Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected by Bagle.LY

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected by Bagle.LY

Unread postby ashanta » February 26th, 2008, 7:36 pm

Thank you ! This time HJT is working ... Good news ! :)

Here you are the log file:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:34:09, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [InvisibleBrowsing] F:\Program Files\Invisible Browsing\InvisibleBrowsing.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.thevalkyrie.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B173306B-D16E-4116-9769-88407345F628}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Windows\
O23 - Service: IBService - Unknown owner - F:\Program Files\Invisible Browsing\servers\IBService.exe

--
End of file - 5310 bytes
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm
Advertisement
Register to Remove

Re: Infected by Bagle.LY

Unread postby ashanta » February 26th, 2008, 8:29 pm

Here you are gmerautos.txt


GMER 1.0.14.14116 - http://www.gmer.net
Autostart scan 2008-02-27 01:22:22
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\Windows\system32\userinit.exe, = C:\Windows\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AeLookupSvc@ = %systemroot%\system32\svchost.exe -k netsvcs
AudioEndpointBuilder@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Audiosrv@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
BFE@ = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
BITS@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BthServ@ = %SystemRoot%\system32\svchost.exe -k bthsvcs
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k NetworkService
CscService@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
DcomLaunch@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
DPS@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
EMDMgmt@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Eventlog@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
EventSystem@ = %SystemRoot%\system32\svchost.exe -k LocalService
FDResPub@ = %SystemRoot%\system32\svchost.exe -k LocalService
gpsvc@ = %systemroot%\system32\svchost.exe -k netsvcs
IBService@ = F:\Program Files\Invisible Browsing\servers\IBService.exe
IKEEXT@ = %systemroot%\system32\svchost.exe -k netsvcs
iphlpsvc@ = %SystemRoot%\System32\svchost.exe -k NetSvcs
KtmRm@ = %SystemRoot%\System32\svchost.exe -k NetworkService
LanmanServer@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LanmanWorkstation@ = %SystemRoot%\System32\svchost.exe -k LocalService
lmhosts@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
MMCSS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
MpsSvc@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
netprofm@ = %SystemRoot%\System32\svchost.exe -k LocalService
NlaSvc@ = %SystemRoot%\System32\svchost.exe -k NetworkService
nsi@ = %systemroot%\system32\svchost.exe -k LocalService
PcaSvc@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
PlugPlay@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
PolicyAgent@ = %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
ProfSvc@ = %systemroot%\system32\svchost.exe -k netsvcs
RpcSs@ = %SystemRoot%\system32\svchost.exe -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %systemroot%\system32\svchost.exe -k netsvcs
seclogon@ = %windir%\system32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
slsvc@ = %SystemRoot%\system32\SLsvc.exe
Spooler@ = %SystemRoot%\System32\spoolsv.exe
SysMain@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
TabletInputService@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
TermService@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
upnphost@ = %SystemRoot%\system32\svchost.exe -k LocalService
UxSms@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
W32Time@ = %SystemRoot%\system32\svchost.exe -k LocalService
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
WerSvc@ = %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
Wlansvc@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
WPDBusEnum@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Windows Defender%ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/ = %ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@IgfxTrayC:\Windows\system32\igfxtray.exe = C:\Windows\system32\igfxtray.exe
@HotKeysCmdsC:\Windows\system32\hkcmd.exe = C:\Windows\system32\hkcmd.exe
@PersistenceC:\Windows\system32\igfxpers.exe = C:\Windows\system32\igfxpers.exe
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
@InvisibleBrowsingF:\Program Files\Invisible Browsing\InvisibleBrowsing.exe = F:\Program Files\Invisible Browsing\InvisibleBrowsing.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WebCheck = C:\Windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler@{8C7461EF-2B13-11d2-BE35-3078302C2030} = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\Windows\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/%CommonProgramFiles%\System\Ole DB\oledb32.dll /*file not found*/ = %CommonProgramFiles%\System\Ole DB\oledb32.dll /*file not found*/
