Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Doozy. Iexplore.exe Multiple Processes


  • This topic is locked This topic is locked
24 replies to this topic

#1 BudTheSpud

BudTheSpud

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 26 September 2006 - 04:53 PM

First off, I've posted to a number of other forums and recieved no response, so I am hoping I might recieve some help here. Either I get help from this forum about this problem, or I'm taking my harddrive in to the local computer shop.

1: I have multiple versions of IEXPLORE.EXE running off and on in my processes, no browser windows opening, but it does give the cursor the hourglass and minimizes whatever is in the foreground. I also hear that popup noise that comes from when your XP needs an update and so on. It also wont allow me to run SpyBotS&D. In fact, the .exe for the program is gone, and when installing, I watched it and many other parts of the program be deleted automatically. Very suspicious.

2: In response to this problem I have tried TrojanHunter(Which hangs up and freezes half way through scans. When it finishes it finds nothing to do with IEXPLORE.EXE), I tried RegistryBooster just now, found 250 errors, but the IEXPLORE.EXE is still furiously popping around on my processes. Along with RB came SpeedUpMyPC which is inactive from the start, and also refusing to uninstall, giving the error "PSysProbe::update,section6,section6.1, Invalid argument to date encode"

I tried scans with AVG Anti Virus, and Security Task Manager, and Windows Defender, and nothing has resolved the IEXPLORE.EXE problem. I think it might be a trojan or a worm or something. I am sure theres more than just those problems I'm dealing with that I can't locate.

Here is the HijackThisLog as of this posting:

Logfile of HijackThis v1.99.1
Scan saved at 5:50:01 PM, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Francis\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: CorelCENTRAL 9.lnk = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.5.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113674783718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125860509468
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://81.138.206.67/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Thread Master (ThreadMaster) - http://threadmaster.tripod.com - threadmaster@europe.com - C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe

Now I am not certain if it will find the IEXPLORE.EXE problem since it pops on at seemingly random intervals, and I have to be fast to catch it in the act on the running processes.

I hope you guys can help me with this problem. I'll go through step-by-step with whatever needs to be done. I just want my computer working normally again :thumbsup:

Edited by BudTheSpud, 26 September 2006 - 05:02 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:07 PM

Posted 27 September 2006 - 05:57 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
Let's see what we can turn up for you.

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 BudTheSpud

BudTheSpud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 28 September 2006 - 08:07 AM

Here is the log:

Francis - 06-09-28 8:56:28.84 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Francis"

((((((((((((((((((((((((((((((( Files Created from 2006-08-28 to 2006-09-28 ))))))))))))))))))))))))))))))))))


