatever you want now. Let me know if you have problems and I'll send you a reg fix.

Do you have another mouse you can try on this computer? Chances are it's either the mouse itself, or it's a driver issue. Let me know if another mouse works if you can.

Your log looks pretty good. Other than the mouse issue, how is everything working?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 24 July 2006 - 05:20 PM

desktop works fine now. :thumbsup:

i'll try to change the mouse in the morning,
but i'm now pretty sure it's the mouse problem.
because while going mad (the mouse; while automaticly scrolling up & down),
the light on the mouse and on the receiver is blinking hysterically,
so it should be ok when i change it.

and one last thing:
is it possible to visit "not-so-safe" internet pages
and still have clean computer?
or that 2 things can't go together?

everything else is working perfectly.

big thank you to you and to bleepingcomputer.
as soon as I start making money in my life, i'll send a donation. really.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:15 PM

Posted 25 July 2006 - 07:27 AM

Anytime you "stray off the beaten path" on the internet, you increase your risk of infecting your computer. But as long as you take the proper precautions and use common sense, you should be ok no matter where you go. Here are some recommendations for you.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :flowers:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 25 July 2006 - 07:09 PM

excellent.
everything is working fine now.

once again- thank you.

i hope i won't be needing your help anytime soon.
although, it was very pleasant following your instructions.

bye! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users