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{E7DE9B1A-7533-4556-9484-B26FB486475E} /**/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\system32\mmcshext.dll = %SystemRoot%\system32\mmcshext.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/%SystemRoot%\System32\netshell.dll = %SystemRoot%\System32\netshell.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/%SystemRoot%\System32\netshell.dll = %SystemRoot%\System32\netshell.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} /*MSHTML Document*/C:\Windows\system32\mshtml.dll = C:\Windows\system32\mshtml.dll
@{25336920-03f9-11cf-8fd0-00aa00686f13} /*HTML Document*/C:\Windows\system32\mshtml.dll = C:\Windows\system32\mshtml.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Mail Service*/%SystemRoot%\System32\sendmail.dll = %SystemRoot%\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Desktop Shortcut*/%SystemRoot%\System32\sendmail.dll = %SystemRoot%\System32\sendmail.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%systemroot%\system32\dsuiext.dll = %systemroot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%systemroot%\system32\dsuiext.dll = %systemroot%\system32\dsuiext.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/%systemroot%\system32\printui.dll = %systemroot%\system32\printui.dll
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /*Windows Update*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{7b81be6a-ce2b-4676-a29e-eb907a5126c5} /*Programs and Features*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{15eae92e-f17a-4431-9f28-805e482dafd4} /*Install New Programs*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd} /*Installed Updates*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{ceefea1b-3e29-4ef1-b34c-fec79c4f70af} /*New Shortcut Wizard*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0BFCF7B7-E7B6-433a-B205-2904FCF040DD} /*New Shortcut Wizard Modal*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyFolder Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{44f3dab6-4392-4186-bb7b-6282ccb7a9f6} /*MyDocuments menu and properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0} /*Start Menu OEM Command*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3080F90D-D7AD-11D9-BD98-0000947B0257} /*Show Desktop*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3080F90E-D7AD-11D9-BD98-0000947B0257} /*Window Switcher*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{eb124705-128b-40d4-8dd8-d93ed12589a4} /*WPL property store*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3c2654c6-7372-4f6b-b310-55d6128f49d2} /*Alphabetical Categorizer*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{708e1662-b832-42a8-bbe1-0a77121e3908} /*Tree property value folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{71f96385-ddd6-48d3-a0c1-ae06e8b055fb} /*Explorer Browser*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{b2952b16-0e07-4e5a-b993-58c52cb94cae} /*Search Folders*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{437ff9c0-a07f-4fa0-af80-84b6c6440a16} /*Command Folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{90f8c90b-04e0-4e92-a186-e6e9c125d664} /*Property Labels*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{b155bdf8-02f0-451e-9a26-ae317cfd7779} /*nethood delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{DFFACDC5-679F-4156-8947-C5C76BC0B67F} /*users files delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{ed50fc29-b964-48a9-afb3-15ebb9b97f36} /*printhood delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{328B0346-7EAF-4BBE-A479-7CB88A095F5B} /*Layout Folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{4336a54d-038b-4685-ab02-99bb52d3fb8b} /*Public Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{00021401-0000-0000-C000-000000000046} /*Shortcut*/shell32.dll = shell32.dll
@{C73F6F30-97A0-4AD1-A08F-540D4E9BC7B9} /*Search Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0AFCCBA6-BF90-4A4E-8482-0AC960981F5B} /*.fon, .otf, .ttc or .ttf files*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{66742402-F9B9-11D1-A202-0000F81FEDEE} /*.cpl, .dll, .exe, .ocx, .rll or .sys files*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{D34A6CA6-62C2-4C34-8A7C-14709C1AD938} /*Common Places Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{865e5e76-ad83-4dca-a109-50dc2113ce9a} /*Programs Folder and Fast Items*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{21ec2020-3aea-1069-a2dd-08002b30309d} /*Control Panel*/shell32.dll = shell32.dll