2006-08-29 02:42 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-28 08:56 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-28 08:51 -------- d-------- C:\Program Files\Trillian
2006-09-26 17:16 -------- d-------- C:\Program Files\BOINC
2006-09-26 17:12 -------- d-------- C:\Documents and Settings\Francis\Application Data\Registry Booster
2006-09-26 17:10 -------- d-------- C:\Program Files\LIUtilities
2006-09-26 17:09 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-26 17:09 -------- d-------- C:\Program Files\Common Files
2006-09-26 17:00 -------- d-------- C:\Program Files\Uniblue
2006-09-25 19:34 -------- d-------- C:\Program Files\Java
2006-09-25 15:07 -------- d-------- C:\Program Files\mIRC
2006-09-25 12:58 -------- d-------- C:\Program Files\Diablo II
2006-09-24 15:09 -------- d-------- C:\Documents and Settings\Francis\Application Data\TrojanHunter
2006-09-24 14:02 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-23 21:24 -------- d-------- C:\Program Files\Security Task Manager
2006-09-23 20:52 -------- d-------- C:\Program Files\PowerISO
2006-09-22 02:54 -------- d-------- C:\Program Files\RuneTool
2006-09-22 02:12 -------- d-------- C:\Program Files\Lemonade Tycoon 2
2006-09-20 16:31 -------- d-------- C:\Program Files\PopCap Games
2006-09-20 15:07 -------- d-------- C:\Program Files\Oberon Media
2006-09-18 18:02 -------- d-------- C:\Program Files\JFK Reloaded
2006-09-14 18:58 -------- d-------- C:\Program Files\Soulseek
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 22:05 -------- d-------- C:\Documents and Settings\Francis\Application Data\AdobeUM
2006-08-17 13:31 -------- d-------- C:\Program Files\LimeWire
2006-08-15 03:02 -------- d-------- C:\Program Files\Internet Explorer
2006-08-08 09:36 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-08 09:36 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-07 21:50 -------- d-------- C:\Program Files\Winamp
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://content.ytmnd.com//69000/69630/image.gif"
"SubscribedURL"="http://content.ytmnd.com//69000/69630/image.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,0d,02,00,00,71,00,00,00,5f,01,00,00,09,01,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,17,01,00,00,27,01,00,00,d2,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9b,01,00,00,70,00,00,00,5f,01,00,00,09,01,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"DriveConfiguration"=hex:17,35,7f,63,65,82,2e,d1,e2,f0,74,93,26,c6,49,49,9f,cc,\
29,17,33,5e,cf,55,26,be,40,87,3d,ae,0c,8f,24,3f,d1,21,0d,e4,00,78,9a,ca,e4,\
47,fd,6c,e0,f3,5d,61,f8,ff,7c,79,92,c7,98,09,7e,72,8e,83,35,22,45,4a,5e,6d,\
4a,c4,97,11,b8,b0,71,e3,a5,5b,ba,bc,09,15,4c,06,69,80,a8,5e,61,d4,34,5d,b9,\
0c,14,68,d6,44,fe,2f,30,66,4a,79,05,05,49,24,4f,89,d8,67,f4,8d,35,5b,3e,85,\
11,ba,8a,a4,e6,e6,44,fc,8a,2d,13,e8,04,4b,50,a7,9f,30,bd,49,3e,04,74,cf,ef,\
69,1d,8e,c3,00,64,d4,dc,2e,aa,a8,ce,c7,20,fb,a9,0c,0c,41,f8,04,ba,b7,56,eb,\
44,a0,4c,36,19,38,74,27,48,eb,df,9e,fc,c5,b5,32,42,2a,1b,80,13,c7,5a,c3,8e,\
c8,3d,a5,85,4b,ba,55,3b,15,d5,da,6c,84,c2,a7,8e,c5,4a,6f,57,47,6f,3b,7f,70,\
53,b9,c7,8e,56,d7,3a,10,7f,90,b3,f6,f0,1d,06,9f,86,ae,d2,04,41,ff,98,c2,15,\
95,de,19,d4,4c,1e,6c,e5,3e,19,45,39,e6,6f,98,81,85,6d,4c,9f,c5,26,f7,5a,9d,\
c5,ea,55,74,21,6d,42,89,92,4b,53,92,03,92,f1,a3,49,94,b1,52,b3,31,84,19,e3,\
59,2d,fb,dc,cc,f9,6b,5b,24,aa,69,6b,16,b4,ab,ee,34,f5,ac,8a,14,77,fd,4c,f1,\
bc,dd,e2,cd,8c,7f,01,9a,e0,8a,07,50,a5,cb,e0,3e,bc,26,26,9d,45,d3,8c,6b,1d,\
c6,7c,76,a5,6f,ff,b7,c6,a4,de,e2,32,dc,06,3b,ec,9d,31,ab,0a,37,c3,13,b9,b3,\
f2,e0,83,07,2a,e0,cd,8b,b0,54,a4,b1,85,46,b9,f0,9a,8d,1d,a9,01,f0,6e,82,4e,\
c1,15,83,a8,de,85,24,38,17,5c,56,b8,92,3a,0c,e2,6d,d4,fa,29,a6,44,9d,a8,38,\
a3,7b,58,87,da,ac,85,fe,b5,99,83,f7,39,04,9d,db,38,49,4e,8a,22,e3,b3,fd,1e,\
31,41,29,5a,7a,b3,27,9f,2f,47,93,28,71,2a,32,b4,d3,31,b3,d7,da,61,c9,87,9d,\
e1,31,db,40,58,e7,a6,5b,d1,5f,d8,2f,59,fb,a2,37,4e,38,db,ff,da,25,a3,39,ba,\
1a,46,0e,44,a6,62,b2,a8,c9,4d,3b,76,64,b1,b3,60,ed,79,6c,41,67,f1,93,5f,92,\
28,08,ed,5f,99,6d,d4,a6,0b,7d,b4,1b,b6,a0,25,7f,a7,bc,42,13,cd,66,4d,68,52,\
d5,b8,3b,df,5b,dc,ea,bd,42,eb,b4,be,5e,78,ac,3e,f0,d1,b9,10,c9,8e,e0,b9,b3,\
6a,c6,dc,0c,52,70,f6,b4,bc,4e,4b,29,3a,78,20,f1,4f,37,2b,39,81,c7,48,bb,af,\
5b,6d,e5,a5,62,e0,37,ee,09,a8,ec,e9,01,41,de,1f,82,94,a4,d4,90,25,fe,fd,dc,\
7d,8f,71,b0,af,2d,35,c1,a3,1b,50,0d,32,5d,fc,ef,13,5d,4f,3b,a2,9b,1a,8a,df,\
a0,11,d3,ba,33,2d,3c,8e,d0,4f,2f,eb,56,26,af,98,00,52,ed,d8,96,ca,16,ed,e5,\
7b,70,db,6c,31,a5,6e,58,bb,5e,7e,b3,4a,14,72,d8,1b,23,03,2a,56,21,42,05,df,\
35,6d,dd,f5,68,0b,9e,26,b9,af,34,1c,ec,17,36,a4,e9,9e,65,0b,1c,0f,31,8d,1d,\
b7,7f,10,8c,be,aa,12,3f,b6,c8,e1,a0,75,2e,0a,50,20,36,13,11,89,3f,6d,e2,bb,\
f6,a4,6b,d2,d4,d9,9c,11,e8,72,92,2e,d7,10,ba,f0,21,c1,38,fc,a6,77,8a,ec,68,\
ba,b8,68,a2,92,99,ef,dc,ba,e6,ff,08,63,a3,e2,59,c6,b7,2e,1a,d1,e5,ec,43,71,\
ff,f9,4a,0d,57,ad,3b,52,77,bb,0b,36,12,58,29,37,39,a0,57,e4,d2,35,b8,9f,47,\
29,2a,a1,7b,1e,d5,3e,02,ab,04,6b,91,02,34,7d,b3,d0,6b,33,be,65,cc,f7,06,15,\
67,61,50,f9,de,55,fd,8a,4a,05,4e,b9,97,d1,13,32,16,d5,c8,0d,d1,00,70,d7,70,\
6b,92,87,5e,ea,82,b3,27,e1,e1,04,24,5a,67,e8,5b,54,e0,86,a1,5d,75,f7,01,63,\
2d,b3,62,c7,b3,49,63,b3,5a,54,8a,ae,5e,aa,9e,6d,6d,d6,51,ec,66,c9,22,be,60,\
cc,82,a1,ee,b9,f8,36,56,a1,6b,fc,b0,cf,73,71,ea,93,0c,32,3d,15,51,42,b2,0c,\
ae,ac,35,81,95,69,ec,d5,72,83,c7,05,e0,7b,57,2d,1d,e8,e3,4b,bb,62,b9,46,99,\
9e,c2,2f,12,da,59,c6,74,7c,5d,40,b4,f6,85,47,60,ec,f4,43,d4,99,0e,d8,b1,6f,\
89,af,8b,fd,c7,7a,e2,a6,16,63,32,54,30,09,a3,10,0a,8c,2b,8e,91,32,bf,7d,05,\
52,2e,fd,58,22,aa,0f,d7,ca,84,4a,0b,bd,37,cf,e2,48,a8,7f,0a,6b,ac,6b,9e,e9,\
cb,8b,04,9b,43,b3,15,09,50,c4,7f,3b,ab,1f,68,cd,51,60,54,42,85,48,49,9a,18,\
fa,31,27,e8,6b,7f,9c,a7,14,ea,16,67,de,e9,66,41,31,8f,d8,03,e4,ca,6c,bb,9e,\
34,a0,ff,6d,35,94,81,0b,2f,6d,e4,60,f9,f7,ce,47,8f,8e,3f,95,08,3e,21,57,c8,\
29,1f,5c,f6,29,bb,f4,30,b7,9b,f6,7e,0c,24,08,85,85,4a,1a,fe,4c,a7,34,66,35,\
ca,72,f6,e6,d1,4c,d5,3b,3a,1b,8d,c5,e8,f6,d9,bb,61,bf,29,0b,f6,ac,97,64,43,\
03,20,60,c7,4e,f5,ff,d3,b1,7c,9c,a6,7a,98,20,d6,fa,2a,75,f1,93,d8,3d,65,13,\
0c,c5,9d,40,40,34,6d,b4,7a,09,b0,ec,12,c4,30,9b,bb,e2,c5,44,c1,0f,c1,07,90,\
98,8c,bb,76,1f,8c,3e,aa,92,48,09,8c,5d,a1,cc,08,2e,df,4f,a8,14,1b,13,31,38,\
b1,8d,56,51,0c,c6,0a,55,dc,01,96,3d,c7,9e,e9,08,5b,3e,2f,02,48,28,a5,46,cc,\
eb,ab,82,6e,45,1a,fa,ef,44,d9,d0,7e,ab,ab,82,2b,97,4b,b4,9e,63,bb,30,09,c8,\
d9,2b,5b,49,33,c9,b6,ce,1c,e4,24,8f,ff,09,86,dc,33,f4,c4,cc,39,91,1e,6c,98,\
03,63,0c,a2,5d,29,82,2e,2f,8d,ff,f6,5b,c0,87,3e,24,c3,a5,b7,88,6e,5c,a2,d0,\
b7,60,38,65,31,86,4a,e5,d3,7a,25,76,fb,b0,b8,5b,b2,9d,f9,c4,32,26,84,eb,a5,\
59,85,5c,30,5b,d9,94,30,a1,70,ce,c4,63,f6,1a,8b,4e,a1,b2,af,af,7a,ae,82,22,\
9b,18,18,27,7b,e8,98,15,a8,c3,24,57,69,1f,69,b8,f7,a9,75,dd,ea,e3,c9,13,f2,\
12,b0,4b,c7,57,cf,63,63,1c,fc,a8,6e,b1,53,98,fa,37,87,ec,70,be,77,d6,ca,aa,\
02,87,03,5b,1b,f4,cc,0d,20,da,81,fc,67,ff,5b,cc,1a,bb,e7,ca,29,46,b8,b7,aa,\
2e,f6,57,fc,e5,12,82,3c,1c,c7,96,a4,38,b5,46,6a,a7,61,8f,e5,75,7e,ed,f2,1a,\
6b,ce,96,97,fc,47,e5,c1,7d,06,22,dc,f4,88,27,6b,a7,8b,07,47,de,c7,f3,ef,ea,\
d9,5a,1f,66,80,54,a4,bd,0b,41,6e,ec,12,ad,e7,8a,65,77,83,05,42,aa,33,98,2e,\
cb,cc,71,f8,b6,6e,9d,7c,47,a3,8d,41,7b,bc,5e,bb,86,72,f4,11,80,cd,48,23,5c,\
45,03,cc,19,27,4b,64,3c,3b,dd,8a,7d,a4,5c,20,c1,07,e8,96,48,f0,f3,6c,28,71,\
50,f2,fa,0b,8d,53,d3,d2,83,d1,75,cd,2b,52,c7,9c,b3,1c,83,5d,d2,dd,2f,ad,cf,\
58,ee,4e,b8,09,d8,d7,85,ab,18,e6,31,5e,1f,b2,68,2c,9d,bf,eb,e1,ff,54,36,1d,\
36,30,60,a7,bb,79,44,04,d0,f5,de,49,08,7c,f7,2d,09,ae,05,62,91,e1,4d,26,b7,\
5d,4a,14,74,cc,52,41,61,ec,77,84,c2,87,ab,15,c4,a5,28,5a,03,00,0f,fd,4f,b8,\
d1,50,42,b0,48,c9,98,a7,b9,b2,6d,b7,15,38,47,24,1f,68,11,fb,41,4f,b2,52,c6,\
60,e4,d1,49,15,44,72,6e,d9,a5,84,cf,26,aa,f6,3a,eb,94,d2,19,30,58,08,31,fc,\
f5,6d,90,77,04,03,c0,4c,91,7b,41,51,29,f8,36,6a,34,16,5f,aa,85,2b,47,bc,30,\
cc,bf,b6,82,9c,94,8a,fb,d9,20,5a,6a,33,5e,fb,b5,07,08,cf,0b,d5,6b,7a,c9,97,\
6d,de,9f,51,ce,4a,ee,ea,ae,ee,75,3a,50,93,2d,64,1d,88,71,66,ec,e0,62,ee,80,\
da,8a,6f,52,a1,bf,75,91,36,4b,35,68,aa,49,69,7f,90,52,5b,c4,b2,5a,3f,6b,03,\
d4,c5,33,d5,a5,1d,ef,ec,4c,17,20,36,13,14,76,8b,4d,f7,5a,80,cf,95,56,47,8c,\
61,26,79,50,49,11,12,b2,db,79,bd,43,ac,b2,53,0c,fa,10,9e,38,90,44,62,0d,ea,\
e8,9e,21,9a,58,0f,ca,ea,c4,f6,d6,c3,83,1b,7c,ce,aa,12,93,d8,de,bd,02,7b,66,\
12,78,fb,84,1e,5d,c5,6e,06,4a,08,20,18,de,32,35,5c,c3,aa,90,3d,8d,4b,f4,7f,\
b8,2b,69,1b,32,16,e2,4b,1a,3b,1c,e1,c8,24,c9,dc,0d,ec,ee,3d,bc,ac,8a,17,69,\
36,78,e6,70,06,96,21,39,75,27,13,bb,30,76,e6,3f,e9,bc,01,67,4c,44,93,6e,35,\
cd,70,b1,20,30,1d,6f,e0,dd,43,26,cd,94,fc,b8,1d,d8,da,6b,5f,38,80,60,08,ea,\
a3,8c,03,bc,27,53,f6,4b,85,59,c6,76,70,95,5d,12,b8,a7,ab,df,6e,6b,ea,bb,49,\
ce,27,16,48,e0,fe,a6,99,2b,a5,5c,ba,43,2b,96,de,9f,02,96,92,a7,bc,33,a0,0e,\
12,ce,34,62,2a,88,3d,e2,19,b2,ed,16,8f,a7,85,66,85,53,14,45,8c,97,7e,a0,eb,\
6e,68,de,7c,12,ab,c3,06,0a,49,95,c6,64,a6,7e,4f,40,f5,32,95,8e,f0,d1,44,17,\
cc,0f,56,c2,6c,92,e4,10,d5,9b,3c,ea,e2,e9,35,9c,38,da,bf,21,7d,d4,be,a1,c5,\
e3,19,38,4d,a4,0d,f9,6c,61,c8,33,c6,9e,7d,33,f2,c3,13,0f,c9,3f,da,43,cf,84,\
4c,74,e8,75,07,d7,46,0b,73,43,2f,06,a5,8b,00,dc,83,0a,72,f6,29,7f,1c,1b,8c,\
1b,39,2c,5d,d9,ac,13,30,0e,41,f6,de,41,36,b0,28,3c,fa,81,9d,63,34,04,bd,45,\
07,62,5e,71,94,c6,4f,8b,c1,11,3c,9f,39,ce,d6,d1,b4,b4,68,22,a5,79,9a,4b,2c,\
21,28,53,40,9d,cd,57,a1,7b,74,e4,b1,64,aa,a4,85,ea,54,3d,3c,80,9d,76,8f,ca,\
33,9b,aa,18,b3,23,3a,2c,61,91,c8,44,1d,98,45,54,92,82,e6,94,b1,d2,31,3a,5e,\
29,58,89,69,66,c7,0a,bf,11,f9,1a,e2,fa,8f,a4,96,da,1d,a3,30,dd,c9,5a,1d,26,\
02,b8,2a,c2,23,b9,3b,97,c7,9d,5a,18,ea,83,fd,74,4c,39,87,0e,16,53,11,2e,c0,\
7a,69,f6,32,07,5b,97,2a,d0,30,c4,dd,42,75,67,e1,b1,fd,94,4a,eb,29,bb,13,13,\
67,21,c0,ad,f9,91,42,f5,f8,4e,1b,75,98,4d,c3,d6,ad,a1,f9,49,f7,6f,37,3d,3c,\
7a,c3,ce,28,18,fa,30,2f,c3,02,40,c5,e6,27,6b,bb,e4,cf,cc,cb,5b,b0,94,72,aa,\
40,af,fd,b1,6d,a5,e7,d7,8f,be,62,52,9b,69,34,a2,99,de,c4,5f,58,03,75,35,60,\
8c,32,2d,28,67,4a,2e,89,57,7f,c3,73,de,59,1e,df,61,c0,5d,04,c4,87,ca,0d,ce,\
e2,d2,ed,8c,d1,ca,f4,e8,a5,d2,95,1d,02,09,41,64,88,a3,2e,af,b3,3b,57,9a,00,\
6b,c3,9f,52,9b,0b,89,93,16,16,2b,9e,63,28,51,5d,d2,1b,f7,2e,55,eb,b9,8c,91,\
79,8b,eb,35,88,aa,e3,8b,0c,d2,91,4c,a4,b2,3b,b9,65,9d,32,e7,d9,82,96,fd,5b,\
47,1e,b3,d6,35,70,a9,72,2c,6e,4d,ee,bb,f6,52,47,be,07,0e,88,e0,31,20,e2,5f,\
4a,55,ff,0f,63,cc,94,a2,fa,59,36,26,71,28,6e,cf,bf,a3,0f,f7,66,95,c7,63,a5,\
8f,f5,c8,ee,8a,ba,8e,9a,cf,53,d3,dc,14,a6,b3,f4,e8,1a,c7,a5,51,ac,eb,e8,a6,\
b3,3f,45,e2,f3,34,82,14,dd,3b,63,d2,c3,69,79,f6,67,8a,2c,d5,1b,b8,02,72,27,\
2c,1e,f2,6b,55,07,50,46,27,ac,52,b6,b6,a4,bc,c0,03,ba,c3,12,16,a8,c4,e7,4d,\
23,36,2b,f3,18,dd,df,14,36,41,c0,90,ac,5f,23,6f,34,9e,24,74,50,05,ff,f5,d3,\
aa,f8,be,e9,a4,6e,15,43,bf,e7,8a,7e,7c,9e,d8,7a,14,7b,96,86,61,7d,14,be,e5,\
ae,86,97,0e,57,64,b8,b8,70,10,0c,f4,5a,b9,15,08,d0,80,83,b6,1b,da,05,c2,86,\
36,5f,ae,12,df,bc,c8,6b,23,46,66,1a,b5,f5,71,fb,50,a4,20,f2,9d,6a,06,da,57,\
27,4f,be,81,ad,5d,47,4c,e8,42,1b,86,4d,13,e4,bb,45,aa,e1,b6,bb,53,04,35,c6,\
dc,b1,9c,88,eb,c2,eb,55,94,ce,ee,18,2b,ab,b3,f3,57,31,41,26,68,41,87,32,eb,\
06,93,3e,7b,7b,05,b9,d9,2e,c2,41,3f,43,ed,c4,f2,bb,13,e5,17,f6,a5,a1,c7,77,\
ac,32,66,e8,b8,cc,33,30,5e,19,06,14,dd,52,73,c6,1f,cb,91,10,91,c6,ea,68,9f,\
94,da,c8,31,09,38,ba,76,2d,38,b2,e0,34,90,a1,70,b1,da,c7,33,06,3a,c9,0c,1f,\
40,03,b5,60,10,1f,01,db,c0,e7,64,c7,01,57,b4,2d,02,f7,31,e5,91,67,c4,c1,83,\
3c,84,08,57,0a,7e,26,30,16,c2,b6,a1,7d,3f,69,4f,5e,1b,95,c7,44,c7,bb,15,56,\
db,e4,b2,7e,aa,e2,b2,ca,1a,d8,40,12,b2,fd,48,db,f5,9c,73,7b,ef,5f,58,7e,0d,\
ce,f0,49,32,13,4b,fd,06,00,82,9e,91,53,ed,75,0a,38,96,b2,e9,0f,ed,56,43,70,\
bd,50,57,6c,5e,e6,64,16,2c,a5,57,be,42,39,bf,21,8d,3f,3a,45,9e,d9,4c,b3,aa,\
f2,81,d6,3e,7d,50,55,39,66,45,a0,17,c9,5f,c9,76,63,b7,96,d2,45,63,d4,94,d0,\
9a,ee,4b,dd,19,be,39,3c,c5,a2,11,60,91,d3,ff,58,a2,f2,e9,01,b1,e4,f4,7b,b2,\
e0,4b,d9,b3,c6,1b,1d,06,b3,e2,63,ae,a2,d2,ea,5c,c7,75,10,fe,e1,64,ca,7a,af,\
74,69,6f,a4,5c,9b,5d,8e,c5,33,5c,75,a0,2d,0e,c6,bc,ec,d2,b0,98,c7,3a,cf,75,\
c4,bf,08,b0,a3,b4,b4,4f,1f,79,00,da,70,f1,93,6c,14,36,72,09,cf,8b,21,32,f1,\
91,0b,b7,d7,be,24,cd,b4,0c,cd,60,91,ee,c0,f8,ab,93,88,8c,05,7d,1f,0b,fe,75,\
cf,72,aa,0b,7c,61,3d,77,0a,7b,d8,22,d1,10,a3,69,4b,f9,1c,9d,10,c4,ae,4e,05,\
11,86,c9,d0,3c,a2,df,8f,3d,2b,e8,c9,cc,04,08,a4,c8,a3,b1,59,d9,20,69,e6,54,\
8b,ce,02,60,83,d7,56,57,04,5c,ea,6f,81,d9,de,af,9a,33,6f,5a,ab,b0,2b,c7,b9,\
bf,8b,40,c8,6b,3e,43,a6,56,2c,ad,14,50,b6,e5,26,28,3f,57,ed,c2,eb,24,52,6a,\
a6,17,45,68,69,db,18,d5,b8,6c,25,ad,6f,cc,b7,24,bf,f7,28,3e,74,18,46,9a,79,\
fd,fb,8e,9d,c9,2d,79,97,e9,e4,55,48,49,ab,8c,41,c7,96,38,0d,85,e7,4f,9e,90,\
c9,e3,74,98,59,7e,01,12,c6,e4,0d,78,35,f3,08,4a,b6,ce,9f,52,77,3b,8d,2d,37,\
48,b4,07,fe,35,6c,a6,0c,8e,1b,aa,0f,98,05,13,99,ee,66,03,d0,6c,be,c5,67,4c,\
6d,0f,ce,8f,7f,84,a6,9f,c9,7d,78,32,35,09,a6,71,5a,32,a2,ed,5a,50,83,5d,63,\
c2,c6,03,60,44,12,e5,a6,e7,06,b6,71,0b,4f,fb,83,75,70,bd,0e,a1,c2,81,d4,5a,\
b9,79,8d,87,6a,fc,89,48,4a,34,96,42,39,17,24,36,bf,98,a7,d9,95,1e,3d,e0,67,\
35,91,5a,d8,83,ff,42,c6,fe,f9,55,d0,5d,a9,21,16,cc,d7,5f,40,e4,c5,0e,82,c2,\
da,fa,90,5e,f7,15,31,ea,48,82,05,53,96,39,3b,e2,98,65,60,be,68,0a,74,b3,34,\