@{25585dc7-4da0-438d-ad04-e42c8d2d64b9} /*Client application shell extension*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3} /*Microsoft Windows RTF Preview Handler*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{1531d583-8375-4d3f-b5fb-d23bbd169f22} /*Window TXT Preview Handler*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\Windows\system32\occache.dll = C:\Windows\system32\occache.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{056440FD-8568-48e7-A632-72157243B55B} /*Explorer Navigation Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980} /*Explorer Travel Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F} /*Explorer Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{a542e116-8088-4146-a352-b0d06e7f6af6} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{596742A5-1393-4e13-8765-AE1DF71ACAFB} /*Microsoft Breadcrumb Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} /*Search Control*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{4d5c8c2a-d075-11d0-b416-00c04fb90376} /*Microsoft CommBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/%ProgramFiles%\Windows Mail\wabfind.dll /*file not found*/ = %ProgramFiles%\Windows Mail\wabfind.dll /*file not found*/
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/%SystemRoot%\system32\cryptext.dll = %SystemRoot%\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/%SystemRoot%\system32\cryptext.dll = %SystemRoot%\system32\cryptext.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/%SystemRoot%\system32\remotepg.dll = %SystemRoot%\system32\remotepg.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{D555645E-D4F8-4c29-A827-D93C859C4F2A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\Windows\system32\wshext.dll = C:\Windows\system32\wshext.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{8E908FC9-BECC-40f6-915B-F4CA0E70D03D} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/%SystemRoot%\MSAgent\agentpsh.dll = %SystemRoot%\MSAgent\agentpsh.dll
@{025A5937-A6BE-4686-A844-36FE4BEC8B6D} /*Microsoft Power Options*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{BB06C0E4-D293-4f75-8A90-CB05B6477EEE} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{ED834ED6-4B5A-4bfe-8F11-A626DCB6A921} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{17cd9488-1228-4b2f-88ce-4298e93e0966} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{60632754-c523-4b62-b45c-4172da012619} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9C60DE1E-E5FC-40f4-A487-460851A8D915} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Microsoft Windows Font Folder*/%SystemRoot%\system32\fontext.dll = %SystemRoot%\system32\fontext.dll
@{2BC0DA0E-F1BC-43AB-B4B5-738EB6B51E7E} /*Microsoft Windows Font File Icon Handler*/fontext.dll = fontext.dll
@{1a184871-359e-4f67-aad9-5b9905d62232} /*Microsoft Windows Font File Context Menu Handler*/fontext.dll = fontext.dll
@{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01} /*Microsoft Windows Font Previewer*/fontext.dll = fontext.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/%SystemRoot%\system32\msieftp.dll = %SystemRoot%\system32\msieftp.dll
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} /*Compressed (zipped) Folder Context Menu*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{ed9d80b9-d157-457b-9192-0e7280313bf0} /*Compressed (zipped) Folder Drop Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell.DfsShell Property Sheet*/DfsShlEx.dll = DfsShlEx.dll
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E95A4861-D57A-4be1-AD0F-35267E261739} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*DropTarget Object for Photo Printing Wizard*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\audiodev.dll = %SystemRoot%\system32\audiodev.dll
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{4E77131D-3629-431c-9818-C5679DC83E81} /*Offline Files Icon Overlay Handler*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{335a31dd-f04b-4d76-a925-d6b47cf360df} /**/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{7D4734E6-047E-41e2-AEAA-E763B4739DC4} /*Windows Media Player Play as Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} /*Offline Files Context Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{7EFA68C6-086B-43e1-A2D2-55A113531240} /*Offline Files Property Sheet Extension*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{58E3C745-D971-4081-9034-86E34B30836A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{78F3955E-3B90-4184-BD14-5397C15F1EFC} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{7dda204b-2097-47c9-8323-c40bb840ae44} /*XPS document*/(null) =
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{8A734961-C4AA-4741-AC1E-791ACEBF5B39} /*Windows Media Player Shop Music Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/F:\WinRAR\rarext.dll = F:\WinRAR\rarext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\shell32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Offline Files@{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{596AB062-B4D2-4215-9F74-E9109B0A8153} = %SystemRoot%\system32\twext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Offline Files@{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} = %SystemRoot%\System32\cscui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.yahoo.fr/