eb,43,31,36,ab,f2,98,e6,32,d9,b2,6e,52,90,81,5e,ab,4d,3c,a1,cc,6d,94,af,9a,\
50,3b,05,f6,6a,a7,d2,9a,97,13,f4,44,af,c8,22,17,5b,9a,6b,3e,27,b5,df,f6,d2,\
d8,9a,8c,fe,ff,64,ac,61,ce,50,1c,b3,2b,7c,10,ac,03,ef,05,21,e1,da,f8,70,bf,\
1d,d6,1f,1b,0d,33,c0,4e,75,3e,18,1a,da,f5,80,82,04,95,8a,de,b9,55,e8,2e,cc,\
53,8a,af,56,cf,07,ac,44,97,3e,97,12,c2,3d,58,d5,a1,61,e5,7f,f3,bf,13,5f,58,\
a7,c3,ab,e7,08,17,c1,b2,c5,c7,41,c5,0e,a2,cb,16,96,e3,c1,4a,f5,11,9e,c3,9c,\
23,89,da,0e,e8,29,69,4d,a6,bc,8d,93,01,63,aa,43,1f,c0,af,1f,0a,c3,9b,bb,56,\
c1,3f,32,03,c7,46,17,a4,2d,74,af,c1,6e,2b,5d,7b,36,33,5d,6e,bd,ba,b5,dc,54,\
9a,69,a7,07,3d,db,ef,de,c0,79,e2,dc,7b,67,fa,2e,fa,d3,3c,14,88,ac,6e,89,44,\
62,ce,26,77,ed,03,44,24,10,54,61,e1,df,18,c4,e6,7f,6e,64,64,2d,2e,07,17,81,\
1f,a7,1f,f4,6a,19,0c,a0,4e,f0,38,48,16,a0,59,98,48,df,56,ae,20,51,5a,d8,3c,\
63,27,a0,99,af,77,ae,06,be,42,dc,0c,37,73,b6,78,45,96,a8,d5,d4,37,1a,bb,ad,\
4a,45,50,ed,ca,45,0f,b6,a1,6f,c8,24,c8,e4,e8,83,af,66,fb,bf,df,6b,6f,1b,de,\
70,9b,26,53,90,ff,eb,6a,55,ce,69,7a,ce,a9,43,e5,e2,ae,b7,40,e3,b1,d4,b5,66,\
c9,e8,a5,53,0f,38,d6,91,38,a2,f5,3a,e3,ef,6b,07,2f,2f,7a,a8,1e,30,4a,f9,28,\
59,3b,29,d3,e8,1b,1b,84,7f,9c,0c,95,df,05,77,a7,f3,27,35,3a,10,93,e9,7a,7b,\
0a,9b,5c,2c,35,a3,ea,d1,96,c9,db,16,bf,aa,67,24,c2,5d,59,67,e8,57,66,95,a6,\
8c,bd,ec,cc,d7,df,ba,00,fd,9c,b1,23,6b,ac,d0,1f,b2,69,24,c2,28,2a,b8,c0,41,\
e1,c9,30,4a,fa,1c,90,58,87,95,0a,7f,9b,06,f5,44,f3,45,9f,54,dc,81,4a,76,50,\
d6,74,be,63,1e,5c,03,dd,0b,c1,94,29,72,ed,27,6e,ea,f2,12,fb,96,34,be,e8,3f,\
27,58,fa,a6,5a,c9,c8,18,b5,e9,9d,1c,42,fe,ef,9c,47,a2,2c,aa,10,b3,fa,88,e3,\
2d,ef,c0,38,7d,56,c3,c8,44,df,d0,e6,58,95,17,12,0b,11,1f,cc,b1,ed,65,a6,5c,\
7c,45,9d,ea,b8,1e,a9,42,7c,b2,93,da,f4,cb,07,7c,51,24,ea,4b,c1,86,ed,01,9e,\
32,63,7a,e5,7f,4f,76,eb,c4,c2,9a,4b,e6,78,64,b9,23,98,50,52,80,49,25,5a,16,\
bf,59,3b,35,5d,d1,1c,f8,1e,af,63,bf,33,6c,78,e0,ed,26,cc,9a,de,3b,1b,4a,3b,\
16,ed,e2,85,49,63,96,69,dc,30,d8,e4,e5,e6,87,aa,59,73,64,c9,22,eb,c5,8a,72,\
88,8d,98,56,ee,5b,64,8e,b4,02,c7,9c,21,3a,d5,e9,1b,33,94,63,52,e6,b4,a0,09,\
b2,ba,89,9b,56,01,61,4d,d4,0c,ed,de,bd,bd,d9,5f,ae,c8,57,45,1b,68,09,bd,4b,\
50,21,3f,a4,e5,c6,66,29,aa,ba,ff,41,fc,3b,60,ba,ff,27,fb,0d,d8,63,33,e4,1d,\
7c,6d,d9,89,8f,6b,81,f5,67,d5,a9,83,e6,19,df,1d,aa,a6,75,34,1e,df,52,41,4e,\
8c,d4,68,14,c9,af,5c,e7,80,3c,e4,06,44,cc,dc,69,7d,3c,7c,f7,c6,c9,dc,f9,93,\
26,b8,cf,17,cc,71,e1,65,92,55,d9,d5,7d,20,0f,a9,d9,c3,45,f0,89,64,95,ab,9b,\
a5,a7,2f,1f,29,27,ca,3a,54,77,a9,76,53,a1,f9,5c,5d,8f,e5,4d,45,38,7e,40,6d,\
fe,b0,5b,49,21,61,39,1b,ad,fd,e8,c3,cd,90,93,d8,91,7e,5e,f7,ee,74,92,5b,06,\
9e,fa,ae,aa,1b,8c,1f,1e,ae,4c,b5,1c,b6,6e,e3,1b,60,bb,5c,d0,1b,35,28,f6,4c,\
fe,f8,4b,43,76,b7,db,6e,a4,61,80,cd,d7,18,aa,a6,8d,75,5c,7a,ae,93,1c,77,37,\
6e,93,3b,af,fa,54,0b,49,51,20,70,f7,ee,97,61,68,12,06,c2,7e,67,80,2a,02,e4,\
30,e9,97,f0,ed,4a,ec,ca,0f,15,36,28,81,58,de,1e,18,67,76,42,23,22,f2,0e,44,\
76,15,86,7e,26,29,1a,8e,cc,f3,cd,7f,1a,e6,97,79,66,97,08,d9,66,71,c6,2f,87,\
38,aa,ba,84,a5,75,5e,c3,a6,7a,7a,3a,27,83,f7,38,0c,78,72,f9,72,8d,9d,78,37,\
ba,e2,84,bc,6b,4a,16,e9,79,9e,e2,72,5a,cb,2c,59,94,8b,dd,b4,78,42,d6,b1,0c,\
26,84,d7,49,a3,b5,8f,87,fe,aa,e2,35,38,6d,84,cd,35,64,12,07,1d,27,98,4d,74,\
03,8f,56,70,c5,0f,c4,99,33,48,d3,82,73,d7,76,e6,a3,72,61,35,c1,33,10,8d,c8,\
33,0c,e6,1c,5b,6a,8c,28,77,94,d3,46,8c,4b,06,df,6c,ed,a0,d3,87,f4,bf,1b,04,\
c0,d5,ac,11,96,a1,9f,77,e8,5e,90,71,d7,3a,44,be,f6,09,8e,f5,51,3b,73,19,ae,\
0b,e2,8c,6d,12,fa,ac,89,87,7c,c3,ae,1d,f1,02,57,2f,d6,40,10,e7,3d,9d,8b,04,\
7a,65,f1,db,20,36,76,9c,2c,66,30,d7,7f,9f,29,3f,92,cc,b3,ad,65,39,fb,68,b8,\
f5,e1,a3,7e,7b,07,47,8f,92,28,f3,9d,72,ac,41,69,28,79,4c,36,3c,0b,6f,7e,90,\
c7,4e,e5,30,8b,8c,1b,6b,77,8c,12,e5,28,5a,46,ae,df,43,a0,9a,6d,e2,25,2b,9c,\
ef,77,08,ca,58,9f,aa,d7,93,09,59,42,32,d0,57,8e,b8,3c,5b,eb,ab,89,40,12,ea,\
eb,ff,71,41,ce,db,88,3b,62,db,93,37,57,7d,69,be,e5,a9,a4,14,10,e4,02,0d,2a,\
c6,0b,22,99,ae,d4,f4,c4,da,b4,c4,f0,c6,df,b5,04,15,98,dd,d1,20,5f,0d,f1,eb,\
bd,fa,5b,62,7a,9a,34,e3,0f,d1,e8,fd,5e,4d,7a,78,a1,ae,18,95,a1,eb,f3,96,28,\
f1,4e,81,b8,8d,d4,22,7d,8b,2e,4f,81,1f,d5,6f,1f,85,25,3d,ba,e5,b3,ca,ae,79,\
e1,c1,87,f1,b0,ef,71,f4,17,d5,03,f0,af,0e,92,d2,a1,b6,5e,61,5a,97,d7,dd,6f,\
00,e2,29,83,18,da,c4,6b,72,d4,fb,91,e2,28,5d,96,8e,2c,70,3c,48,43,a2,82,1b,\
17,82,10,23,22,30,d6,a2,73,12,f1,51,af,c9,ce,f4,56,64,91,31,47,d3,b8,a2,87,\
9e,fb,29,3e,d6,77,84,02,4c,f6,0c,21,58,02,04,33,78,df,f5,05,51,a7,e8,8e,cd,\
29,ba,46,56,bb,c3,39,99,e3,b6,5a,8a,57,c8,19,a8,28,15,38,82,3a,3f,da,7a,f7,\
58,dd,c9,44,02,69,c3,b4,d4,c9,5c,fc,00,7a,ec,a8,33,82,2f,0c,bd,03,90,7c,f2,\
10,a7,bf,d0,bf,00,c2,e1,80,1e,8a,da,63,ad,bf,6c,a7,62,62,80,b7,8e,07,53,3b,\
4a,36,dc,9e,6a,42,b2,6c,52,cf,7b,ff,0b,92,a8,5a,96,58,5f,55,81,4a,b9,fa,b7,\
6f,2e,30,9c,72,4d,96,5a,a6,b1,b2,75,47,30,4b,a6,02,55,13,e6,b8,11,89,c9,80,\
ad,1e,0d,eb,03,97,73,8b,ee,b2,cd,b6,ff,ff,0c,59,87,72,42,4d,26,60,57,b3,49,\
35,56,77,fb,65,38,bf,9c,5b,07,7a,2a,b2,44,3c,be,a8,86,49,5a,d0,65,ef,e1,06,\
96,1a,67,a8,57,22,ab,03,0e,e7,e2,0c,2d,20,b7,51,58,f0,8f,2f,ca,ba,11,44,f5,\
37,e6,27,68,c6,bd,57,f6,03,93,72,15,9a,31,a8,e2,84,5d,f6,6e,31,95,d6,77,59,\
96,a3,e0,f1,97,8b,aa,45,c0,e2,6e,df,83,22,4c,aa,30,31,25,57,c4,e2,0a,00,02,\
bd,f4,0b,c6,03,b5,52,95,ed,2e,80,78,35,c3,be,0b,d7,0c,90,d1,19,cd,f9,ca,c9,\
29,e6,48,c6,12,c9,fe,c1,04,85,5a,45,f3,8a,14,f5,81,95,41,07,15,75,aa,41,4d,\
69,43,56,a9,c2,2d,f9,e3,e6,8a,cd,e5,a8,29,78,8a,07,65,f9,a5,19,4a,3c,44,42,\
fa,ec,36,a9,4f,89,ca,ed,c2,ba,da,13,8c,e4,08,c4,0a,fb,48,b5,66,99,9e,66,74,\
4d,29,0f,da,35,61,d7,74,cf,9d,48,f7,0c,d8,00,d4,a6,b4,a9,9f,5f,b4,bf,2b,30,\
7b,f6,1f,c9,88,87,87,7a,fb,db,bd,82,26,d4,aa,77,57,54,38,e8,f1,fe,0a,40,c2,\
40,6a,ed,90,91,83,c2,f5,f7,d0,9a,6d,cd,d4,3f,ae,c3,0c,8a,38,26,22,cb,2c,62,\
63,6a,61,c5,73,cf,b5,85,3f,80,a1,05,34,89,10,54,ae,21,72,f6,b4,b4,8a,0c,e8,\
e2,39,92,de,a6,37,f7,cf,af,c7,84,b3,a3,49,28,8b,11,5e,0f,a3,a6,4d,75,14,a3,\
a6,bd,8c,8e,24,bd,52,28,d8,5c,84,a0,84,60,a3,06,45,81,52,02,76,c2,5b,c6,d0,\
01,f3,41,d6,cc,3f,96,70,76,17,cc,d6,6a,09,c7,af,c0,a1,77,7a,0e,e7,4f,7a,2e,\
81,2a,f9,1d,2c,fc,48,1e,9f,7e,6e,eb,bc,de,6f,c8,c6,1d,d5,66,bb,16,a5,06,e4,\
bc,93,e1,aa,a3,72,c8,ab,c1,ee,08,0d,76,7d,90,12,cb,93,56,ed,f7,15,f6,d5,28,\
11,9c,57,80,ac,25,f0,5d,5c,81,db,dd,57,5c,28,a1,4a,fd,0e,d2,4f,6e,82,62,19,\
c2,dd,08,95,72,42,ca,bf,e8,42,e7,4f,c3,53,0d,0c,3a,22,4a,9f,e6,31,1f,52,76,\
c5,d7,17,a5,ff,16,cc,69,49,b5,bd,6d,f3,cd,6b,c2,1e,12,8b,d1,da,63,52,95,8b,\
9e,f0,07,91,b9,5a,d9,28,0f,4d,66,8c,f7,90,e9,61,9b,79,ee,53,08,b2,07,fa,81,\
3d,c0,a2,00,19,b6,d5,85,80,d9,a2,c2,1e,43,da,ed,5e,7d,7c,5d,4d,36,03,ef,63,\
d0,dd,a8,a0,1f,1f,9c,db,6d,77,0e,57,c1,62,d8,98,60,9f,0d,75,95,e3,de,6d,ae,\
ce,ba,3f,47,1e,b9,b4,cb,23,3b,c0,37,72,cc,c9,21,de,4b,47,f9,a4,4c,8d,90,e6,\
ba,e6,d6,5b,d8,c1,e4,e8,44,eb,f5,4a,a2,89,37,70,a6,54,8e,84,69,54,f3,63,dd,\
01,0f,e8,03,a8,08,6e,5f,11,9b,90,a9,5f,6b,33,c6,37,98,c7,f6,25,94,c9,4f,3b,\
32,8d,6a,fb,00,3a,5c,76,d7,16,e8,b6,b0,04,f2,5a,b9,4a,37,80,a8,98,3c,e8,50,\
46,84,55,72,de,06,c9,37,d5,da,de,88,99,af,43,f4,c8,0a,b9,3c,2e,59,88,dc,6b,\
8d,6c,eb,46,1e,8e,44,44,50,b3,e3,79,b5,b4,91,9f,f4,2e,c4,65,c8,7a,c1,09,4c,\
e0,03,29,75,07,e0,d7,e0,b0,6a,eb,ce,a4,94,9d,6c,eb,95,53,58,3f,92,b7,62,c0,\
77,0d,8f,e9,25,c3,64,c3,db,d3,4a,61,59,ae,25,cb,6b,c3,40,ae,67,1f,82,23,94,\
35,a5,cf,91,7f,46,ac,fe,68,38,0c,79,6a,1e,db,cc,74,39,24,64,8e,7e,d6,05,bf,\
ec,c9,bd,2f,1c,fc,17,89,1a,20,90,a3,73,5b,4f,61,8f,46,10,d6,41,37,62,ad,9d,\
c6,12,c8,0a,8a,e7,26,97,24,8f,af,0a,93,7f,da,5a,57,55,26,45,67,f6,1a,28,ba,\
45,98,b3,55,03,ec,47,1e,50,4a,a3,f0,6e,77,c0,eb,c9,c6,f9,0e,34,46,6f,07,76,\
3a,ac,49,05,c9,87,60,11,f7,47,81,c4,d4,0b,66,c9,f3,68,58,0b,1e,55,8d,bf,48,\
44,b5,a4,c3,92,d0,89,b3,21,42,10,c3,fa,43,29,b3,17,db,ee,04,81,be,1a,39,f7,\
60,6c,e7,45,ac,28,0e,ff,33,b1,56,ba,89,5a,98,7b,ec,7a,a0,70,27,be,32,de,b6,\
c4,4a,5b,2b,e5,a8,3d,d0,51,8c,52,8e,62,bf,d1,0e,2a,d2,91,1d,4e,aa,79,55,18,\
3c,38,fa,c7,96,36,22,2a,1f,ca,19,6d,1f,ad,b6,03,32,82,af,c3,e3,d8,a8,1c,47,\
a1,b2,16,54,c8,95,a4,45,6d,83,83,eb,e7,06,65,48,0a,36,4f,5a,a5,2f,40,35,4f,\
c2,13,54,64,6b,a6,31,4a,83,3c,13,f9,b7,20,28,ba,b9,8b,d3,2e,35,c8,47,93,07,\
96,55,43,ab,ce,82,7d,f5,46,5d,68,02,f4,10,55,6e,a6,57,34,45,c7,12,ea,ab,42,\
da,27,73,ad,93,4f,42,a5,b6,06,00,09,f6,42,94,ae,23,a5,ee,55,4e,0b,4b,da,2e,\
5e,b4,ad,c2,b2,c8,86,38,8e,bc,55,0e,87,a0,78,77,14,e4,31,00,9d,1a,57,73,d5,\
fd,4c,fc,4a,b3,2e,8a,3a,4f,52,78,a9,9a,ee,6d,b0,13,15,fd,81,18,34,e9,a1,27,\
f7,0c,34,ba,99,57,fe,94,9e,cf,45,f6,15,d4,33,70,1d,9c,7c,f6,a8,e0,40,36,7f,\
d5,33,29,86,5e,fb,e9,42,80,d9,c2,98,16,8c,8b,d8,c6,73,37,f9,33,f1,a7,26,74,\
15,c2,7a,c5,7b,c8,09,7d,6d,e3,1f,40,4e,00,cc,76,39,dc,a0,fc,c7,e5,62,b3,19,\
cc,34,e8,b3,8c,88,73,c3,8d,35,99,06,e4,0d,b7,f5,77,6e,86,f8,62,14,9d,d7,9a,\
31,38,71,d0,c0,37,b0,99,16,6a,bc,cb,ba,0b,6f,2a,76,8c,09,44,ae,93,26,99,f1,\
43,ed,ff,ce,be,89,45,e9,e8,dd,17,4d,6d,73,21,04,05,b6,77,e5,f7,62,97,35,ae,\
db,38,62,53,a5,f6,1b,95,df,86,ed,d5,36,76,82,2b,38,a8,80,b3,5c,4b,ae,27,43,\
09,58,b3,3d,82,f5,04,0f,fa,08,a2,f4,4e,44,81,e1,2d,f3,d2,0d,84,99,1f,b1,3a,\
d4,97,0c,1e,86,a7,ab,1e,36,ca,e7,b9,b4,a1,af,b6,fc,46,88,17,5d,dd,d1,49,ab,\
db,6d,4c,9d,d1,ee,da,fb,da,a4,86,d5,f2,ab,c5,5b,d9,d2,fc,ee,b8,ac,43,d6,07,\
e5,69,37,ae,d3,38,41,6b,4d,fa,a8,73,c0,3b,54,5c,7f,d1,59,3a,5b,1a,29,09,74,\
85,08,4b,4e,54,c1,f1,28,a0,98,7f,89,9d,7f,6c,1b,1f,8d,c7,bc,5d,ab,20,d3,f5,\
91,f0,a6,e0,31,f1,8d,57,89,f1,b3,af,69,df,82,b6,33,20,18,27,88,6a,a5,7e,c4,\
33,15,0b,c7,6a,f0,46,fb,64,7e,62,92,19,2e,25,10,90,38,f6,0a,98,82,38,2d,b9,\
c0,d6,81,6a,e0,1f,ef,84,a5,d5,01,f7,92,80,ea,bc,09,08,c6,0a,b4,83,23,cd,24,\
4c,bf,54,ad,b8,55,93,4a,c1,be,11,e7,e3,a6,ab,67,be,41,94,bc,ce,2a,ca,80,90,\
fb,54,2d,e7,1b,c8,90,bd,d8,11,7b,ed,b6,6f,bb,61,06,bf,49,77,ba,fd,c4,aa,77,\
07,1f,6e,ec,a4,97,5b,63,c4,e9,8e,95,09,c1,4d,c3,87,75,e9,02,c8,f3,e9,d6,14,\
f8,64,03,ef,84,f2,af,a0,e2,8a,38,6d,7f,eb,b2,66,9f,a5,73,99,ee,48,1a,34,aa,\
aa,74,e2,a7,dc,a1,58,97,5d,72,2a,88,8d,16,e4,ae,64,f6,56,63,63,dd,2f,6c,cb,\
5c,cd,7e,0e,6d,54,00,83,56,fe,13,5d,d0,b2,d0,de,69,d7,d0,c8,27,6a,f2,15,6e,\
4e,58,e7,23,e4,b3,c2,f6,12,dc,c1,f9,8d,4b,13,66,56,fd,14,5e,bf,0c,47,e4,10,\
b1,d0,1d,29,5b,36,04,69,fe,67,5f,ce,ae,fd,f2,5d,6c,bf,f2,c4,40,6b,bc,3e,87,\
b2,c7,b7,8f,85,d8,30,61,8f,75,66,de,03,9b,ae,0e,97,b3,24,b4,d0,c3,04,26,81,\
e2,58,5b,8e,ee,d4,46,f6,81,ea,fe,62,11,20,91,8e,15,b6,24,1c,df,41,07,25,f1,\
cc,6e,1f,b7,9d,d1,b1,0e,af,92,c5,06,62,e1,df,e7,72,dc,ae,73,26,fb,e1,6b,ca,\
ac,3c,55,5e,3a,eb,7b,90,f3,16,37,e8,8a,b5,6e,43,ba,a6,5b,82,2c,fd,8e,83,9b,\
9b,34,50,36,02,98,97,46,67,ea,5b,e7,10,09,3f,e8,fd,c2,da,0c,f8,dc,aa,84,18,\
25,13,b5,7f,46,f1,9c,82,50,db,08,09,98,a4,07,39,c5,28,9e,51,27,45,bd,d2,4a,\
27,71,e3,cc,c9,5c,f3,6b,b8,62,a0,62,1a,a6,d8,f6,f0,b5,3e,4c,98,00,cf,7d,96,\
90,c5,ec,93,f5,bb,d8,a6,80,13,2d,d3,b2,ea,95,a0,d1,f3,58,fa,11,87,e6,b4,fb,\
bf,9b,c5,7b,6c,4e,b8,bc,99,33,01,33,7a,00,91,e0,9f,4f,a8,d1,6d,44,eb,e7,cf,\
6f,b6,dc,29,f4,b3,85,8d,e9,ac,55,32,ff,9d,23,22,65,0e,2d,32,e9,9f,5c,37,60,\
e5,ca,77,49,74,81,5e,ad,3d,85,72,49,1b,15,89,f7,ef,a8,2f,3a,2a,55,52,91,21,\
ba,87,07,be,2a,a2,b1,0f,8b,c6,b7,ec,64,27,08,da,38,14,4c,2f,13,34,1a,77,62,\
10,6c,17,07,d1,50,30,ad,4b,e0,c6,59,3b,73,22,42,cd,15,74,e3,62,35,bd,4e,8f,\
9e,ec,c3,69,a8,47,81,00,b0,0d,dc,29,c5,5a,90,81,a4,e5,4a,55,ae,e7,61,b4,e8,\
79,2b,18,b8,4d,1f,28,00,50,c9,54,3c,9c,29,ae,07,ee,56,fc,e1,5a,66,0b,2f,3d,\
92,46,83,74,96,86,1e,cb,57,2c,b3,b8,c8,6d,6e,4a,0e,ee,35,5c,e2,91,2e,0e,38,\
8e,81,75,1e,c5,5f,92,e6,52,43,81,87,63,78,f3,41,46,db,de,96,80,c6,e2,73,03,\
b8,dd,51,3d,d1,7c,f8,fc,bb,92,80,48,67,18,8b,8e,a4,75,78,fd,f1,fc,d9,31,8f,\
b7,28,0f,db,63,b5,f0,db,bb,e3,01,17,fa,94,e9,aa,9b,e2,ad,98,63,10,d1,62,a1,\
c0,c0,d8,b4,66,6e,2f,cf,fc,3c,53,f9,f7,1c,7e,58,7b,f5,0a,ae,cb,dd,49,83,24,\
03,15,01,47,09,f9,b5,50,c1,98,c1,a8,80,42,4d,ab,c4,d0,d7,ac,22,d0,ca,3a,7f,\
e3,53,a2,83,62,70,b5,4b,48,49,cc,5e,4c,c4,08,e3,4d,54,df,11,f3,11,d4,e6,94,\
0e,85,1c,54,e7,eb,59,91,99,de,a5,7e,97,d7,22,0d,1a,fa,f7,13,b8,54,8e,bb,a6,\
38,61,ff,ca,a5,d1,cc,4d,a1,8b,ce,f0,fc,f3,6f,c7,85,68,1a,e3,20,11,f0,2d,19,\
da,bd,95,b8,b9,2a,6d,16,36,33,0f,2e,2a,dc,c6,37,c7,20,ec,31,d8,2b,4f,bf,4a,\
c9,d9,34,ec,1d,71,f0,73,96,1c,ed,c1,1f,68,95,67,96,0a,d7,68,80,c6,79,3f,fb,\
d1,8f,b0,24,f3,f0,ee,8c,99,aa,fb,ef,11,9e,47,cd,6b,ee,7e,f3,d5,60,5e,fa,0f,\
03,c5,12,1f,14,0f,fd,45,22,9e,5e,31,71,ba,34,74,9c,9c,a2,35,7f,c5,f1,25,54,\
94,d7,b4,1c,18,fa,85,41,23,b0,20,79,a0,09,e8,ed,26,0f,4c,9b,cc,4c,41,f9,40,\
8d,ef,b3,db,13,e6,aa,96,57,f6,25,66,6c,6c,e2,0d,17,ca,ed,bd,d4,69,ca,38,6e,\
be,ac,36,cc,db,e7,07,0e,39,a8,79,d8,b4,e4,fc,ee,d7,8e,04,02,5a,0d,af,c9,e9,\
ed,a8,54,27,d5,4b,9e,f3,b9,0a,62,ea,50,0f,2f,2d,c9,22,bd,64,b9,ce,82,03,59,\
bf,81,cb,ee,eb,6f,63,94,88,01,c8,4b,ef,6d,df,37,db,de,34,80,63,58,ca,f1,b8,\
9e,6a,fd,13,53,3a,00,ec,5f,91,c8,6d,94,0a,54,26,92,d8,db,02,e8,59,10,7a,7b,\
ed,a5,08,2c,08,0e,df,b5,86,87,d9,d4,3f,58,b1,ac,dc,58,72,68,e8,b0,2f,21,2a,\
e1,f5,02,33,09,fe,97,aa,33,61,27,d1,11,0b,a4,2f,ba,0b,f3,99,b8,92,0e,6e,07,\
83,e5,31,25,30,0b,77,69,64,b0,04,95,a7,cf,31,ae,bd,a8,90,0c,70,71,d3,ad,8f,\
49,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 28/09/2006 9:00:00.06
ComboFix.txt