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
deflate@CLSID = C:\Windows\system32\urlmon.dll
gzip@CLSID = C:\Windows\system32\urlmon.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\Windows\system32\mshtml.dll
cdl@CLSID = C:\Windows\system32\urlmon.dll
dvd@CLSID = C:\Windows\System32\msvidctl.dll
file@CLSID = C:\Windows\system32\urlmon.dll
ftp@CLSID = C:\Windows\system32\urlmon.dll
http@CLSID = C:\Windows\system32\urlmon.dll
https@CLSID = C:\Windows\system32\urlmon.dll
its@CLSID = %SystemRoot%\System32\itss.dll
javascript@CLSID = C:\Windows\system32\mshtml.dll
local@CLSID = C:\Windows\system32\urlmon.dll
mailto@CLSID = C:\Windows\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\Windows\system32\urlmon.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
res@CLSID = C:\Windows\system32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\Windows\System32\msvidctl.dll
vbscript@CLSID = C:\Windows\system32\mshtml.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B173306B-D16E-4116-9769-88407345F628} /*Connexion au réseau local*/ >>>
@IPAddress192.168.1.20 = 192.168.1.20
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000003@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000004@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000005@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000006@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000007@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

---- EOF - GMER 1.0.14 ----


Here you are the gmerrk.txt:

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-27 01:21:47
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwQueryLicenseValue + D41 81846239 1 Byte [ 06 ]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxIndirectW 7676F1B3 5 Bytes JMP 72241676 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxParamW 7677129F 5 Bytes JMP 7221F2C1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \Driver\BTHUSB \Device\00000068 bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000068 bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006a bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006a bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fca39a
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641fca39a
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentVersion 6.0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentBuildNumber 6000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@ProductName Windows Vista (TM) Business
Reg HKLM\SOFTWARE\Classes\CLSID\{4B074789-ACC0-9CDF-16B8-6DCFE3F6FC40}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{4B074789-ACC0-9CDF-16B8-6DCFE3F6FC40}\InProcServer32@oakppfhojpjinaodnkcpebjpflinme 0x6B 0x61 0x6A 0x65 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4B074789-ACC0-9CDF-16B8-6DCFE3F6FC40}\InProcServer32@nakpfginaacoioekefgiegamnndm 0x6A 0x61 0x61 0x66 ...
Reg HKLM\SOFTWARE\Classes\Drives\Shellex
Reg HKLM\SOFTWARE\Classes\Drives\Shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\Drives\Shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension
Reg HKLM\SOFTWARE\Classes\Drives\Shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension@ {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B074789-ACC0-9CDF-16B8-6DCFE3F6FC40}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B074789-ACC0-9CDF-16B8-6DCFE3F6FC40}@aa 0x6A 0x61 0x6C 0x65 ...

---- EOF - GMER 1.0.14 ----

Also, I'd like to add that Windows Defender has an error when launching: error 0X800106a.

Waiting for the next steps to disinfect Bagle


random/random wrote:Let's try a rootkit scanner:

  • Download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Right click on gmer.exe and click Run as administrator to run GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm

Re: Infected by Bagle.LY

Unread postby random/random » February 27th, 2008, 4:56 pm

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Infected by Bagle.LY

Unread postby ashanta » February 27th, 2008, 8:36 pm

Malwarebytes' Anti-Malware 1.05
Version de la base de données: 418

Type de recherche: Examen complet (C:\|D:\|F:\|)
Eléments examinés: 90658
Temps écoulé: 15 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 214

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58718.exe.vir (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\86315.exe.vir (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Users\Windows\AppData\Local\Temp\a2archive\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Users\Windows\AppData\Local\Temp\a2archive\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14577841.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14602894.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\46925.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\49202.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\67423.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\68515.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\73694.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\73975.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\77844.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\100620.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\101088.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\102055.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\102804.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\103553.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\103569.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\104333.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\104739.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\104957.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\105924.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\107032.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\108373.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\109777.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\110729.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\110932.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\111088.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\111322.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\111415.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\111993.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\112383.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\113880.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\114083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\114255.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\114333.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\114457.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\114535.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\115674.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\116392.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\117624.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\117733.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\118560.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\119153.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\122008.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\122039.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\124083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\124363.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\125175.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\126158.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\126501.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\127359.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\127842.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\129262.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\129590.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\129621.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\129792.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\130245.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\130947.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\131072.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\133724.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\135190.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\136890.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\139574.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\140276.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\142335.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\142881.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\142928.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\143442.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\145143.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14559807.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14580243.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14581897.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14604236.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14607840.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14609774.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14611864.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14616108.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14623798.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\146250.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14627012.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14628853.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14630101.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14630896.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14642035.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14642612.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14644328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14644437.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14644796.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14645030.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14646918.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14648181.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14674592.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14676402.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14697774.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14700317.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14705122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14709693.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14711221.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14711674.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14723577.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14725261.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14752874.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14759566.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\149667.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\150384.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\150650.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\151320.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\151383.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\152366.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\154019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\154737.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\156110.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\156562.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\157046.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\157373.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\157420.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\157826.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\158325.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\158996.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\159807.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\160197.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\161133.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\161804.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\161819.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\162085.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\163691.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\164144.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\164300.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\164581.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\165329.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\166733.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\167279.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\167545.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\169058.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\169791.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\173691.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\175251.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\177685.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\178886.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\179447.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\181039.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\183831.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\184564.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\186031.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\188870.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\190680.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\193768.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\195204.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\195297.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\196093.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\197091.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\197278.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\197918.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\198027.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\199525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\200601.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\203191.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\204969.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\209556.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\212270.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\212754.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\213190.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\217231.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\218182.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\220538.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\223689.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\232815.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\237995.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\38157.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\40107.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43290.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\46020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\46176.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\50840.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\52447.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\54428.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\57392.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\61682.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\62993.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\64522.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\65364.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\65411.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\66674.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\67688.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\71292.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\71526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\73148.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\74818.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\75707.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\75988.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\76393.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\78203.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\79092.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\79451.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\80402.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\80777.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\82165.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\82196.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\84802.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\85036.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\88124.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\89014.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\89669.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\91307.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\95535.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\95613.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\96159.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\96471.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\97266.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\98857.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\99138.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\99232.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm

Re: Infected by Bagle.LY

Unread postby ashanta » February 27th, 2008, 9:10 pm

Windows Defender can't launch with the same previous error.
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm

Re: Infected by Bagle.LY

Unread postby random/random » February 29th, 2008, 3:32 pm

I'm not sure what's causing your windows defender error, so I've asked some other experts to take a look. However, I don't believe that it is related to any active malware.

Now that Bagle has been removed, you need to reinstall your antivirus.

Also:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Infected by Bagle.LY

Unread postby ashanta » February 29th, 2008, 7:36 pm

I'll update my Java, then.

Also, I'd like to have some good security suggestions about software which are necessary to prevent from virus, malware, worm, rootkit,...

I'm also looking for a good firewall.

Thanks for your time and your help. :flower:
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm

Re: Infected by Bagle.LY

Unread postby random/random » March 1st, 2008, 12:08 pm

It seems that this error is cause by the windows defender service being disabled.

To fix it, please do the following:

  • Open a new notepad window (Start>All Programs>Accessories>Notepad)
  • Copy & paste the contents of the following codebox into the notepad window
    Code: Select all
    sc config WinDefend start= auto
  • Click File > Save as
  • In the box labelled File name copy and paste cleanup.bat
  • Change Save as type to All Files
  • Save it to your desktop
  • Close the notepad window
  • Right click on cleanup.bat and click Run as administrator
  • If windows tells you that it needs your permission to continue, click Continue
  • A DOS window will come up briefly and then disappear, this is normal

Windows defender should be fine after you restart

The firewall in Vista is generally sufficient, but if you want a more advance firewall, I suggest comodo: http://www.personalfirewall.comodo.com/

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.


You can delete autoruns, AVZ and GMER
Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  1. Follow the instructions here for Windows Vista to disable and then reenable system restore in order to clear old restore points:
    http://www.pchell.com/virus/systemrestore.shtml
    Note: only do this once, and not on a regular basis
  2. Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Two good paid for antivirus programs are NOD32 and Bitdefender
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  3. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  4. Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  5. Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  6. Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  7. Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  8. Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  9. Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  10. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Infected by Bagle.LY

Unread postby ashanta » March 2nd, 2008, 9:07 am

I did all what you mentionned in your last reply.