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:07 PM

Posted 28 September 2006 - 05:19 PM

Do you have any of the programs that are listed on this page?

http://www.freedownloadscenter.com/Authors...chnologies.html


Please download Getservices from this link.
http://www.bleepingcomputer.com/files/getservices.php

Extract the file to your C: drive.
Double click on the getservice.bat file and post the report that opens up in notepad.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 BudTheSpud

BudTheSpud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 28 September 2006 - 08:28 PM

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Avg7Alrt
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG7 Alert Manager Server
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Avg7UpdSvc
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG7 Update Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HID Input Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: IDriverT
Provides support for the Running Object Table for InstallShield Drivers
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : InstallDriver Table Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: workService
: Distributed Transaction Coordinator
: ion
: mFiles=Cb
: 
: Œ
: 
: ˆ7
: ˆ7
: ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
:
: u
: n
: a
: v
: a
: i
: l
: a
: b
: l
: e
: .
:
: I
: f
:
: t
: h
: i
: s
:
: s
: e
: r
: v
: i
: c
: e
:
: i
: s
:
: d
: i
: s
: a
: b
: l
: e
: d
: ,
:
: a
: n
: y
:
: s
: e
: r
: v
: i
: c
: e
: s
:
: t
: h
: a
: t
:
: e
: x
: p
: l
: i
: c
: i
: t
: l
: y
:
: d
: e
: p
: e
: n
: d
:
: o
: n
:
: i
: t
:
: w
: i
: l
: l
:
: f
: a
: i
: l
:
: t
: o
:
: s
: t
: a
: r
: t
: .
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NVSvc
Provides system and desktop level support to the NVIDIA display driver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Display Driver Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 6000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{3AC9F7C5-6F77-4D12-B8C4-624026D0D0B6}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: ThreadMaster
Monitors Threads and handle CPU overload on a per thread basis
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Thread Master
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UMWdf
Enables Windows user mode drivers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows User Mode Driver Framework
DEPENDENCIES : RpcSs
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: usprserv
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : User Privilege Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: WinDefend
Helps protect users from malicious software, spyware, and other potentially unwanted software
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Windows Defender\MsMpEng.exe"
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Windows Defender Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 15000 seconds
: Restart DELAY: 15000 seconds
: Restart DELAY: 15000 seconds

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmcCds
Serves shared multimedia content to Universal Plug and Play devices
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : c:\program files\windows media connect\mswmccds.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Media Connect (WMC)
DEPENDENCIES : RPCSS
: UPNPHOST
: WmcCdsLs
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: WmcCdsLs
Monitors the network for new UPnP Media Renderer devices.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Windows Media Connect\mswmcls.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Media Connect (WMC) Helper
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:07 PM

Posted 29 September 2006 - 03:35 PM

Do you have any of the programs that are listed on this page?

http://www.freedownloadscenter.com/Authors...chnologies.html
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 BudTheSpud

BudTheSpud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 30 September 2006 - 06:09 AM

No, I dont. Should I? I just installed Themida, but I dont know which file I should protect, if any. I am still having the multiple IEXPLORE.EXE's popping on and off, interrupting scrolling and so on. Even typing is interrupted since it pushes the window im typing on into the background, even though nothing appears in the foreground. It seems to appear every 2 seconds or so.

So none of those logs helped yet?

Besides that, those programs look like they are for software developers. I'm no software developer, thats for sure.

Edited by BudTheSpud, 30 September 2006 - 06:09 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:07 PM

Posted 30 September 2006 - 09:58 AM

The logs do not show me what I'm looking for yet, but the activity you are describing seems malicious to me. So we'll keep looking.

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.

Warning! Please do not select the "Show all" checkbox during the scan.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 BudTheSpud

BudTheSpud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 30 September 2006 - 07:48 PM

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-09-30 20:45:31
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwQuerySystemInformation

---- Processes - GMER 1.0.11 ----

Process C:\WINDOWS\system32\wintems.exe (*** hidden *** ) 224
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1012
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1172

---- EOF - GMER 1.0.11 ----

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:07 PM

Posted 01 October 2006 - 08:19 AM

Aha!
Let's try it the easy way first.


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Delete Temp Files
    • Click Tools -> Delete Temp Files
    • Place a check mark in all locations that aren't greyed out. By default they should already be checked.
    • Click Delete Selected Temp Files
  • Once that completes, select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys
    C:\WINDOWS\system32\wintems.exe
    C:\WINDOWS\system32\hldrrr.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
=============



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Also run a new scan with Gmer and post the log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 BudTheSpud

BudTheSpud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 01 October 2006 - 07:38 PM

Pocket Killbox version 2.0.0.881
Running on Windows XP as Francis(Administrator)
was started @ Sunday, October 01, 2006, 8:24 PM

# 1 [Delete on Reboot]
Path = C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\wintems.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\hldrrr.exe


I Rebooted @ 8:29:17 PM
Killbox Closed(Exit) @ 8:29:33 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Francis(Administrator)
was started @ Sunday, October 01, 2006, 8:34 PM


I'll do the Kaspersky next.

#12 BudTheSpud

BudTheSpud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 02 October 2006 - 05:47 AM

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-02 06:44:28
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys ZwQuerySystemInformation