I've installed on computer WInPatrol, NOD Antivirus, Unhackme, RogueRemover Pro, Spybot SD, MRU Blaster and Outpost Pro Firewall.

Today, I had an alert from NOD with the file Hldrrr.exe ? It was Bagle again. I cleaned with NOD.

All the security programs works well.

DO I have to check something to avoid the come back of Bagle ?
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm

Re: Infected by Bagle.LY

Unread postby random/random » March 2nd, 2008, 10:03 am

Run a full scan with NOD and delete everything it finds
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Infected by Bagle.LY

Unread postby ashanta » March 2nd, 2008, 1:04 pm

I'd like to notice that the hdlrrr.exe does not appear. It has been cleaned by Eset NOD

The first scan was infected with a zip file.



This is the second scan:

All seems to be ok



Scan performed at: 2/03/2008 17:14:55
Date: 2.3.2008 Time: 17:15:00
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:; D:; F:
C:\pagefile.sys - error opening (File locked) [4]
C:\Boot\BCD - error opening (File locked) [4]
C:\Boot\BCD.LOG - error opening (File locked) [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening (File locked) [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening (File locked) [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening (File locked) [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening (File locked) [4]
C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
C:\System Volume Information\OP_CACHE.ATR - error opening (Access denied) [4]
C:\System Volume Information\OP_CACHE.IDX - error opening (Access denied) [4]
C:\System Volume Information\{2719178a-e84f-11dc-a68d-001641fca39a}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening (Access denied) [4]
C:\System Volume Information\{27191796-e84f-11dc-a68d-001641fca39a}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening (Access denied) [4]
C:\System Volume Information\{271917ac-e84f-11dc-a68d-001641fca39a}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening (Access denied) [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening (Access denied) [4]
C:\System Volume Information\{4e2617e6-e854-11dc-9014-001641fca39a}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening (Access denied) [4]
C:\System Volume Information\{c68bd97f-e852-11dc-bfce-001641fca39a}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening (Access denied) [4]
C:\System Volume Information\{f42054f8-e849-11dc-b7e9-001641fca39a}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening (Access denied) [4]
C:\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening (File locked) [4]
C:\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening (File locked) [4]
C:\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening (File locked) [4]
C:\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening (File locked) [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening (File locked) [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening (File locked) [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening (File locked) [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening (File locked) [4]
C:\Users\Flore\ntuser.dat - error opening (File locked) [4]
C:\Users\Flore\ntuser.dat.LOG1 - error opening (File locked) [4]
C:\Users\Flore\ntuser.dat.LOG2 - error opening (File locked) [4]
C:\Users\Flore\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Users\Flore\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening (File locked) [4]
C:\Users\Flore\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening (File locked) [4]
C:\Users\Flore\AppData\Local\Microsoft\Windows Defender\FileTracker\{A4793E48-6594-42AB-BC50-E4CAD8DD54A2} - error opening (File locked) [4]
C:\Users\Windows\ntuser.dat - error opening (File locked) [4]
C:\Users\Windows\ntuser.dat.LOG1 - error opening (File locked) [4]
C:\Users\Windows\ntuser.dat.LOG2 - error opening (File locked) [4]
C:\Users\Windows\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Users\Windows\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening (File locked) [4]
C:\Users\Windows\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening (File locked) [4]
C:\Windows\bthservsdp.dat - error opening (Access denied) [4]
C:\Windows\SE6F4780C.tmp - error opening (File locked) [4]
C:\Windows\CSC\v2.0.6\pq - error opening (Access denied) [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat - error opening (File locked) [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - error opening (File locked) [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - error opening (File locked) [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening (File locked) [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening (File locked) [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - error opening (File locked) [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - error opening (File locked) [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - error opening (File locked) [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening (File locked) [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening (File locked) [4]