---- EOF - GMER 1.0.11 ----


And the Kaspersky scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 02, 2006 6:42:42 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/10/2006
Kaspersky Anti-Virus database records: 227994
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 213029
Number of viruses found: 5
Number of infected objects: 10 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:43:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01ea669315e0f9606a6efc5b8bf8fd27_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\043aaf22907521a405543c614d1abb12_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0694ec59c7c269946e103210283ff569_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e33b03f71d26d222b07d80770449585_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e793888fe5e37dbb94139226742e5dc_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15b3a7098572e4cf5e48593f8fbd7ed5_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a6731001fd4b1aed253740a4fcab9d4_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1cbf29c2f13cd4262d7ad6bea60336fb_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ed2b3a3ecdbede77f910cbc4676f88a_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2204c12516eaf74d13b438568d4414b4_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23f3ea73f2d73c22696ec36890c8397c_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\245049861f1dca99db7db93d0e697d33_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24a97a6031999e46f23515d5b3bf90ab_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26d47bb060be6337d1fa7c6eb3cb9fb3_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\273732b7dda232b88c3bf68ebffbe654_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\298e16b8207225f4422bb2c1c0da5a02_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29da02d627ec959cd6e22825ad6ee321_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b621ee5202f1dc74cee83d00a9b2e2a_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b6fce4334b599bf29c44611f52da76c_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\328f035d337bd8129431f6b131935782_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\345ed477285b9cdb2a6e5d05be4a3799_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35a164aa1bda76a1af3cd6dfc3a070b4_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3739d1635164df6693376805cb0c807e_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\377ed9d0977afdbfd03b1443d3b02cba_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37904066676223e4600bce6fac06903b_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3be49198472809e8dcc4151b099e2537_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4027041200b8fb6820b0f36c174369a4_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\404884653ea212456d3ce40fc357e46f_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4670f66c69fd7004bb786bf47f3ef3ae_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48293ef60f5968faea46cbfba3e61278_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48b5ce0643c5747006dc0413cba8e2ce_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d904750b80f8bfaf8440334cbd82940_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f2f93406b0707c9b421faf5dcf2b8bd_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\500d6486964550ab2d76fb70ec61e034_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51c91e92b65699d6dd4584a8d644ffaa_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55c22be7c479e11e585a0b365b6a8fe8_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5880a4b9b6478b2a14067d45f2983c36_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b1a144a447e5e88392621dd72a0bd70_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6177c4daf8745c7be18da8bc0c36305e_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\623e67ca91bed49a66c20565d0577ce2_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62556166f4727c1d3084a44d2b049c18_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\635c019c6d110c255b584288e39309fa_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\667b3d66526ef341634bb1d22f87ceb7_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68ac5252b0052a3b6e4b93cb73f967c8_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a38d5cd2ccb3432a937e5a59db1453c_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a700dcdc1f4dcdb7ca52469425e2992_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ad08dde9169b226b4e0464ff71ceccf_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b3a5773227d1e0a43664a57c83d5ddb_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b4c89687d26bb39b25091d4458ad2cf_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c882ae667ff5889b946356cd88ad807_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cf85044cc4f3c6d2b1464f7d3d62c2d_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d2a5cab20a47dc451a95a164bc7da14_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6fe3461e9cd1a43722ce5bd10e10924f_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ffc2efd410dd2aae8669a3dec64e186_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7160ae98374e9c5fdd93341d3548d162_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\71f618dd18c6f870082b5531728ef996_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7993562329621b7673291306844d58db_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7be554d40f6a57155a0b4d7b8bf5cc0a_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\811fb86cc1e61d8edfdd60bff5c17819_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81ab2ff00d7a1e71d6e07fc06be79add_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8219069062c3e6e1a4a3cb5f540ac1ba_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8363b4cf182aff66d22578f59bf2d879_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\842dca956770a1223966ff2a4d2afdda_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8658de5f05edc2391054d9ac801fc8ae_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\874b467f33ec3ad3f2d290ae2b57720b_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87885a23c1c8b39c79501fb4c96a0101_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\894dcc52ec3689ec8d61365acd4f9044_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a249f96663c00ebe6f015280cf5c103_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8eb7f5e5240f9b2fa8c602fa8140ba62_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90365836d4bd7eabd6d6810f02e05cfa_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\913ad4f79c1006cfa3c68808d9514c69_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91808fabe645ee8db11fe25a71541e26_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91f0fc4779ef7427f235d1f4306002db_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92048616ed822dc12f0f977f9c477ee7_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93f1aa35e6f83a0bb59079562a52ee42_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96af1f204a45f3321744240c0b53b20c_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\998a8932d2f34a1f4e0379b983ba6925_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a81d786cf99a489114a29539eee2b32_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c8a95820eae42abe7ccbfe38ca38207_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0cc0680b3d9fc5854a78ea8629de3cf_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0f1c5110c2d4e85ff05a39e95aacad7_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7dc5e54b356778bb95d076c78ab719c_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7fe6b8c130eb62ca185db85880c8da9_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9db3589ba56db4557a0475e2a9ea207_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab12de96f281ac4e294ca370fb73414f_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af67ab619483462651284d1f2fad746a_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2a9701e820f0e2cb83fe583227d5c3f_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3095bda1c421376c64674f29436e197_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b39589f0deea068cd074156de70601bb_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b45e66b7432e67692959d354d9b5441e_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4941a6f64a3150302be5656466bb543_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7f6a0136834f385ae7de5ad6587e377_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\baa3785d6c2ad914e34e77d3edb5211e_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb362f7acce0851e386f7316529febab_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd9dc393d6ca4d94d3569da348b518af_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bdfd5a854f2de466dc7906675010d61f_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be37ae10cd77a8cceef53ce23165904f_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4f2e87747e10cf7a7eaa922caeb99dd_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbaa1e677d9e1529e5e8279b02c41dab_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf11f6e399a095a1089bf300986368fc_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0a659e46b032fe708259e50d800b637_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1b915b8aa0e83bad349ace6774aec37_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3005e69e266bc550f411a1cf565e7b1_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3cf0eb5d5987f466dbc5cf2bc2a42fc_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d552f189820a8dbbfe3275192bc4794c_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d757e15a9a2b5a5c6745d5cc589d12d9_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc64917e183b4c5c73f6116a321b8476_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd71e185721b0008c233180ded2b29c5_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de806b85944232049a391edb5ebbc76d_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e07d200663c68528917f3336e8801bc1_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1adf3932299e2eb6ff72f2baabc1f4f_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1f46bf3692cd866c0b774ead0add267_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2b429aa23c57061d3c5d63be9027616_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e97287c9dc37c1df0dcb3adda35c09c8_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9a31aacceeb9f0ea9ea4c03b2cb0dfd_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ecc71249d66519c00b7cb288911d064a_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f31a6d9e2a00b919c286aa665f183310_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3727b2c7befff823cfc8390e03f7164_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f67dc169b0145214de8bb06228fc1f25_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb202b2137636803ef74322edf181b65_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd0e0b5e34d3e50dbc75e34e0a1b80bc_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe3073e15d061f244b43c3fcc933dcf0_e4781c7b-c96d-4938-901a-520c4945fe99 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-06072006-221349.log Object is locked skipped
C:\Documents and Settings\Francis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Francis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Francis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Francis\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A3A9B09C-46CA-4916-B68A-C63E7FC50152} Object is locked skipped
C:\Documents and Settings\Francis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Francis\Local Settings\History\History.IE5\MSHist012006100120061002\index.dat Object is locked skipped
C:\Documents and Settings\Francis\Local Settings\Temp\Free Download Manager\tic6.tmp Object is locked skipped
C:\Documents and Settings\Francis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Francis\My Documents\Downloads\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Francis\My Documents\Downloads\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Francis\My Documents\Downloads\mirc62.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Francis\ntuser.dat Object is locked skipped
C:\Documents and Settings\Francis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\LOPTFPDJ\ind[1].htm Infected: Trojan-Downloader.JS.Agent.ab skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7E151D60-11EC-4143-A6A9-69264FD3BF2F}\RP539\A0095596.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{7E151D60-11EC-4143-A6A9-69264FD3BF2F}\RP539\A0095597.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{7E151D60-11EC-4143-A6A9-69264FD3BF2F}\RP539\A0095598.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{7E151D60-11EC-4143-A6A9-69264FD3BF2F}\RP543\A0096591.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{7E151D60-11EC-4143-A6A9-69264FD3BF2F}\RP556\A0097702.exe Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped
C:\System Volume Information\_restore{7E151D60-11EC-4143-A6A9-69264FD3BF2F}\RP557\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

#13 BudTheSpud

BudTheSpud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 02 October 2006 - 10:01 AM

Okay, this is really scary now. I think whatever spyware is doing this is sending DHCP requests. And my ISP is getting pissed.

Please be advised, a device using your Rogers Hi-Speed connection appears to be making continuous unnecessary DHCP requests.

DHCP is the method your computer/router uses to request an IP address for use on our network. Once our server assigns your computer an IP address, your computer/router can communicate on our network. After a set period of time, called the IP lease time (usually a couple of days) your computer/router should contact our DHCP server to ensure it can continue using the IP address it was assigned. Once assigned an IP address from our DHCP server, your computer/ router appears to be immediately asking to be assigned an IP address, and not waiting for the IP lease time to expire.

As this constant DHCP traffic can impede other subscribers' from obtaining an IP address. Please ensure you are using the most recent dirvers for your network cards and/or have the latest firmware for any hardware router/firewall you may have.

For more information, please contact our technical support department to check your settings and any other possibilities for this activity. They may be contacted by using one of the following: internetsupport@rci.rogers.com" or call 1-888-288-4663.

If you have a Belkin F5D7230-4 Router:

Belkin has provided a firmware upgrade for thier devices that appears to resolve the problem. Please visit the link below or contact Belkin for information on this firmware upgrade.
http://www.rogershelp.com/belkin/
http://www.belkin.com/support/download/dow...mp;download=993

If you have a Hawking HWR54G Router:

Hawking has provided a firmware upgrade that appears to resolve the problem. For more information and the firmware update please visit one of the sites below.
http://www.rogershelp.com/hawking

Firmware Upgrading Instructions
http://www.hawkingtech.com/downloads.php?file_id=3484

New Firmware
http://www.hawkingtech.com/downloads.php?file_id=3483

Due to the severity of the implications of this activity, if it should continue without resolution, we may be required to suspend your service until it can be resolved. For this reason, please follow the above instructions to contact our technical support department.

Rogers EUA Management Team

Date Time, DHCP Type, MAC, PC IP, Options
2006-10-02 07:00:30.820, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 604800 RENEW 86400
2006-10-02 07:00:30.802, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-02 07:00:14.816, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 604800 RENEW 86400
2006-10-02 07:00:14.806, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-02 07:00:06.818, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 604800 RENEW 86400
2006-10-02 07:00:06.804, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-02 07:00:03.408, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 604800 RENEW 86400
2006-10-02 07:00:02.984, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-02 06:00:19.945, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 602092 RENEW 301046
2006-10-02 06:00:19.934, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-02 06:00:02.993, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 602108 RENEW 301054
2006-10-02 06:00:02.992, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-02 05:00:07.288, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 604800 RENEW 86400
2006-10-02 05:00:07.181, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-01 17:02:18.392, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 604800 RENEW 86400
2006-10-01 17:02:18.367, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-01 16:02:10.567, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 604800 RENEW 86400
2006-10-01 16:02:10.554, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi
2006-10-01 16:02:06.569, ACK, 00:50:18:22:4e:a5, 74.119.58.37, LEASE 604800 RENEW 86400
2006-10-01 16:02:06.555, Request, 00:50:18:22:4e:a5, 74.119.58.37, Host Name = Rurumi

I'll leave it unedited in case theres important info, but if it should be edited for security reasons, please let me know quickly.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:07 PM

Posted 02 October 2006 - 03:24 PM

Please follow these steps...

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:

C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys

Folders to delete:

C:\Documents and Settings\Francis\Application Data\hidires



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply



Also post a new log from Combofix.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 BudTheSpud

BudTheSpud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 03 October 2006 - 09:22 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ywwhvalj

*******************

Script file located at: \??\C:\WINDOWS\rrjaxccs.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Francis\Application Data\hidires\m_hook.sys deleted successfully.
Folder C:\Documents and Settings\Francis\Application Data\hidires deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

----------------------

I did a scan with Combofix, and as I did, TrojanHunterGuard found a trojan and removed it from memory. ProRat.256 I think it was. Once when I ran the Combofix program, and again when I ended it. Very strange. But heres the Combofix log.

Francis - 06-10-03 10:14:56.79 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Program Files\Free Download Manager"

((((((((((((((((((((((((((((((( Files Created from 2006-09-03 to 2006-10-03 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-03 10:16 -------- d-------- C:\Documents and Settings\Francis\Application Data\Free Download Manager
2006-10-03 10:14 -------- d-------- C:\Program Files\Free Download Manager
2006-10-03 10:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 06:37 -------- d-------- C:\Documents and Settings\Francis\Application Data\Registry Booster
2006-10-02 18:51 -------- d-------- C:\Program Files\BOINC
2006-10-02 18:47 -------- d-------- C:\Program Files\Trillian
2006-10-01 20:18 -------- d-------- C:\Program Files\Internet Explorer
2006-10-01 20:16 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-09-30 20:31 -------- d-------- C:\Program Files\WinRAR
2006-09-30 20:31 -------- d-------- C:\Program Files\Windows Defender
2006-09-30 20:27 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-30 20:18 -------- d-------- C:\Program Files\MSN Messenger
2006-09-30 20:17 -------- d-------- C:\Program Files\Messenger
2006-09-30 20:17 -------- d-------- C:\Program Files\LimeWire
2006-09-30 20:09 -------- d-------- C:\Program Files\AIM
2006-09-29 19:59 -------- d-------- C:\Program Files\Defcon
2006-09-26 17:10 -------- d-------- C:\Program Files\LIUtilities
2006-09-26 17:09 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-26 17:09 -------- d-------- C:\Program Files\Common Files
2006-09-26 17:00 -------- d-------- C:\Program Files\Uniblue
2006-09-25 19:34 -------- d-------- C:\Program Files\Java
2006-09-25 15:07 -------- d-------- C:\Program Files\mIRC
2006-09-25 12:58 -------- d-------- C:\Program Files\Diablo II
2006-09-24 15:09 -------- d-------- C:\Documents and Settings\Francis\Application Data\TrojanHunter
2006-09-23 21:24 -------- d-------- C:\Program Files\Security Task Manager
2006-09-23 20:52 -------- d-------- C:\Program Files\PowerISO
2006-09-22 02:54 -------- d-------- C:\Program Files\RuneTool
2006-09-22 02:12 -------- d-------- C:\Program Files\Lemonade Tycoon 2
2006-09-20 16:31 -------- d-------- C:\Program Files\PopCap Games
2006-09-20 15:07 -------- d-------- C:\Program Files\Oberon Media
2006-09-18 18:02 -------- d-------- C:\Program Files\JFK Reloaded
2006-09-14 18:58 -------- d-------- C:\Program Files\Soulseek
2006-08-29 02:42 33952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 22:05 -------- d-------- C:\Documents and Settings\Francis\Application Data\AdobeUM
2006-08-08 09:36 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-08 09:36 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-07 21:50 -------- d-------- C:\Program Files\Winamp
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"drvsyskit"="C:\\Documents and Settings\\Francis\\Application Data\\hidires\\hidr.exe"
"hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"
"german.exe"="C:\\WINDOWS\\system32\\wintems.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://content.ytmnd.com//69000/69630/image.gif"
"SubscribedURL"="http://content.ytmnd.com//69000/69630/image.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,0d,02,00,00,71,00,00,00,5f,01,00,00,09,01,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,17,01,00,00,27,01,00,00,d2,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9b,01,00,00,70,00,00,00,5f,01,00,00,09,01,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"DriveConfiguration"=hex:17,35,7f,63,65,82,2e,d1,e2,f0,74,93,26,c6,49,49,9f,cc,\
29,17,33,5e,cf,55,26,be,40,87,3d,ae,0c,8f,24,3f,d1,21,0d,e4,00,78,9a,ca,e4,\
47,fd,6c,e0,f3,5d,61,f8,ff,7c,79,92,c7,98,09,7e,72,8e,83,35,22,45,4a,5e,6d,\
4a,c4,97,11,b8,b0,71,e3,a5,5b,ba,bc,09,15,4c,06,69,80,a8,5e,61,d4,34,5d,b9,\
0c,14,68,d6,44,fe,2f,30,66,4a,79,05,05,49,24,4f,89,d8,67,f4,8d,35,5b,3e,85,\
11,ba,8a,a4,e6,e6,44,fc,8a,2d,13,e8,04,4b,50,a7,9f,30,bd,49,3e,04,74,cf,ef,\
69,1d,8e,c3,00,64,d4,dc,2e,aa,a8,ce,c7,20,fb,a9,0c,0c,41,f8,04,ba,b7,56,eb,\
44,a0,4c,36,19,38,74,27,48,eb,df,9e,fc,c5,b5,32,42,2a,1b,80,13,c7,5a,c3,8e,\
c8,3d,a5,85,4b,ba,55,3b,15,d5,da,6c,84,c2,a7,8e,c5,4a,6f,57,47,6f,3b,7f,70,\
53,b9,c7,8e,56,d7,3a,10,7f,90,b3,f6,f0,1d,06,9f,86,ae,d2,04,41,ff,98,c2,15,\
95,de,19,d4,4c,1e,6c,e5,3e,19,45,39,e6,6f,98,81,85,6d,4c,9f,c5,26,f7,5a,9d,\
c5,ea,55,74,21,6d,42,89,92,4b,53,92,03,92,f1,a3,49,94,b1,52,b3,31,84,19,e3,\
59,2d,fb,dc,cc,f9,6b,5b,24,aa,69,6b,16,b4,ab,ee,34,f5,ac,8a,14,77,fd,4c,f1,\
bc,dd,e2,cd,8c,7f,01,9a,e0,8a,07,50,a5,cb,e0,3e,bc,26,26,9d,45,d3,8c,6b,1d,\
c6,7c,76,a5,6f,ff,b7,c6,a4,de,e2,32,dc,06,3b,ec,9d,31,ab,0a,37,c3,13,b9,b3,\
f2,e0,83,07,2a,e0,cd,8b,b0,54,a4,b1,85,46,b9,f0,9a,8d,1d,a9,01,f0,6e,82,4e,\
c1,15,83,a8,de,85,24,38,17,5c,56,b8,92,3a,0c,e2,6d,d4,fa,29,a6,44,9d,a8,38,\
a3,7b,58,87,da,ac,85,fe,b5,99,83,f7,39,04,9d,db,38,49,4e,8a,22,e3,b3,fd,1e,\
31,41,29,5a,7a,b3,27,9f,2f,47,93,28,71,2a,32,b4,d3,31,b3,d7,da,61,c9,87,9d,\
e1,31,db,40,58,e7,a6,5b,d1,5f,d8,2f,59,fb,a2,37,4e,38,db,ff,da,25,a3,39,ba,\
1a,46,0e,44,a6,62,b2,a8,c9,4d,3b,76,64,b1,b3,60,ed,79,6c,41,67,f1,93,5f,92,\
28,08,ed,5f,99,6d,d4,a6,0b,7d,b4,1b,b6,a0,25,7f,a7,bc,42,13,cd,66,4d,68,52,\
d5,b8,3b,df,5b,dc,ea,bd,42,eb,b4,be,5e,78,ac,3e,f0,d1,b9,10,c9,8e,e0,b9,b3,\
6a,c6,dc,0c,52,70,f6,b4,bc,4e,4b,29,3a,78,20,f1,4f,37,2b,39,81,c7,48,bb,af,\
5b,6d,e5,a5,62,e0,37,ee,09,a8,ec,e9,01,41,de,1f,82,94,a4,d4,90,25,fe,fd,dc,\
7d,8f,71,b0,af,2d,35,c1,a3,1b,50,0d,32,5d,fc,ef,13,5d,4f,3b,a2,9b,1a,8a,df,\
a0,11,d3,ba,33,2d,3c,8e,d0,4f,2f,eb,56,26,af,98,00,52,ed,d8,96,ca,16,ed,e5,\
7b,70,db,6c,31,a5,6e,58,bb,5e,7e,b3,4a,14,72,d8,1b,23,03,2a,56,21,42,05,df,\
35,6d,dd,f5,68,0b,9e,26,b9,af,34,1c,ec,17,36,a4,e9,9e,65,0b,1c,0f,31,8d,1d,\
b7,7f,10,8c,be,aa,12,3f,b6,c8,e1,a0,75,2e,0a,50,20,36,13,11,89,3f,6d,e2,bb,\
f6,a4,6b,d2,d4,d9,9c,11,e8,72,92,2e,d7,10,ba,f0,21,c1,38,fc,a6,77,8a,ec,68,\
ba,b8,68,a2,92,99,ef,dc,ba,e6,ff,08,63,a3,e2,59,c6,b7,2e,1a,d1,e5,ec,43,71,\
ff,f9,4a,0d,57,ad,3b,52,77,bb,0b,36,12,58,29,37,39,a0,57,e4,d2,35,b8,9f,47,\
29,2a,a1,7b,1e,d5,3e,02,ab,04,6b,91,02,34,7d,b3,d0,6b,33,be,65,cc,f7,06,15,\
67,61,50,f9,de,55,fd,8a,4a,05,4e,b9,97,d1,13,32,16,d5,c8,0d,d1,00,70,d7,70,\
6b,92,87,5e,ea,82,b3,27,e1,e1,04,24,5a,67,e8,5b,54,e0,86,a1,5d,75,f7,01,63,\
2d,b3,62,c7,b3,49,63,b3,5a,54,8a,ae,5e,aa,9e,6d,6d,d6,51,ec,66,c9,22,be,60,\
cc,82,a1,ee,b9,f8,36,56,a1,6b,fc,b0,cf,73,71,ea,93,0c,32,3d,15,51,42,b2,0c,\
ae,ac,35,81,95,69,ec,d5,72,83,c7,05,e0,7b,57,2d,1d,e8,e3,4b,bb,62,b9,46,99,\
9e,c2,2f,12,da,59,c6,74,7c,5d,40,b4,f6,85,47,60,ec,f4,43,d4,99,0e,d8,b1,6f,\
89,af,8b,fd,c7,7a,e2,a6,16,63,32,54,30,09,a3,10,0a,8c,2b,8e,91,32,bf,7d,05,\
52,2e,fd,58,22,aa,0f,d7,ca,84,4a,0b,bd,37,cf,e2,48,a8,7f,0a,6b,ac,6b,9e,e9,\
cb,8b,04,9b,43,b3,15,09,50,c4,7f,3b,ab,1f,68,cd,51,60,54,42,85,48,49,9a,18,\
fa,31,27,e8,6b,7f,9c,a7,14,ea,16,67,de,e9,66,41,31,8f,d8,03,e4,ca,6c,bb,9e,\
34,a0,ff,6d,35,94,81,0b,2f,6d,e4,60,f9,f7,ce,47,8f,8e,3f,95,08,3e,21,57,c8,\
29,1f,5c,f6,29,bb,f4,30,b7,9b,f6,7e,0c,24,08,85,85,4a,1a,fe,4c,a7,34,66,35,\
ca,72,f6,e6,d1,4c,d5,3b,3a,1b,8d,c5,e8,f6,d9,bb,61,bf,29,0b,f6,ac,97,64,43,\
03,20,60,c7,4e,f5,ff,d3,b1,7c,9c,a6,7a,98,20,d6,fa,2a,75,f1,93,d8,3d,65,13,\
0c,c5,9d,40,40,34,6d,b4,7a,09,b0,ec,12,c4,30,9b,bb,e2,c5,44,c1,0f,c1,07,90,\
98,8c,bb,76,1f,8c,3e,aa,92,48,09,8c,5d,a1,cc,08,2e,df,4f,a8,14,1b,13,31,38,\
b1,8d,56,51,0c,c6,0a,55,dc,01,96,3d,c7,9e,e9,08,5b,3e,2f,02,48,28,a5,46,cc,\
eb,ab,82,6e,45,1a,fa,ef,44,d9,d0,7e,ab,ab,82,2b,97,4b,b4,9e,63,bb,30,09,c8,\
d9,2b,5b,49,33,c9,b6,ce,1c,e4,24,8f,ff,09,86,dc,33,f4,c4,cc,39,91,1e,6c,98,\
03,63,0c,a2,5d,29,82,2e,2f,8d,ff,f6,5b,c0,87,3e,24,c3,a5,b7,88,6e,5c,a2,d0,\
b7,60,38,65,31,86,4a,e5,d3,7a,25,76,fb,b0,b8,5b,b2,9d,f9,c4,32,26,84,eb,a5,\
59,85,5c,30,5b,d9,94,30,a1,70,ce,c4,63,f6,1a,8b,4e,a1,b2,af,af,7a,ae,82,22,\
9b,18,18,27,7b,e8,98,15,a8,c3,24,57,69,1f,69,b8,f7,a9,75,dd,ea,e3,c9,13,f2,\
12,b0,4b,c7,57,cf,63,63,1c,fc,a8,6e,b1,53,98,fa,37,87,ec,70,be,77,d6,ca,aa,\
02,87,03,5b,1b,f4,cc,0d,20,da,81,fc,67,ff,5b,cc,1a,bb,e7,ca,29,46,b8,b7,aa,\
2e,f6,57,fc,e5,12,82,3c,1c,c7,96,a4,38,b5,46,6a,a7,61,8f,e5,75,7e,ed,f2,1a,\
6b,ce,96,97,fc,47,e5,c1,7d,06,22,dc,f4,88,27,6b,a7,8b,07,47,de,c7,f3,ef,ea,\
d9,5a,1f,66,80,54,a4,bd,0b,41,6e,ec,12,ad,e7,8a,65,77,83,05,42,aa,33,98,2e,\
cb,cc,71,f8,b6,6e,9d,7c,47,a3,8d,41,7b,bc,5e,bb,86,72,f4,11,80,cd,48,23,5c,\
45,03,cc,19,27,4b,64,3c,3b,dd,8a,7d,a4,5c,20,c1,07,e8,96,48,f0,f3,6c,28,71,\
50,f2,fa,0b,8d,53,d3,d2,83,d1,75,cd,2b,52,c7,9c,b3,1c,83,5d,d2,dd,2f,ad,cf,\
58,ee,4e,b8,09,d8,d7,85,ab,18,e6,31,5e,1f,b2,68,2c,9d,bf,eb,e1,ff,54,36,1d,\
36,30,60,a7,bb,79,44,04,d0,f5,de,49,08,7c,f7,2d,09,ae,05,62,91,e1,4d,26,b7,\
5d,4a,14,74,cc,52,41,61,ec,77,84,c2,87,ab,15,c4,a5,28,5a,03,00,0f,fd,4f,b8,\
d1,50,42,b0,48,c9,98,a7,b9,b2,6d,b7,15,38,47,24,1f,68,11,fb,41,4f,b2,52,c6,\
60,e4,d1,49,15,44,72,6e,d9,a5,84,cf,26,aa,f6,3a,eb,94,d2,19,30,58,08,31,fc,\
f5,6d,90,77,04,03,c0,4c,91,7b,41,51,29,f8,36,6a,34,16,5f,aa,85,2b,47,bc,30,\
cc,bf,b6,82,9c,94,8a,fb,d9,20,5a,6a,33,5e,fb,b5,07,08,cf,0b,d5,6b,7a,c9,97,\
6d,de,9f,51,ce,4a,ee,ea,ae,ee,75,3a,50,93,2d,64,1d,88,71,66,ec,e0,62,ee,80,\
da,8a,6f,52,a1,bf,75,91,36,4b,35,68,aa,49,69,7f,90,52,5b,c4,b2,5a,3f,6b,03,\
d4,c5,33,d5,a5,1d,ef,ec,4c,17,20,36,13,14,76,8b,4d,f7,5a,80,cf,95,56,47,8c,\
61,26,79,50,49,11,12,b2,db,79,bd,43,ac,b2,53,0c,fa,10,9e,38,90,44,62,0d,ea,\
e8,9e,21,9a,58,0f,ca,ea,c4,f6,d6,c3,83,1b,7c,ce,aa,12,93,d8,de,bd,02,7b,66,\
12,78,fb,84,1e,5d,c5,6e,06,4a,08,20,18,de,32,35,5c,c3,aa,90,3d,8d,4b,f4,7f,\
b8,2b,69,1b,32,16,e2,4b,1a,3b,1c,e1,c8,24,c9,dc,0d,ec,ee,3d,bc,ac,8a,17,69,\
36,78,e6,70,06,96,21,39,75,27,13,bb,30,76,e6,3f,e9,bc,01,67,4c,44,93,6e,35,\
cd,70,b1,20,30,1d,6f,e0,dd,43,26,cd,94,fc,b8,1d,d8,da,6b,5f,38,80,60,08,ea,\
a3,8c,03,bc,27,53,f6,4b,85,59,c6,76,70,95,5d,12,b8,a7,ab,df,6e,6b,ea,bb,49,\
ce,27,16,48,e0,fe,a6,99,2b,a5,5c,ba,43,2b,96,de,9f,02,96,92,a7,bc,33,a0,0e,\
12,ce,34,62,2a,88,3d,e2,19,b2,ed,16,8f,a7,85,66,85,53,14,45,8c,97,7e,a0,eb,\
6e,68,de,7c,12,ab,c3,06,0a,49,95,c6,64,a6,7e,4f,40,f5,32,95,8e,f0,d1,44,17,\
cc,0f,56,c2,6c,92,e4,10,d5,9b,3c,ea,e2,e9,35,9c,38,da,bf,21,7d,d4,be,a1,c5,\
e3,19,38,4d,a4,0d,f9,6c,61,c8,33,c6,9e,7d,33,f2,c3,13,0f,c9,3f,da,43,cf,84,\
4c,74,e8,75,07,d7,46,0b,73,43,2f,06,a5,8b,00,dc,83,0a,72,f6,29,7f,1c,1b,8c,\
1b,39,2c,5d,d9,ac,13,30,0e,41,f6,de,41,36,b0,28,3c,fa,81,9d,63,34,04,bd,45,\
07,62,5e,71,94,c6,4f,8b,c1,11,3c,9f,39,ce,d6,d1,b4,b4,68,22,a5,79,9a,4b,2c,\
21,28,53,40,9d,cd,57,a1,7b,74,e4,b1,64,aa,a4,85,ea,54,3d,3c,80,9d,76,8f,ca,\
33,9b,aa,18,b3,23,3a,2c,61,91,c8,44,1d,98,45,54,92,82,e6,94,b1,d2,31,3a,5e,\
29,58,89,69,66,c7,0a,bf,11,f9,1a,e2,fa,8f,a4,96,da,1d,a3,30,dd,c9,5a,1d,26,\
02,b8,2a,c2,23,b9,3b,97,c7,9d,5a,18,ea,83,fd,74,4c,39,87,0e,16,53,11,2e,c0,\
7a,69,f6,32,07,5b,97,2a,d0,30,c4,dd,42,75,67,e1,b1,fd,94,4a,eb,29,bb,13,13,\
67,21,c0,ad,f9,91,42,f5,f8,4e,1b,75,98,4d,c3,d6,ad,a1,f9,49,f7,6f,37,3d,3c,\
7a,c3,ce,28,18,fa,30,2f,c3,02,40,c5,e6,27,6b,bb,e4,cf,cc,cb,5b,b0,94,72,aa,\
40,af,fd,b1,6d,a5,e7,d7,8f,be,62,52,9b,69,34,a2,99,de,c4,5f,58,03,75,35,60,\
8c,32,2d,28,67,4a,2e,89,57,7f,c3,73,de,59,1e,df,61,c0,5d,04,c4,87,ca,0d,ce,\
e2,d2,ed,8c,d1,ca,f4,e8,a5,d2,95,1d,02,09,41,64,88,a3,2e,af,b3,3b,57,9a,00,\
6b,c3,9f,52,9b,0b,89,93,16,16,2b,9e,63,28,51,5d,d2,1b,f7,2e,55,eb,b9,8c,91,\
79,8b,eb,35,88,aa,e3,8b,0c,d2,91,4c,a4,b2,3b,b9,65,9d,32,e7,d9,82,96,fd,5b,\
47,1e,b3,d6,35,70,a9,72,2c,6e,4d,ee,bb,f6,52,47,be,07,0e,88,e0,31,20,e2,5f,\
4a,55,ff,0f,63,cc,94,a2,fa,59,36,26,71,28,6e,cf,bf,a3,0f,f7,66,95,c7,63,a5,\
8f,f5,c8,ee,8a,ba,8e,9a,cf,53,d3,dc,14,a6,b3,f4,e8,1a,c7,a5,51,ac,eb,e8,a6,\
b3,3f,45,e2,f3,34,82,14,dd,3b,63,d2,c3,69,79,f6,67,8a,2c,d5,1b,b8,02,72,27,\
2c,1e,f2,6b,55,07,50,46,27,ac,52,b6,b6,a4,bc,c0,03,ba,c3,12,16,a8,c4,e7,4d,\
23,36,2b,f3,18,dd,df,14,36,41,c0,90,ac,5f,23,6f,34,9e,24,74,50,05,ff,f5,d3,\
aa,f8,be,e9,a4,6e,15,43,bf,e7,8a,7e,7c,9e,d8,7a,14,7b,96,86,61,7d,14,be,e5,\
ae,86,97,0e,57,64,b8,b8,70,10,0c,f4,5a,b9,15,08,d0,80,83,b6,1b,da,05,c2,86,\
36,5f,ae,12,df,bc,c8,6b,23,46,66,1a,b5,f5,71,fb,50,a4,20,f2,9d,6a,06,da,57,\
27,4f,be,81,ad,5d,47,4c,e8,42,1b,86,4d,13,e4,bb,45,aa,e1,b6,bb,53,04,35,c6,\
dc,b1,9c,88,eb,c2,eb,55,94,ce,ee,18,2b,ab,b3,f3,57,31,41,26,68,41,87,32,eb,\
06,93,3e,7b,7b,05,b9,d9,2e,c2,41,3f,43,ed,c4,f2,bb,13,e5,17,f6,a5,a1,c7,77,\
ac,32,66,e8,b8,cc,33,30,5e,19,06,14,dd,52,73,c6,1f,cb,91,10,91,c6,ea,68,9f,\
94,da,c8,31,09,38,ba,76,2d,38,b2,e0,34,90,a1,70,b1,da,c7,33,06,3a,c9,0c,1f,\
40,03,b5,60,10,1f,01,db,c0,e7,64,c7,01,57,b4,2d,02,f7,31,e5,91,67,c4,c1,83,\
3c,84,08,57,0a,7e,26,30,16,c2,b6,a1,7d,3f,69,4f,5e,1b,95,c7,44,c7,bb,15,56,\
db,e4,b2,7e,aa,e2,b2,ca,1a,d8,40,12,b2,fd,48,db,f5,9c,73,7b,ef,5f,58,7e,0d,\
ce,f0,49,32,13,4b,fd,06,00,82,9e,91,53,ed,75,0a,38,96,b2,e9,0f,ed,56,43,70,\
bd,50,57,6c,5e,e6,64,16,2c,a5,57,be,42,39,bf,21,8d,3f,3a,45,9e,d9,4c,b3,aa,\
f2,81,d6,3e,7d,50,55,39,66,45,a0,17,c9,5f,c9,76,63,b7,96,d2,45,63,d4,94,d0,\
9a,ee,4b,dd,19,be,39,3c,c5,a2,11,60,91,d3,ff,58,a2,f2,e9,01,b1,e4,f4,7b,b2,\
e0,4b,d9,b3,c6,1b,1d,06,b3,e2,63,ae,a2,d2,ea,5c,c7,75,10,fe,e1,64,ca,7a,af,\
74,69,6f,a4,5c,9b,5d,8e,c5,33,5c,75,a0,2d,0e,c6,bc,ec,d2,b0,98,c7,3a,cf,75,\
c4,bf,08,b0,a3,b4,b4,4f,1f,79,00,da,70,f1,93,6c,14,36,72,09,cf,8b,21,32,f1,\
91,0b,b7,d7,be,24,cd,b4,0c,cd,60,91,ee,c0,f8,ab,93,88,8c,05,7d,1f,0b,fe,75,\
cf,72,aa,0b,7c,61,3d,77,0a,7b,d8,22,d1,10,a3,69,4b,f9,1c,9d,10,c4,ae,4e,05,\
11,86,c9,d0,3c,a2,df,8f,3d,2b,e8,c9,cc,04,08,a4,c8,a3,b1,59,d9,20,69,e6,54,\
8b,ce,02,60,83,d7,56,57,04,5c,ea,6f,81,d9,de,af,9a,33,6f,5a,ab,b0,2b,c7,b9,\
bf,8b,40,c8,6b,3e,43,a6,56,2c,ad,14,50,b6,e5,26,28,3f,57,ed,c2,eb,24,52,6a,\
a6,17,45,68,69,db,18,d5,b8,6c,25,ad,6f,cc,b7,24,bf,f7,28,3e,74,18,46,9a,79,\
fd,fb,8e,9d,c9,2d,79,97,e9,e4,55,48,49,ab,8c,41,c7,96,38,0d,85,e7,4f,9e,90,\
c9,e3,74,98,59,7e,01,12,c6,e4,0d,78,35,f3,08,4a,b6,ce,9f,52,77,3b,8d,2d,37,\
48,b4,07,fe,35,6c,a6,0c,8e,1b,aa,0f,98,05,13,99,ee,66,03,d0,6c,be,c5,67,4c,\
6d,0f,ce,8f,7f,84,a6,9f,c9,7d,78,32,35,09,a6,71,5a,32,a2,ed,5a,50,83,5d,63,\
c2,c6,03,60,44,12,e5,a6,e7,06,b6,71,0b,4f,fb,83,75,70,bd,0e,a1,c2,81,d4,5a,\
b9,79,8d,87,6a,fc,89,48,4a,34,96,42,39,17,24,36,bf,98,a7,d9,95,1e,3d,e0,67,\
35,91,5a,d8,83,ff,42,c6,fe,f9,55,d0,5d,a9,21,16,cc,d7,5f,40,e4,c5,0e,82,c2,\
da,fa,90,5e,f7,15,31,ea,48,82,05,53,96,39,3b,e2,98,65,60,be,68,0a,74,b3,34,\
eb,43,31,36,ab,f2,98,e6,32,d9,b2,6e,52,90,81,5e,ab,4d,3c,a1,cc,6d,94,af,9a,\
50,3b,05,f6,6a,a7,d2,9a,97,13,f4,44,af,c8,22,17,5b,9a,6b,3e,27,b5,df,f6,d2,\
d8,9a,8c,fe,ff,64,ac,61,ce,50,1c,b3,2b,7c,10,ac,03,ef,05,21,e1,da,f8,70,bf,\
1d,d6,1f,1b,0d,33,c0,4e,75,3e,18,1a,da,f5,80,82,04,95,8a,de,b9,55,e8,2e,cc,\
53,8a,af,56,cf,07,ac,44,97,3e,97,12,c2,3d,58,d5,a1,61,e5,7f,f3,bf,13,5f,58,\
a7,c3,ab,e7,08,17,c1,b2,c5,c7,41,c5,0e,a2,cb,16,96,e3,c1,4a,f5,11,9e,c3,9c,\
23,89,da,0e,e8,29,69,4d,a6,bc,8d,93,01,63,aa,43,1f,c0,af,1f,0a,c3,9b,bb,56,\
c1,3f,32,03,c7,46,17,a4,2d,74,af,c1,6e,2b,5d,7b,36,33,5d,6e,bd,ba,b5,dc,54,\
9a,69,a7,07,3d,db,ef,de,c0,79,e2,dc,7b,67,fa,2e,fa,d3,3c,14,88,ac,6e,89,44,\
62,ce,26,77,ed,03,44,24,10,54,61,e1,df,18,c4,e6,7f,6e,64,64,2d,2e,07,17,81,\
1f,a7,1f,f4,6a,19,0c,a0,4e,f0,38,48,16,a0,59,98,48,df,56,ae,20,51,5a,d8,3c,\
63,27,a0,99,af,77,ae,06,be,42,dc,0c,37,73,b6,78,45,96,a8,d5,d4,37,1a,bb,ad,\
4a,45,50,ed,ca,45,0f,b6,a1,6f,c8,24,c8,e4,e8,83,af,66,fb,bf,df,6b,6f,1b,de,\
70,9b,26,53,90,ff,eb,6a,55,ce,69,7a,ce,a9,43,e5,e2,ae,b7,40,e3,b1,d4,b5,66,\
c9,e8,a5,53,0f,38,d6,91,38,a2,f5,3a,e3,ef,6b,07,2f,2f,7a,a8,1e,30,4a,f9,28,\
59,3b,29,d3,e8,1b,1b,84,7f,9c,0c,95,df,05,77,a7,f3,27,35,3a,10,93,e9,7a,7b,\
0a,9b,5c,2c,35,a3,ea,d1,96,c9,db,16,bf,aa,67,24,c2,5d,59,67,e8,57,66,95,a6,\
8c,bd,ec,cc,d7,df,ba,00,fd,9c,b1,23,6b,ac,d0,1f,b2,69,24,c2,28,2a,b8,c0,41,\
e1,c9,30,4a,fa,1c,90,58,87,95,0a,7f,9b,06,f5,44,f3,45,9f,54,dc,81,4a,76,50,\
d6,74,be,63,1e,5c,03,dd,0b,c1,94,29,72,ed,27,6e,ea,f2,12,fb,96,34,be,e8,3f,\
27,58,fa,a6,5a,c9,c8,18,b5,e9,9d,1c,42,fe,ef,9c,47,a2,2c,aa,10,b3,fa,88,e3,\
2d,ef,c0,38,7d,56,c3,c8,44,df,d0,e6,58,95,17,12,0b,11,1f,cc,b1,ed,65,a6,5c,\
7c,45,9d,ea,b8,1e,a9,42,7c,b2,93,da,f4,cb,07,7c,51,24,ea,4b,c1,86,ed,01,9e,\
32,63,7a,e5,7f,4f,76,eb,c4,c2,9a,4b,e6,78,64,b9,23,98,50,52,80,49,25,5a,16,\
bf,59,3b,35,5d,d1,1c,f8,1e,af,63,bf,33,6c,78,e0,ed,26,cc,9a,de,3b,1b,4a,3b,\
16,ed,e2,85,49,63,96,69,dc,30,d8,e4,e5,e6,87,aa,59,73,64,c9,22,eb,c5,8a,72,\
88,8d,98,56,ee,5b,64,8e,b4,02,c7,9c,21,3a,d5,e9,1b,33,94,63,52,e6,b4,a0,09,\
b2,ba,89,9b,56,01,61,4d,d4,0c,ed,de,bd,bd,d9,5f,ae,c8,57,45,1b,68,09,bd,4b,\
50,21,3f,a4,e5,c6,66,29,aa,ba,ff,41,fc,3b,60,ba,ff,27,fb,0d,d8,63,33,e4,1d,\
7c,6d,d9,89,8f,6b,81,f5,67,d5,a9,83,e6,19,df,1d,aa,a6,75,34,1e,df,52,41,4e,\
8c,d4,68,14,c9,af,5c,e7,80,3c,e4,06,44,cc,dc,69,7d,3c,7c,f7,c6,c9,dc,f9,93,\
26,b8,cf,17,cc,71,e1,65,92,55,d9,d5,7d,20,0f,a9,d9,c3,45,f0,89,64,95,ab,9b,\
a5,a7,2f,1f,29,27,ca,3a,54,77,a9,76,53,a1,f9,5c,5d,8f,e5,4d,45,38,7e,40,6d,\
fe,b0,5b,49,21,61,39,1b,ad,fd,e8,c3,cd,90,93,d8,91,7e,5e,f7,ee,74,92,5b,06,\
9e,fa,ae,aa,1b,8c,1f,1e,ae,4c,b5,1c,b6,6e,e3,1b,60,bb,5c,d0,1b,35,28,f6,4c,\
fe,f8,4b,43,76,b7,db,6e,a4,61,80,cd,d7,18,aa,a6,8d,75,5c,7a,ae,93,1c,77,37,\
6e,93,3b,af,fa,54,0b,49,51,20,70,f7,ee,97,61,68,12,06,c2,7e,67,80,2a,02,e4,\
30,e9,97,f0,ed,4a,ec,ca,0f,15,36,28,81,58,de,1e,18,67,76,42,23,22,f2,0e,44,\
76,15,86,7e,26,29,1a,8e,cc,f3,cd,7f,1a,e6,97,79,66,97,08,d9,66,71,c6,2f,87,\
38,aa,ba,84,a5,75,5e,c3,a6,7a,7a,3a,27,83,f7,38,0c,78,72,f9,72,8d,9d,78,37,\
ba,e2,84,bc,6b,4a,16,e9,79,9e,e2,72,5a,cb,2c,59,94,8b,dd,b4,78,42,d6,b1,0c,\
26,84,d7,49,a3,b5,8f,87,fe,aa,e2,35,38,6d,84,cd,35,64,12,07,1d,27,98,4d,74,\
03,8f,56,70,c5,0f,c4,99,33,48,d3,82,73,d7,76,e6,a3,72,61,35,c1,33,10,8d,c8,\
33,0c,e6,1c,5b,6a,8c,28,77,94,d3,46,8c,4b,06,df,6c,ed,a0,d3,87,f4,bf,1b,04,\
c0,d5,ac,11,96,a1,9f,77,e8,5e,90,71,d7,3a,44,be,f6,09,8e,f5,51,3b,73,19,ae,\
0b,e2,8c,6d,12,fa,ac,89,87,7c,c3,ae,1d,f1,02,57,2f,d6,40,10,e7,3d,9d,8b,04,\
7a,65,f1,db,20,36,76,9c,2c,66,30,d7,7f,9f,29,3f,92,cc,b3,ad,65,39,fb,68,b8,\
f5,e1,a3,7e,7b,07,47,8f,92,28,f3,9d,72,ac,41,69,28,79,4c,36,3c,0b,6f,7e,90,\
c7,4e,e5,30,8b,8c,1b,6b,77,8c,12,e5,28,5a,46,ae,df,43,a0,9a,6d,e2,25,2b,9c,\
ef,77,08,ca,58,9f,aa,d7,93,09,59,42,32,d0,57,8e,b8,3c,5b,eb,ab,89,40,12,ea,\
eb,ff,71,41,ce,db,88,3b,62,db,93,37,57,7d,69,be,e5,a9,a4,14,10,e4,02,0d,2a,\
c6,0b,22,99,ae,d4,f4,c4,da,b4,c4,f0,c6,df,b5,04,15,98,dd,d1,20,5f,0d,f1,eb,\
bd,fa,5b,62,7a,9a,34,e3,0f,d1,e8,fd,5e,4d,7a,78,a1,ae,18,95,a1,eb,f3,96,28,\
f1,4e,81,b8,8d,d4,22,7d,8b,2e,4f,81,1f,d5,6f,1f,85,25,3d,ba,e5,b3,ca,ae,79,\
e1,c1,87,f1,b0,ef,71,f4,17,d5,03,f0,af,0e,92,d2,a1,b6,5e,61,5a,97,d7,dd,6f,\
00,e2,29,83,18,da,c4,6b,72,d4,fb,91,e2,28,5d,96,8e,2c,70,3c,48,43,a2,82,1b,\
17,82,10,23,22,30,d6,a2,73,12,f1,51,af,c9,ce,f4,56,64,91,31,47,d3,b8,a2,87,\
9e,fb,29,3e,d6,77,84,02,4c,f6,0c,21,58,02,04,33,78,df,f5,05,51,a7,e8,8e,cd,\
29,ba,46,56,bb,c3,39,99,e3,b6,5a,8a,57,c8,19,a8,28,15,38,82,3a,3f,da,7a,f7,\
58,dd,c9,44,02,69,c3,b4,d4,c9,5c,fc,00,7a,ec,a8,33,82,2f,0c,bd,03,90,7c,f2,\
10,a7,bf,d0,bf,00,c2,e1,80,1e,8a,da,63,ad,bf,6c,a7,62,62,80,b7,8e,07,53,3b,\
4a,36,dc,9e,6a,42,b2,6c,52,cf,7b,ff,0b,92,a8,5a,96,58,5f,55,81,4a,b9,fa,b7,\
6f,2e,30,9c,72,4d,96,5a,a6,b1,b2,75,47,30,4b,a6,02,55,13,e6,b8,11,89,c9,80,\
ad,1e,0d,eb,03,97,73,8b,ee,b2,cd,b6,ff,ff,0c,59,87,72,42,4d,26,60,57,b3,49,\
35,56,77,fb,65,38,bf,9c,5b,07,7a,2a,b2,44,3c,be,a8,86,49,5a,d0,65,ef,e1,06,\
96,1a,67,a8,57,22,ab,03,0e,e7,e2,0c,2d,20,b7,51,58,f0,8f,2f,ca,ba,11,44,f5,\
37,e6,27,68,c6,bd,57,f6,03,93,72,15,9a,31,a8,e2,84,5d,f6,6e,31,95,d6,77,59,\
96,a3,e0,f1,97,8b,aa,45,c0,e2,6e,df,83,22,4c,aa,30,31,25,57,c4,e2,0a,00,02,\
bd,f4,0b,c6,03,b5,52,95,ed,2e,80,78,35,c3,be,0b,d7,0c,90,d1,19,cd,f9,ca,c9,\
29,e6,48,c6,12,c9,fe,c1,04,85,5a,45,f3,8a,14,f5,81,95,41,07,15,75,aa,41,4d,\
69,43,56,a9,c2,2d,f9,e3,e6,8a,cd,e5,a8,29,78,8a,07,65,f9,a5,19,4a,3c,44,42,\
fa,ec,36,a9,4f,89,ca,ed,c2,ba,da,13,8c,e4,08,c4,0a,fb,48,b5,66,99,9e,66,74,\
4d,29,0f,da,35,61,d7,74,cf,9d,48,f7,0c,d8,00,d4,a6,b4,a9,9f,5f,b4,bf,2b,30,\
7b,f6,1f,c9,88,87,87,7a,fb,db,bd,82,26,d4,aa,77,57,54,38,e8,f1,fe,0a,40,c2,\
40,6a,ed,90,91,83,c2,f5,f7,d0,9a,6d,cd,d4,3f,ae,c3,0c,8a,38,26,22,cb,2c,62,\
63,6a,61,c5,73,cf,b5,85,3f,80,a1,05,34,89,10,54,ae,21,72,f6,b4,b4,8a,0c,e8,\
e2,39,92,de,a6,37,f7,cf,af,c7,84,b3,a3,49,28,8b,11,5e,0f,a3,a6,4d,75,14,a3,\
a6,bd,8c,8e,24,bd,52,28,d8,5c,84,a0,84,60,a3,06,45,81,52,02,76,c2,5b,c6,d0,\
01,f3,41,d6,cc,3f,96,70,76,17,cc,d6,6a,09,c7,af,c0,a1,77,7a,0e,e7,4f,7a,2e,\
81,2a,f9,1d,2c,fc,48,1e,9f,7e,6e,eb,bc,de,6f,c8,c6,1d,d5,66,bb,16,a5,06,e4,\
bc,93,e1,aa,a3,72,c8,ab,c1,ee,08,0d,76,7d,90,12,cb,93,56,ed,f7,15,f6,d5,28,\
11,9c,57,80,ac,25,f0,5d,5c,81,db,dd,57,5c,28,a1,4a,fd,0e,d2,4f,6e,82,62,19,\
c2,dd,08,95,72,42,ca,bf,e8,42,e7,4f,c3,53,0d,0c,3a,22,4a,9f,e6,31,1f,52,76,\
c5,d7,17,a5,ff,16,cc,69,49,b5,bd,6d,f3,cd,6b,c2,1e,12,8b,d1,da,63,52,95,8b,\
9e,f0,07,91,b9,5a,d9,28,0f,4d,66,8c,f7,90,e9,61,9b,79,ee,53,08,b2,07,fa,81,\
3d,c0,a2,00,19,b6,d5,85,80,d9,a2,c2,1e,43,da,ed,5e,7d,7c,5d,4d,36,03,ef,63,\
d0,dd,a8,a0,1f,1f,9c,db,6d,77,0e,57,c1,62,d8,98,60,9f,0d,75,95,e3,de,6d,ae,\
ce,ba,3f,47,1e,b9,b4,cb,23,3b,c0,37,72,cc,c9,21,de,4b,47,f9,a4,4c,8d,90,e6,\
ba,e6,d6,5b,d8,c1,e4,e8,44,eb,f5,4a,a2,89,37,70,a6,54,8e,84,69,54,f3,63,dd,\
01,0f,e8,03,a8,08,6e,5f,11,9b,90,a9,5f,6b,33,c6,37,98,c7,f6,25,94,c9,4f,3b,\
32,8d,6a,fb,00,3a,5c,76,d7,16,e8,b6,b0,04,f2,5a,b9,4a,37,80,a8,98,3c,e8,50,\
46,84,55,72,de,06,c9,37,d5,da,de,88,99,af,43,f4,c8,0a,b9,3c,2e,59,88,dc,6b,\
8d,6c,eb,46,1e,8e,44,44,50,b3,e3,79,b5,b4,91,9f,f4,2e,c4,65,c8,7a,c1,09,4c,\
e0,03,29,75,07,e0,d7,e0,b0,6a,eb,ce,a4,94,9d,6c,eb,95,53,58,3f,92,b7,62,c0,\
77,0d,8f,e9,25,c3,64,c3,db,d3,4a,61,59,ae,25,cb,6b,c3,40,ae,67,1f,82,23,94,\
35,a5,cf,91,7f,46,ac,fe,68,38,0c,79,6a,1e,db,cc,74,39,24,64,8e,7e,d6,05,bf,\
ec,c9,bd,2f,1c,fc,17,89,1a,20,90,a3,73,5b,4f,61,8f,46,10,d6,41,37,62,ad,9d,\
c6,12,c8,0a,8a,e7,26,97,24,8f,af,0a,93,7f,da,5a,57,55,26,45,67,f6,1a,28,ba,\
45,98,b3,55,03,ec,47,1e,50,4a,a3,f0,6e,77,c0,eb,c9,c6,f9,0e,34,46,6f,07,76,\
3a,ac,49,05,c9,87,60,11,f7,47,81,c4,d4,0b,66,c9,f3,68,58,0b,1e,55,8d,bf,48,\
44,b5,a4,c3,92,d0,89,b3,21,42,10,c3,fa,43,29,b3,17,db,ee,04,81,be,1a,39,f7,\
60,6c,e7,45,ac,28,0e,ff,33,b1,56,ba,89,5a,98,7b,ec,7a,a0,70,27,be,32,de,b6,\
c4,4a,5b,2b,e5,a8,3d,d0,51,8c,52,8e,62,bf,d1,0e,2a,d2,91,1d,4e,aa,79,55,18,\
3c,38,fa,c7,96,36,22,2a,1f,ca,19,6d,1f,ad,b6,03,32,82,af,c3,e3,d8,a8,1c,47,\
a1,b2,16,54,c8,95,a4,45,6d,83,83,eb,e7,06,65,48,0a,36,4f,5a,a5,2f,40,35,4f,\
c2,13,54,64,6b,a6,31,4a,83,3c,13,f9,b7,20,28,ba,b9,8b,d3,2e,35,c8,47,93,07,\
96,55,43,ab,ce,82,7d,f5,46,5d,68,02,f4,10,55,6e,a6,57,34,45,c7,12,ea,ab,42,\
da,27,73,ad,93,4f,42,a5,b6,06,00,09,f6,42,94,ae,23,a5,ee,55,4e,0b,4b,da,2e,\
5e,b4,ad,c2,b2,c8,86,38,8e,bc,55,0e,87,a0,78,77,14,e4,31,00,9d,1a,57,73,d5,\
fd,4c,fc,4a,b3,2e,8a,3a,4f,52,78,a9,9a,ee,6d,b0,13,15,fd,81,18,34,e9,a1,27,\
f7,0c,34,ba,99,57,fe,94,9e,cf,45,f6,15,d4,33,70,1d,9c,7c,f6,a8,e0,40,36,7f,\
d5,33,29,86,5e,fb,e9,42,80,d9,c2,98,16,8c,8b,d8,c6,73,37,f9,33,f1,a7,26,74,\
15,c2,7a,c5,7b,c8,09,7d,6d,e3,1f,40,4e,00,cc,76,39,dc,a0,fc,c7,e5,62,b3,19,\
cc,34,e8,b3,8c,88,73,c3,8d,35,99,06,e4,0d,b7,f5,77,6e,86,f8,62,14,9d,d7,9a,\
31,38,71,d0,c0,37,b0,99,16,6a,bc,cb,ba,0b,6f,2a,76,8c,09,44,ae,93,26,99,f1,\
43,ed,ff,ce,be,89,45,e9,e8,dd,17,4d,6d,73,21,04,05,b6,77,e5,f7,62,97,35,ae,\
db,38,62,53,a5,f6,1b,95,df,86,ed,d5,36,76,82,2b,38,a8,80,b3,5c,4b,ae,27,43,\
09,58,b3,3d,82,f5,04,0f,fa,08,a2,f4,4e,44,81,e1,2d,f3,d2,0d,84,99,1f,b1,3a,\
d4,97,0c,1e,86,a7,ab,1e,36,ca,e7,b9,b4,a1,af,b6,fc,46,88,17,5d,dd,d1,49,ab,\
db,6d,4c,9d,d1,ee,da,fb,da,a4,86,d5,f2,ab,c5,5b,d9,d2,fc,ee,b8,ac,43,d6,07,\
e5,69,37,ae,d3,38,41,6b,4d,fa,a8,73,c0,3b,54,5c,7f,d1,59,3a,5b,1a,29,09,74,\
85,08,4b,4e,54,c1,f1,28,a0,98,7f,89,9d,7f,6c,1b,1f,8d,c7,bc,5d,ab,20,d3,f5,\
91,f0,a6,e0,31,f1,8d,57,89,f1,b3,af,69,df,82,b6,33,20,18,27,88,6a,a5,7e,c4,\
33,15,0b,c7,6a,f0,46,fb,64,7e,62,92,19,2e,25,10,90,38,f6,0a,98,82,38,2d,b9,\
c0,d6,81,6a,e0,1f,ef,84,a5,d5,01,f7,92,80,ea,bc,09,08,c6,0a,b4,83,23,cd,24,\
4c,bf,54,ad,b8,55,93,4a,c1,be,11,e7,e3,a6,ab,67,be,41,94,bc,ce,2a,ca,80,90,\
fb,54,2d,e7,1b,c8,90,bd,d8,11,7b,ed,b6,6f,bb,61,06,bf,49,77,ba,fd,c4,aa,77,\
07,1f,6e,ec,a4,97,5b,63,c4,e9,8e,95,09,c1,4d,c3,87,75,e9,02,c8,f3,e9,d6,14,\
f8,64,03,ef,84,f2,af,a0,e2,8a,38,6d,7f,eb,b2,66,9f,a5,73,99,ee,48,1a,34,aa,\
aa,74,e2,a7,dc,a1,58,97,5d,72,2a,88,8d,16,e4,ae,64,f6,56,63,63,dd,2f,6c,cb,\
5c,cd,7e,0e,6d,54,00,83,56,fe,13,5d,d0,b2,d0,de,69,d7,d0,c8,27,6a,f2,15,6e,\
4e,58,e7,23,e4,b3,c2,f6,12,dc,c1,f9,8d,4b,13,66,56,fd,14,5e,bf,0c,47,e4,10,\
b1,d0,1d,29,5b,36,04,69,fe,67,5f,ce,ae,fd,f2,5d,6c,bf,f2,c4,40,6b,bc,3e,87,\
b2,c7,b7,8f,85,d8,30,61,8f,75,66,de,03,9b,ae,0e,97,b3,24,b4,d0,c3,04,26,81,\
e2,58,5b,8e,ee,d4,46,f6,81,ea,fe,62,11,20,91,8e,15,b6,24,1c,df,41,07,25,f1,\
cc,6e,1f,b7,9d,d1,b1,0e,af,92,c5,06,62,e1,df,e7,72,dc,ae,73,26,fb,e1,6b,ca,\
ac,3c,55,5e,3a,eb,7b,90,f3,16,37,e8,8a,b5,6e,43,ba,a6,5b,82,2c,fd,8e,83,9b,\
9b,34,50,36,02,98,97,46,67,ea,5b,e7,10,09,3f,e8,fd,c2,da,0c,f8,dc,aa,84,18,\
25,13,b5,7f,46,f1,9c,82,50,db,08,09,98,a4,07,39,c5,28,9e,51,27,45,bd,d2,4a,\
27,71,e3,cc,c9,5c,f3,6b,b8,62,a0,62,1a,a6,d8,f6,f0,b5,3e,4c,98,00,cf,7d,96,\
90,c5,ec,93,f5,bb,d8,a6,80,13,2d,d3,b2,ea,95,a0,d1,f3,58,fa,11,87,e6,b4,fb,\
bf,9b,c5,7b,6c,4e,b8,bc,99,33,01,33,7a,00,91,e0,9f,4f,a8,d1,6d,44,eb,e7,cf,\
6f,b6,dc,29,f4,b3,85,8d,e9,ac,55,32,ff,9d,23,22,65,0e,2d,32,e9,9f,5c,37,60,\
e5,ca,77,49,74,81,5e,ad,3d,85,72,49,1b,15,89,f7,ef,a8,2f,3a,2a,55,52,91,21,\
ba,87,07,be,2a,a2,b1,0f,8b,c6,b7,ec,64,27,08,da,38,14,4c,2f,13,34,1a,77,62,\
10,6c,17,07,d1,50,30,ad,4b,e0,c6,59,3b,73,22,42,cd,15,74,e3,62,35,bd,4e,8f,\
9e,ec,c3,69,a8,47,81,00,b0,0d,dc,29,c5,5a,90,81,a4,e5,4a,55,ae,e7,61,b4,e8,\
79,2b,18,b8,4d,1f,28,00,50,c9,54,3c,9c,29,ae,07,ee,56,fc,e1,5a,66,0b,2f,3d,\
92,46,83,74,96,86,1e,cb,57,2c,b3,b8,c8,6d,6e,4a,0e,ee,35,5c,e2,91,2e,0e,38,\
8e,81,75,1e,c5,5f,92,e6,52,43,81,87,63,78,f3,41,46,db,de,96,80,c6,e2,73,03,\
b8,dd,51,3d,d1,7c,f8,fc,bb,92,80,48,67,18,8b,8e,a4,75,78,fd,f1,fc,d9,31,8f,\
b7,28,0f,db,63,b5,f0,db,bb,e3,01,17,fa,94,e9,aa,9b,e2,ad,98,63,10,d1,62,a1,\
c0,c0,d8,b4,66,6e,2f,cf,fc,3c,53,f9,f7,1c,7e,58,7b,f5,0a,ae,cb,dd,49,83,24,\
03,15,01,47,09,f9,b5,50,c1,98,c1,a8,80,42,4d,ab,c4,d0,d7,ac,22,d0,ca,3a,7f,\
e3,53,a2,83,62,70,b5,4b,48,49,cc,5e,4c,c4,08,e3,4d,54,df,11,f3,11,d4,e6,94,\
0e,85,1c,54,e7,eb,59,91,99,de,a5,7e,97,d7,22,0d,1a,fa,f7,13,b8,54,8e,bb,a6,\
38,61,ff,ca,a5,d1,cc,4d,a1,8b,ce,f0,fc,f3,6f,c7,85,68,1a,e3,20,11,f0,2d,19,\
da,bd,95,b8,b9,2a,6d,16,36,33,0f,2e,2a,dc,c6,37,c7,20,ec,31,d8,2b,4f,bf,4a,\
c9,d9,34,ec,1d,71,f0,73,96,1c,ed,c1,1f,68,95,67,96,0a,d7,68,80,c6,79,3f,fb,\
d1,8f,b0,24,f3,f0,ee,8c,99,aa,fb,ef,11,9e,47,cd,6b,ee,7e,f3,d5,60,5e,fa,0f,\
03,c5,12,1f,14,0f,fd,45,22,9e,5e,31,71,ba,34,74,9c,9c,a2,35,7f,c5,f1,25,54,\
94,d7,b4,1c,18,fa,85,41,23,b0,20,79,a0,09,e8,ed,26,0f,4c,9b,cc,4c,41,f9,40,\
8d,ef,b3,db,13,e6,aa,96,57,f6,25,66,6c,6c,e2,0d,17,ca,ed,bd,d4,69,ca,38,6e,\
be,ac,36,cc,db,e7,07,0e,39,a8,79,d8,b4,e4,fc,ee,d7,8e,04,02,5a,0d,af,c9,e9,\
ed,a8,54,27,d5,4b,9e,f3,b9,0a,62,ea,50,0f,2f,2d,c9,22,bd,64,b9,ce,82,03,59,\
bf,81,cb,ee,eb,6f,63,94,88,01,c8,4b,ef,6d,df,37,db,de,34,80,63,58,ca,f1,b8,\
9e,6a,fd,13,53,3a,00,ec,5f,91,c8,6d,94,0a,54,26,92,d8,db,02,e8,59,10,7a,7b,\
ed,a5,08,2c,08,0e,df,b5,86,87,d9,d4,3f,58,b1,ac,dc,58,72,68,e8,b0,2f,21,2a,\
e1,f5,02,33,09,fe,97,aa,33,61,27,d1,11,0b,a4,2f,ba,0b,f3,99,b8,92,0e,6e,07,\
83,e5,31,25,30,0b,77,69,64,b0,04,95,a7,cf,31,ae,bd,a8,90,0c,70,71,d3,ad,8f,\
49,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 03/10/2006 10:17:01.26
ComboFix.txt
ComboFix2.txt

-------------------------------

And heres the HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:20:07 AM, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Francis\My Documents\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Francis\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: CorelCENTRAL 9.lnk = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.5.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113674783718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125860509468
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://81.138.206.67/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Thread Master (ThreadMaster) - http://threadmaster.tripod.com - threadmaster@europe.com - C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe

I'll do a TrojanHunter scan immediately due to the Combofix issue.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users