C:\Windows\System32\catroot2\edb.log - error opening (File locked) [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening (File locked) [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening (File locked) [4]
C:\Windows\System32\config\components - error opening (File locked) [4]
C:\Windows\System32\config\COMPONENTS.LOG1 - error opening (File locked) [4]
C:\Windows\System32\config\COMPONENTS.LOG2 - error opening (File locked) [4]
C:\Windows\System32\config\default - error opening (File locked) [4]
C:\Windows\System32\config\DEFAULT.LOG1 - error opening (File locked) [4]
C:\Windows\System32\config\DEFAULT.LOG2 - error opening (File locked) [4]
C:\Windows\System32\config\sam - error opening (File locked) [4]
C:\Windows\System32\config\SAM.LOG1 - error opening (File locked) [4]
C:\Windows\System32\config\SAM.LOG2 - error opening (File locked) [4]
C:\Windows\System32\config\security - error opening (File locked) [4]
C:\Windows\System32\config\SECURITY.LOG1 - error opening (File locked) [4]
C:\Windows\System32\config\SECURITY.LOG2 - error opening (File locked) [4]
C:\Windows\System32\config\software - error opening (File locked) [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - error opening (File locked) [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - error opening (File locked) [4]
C:\Windows\System32\config\system - error opening (File locked) [4]
C:\Windows\System32\config\SYSTEM.LOG1 - error opening (File locked) [4]
C:\Windows\System32\config\SYSTEM.LOG2 - error opening (File locked) [4]
C:\Windows\System32\config\RegBack\COMPONENTS - error opening (File locked) [4]
C:\Windows\System32\config\RegBack\DEFAULT - error opening (File locked) [4]
C:\Windows\System32\config\RegBack\SAM - error opening (File locked) [4]
C:\Windows\System32\config\RegBack\SECURITY - error opening (File locked) [4]
C:\Windows\System32\config\RegBack\SOFTWARE - error opening (File locked) [4]
C:\Windows\System32\config\RegBack\SYSTEM - error opening (File locked) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl - error opening (Access denied) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl - error opening (Access denied) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl - error opening (Access denied) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl - error opening (Access denied) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl - error opening (Access denied) [4]
D:\Musique\The Celestine Prophecy\The.Celestine.Prophecy.LIMITED.DVDRip.XviD-DMT_-_01.rar »RAR »dmt-celestine.rar »RAR »dmt-celestine.avi - next archive volume not found
D:\System Volume Information\OP_CACHE.ATR - error opening (Access denied) [4]
D:\System Volume Information\OP_CACHE.IDX - error opening (Access denied) [4]
F:\System Volume Information\OP_CACHE.ATR - error opening (Access denied) [4]
F:\System Volume Information\OP_CACHE.IDX - error opening (Access denied) [4]
Number of scanned files: 241075
Number of threats found: 0
Time of completion: 17:46:34 Total scanning time: 1894 sec (00:31:34)

Notes:
[4] File cannot be opened. It may be in use by another application or operating system.
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm

Re: Infected by Bagle.LY

Unread postby random/random » March 2nd, 2008, 5:59 pm

That looks fine to me.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Infected by Bagle.LY

Unread postby ashanta » March 2nd, 2008, 6:31 pm

I think that with all the programs I've installed I'm safe now. ;)

A big, big thanks for your help ! :D :D

You are excellent.

I'd like to learn more about using such program like Gmer and HJT.

I have a friend that have a big problem with her computer, I'd like to help her.
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm

Re: Infected by Bagle.LY

Unread postby random/random » March 3rd, 2008, 3:13 pm

If you want to learn more, I suggest that you join the university

http://www.malwareremoval.com/university.php

The best way you can help your friend is likely to be to get her to post a log on this forum for help
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Infected by Bagle.LY

Unread postby ashanta » March 7th, 2008, 11:55 am

Thanks a lot :)

I'm very interrestied in, but I don't have enugh time to help others people at this moment.

If you have more urls to learn, I'll appreciate it :king: :bounce:

I can study at my own level, thanks.
ashanta
Regular Member
 
Posts: 24
Joined: February 22nd, 2008, 1:59 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 161 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware