[sunjunky]

Here is my HIJACK THIS:


Logfile of HijackThis v1.99.1
Scan saved at 12:26:01 PM, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Sun Junky\My Documents\Downloaded Files\HijackThis.exe
C:\Program Files\XoftSpy\XoftSpy.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [jxiza.exe] C:\WINDOWS\system32\jxiza.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{34506365-0E8B-44A7-AA94-2972568DD6FD}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0AB5989-318A-49CD-826D-C9471F57AC6A}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48E1B0B-6D84-4B2A-920D-447D20A09C58}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: obbn13t - obbn13t.dll (file missing)
O20 - Winlogon Notify: psksds - C:\WINDOWS\SYSTEM32\psksds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


MY EWIDO SCAN

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:42:12 AM 08/07/2006

+ Scan result:



[2184] VM_01020000 -> Downloader.Agent.uj : No action taken.
[2260] VM_00C20000 -> Downloader.Agent.uj : No action taken.
[2280] VM_00B00000 -> Downloader.Agent.uj : No action taken.
[2344] VM_00B20000 -> Downloader.Agent.uj : No action taken.
[2352] VM_00AB0000 -> Downloader.Agent.uj : No action taken.
[2512] VM_009F0000 -> Downloader.Agent.uj : No action taken.
[2540] VM_009E0000 -> Downloader.Agent.uj : No action taken.
[2572] VM_003F0000 -> Downloader.Agent.uj : No action taken.
[2612] VM_00DA0000 -> Downloader.Agent.uj : No action taken.
[2948] VM_00A00000 -> Downloader.Agent.uj : No action taken.
[524] VM_009E0000 -> Downloader.Agent.uj : No action taken.
[828] VM_00D60000 -> Downloader.Agent.uj : No action taken.
[856] VM_00C70000 -> Downloader.Agent.uj : No action taken.
[2692] VM_00B10000 -> Trojan.DNSChanger.ef : No action taken.

::Report end

AND AVG keeps finding the Trojan Horse CLicker, each time in a different location and then it says move to vault. And i do.. and then it pops up again 5min later.

PLEASE HELP ME.

Best regards,

Sunjunky

[sunjunky]

another note is that i have tried safe mode, avg takes 12hrs.... i have razeware as well, but its not appearing on the desktop anymore.

i know where i got this crap, and im not going back.

ive done adaware, panda scan.. and more.

this is my last resort before reformat.

[TheJoker]

Hi sunjunky, and Welcome to SWI

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.


Note: ONLY if you have connection problems - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

[sunjunky]

This is the new HIJACK THIS results.

There were no results from the fixit... but it did bring everything back that I had gone through and deleted or uninstalled. Another thing, is that now the TROJAN HORSE CLICKER.FR is access denied when trying to move it to the vault.Logfile of HijackThis v1.99.1
Scan saved at 5:29:58 PM, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Weather Watcher\ww.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Sun Junky\My Documents\Downloaded Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{1391B43A-5DBA-490F-BEBD-D991ABE1CC99}.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{1391B43A-5DBA-490F-BEBD-D991ABE1CC99}.dll (file missing)
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [leiar.exe] C:\WINDOWS\system32\leiar.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{34506365-0E8B-44A7-AA94-2972568DD6FD}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{946CB07F-E5D9-46E0-9B68-E27B85BC0E04}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0AB5989-318A-49CD-826D-C9471F57AC6A}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48E1B0B-6D84-4B2A-920D-447D20A09C58}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: obbn13t - obbn13t.dll (file missing)
O20 - Winlogon Notify: psksds - C:\WINDOWS\SYSTEM32\psksds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[sunjunky]

THIS IS THE FIXWAREOUT


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}41FC2D926B5B-1C99-2A64-A149-6C7483B1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D21C822ADE5-3159-A0D4-EECD-73FF2EAF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F7387A3CA02-3B2B-4F84-875B-D619F7DC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}26CAD64F5D06-993B-EA14-75BA-A7344B84{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ED50679F9F8B-9D8A-3AA4-DFBC-8B609755{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}98AC327D60AD-DF6A-88A4-C1E5-D1C942C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}64F155178E83-274A-E564-57F8-B01AB1F6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E35F1F80AEF5-F748-E504-AB79-1F9B948D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B7A93E282A7D-F57B-6544-C7A8-61E50E72{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4595637147FC-D23B-1424-E54B-8D7C0320{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F14D454C4CD2-DFFB-F494-3A0C-B61B5C73{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}620C4961CDDD-F3BA-BA14-A2AD-6DC483E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D9BC29769C2-0C29-C584-6952-DEFDB68B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BD964757BA5-BBCB-0C04-9559-177F5235{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A95C553750C-A238-2834-32EC-6EFD9A20{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D495756A2CF3-2CEA-FB04-3E7C-BD87FB97{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EC8DC0A8F98F-B27B-44B4-C224-EA58745F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}15F4552D869B-4EFB-2314-6C3E-52378BB1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}675DAEAF7DF5-41FA-BCE4-19EC-B311CACC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}512CCBD118E6-415A-AE74-B943-20E3F9E1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1DB8FB6BFE7A-E338-3134-35C1-5E922822{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2AD2994B7F0F-7358-15A4-8A63-C7A1B081{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5B341DA7883C-153A-04A4-1691-C7FA42C2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\gefmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}002B61F6F4F3-2FBA-23B4-5667-C3CB5A5F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}15036C02FDD6-DC8B-47E4-D935-CBB565FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5C02AD21CE86-17F9-07D4-1099-49E81124{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8781EC71B12E-48D8-61B4-CD83-3EA03499{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F9FFF7DDE6A-E4AB-96C4-FC5C-83CD977F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}620EC77C05F1-D4C8-8E64-427C-A012EBA8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}98F81CC5F080-440B-6644-BD6C-1B8D7BB0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3B517FA1D086-86D9-A904-9901-E35659DC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ADE0751C9B6A-4189-5754-3EC2-29269FA7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ABA72FEDEC08-75C9-D6F4-5CCE-FCD69F1C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5AFDE553755C-ED4B-E5B4-A829-5AB54851{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9279B86060FB-906B-08D4-16F6-E65B90DC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5FB15FFCDF6C-D858-D684-0DDE-304030E8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70F51DF2B818-A618-9904-2A80-C60602E4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1EA18941EDB7-9E49-91B4-42F2-2099D238{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}401F8730ACA1-907A-9CB4-1CBF-01DBC51C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}66C0B23DEFCD-137B-AB14-48C4-18CDB3CC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38C4DF4E79EC-4BFA-6374-93F5-A84AAD51{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4379B4638129-435B-A164-D72D-9FE2E72C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}787631A2DBC8-6739-DA74-0660-FC3FCEDE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DF59C87A5360-C239-9D84-5391-83A89D0C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}874BECC5066D-6B49-BEF4-7A5D-765A60F0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2DB7EB9CB5BC-E5F8-3E74-3EFD-BF9B540F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3EE05E73CD3A-EE7A-3884-DAB9-B751A0C3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E63E5B41B22A-034B-F164-C592-2250292B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}46A4B2018CEB-433B-7644-0AA1-9FE07AD1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D0DEC7C96EEC-DD38-1F64-829C-B37A1113{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF7812A27401-44D8-6124-FEE8-AB8E4DEF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2ED3833A847B-236A-17D4-79E0-B0F751C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BB94535B7FF7-1BAA-E894-589C-0B034D67{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}013E6C484401-97BB-F6C4-3641-D37DD6F6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C2C8716B570-9D09-4234-A25B-2E30E192{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7243ACC73A8D-1578-4174-5BED-79369BEA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C73EB87E509-5179-BCD4-CEBA-2BF491A8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}166D8C800CEC-74DA-CA64-5E6C-5F9CE933{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3B6CA08E1B78-CC7B-70E4-6478-82292B87{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F1732FE94E2A-3388-91F4-892B-F360D12A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F906EFDA36BD-E5EA-00A4-250A-61622F6A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE8BC18C7818-1599-91A4-7EAF-54DB553E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}53480B72F806-4C49-A5E4-6426-592849FD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DD22C8C45005-C178-F544-9BB3-1FD7B616{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6906AD106029-D229-8214-1F33-C6448E31{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8404D3C27C86-674B-5A44-7688-40806035{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A169BC8A23E6-38CA-E354-817F-3E2E9309{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0FDB5B74B43C-CC69-73C4-2912-BC1EF5CC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}91D10A1F8328-447B-68F4-F6C6-6A4F7FE4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C74B7D327BCD-D48B-C284-EEC9-2661C3F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4036CE1C8367-6099-D9A4-44CF-06C9FD7B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A30599EF7AAA-9D68-F6A4-DB83-6E9F8E07{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B65B17356BD4-2248-ED84-4F11-0B012C45{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5E7687E4F6C1-4649-F204-B9B4-B1C53FA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC22D2E31BA4-AB0A-2834-572A-FED5A142{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5C7F5E518698-4099-3714-AF2C-C6CE4BE4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D8FC01F24B8-0189-01D4-155F-4F27DE04{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3831D2E2CFF2-77DB-7D84-4221-ABB9756B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48C316384855-5108-4B64-42E9-35E8A9DC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE7AFC48B057-EF39-A584-0869-C01F8C3C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}17F6506184BA-BF5A-8BA4-F598-85E33B39{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E87DF6D00EEB-7349-F5B4-0DA7-6E28733E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}304EB17CC8AD-8F49-8CE4-F21C-4CBF961A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C86768BD384-996B-3764-A725-13D6FD96{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}522ECC7B8B9A-69FA-A7E4-8A32-51AFC119{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB653EE37346-024B-97F4-7B5B-CF493A32{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0A1856C018F-82FA-8624-BADB-C9D9E570{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58E707DDE723-EA2A-FFD4-3549-6A93EE28{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F008E3696F02-BE49-9A34-6A4D-EACFA93D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}19B108DCA948-652A-BE94-FA94-2EA22AE0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5E3BA61419B5-BB78-A744-2EBD-99BB2A77{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}542EBBE27076-D8DB-99D4-6530-11FEC062{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84A8F7776AC6-E8AB-F864-F529-72347874{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DF0EA7C5F4AA-B979-86C4-CC03-D9677B26{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}95AF299F22EC-FD99-A584-8545-3E5F0342{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}912236FD1F79-4E69-4584-9BC3-113F1309{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8291552AAF1E-6C88-AEB4-BE2F-11EF28BA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B7CBE9147F4-00CB-3B04-CE27-1416BAC1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F4A2A965F3D-6C6B-C6F4-8529-D89021C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E54979E77153-7CBB-D3A4-EE04-0BE3CED7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}40651A4DEFA0-D81A-6154-0CBB-D4005520{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3AE73941221C-29F8-14C4-453C-63C81037{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}420779475614-1358-8484-723D-EB9CDBE1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8CE33F3F8039-9B58-D434-62F8-19093B03{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F76E8F39453D-EF48-0F64-0512-59585393{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AAD647CD288B-0539-1364-2FEE-09A9DC2C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}344565A3E710-10C8-BE64-0BFB-A2623255{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21292CE3E77A-58AB-94F4-5869-EFF40D39{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}33925702BB04-111A-A864-C335-BD539256{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D2C68E7C0EDE-8939-4DF4-88FE-07E91398{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A689B40C0F69-763A-FA74-0AEC-D8B98A9F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB6BBEEB0E81-0E3B-E574-4F52-8943099E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0E190E30BB05-F9BA-6764-CDB6-D5EF14F5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}219682A0CD51-A768-EDF4-9CAD-83BA14E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CCD766A24948-BA5A-F484-9BF6-F2897F70{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E43D594C65AA-5418-AA04-76D4-E9F7E62C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F04EE8224E5-BE4B-9AF4-095C-5D3DD72D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}377FD1C76357-CCB8-29A4-BA8E-3C3ECE20{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EB5CFC2F0B10-43CB-1074-29ED-7EAA85CD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}285EBF3D7F7B-076A-DF54-3519-93C6FFB2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FAD58C0B936F-FFEA-93D4-877A-77494F0D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}05B3DF66EEC6-4ADB-3C74-BC05-213F6CB2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EFA93B6F800F-EA1A-36B4-6FF3-5392601B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B7BB26F47215-7C5B-C754-A803-7E54592F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}144B0838E2D0-A42B-E214-93E7-36163C5F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A38168C2F93C-A279-7FC4-4CD8-698A13FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}42190684F194-DF1A-E774-7F5B-F692EC1B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5067A0519758-F578-BD74-B929-16BA524C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F15E828EB06C-865A-AD24-A4E8-E98E71AA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C40CD8AF85A7-3BF8-F514-4064-13F01B30{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B2466D316705-D568-B194-5A67-7D9FD458{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5832C6EF013E-6548-4D34-2FB7-A1059C8D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E382722D019B-31F8-F454-883D-A71C4D5C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8524EC15B78C-2008-53E4-45DF-E27A12DD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}40ED377F98F0-31CB-F684-F8EB-229D2AFE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C6361147C391-1408-5594-A5FF-69252D49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC59E59F6147-0CFB-8FD4-95D9-711D1B38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF77BA2AA016-2379-CC24-5387-EE8B6462{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DBEBFE4B77A-FB78-C9A4-7577-77761C87{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E49588DE688B-BFEB-A1D4-2C5E-F66084DF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44A9BCA5A38D-1DB8-0A14-0503-2CEF70D2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9E52FDFCFC8E-AEF9-F564-B4F0-F3B74384{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CAF8CB575DA5-5829-6994-F4F3-F798D9C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}41ED70664E7A-8788-9AB4-F4B6-4CCC912A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}766714CCD655-942B-EBF4-CACA-193AF0D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DC770C7F2D76-1038-A854-F073-373EE2FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7FB99EEDEC50-AA5B-96D4-097D-BF1BFB79{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4024578710CF-D6FB-F7E4-EE80-2DA6F270{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AEA2EC45B4D2-53C8-7CF4-75EA-F3BAB41F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2688793F33F6-0569-9F34-8405-6F3CC575{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BDE694226BA8-0008-3844-72DD-A101D6DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A5CE719F91D7-80BA-8A84-E29D-F5D9E9F9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AF2EAFDD123C-DD98-7034-12BD-39773512{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E00900DAA5F3-EB6B-BC74-E0D1-B8D946E6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5B49BD12DBB2-40DA-61B4-348C-96E84547{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E5F0606DFAA5-505A-FEE4-A475-ECC589B1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8B6DD62F40B-60FA-A434-F6B9-EEBD6A68{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F27E5DD5DBD8-361B-0E84-0B9C-2FE94EFB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}17DD2A0E6697-5618-82D4-9192-7497E2E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}716CFD7C8B2E-1CC8-EB64-A0AB-33FA0F82{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B282AAFCF744-FD2A-D2A4-3F3B-D93F2BBA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}08F5505E0302-37C8-4284-0409-DF3D40CF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97110B71EF52-40D8-96F4-2E34-CF39C664{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EBF676A8CEE2-67EB-DA44-DD3C-9745CBBB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}69C75D307604-12FA-2F64-B6C3-4E2BD3EE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}33F8FA65334B-49D9-06C4-A734-67316CEC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE83B4E10D0A-3508-F6F4-0279-DE3E4171{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A7054E0E04AA-5F0B-5B94-9E57-4968E28A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D47A789B0B3A-F749-6534-12EB-9977C1C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}824F7C0D1D7D-AE5B-7444-E42A-F956A9E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B75EE3CDE9DC-B9EB-F444-7184-916B8B4F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}42972EAB9B12-30D8-F544-BB00-3A7A53BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D6046534CE3-921A-EC04-4BC7-AEF6AD66{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}55CDB29F3E54-956A-1BB4-788E-C4B72222{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}048DDF3DBEC6-BD99-F4F4-29E2-2C68C8D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9E853420CC84-29F9-87B4-71C8-A26BC0C7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2E7223D3145A-755A-CC14-B7FA-B5AF6967{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}024728F861B5-BD7B-61F4-8719-90716E63{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8E81174FEF56-7718-9014-14F1-BCF2818B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD95D24444E1-111B-5544-3D7C-DF4404AE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA969C98E0AB-E0DB-1274-7A0C-7C1BB081{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}34462635C071-2F9B-3704-DC91-61917A7F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F327904813D-E2CB-5104-ACFF-8AA854A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E42721A85FF0-9F18-E914-EAD8-9C17FF46{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CEE88C93C903-A809-8D54-29CE-37E43C2F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}08680272EA59-15B8-1764-46BC-5151C972{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4CC18D0B2EA2-474A-AE94-2059-24B6EB8E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}59BF8A275E0E-5F3B-46A4-A400-5D17A6A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1EC28FBB028C-8B18-DA54-8373-E608ACDE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EF7C5295025F-C9FB-E5F4-D26A-97A50198{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3151D390A758-DBB8-C324-55C5-FCAF90AB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A2707AA2F29B-22AA-C374-2CCD-C53E1F8E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D17E836CFF8C-B718-1034-4139-E95EB281{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}869E7742E441-4D4A-4844-A372-815E0424{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6F343CEDB7DE-A8AB-3024-1D1B-7D1DBBE1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}15FA431C8F67-FC49-CAA4-46A2-E0922527{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A4955C27518-1978-A594-A797-7D056E67{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EB29F7B4A99-12A8-DF54-CFBD-3FB94840{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A910B07D60CD-976B-39B4-4DEA-949C9309{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C1DA3CBA708A-B9DA-7434-443A-752D177D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}37F85858FE19-D698-F514-CCD3-30B34A82{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D5B3D07D809-2FEA-E594-F19E-8FB4CE58{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C9B9D2640D63-8EFA-B7E4-2036-F9AE0F27{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}65E1BE913C9E-8F1A-E264-4A20-0ADA682F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1DD553DD3DB3-79FB-FF04-6D12-E37723FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}14466CAC2BB3-45CB-24D4-F8FF-F60C83AE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}861A9CF34BFA-F05B-4C54-D6A4-C8652FE8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B4F6C3AEF8C6-2AFA-3924-654A-9299FBB0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE61E7AF1182-0BA9-FB84-A250-1434B71C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A04FB620C762-6418-C204-F4DF-89B0641C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FE1EAE0CE604-AFAA-3014-4E9E-F7EEA226{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EA189D2A8E30-4ACB-1FB4-A58C-1D392DE4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6084F7F8159B-DF28-6624-C564-D65D9D28{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3A5931F597AF-683B-F214-8E00-3E6E9033{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5786CBF6B023-442B-D9C4-4F54-D8279159{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A5B255DD55D2-CE7B-9654-43DC-784519A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}353BC6E2D945-63F9-F5E4-3080-06A9DD3E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}94D54B6F86C8-D54B-61B4-56FD-19B041FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}51A4BFE9497A-3F0B-8044-28E7-F4D8529D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23E24AD5DAA6-9228-ECD4-582F-DEF38240{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A91E417B4685-E0EA-F204-6104-B12E5801{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0284B432C7B4-652A-EF34-3964-793B1777{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DE3E4CDB7B0E-510A-0004-8927-A1439144{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A810AAD3F8C-E0AB-13A4-D31F-A1E5B0D0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}09EFA09FE3B2-B9A9-7B04-5DED-7A9520AC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3661B02D4C00-8E19-9084-9FFA-2F835428{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F8782D2C4AB3-F2AB-43A4-3486-D0F1EAD4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}43ECE5E10354-082B-2EE4-3389-B8BC9405{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}91AEA16E8FC2-08DB-6C94-DBE8-3EE3F71C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0B9BFFA78FD6-BAAA-A2B4-82C0-8DFFFD3D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0B63B103505D-8E89-BF24-5D0A-2DAA69BF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4134D47618B9-369B-BEF4-2950-F8B74900{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C0C66F547C8-6249-A994-964A-8075BDCF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}64F2946ECCBD-0648-C714-EEB7-43DFAD14{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}55AEB09C3325-2169-C5B4-17BE-73167474{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}325BC97FCC23-13A8-7C74-5437-90385F50{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C293D2E89221-5218-BA34-83A8-42B92CEC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7E7404C71505-336A-74F4-E771-E51D77A8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9EA6CC40EC2E-F459-DD54-B229-23346033{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45223E4FCF65-7879-3C44-A843-4462F4DF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3592A953007A-D36A-43A4-7D7F-E464BF40{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CEAEE2C2B942-86D9-CF44-F935-270DB0CF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}140E61143024-DA78-ED04-822D-776EB19A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF48689D59D9-428A-6694-F1F0-39A9D3FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67C6E11A1F2C-53DB-0854-A594-E3E95E6C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}87785CA15A59-7B49-D904-432B-ECC4F634{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ED03FA7E317C-FD1A-4C64-B20D-E1BD9960{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8F84B0077064-FCF8-A414-4365-F208939F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DFF32434A699-06F8-B224-8707-97F309A8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4376D41D319B-7BBB-13C4-CCBA-4325CB05{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3401E77F4FE6-E8A8-2194-1B32-64015699{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}251DE79AF03E-0B89-1974-A0BD-207B6F56{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}945630ADE4A1-DEAA-0D54-F452-BC34D939{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21501AB6DED3-02BA-2AF4-F0CB-F20DFFB3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3732DD6F654B-2548-4644-B388-C61C518E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3DBE7CC0AC18-6D78-FE44-4C94-8F172330{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A293A80D0933-5408-9BB4-9E67-71CC92EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58567DCE7299-0E5A-FC54-FF50-C4AA0048{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D7090E7B294D-157B-C994-6BCF-D5287C57{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6084C105B416-D8D8-2EF4-8C94-B32797BD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3BCA3A3AEA39-A4D9-1AD4-80CB-217511F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1B45309FE2E1-FECB-E294-81F8-F1C7C5F9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3575883863F5-CDAA-BC24-9E27-1DE1D287{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}167E455AC518-D589-8034-426F-8CFF6AF7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}983CC7EE3EEC-ED5B-8F24-BD75-22F4D5B9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}459CE5729F76-01EA-C404-B0AB-4791AA7D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2482DCE95DD0-A118-1F24-24DD-0CBADC97{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F3C71B5FA60C-26E8-70C4-1DAB-8CE91DA9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}872E953AB961-B1A8-ABB4-66A0-8AF41D8B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D43A980E8BB6-91E8-44D4-374A-C98AF7BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}41A05F2D11C4-7B1A-6A14-9E79-4F0BB205{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}86418CA6716F-8A3B-2DB4-7287-B4014E40{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}99666C5E6091-B619-6A44-C8F8-5D5B44FD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2FF2967268EA-9C49-3AE4-6FC7-9552D306{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB45D3B9362D-B4DB-69B4-6E7F-77A0C2E7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}425F732E68A1-CCF9-2184-ABA6-6D6B9A87{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}251F536C53BF-F06B-5FB4-CB43-21325205{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}10505D35B83F-2A48-7EB4-8D18-E557F0B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF495D817CD3-7CB8-8004-B026-47C4F845{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}99FE418D074A-62DA-D874-92D3-83E88184{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}92BCF822DA22-AD28-E9F4-E7CF-CA3D7E40{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE6BF497855B-9E3B-BE24-4CC1-D2B16AEE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4893AFBE1002-759B-09B4-210E-B43373A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EA91D10E189F-2389-80E4-4733-56FE62E0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}076CF52A542B-D348-CED4-0B8F-2DD43B23{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6C5396A8D435-F978-F3F4-DC80-77A15E69{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6279251403D6-64E9-05F4-EBFF-F0E5A0F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38D72F120117-937B-7FE4-A5FC-154F3C2F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5FC9840ABD0B-3088-5F84-8A8C-62F57802{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D32F6149DF4-5F89-9754-3C36-D4C979B8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F405AD0DB41D-C398-2574-D9A3-6AAA7146{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F59945980BD4-4D88-2764-2765-91F9BCC0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A085CEA1C5DB-66AB-9A04-635F-E0735FFE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}301682FE070D-4B4B-56B4-8ED2-7E39EE75{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F28773666816-3C99-1C94-8DC7-BECC48FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CD1A03929141-E529-2A14-02B6-22BB684D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AAE56EB61635-FFFB-89B4-C6FD-C9FE3F61{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A99EE579DEA-2A1B-1984-841D-7E46DACB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B40B103A6E27-DFFB-66C4-B88E-27AC7305{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C44E78A658F-3D88-3864-8F3D-EEE29D5C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5CE493AC6731-50EB-7284-5175-5B43F671{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}02AA095DDE5A-7BA8-05C4-C63D-A4E549B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E50ADB9D9701-663A-CC94-9FD0-EBBD155A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}430B2D13CCCD-84EA-35C4-E553-79FAFB5E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}542F9E78458B-8F3B-DA54-4719-6BC16A78{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}32F05A93A3E4-9ED9-31D4-C5A9-BED926AB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}82D6D52EFDBF-732B-3444-3589-05E62A19{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E93D8FB7BB67-5249-B334-AF03-456BCB13{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C81EA67ED8E2-26F9-4554-E199-7FDF43C0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6B1BAF40B5B7-DC3B-D664-B6DB-64738181{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35F346DC0077-FE3A-E714-B25D-8A349308{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A7AF7A2D18D-0B8A-C5F4-4F6C-6C911ED6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}11AE1ABA1DEA-66D9-FA04-4449-99E369F6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0E452379D759-703A-1C44-8A74-D81BAD2E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}861C36307DBF-75D8-1A04-F488-803E99D8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3B624DD301AE-D2D8-9424-E812-5031D6CF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E780C913AEB5-AF1B-C084-3403-AD3C3591{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB9D31160C9E-D87B-CAE4-B06D-77E3E089{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7C1EA4D894C8-C77A-F704-29B1-2807D782{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4EB994BC43FC-7A2B-4054-275E-B6935D53{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}235DD4C153C4-7998-6134-2A06-10861A4B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3DAAB7B76246-6EBB-3054-F6C2-B8EC84D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B453CC309FBB-6219-4DD4-68A3-53D895D6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6A04FD4825E6-81B8-FE64-6A4B-E39F4591{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}59684A19F92E-74E9-1764-01CD-FF701D0F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA8A98EE4B51-A56B-2E84-B57B-73568411{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BB30AF234D06-FD88-B754-5FCF-19C87D87{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4FFC8F2C781-F549-B504-4C40-F250DAF8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CFB172A27E3E-9B9A-18A4-460C-E0038EFC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B787B12FB7E-59CA-A0B4-E79B-24A7328F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}05EFF4ADD8B5-2C89-BFE4-88B0-53B7FBC2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}37C57F3C609D-E95A-10D4-722E-285B9E20{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F9390AD10DB5-2429-06C4-203D-4241B063{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D6217DFEC1AF-233B-A604-5C03-F7C568B1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}976E1B9895A9-204A-C0B4-2E0F-BF53CE54{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B7763B08A41-D1BB-3024-890D-11F21F35{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}197BB1A6A139-059B-5D84-202F-D40C11AF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AF856CA965EC-7BD9-7B94-846D-9A84CCA7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}011DEDA267FF-E94B-2C84-4846-C4CE480E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F4DA24B2159A-CD49-49F4-F240-95C45DB3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}55B04DC347F5-9A5B-8EA4-78FC-96E585BB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC9F951BF549-7CF8-F2D4-70AF-4D8171B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C6710ACA4C33-E928-2614-EFD9-99E98C17{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CE19A91D5B89-1D89-D784-7B54-5762A550{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}78B981A4FDDB-87FA-1724-8FD9-959C5D19{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E967255AA0C2-E05A-4C14-D25A-6A516745{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FCBDFFB80B26-FB08-DE24-9A9F-CA1DD24E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}57292AC68999-1C88-2E44-2C41-74D5A2A6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58AE621D95E2-9FE9-7154-64BB-D0735B2E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C5C8E5A922FE-9CFB-FC64-E6FB-F1AD55D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B8B5EF059388-324A-0CC4-E68B-E05D984C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AF4D6F509DE3-CBC9-ACF4-ED2B-F1F35992{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DAEF45F5F3D-F44A-AE64-5867-91D3B0E1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}73471BDBDD17-A13A-26C4-D582-F2A409F4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}990CEB2AA2A9-8DE9-3C94-6612-CC06D69D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01E8A9D62E0E-ABAB-ECE4-169A-B66ED4BD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5B30D4B79F96-CC6A-9054-D126-78325BE4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmfeg.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

[TheJoker]

Quote

There were no results from the fixit... but it did bring everything back that I had gone through and deleted or uninstalled. Another thing, is that now the TROJAN HORSE CLICKER.FR is access denied when trying to move it to the vault.

The fix doesn't bring anything back, it's to remove the Wareout infection that you have.

Your account shows as "Validating", which means you have never replied to the validation email after registering as a user here. You must do that before your account is fully activated (I don't believe you will be able to reply to any topic other than one you've started).

Run Ewido

• From the main ewido screen, click on update, then click the Start update button.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
  
• Exit Ewido. DO NOT scan yet.

Now reboot to Safe Mode - Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Run a complete system scan with ewido.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

• Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
  
• If you have any infections you will prompted, then select "Apply all actions"
  
• Next select the "Reports" icon at the top.
  
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  
• Close ewido

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{1391B43A-5DBA-490F-BEBD-D991ABE1CC99}.dll (file missing)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{1391B43A-5DBA-490F-BEBD-D991ABE1CC99}.dll (file missing)
O4 - HKLM\..\Run: [leiar.exe] C:\WINDOWS\system32\leiar.exe
O20 - Winlogon Notify: obbn13t - obbn13t.dll (file missing)
O20 - Winlogon Notify: psksds - C:\WINDOWS\SYSTEM32\psksds.dll

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Using Windows Explorer, locate the following files and delete them (if still there):

C:\WINDOWS\system32\leiar.exe
C:\WINDOWS\system32\obbn13t.dll

Restart your system.

Please locate Fixwareout.exe on your desktop and run it again.
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please save the text that will open (report.txt) in a convenient location.

Note: ONLY if you have connection problems - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

In internet explorer, please run the BitDefender online scan at BitDefender.com
You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Please attach the bdscan.html file to your next post. You will have to Zip it to attach it.
The reason for attaching it is the file isn't in plain text, it will be in html.
To attach a file, you need to be viewing the full version of the site.
While viewing the main page of the site, or when viewing this topic (but not in a reply window), scroll to the bottom of the page.
If you see:
Lo-Fi Version, then you are already viewing the "full version"
If you see:
"This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.", then you are in "lo-fi" and you need to click where it says "click here" to switch to "full version"
In a Reply window, the option to attach a file is just below the box where you type in your reply:



If you can't attach the file, go to http://savefile.com and you can upload the zipped log file there. There is no need to register, just click the "UPLOAD MY FILE" button. After you upload the file, please post the link to the file in your topic. That way, anyone on the board can see the log almost as easily as if it were posted here.

Please post a new HijackThis log, the log from ewido, the text from running FixWareout (reports.txt), and attach the zipped log from BitDefender (or upload it at savefile.com if you were unable to attach it).

This post has been edited by TheJoker: 09 July 2006 - 02:48 PM

[sunjunky]

I do have a couple questions also. . . When any anti-virus or spyware removal software requests that you QUARANTINE the object. Is it better to do so and leave on your system, or will it be better to delete. They always have so much capacity for the files.
Thank you for all of your help.

Best Regards,


Sun Junky

------------------------------------------------------------------------------------------------------------
"I always knew I was unwanted when my bath toys were a radio and toaster."
------------------------------------------------------------------------------------------------------------


File uploaded and reachable from the following url:
http://www.savefile.com/files/9533730

EWIDO SCAN REPORT July 14 2006

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:05:57 PM 13/07/2006
+ Scan result: \
C:\WINDOWS\system32\{0633EAE6-74E1-44BA-A967-2C7FDA55DD92}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{14B67EB0-4DB7-443B-A871-48363136524D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{14C70EB3-43EE-476F-8298-0E9CD038D41F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{15CE9E65-E59D-4DD7-B89B-2F041A946F20}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{16B357AB-B660-4F17-AEA7-92157A3BE3C6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1CF671AD-3252-479C-A5E6-3D700FE3D0EA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2D1580B2-F55A-499E-8675-2400EBD9536D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2E328CF7-BF8C-4CA4-9137-972B6566DCDC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{31000111-9D61-41FC-A58F-39E686ECFA74}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{39C9D228-46B2-49C8-9057-751AA44385C0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3C8C536A-015F-49F1-ADEB-F1C161E5B4A0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4AB94AA6-CCC7-4865-8DB4-3D9444958C6B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{58749DCE-A24E-4C7C-B660-EA0DDCD2CC6F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{68BE94E1-1426-43FE-AF08-8313C9DEC159}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6F8A7312-6EFA-45A5-BB36-D3D919C9B7A4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{75D4BB75-25C2-4AA0-8D2C-3239636DAB27}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{77487BD3-C0FC-4187-9749-F4BA18E22384}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7A0BD6A1-BBFE-4BA4-842D-D076557172EE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7EFCF11D-4214-4123-AAC2-F36F3D3A9A2E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7F6BD499-D796-49E5-A69C-656777A43AAE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{871D0EDA-C7CD-43DC-A831-C7AA43AB9A3B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8F6A5D98-5B60-4604-9CE5-FC677A4E5406}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{921CB0E2-ECE5-419F-B1B2-B85F9DECA89F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9625A9DB-F558-4501-9BE2-DB2A355060F1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A475E9DE-695E-470C-A13B-79802BFB63C5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A5490650-356F-4C49-99FA-D63530034B0F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AE93DADB-CD9A-4C2F-A5DC-6D986AC333CD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B2956A58-0697-46FB-95BD-4C892BCC23D6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BFF79799-B33D-4969-A3A0-DB14C48A6F70}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BFFF9322-130E-4AEA-99C0-5CE7332239CA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C9639AE6-9EE5-40EB-9424-6E45CEE97A74}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D0F752B0-0049-42E4-A2A9-1243C0192C38}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D3C59C6D-F2F0-4FC1-9C0D-C6BFFFD08F67}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D5EC86B3-4421-4D3F-BBE5-CCBDF8A6CA03}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DDA4A1D2-CCC2-4AEC-BEDA-C1373710EA07}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E04E62AA-662C-49B4-8E16-BE9B4494B5E2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E061D45C-1356-40FC-B4F4-466071C2BC12}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E7D0BD55-7FE8-4B2B-A520-9700DC4AB2DD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F405A762-F69A-47DF-9DB6-4508E7A72970}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F7896725-2A2A-4FEB-B176-2DFFCB96ED29}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FA8C3282-CF25-4BA9-9127-A17CD1808076}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FDAB6A8E-2634-4F33-9F77-075158034738}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FDB4D6B9-9338-4924-99AB-C6A54511D116}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1196355B-8E47-4ECA-AAAC-A491DF116543}.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.html -> Not-A-Virus.Hoax.Win32.Aflac.a : Ignored.
C:\WINDOWS\system32\{6463F82C-1ACF-4622-9779-72E5D22AEC34}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3949C960-EB61-4DD7-93D0-F0C48CC4B3D1}.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).
::Report end


IJACK THIS REPORT July 14 2006

Logfile of HijackThis v1.99.1
Scan saved at 10:40:23 PM, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Sun Junky\My Documents\Downloaded Files\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{34506365-0E8B-44A7-AA94-2972568DD6FD}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{946CB07F-E5D9-46E0-9B68-E27B85BC0E04}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0AB5989-318A-49CD-826D-C9471F57AC6A}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48E1B0B-6D84-4B2A-920D-447D20A09C58}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

FIXWAREOUT REPORT July 14 2006

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE1EE04C50EB-6A1A-DEA4-AADE-1B0827AA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1D3B4CC84C0F-0D39-7DD4-16BE-069C9493{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D7FC078E4001-A4E8-B0D4-BE00-F02F38EF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}345611FD194A-CAAA-ACE4-74E8-B5536911{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}43CEA22D5E27-9779-2264-FCA1-C28F3646{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}148DC74C0251-BBB8-8524-0E80-38CB5495{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0208139B0304-FE5A-FA44-F814-5051B817{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D17A8A425689-2C18-6CA4-BAED-E8350A6A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6582FE0C34B2-9669-DAC4-080D-0AD89CE5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D4ECF05FD98-5F79-EEF4-CB00-1B2F07A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}712EAC055E6B-14AA-0EC4-091B-DBF8AFFE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A98CD994138D-82D9-C7F4-D60F-0D83B1A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}98A15F3F5415-A018-C4B4-A582-E1DE7920{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7C610E6E268F-6CAA-B6E4-A655-F54D6A35{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}96C32E4B47F2-A30B-3E74-BE4F-B34EDB3A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}51C2D7558CE9-2328-14B4-693C-73E05F1D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}033D9D87DD3D-EFCB-3D34-0EB1-88EA9921{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CD40E19D1111-24A9-E9A4-42C3-4904E1C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}93B3A4F5A62E-BA6A-B9B4-E5EE-F708D839{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E88B71CAF514-0F59-EAA4-D6D4-4EBC75EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E1CEC49C743D-7B1A-F6D4-45F7-8D2103FC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}56F9C98D8A46-C44B-2914-A896-57C18AFC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B7C6C2C2582E-258B-24F4-A309-A8E1D399{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}239A0BA06C48-14DA-8AE4-0995-7B37A0A5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E0FC6908E7A0-7FFB-8944-C2E1-1316F7D9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A3FB735C7F52-7378-8044-8662-2FBD6472{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}317162C4D4E9-C6E9-DCB4-9413-7A1860D6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C683B415B4E-23A8-1D14-8ADA-EC0AB050{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}75F0D54DC974-CA49-A654-F061-731430D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF96E3DF4C25-F90A-D0C4-D879-183BBE96{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FBF158E184EB-0E49-F074-4DC7-4D14E6D3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D1392A46200C-8188-D9C4-1055-DCB84C09{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D540618C0D0-2948-6A74-D704-7F4C5A00{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38ADEC2F4836-D3EB-8024-D8BF-C5048936{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B9D7A6A96DC-298A-58D4-1557-F3226DC0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}081ECCB0711D-2179-5BD4-B305-6B683A9C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7388C2CB5197-C3AB-72D4-7DCD-B2CB30B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}610694D9D695-640A-0884-4DFE-1B9485BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C50CFFF3043A-55F8-2084-38AA-9E9E0475{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D44D4248E1F-06AB-FBE4-CBCB-879F47B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}39DC5E68C82E-EDBA-2EE4-077F-8DF76A07{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}78868EB04C8C-9A79-C2B4-FAE1-726943C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4943E4E60823-B8CA-A9C4-5E68-BE555DEF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FDE03E0040A-DAC9-DBA4-95B7-338C406B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A6FA9A2E97CF-075A-DB14-58B4-38734ED2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FCEE3CFC7790-6829-2824-6E99-552D1F08{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC6248BEA233-CEA9-24E4-1F68-873FDB40{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D7B569CE40C-561A-6774-2B0A-680975B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DDA06BC83CA-1E1A-1FC4-19FA-06725422{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F051AEABCA9-93D8-FEC4-80D0-A730F3C0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7FF145F93DF8-EFA8-ACF4-34DC-56439C74{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}860725A81468-F539-FA84-88B4-E6CD89B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}56D1ADB521FC-495A-27A4-0B14-B70E0893{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6EFD2C1096FA-C1C8-0194-F0E2-19EDBE13{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B540F131F4BD-89E8-5274-2435-BA277873{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BF3C00FB515-2EF8-CA24-CD1D-E7D46A68{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}744D0BB885EF-0968-3B14-6757-7D95EABE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EC8DA9781B7-D7CB-4D14-1E6B-A288B086{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F3DB7421CB7A-F20B-01C4-4AF9-EC40AC59{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E49993AE5178-C04A-1B44-B2B0-E9DFBDC8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F8DC5231FB3-D50A-5BD4-2AE8-FA857918{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C1B37F0DFD25-3E6B-4694-CCF8-F1821461{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5BC008B571ED-139A-1F84-BE97-72C92C0E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B06BAC9FF9F-27BA-2A94-0BEA-EFE4EFE7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}47923466BC4B-8B3B-B794-420F-BBC9D859{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}95D5FF83A44A-701B-A714-DCFD-54525AFB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB6DD0E25E6E-A40A-2F94-61AC-B1D1A3E7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8FA188DF470-9098-0EE4-CD67-99708766{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}855DCDF89247-98A8-B5C4-7501-74DDC99D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6687D0CA01BD-17E8-5F74-5F73-387D6D57{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F6665BCAEB24-ECFA-D624-5A99-774C5066{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA6C7E935A48-9608-8A84-0E0F-D42ED797{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C946CBB6C260-3B5B-35E4-2296-BC9ECEFF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58DDD0B09245-3F28-8A14-A5D2-54336A35{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}854D7F30FB5D-43AA-2C14-8542-5E7D7747{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C845CD01FAC7-82E8-C2F4-7311-B097CCC3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C86D6E0F6D5F-C638-F1B4-2412-19D5780D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C2299205448-CE2A-F4C4-3313-FCC54DA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C5FBB497E43-8C4B-8F94-4F41-67ECC9BE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1EEB2B5351F1-D70B-1824-011C-A88A1E43{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}562E0D3A45E8-346B-71F4-9F8E-4CFA2633{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}49F13EEF42A2-AE4A-0994-CD0E-DB9F0567{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5045BFD0AE68-A818-1094-FE32-68AB61B3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8EBDB29683C2-B469-0684-245A-6782FE7E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6AE59C9B8943-32AA-85C4-0379-169736B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1654490AC84E-3809-A694-E960-B2D9B00E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F64BC53F9822-FF4A-B9D4-E1FE-2D59622A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1D90E687C2D1-B43A-1074-1E5B-5E367D3E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7252C1B9A667-DD89-5864-3603-8462F85C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE4AA021D4B1-50F9-59D4-D8F4-90D05EF2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A4191F73D526-735A-0E44-AE40-184A2B8D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}14FCCE4D3F2E-F3AA-B224-CDB9-D377D120{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CA4BC8E4AD6E-F89B-CA54-A49F-1010E0B3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8E6E9E854C4F-9F4B-5BE4-7501-91072487{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3482F11C81F6-3EFB-C604-CE3A-3A40E29E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}41A3E7F394F4-1A08-2764-1B12-8ADB89C0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23E68BF872FE-47D9-2864-1D0C-2991E9FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2370FA92EB3D-054B-7524-2434-596A7495{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}595777C0F515-DB48-C104-5CC2-99BB0426{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}80EFE488B20A-2BE8-7DF4-95C8-B9BFEFFF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84A282C7317B-6E2A-F3E4-3AEC-68CE18D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}574179BFBBA1-9CA8-3474-FF6C-E089AE26{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8686F2A02588-A6A8-5584-14D3-869FE613{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A4CBAA61568-3878-CF94-8C4D-14E6CF5E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F1062206CC82-8279-5124-A0D1-BDD9A904{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD5D54099056-5F89-4584-571B-8D7974CD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F2146669544C-63F9-71D4-A9D9-F12D6A8E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FA477FD22341-D969-4524-532A-46CB8206{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1AB7C60F7DB4-C8AB-7694-5F55-986D60AE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}49FB359CEC8C-3828-9F94-2669-D2928854{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}452288E6E30B-F53A-8804-87F8-208C39FA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3DAD7601751E-86EA-B3A4-98D6-F2D86F46{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\kavmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E3316A2EE982-CDB8-83F4-77CE-6225F8D0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}00B57022C182-8529-6124-8C94-1EAA3D2C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A6C9AB635F1-9438-7524-0774-C2FDD846{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B2209B911F6-5B29-1EC4-F39D-355D4FE0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D563A661072A-60C8-8724-D0FE-B962461D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C23C962F494F-C748-AE34-6079-E3619D37{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8C980FB5A3D8-7F29-4094-DC80-F5E7B157{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8FC6469AD5A7-E33B-5384-963F-9A7E7838{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EAA34A777656-C96A-5E94-697D-994DB6F7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3ED82D15C280-5058-0F14-6376-1587A395{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}02F649A140F2-B98B-7DD4-D95E-56E9EC51{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D7D96DB30A6B-EECA-A1A4-315F-FE7CDB4B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DD1F2135382B-008B-4594-65BB-FFD56F8A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83C2910C3421-9A2A-4E24-9400-0B257F0D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}33D731B46223-196A-2BA4-13A8-B8B6298B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D7D2A9E7DAED-EE0B-3594-704E-1B1D03EB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}06954AFF046E-7779-0974-98AE-31C3BBA4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F71E50EB5457-CB58-8374-B560-9300EA69{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48F1D57899F9-733B-0584-5B81-6D44DAFB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48322E81AB4F-9479-7814-CF0C-3DB78477{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}07F6A84C41BD-0A3A-9694-D33B-99797FFB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F0A9CB6FAF9F-1778-2EC4-1975-E5B37E1A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}92DE69BCFFD2-671B-BEF4-A2A2-5276987F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}837430851570-77F9-33F4-4362-E8A6BADF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}47A79EEC54E6-4249-BE04-5EE9-6EA9369C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F060553A2BD-2EB9-1054-855F-BD9A5269{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DC333CA689D6-CD5A-F2C4-A9DC-BDAD39EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70AE0173731C-ADEB-CEA4-2CCC-2D1A4ADD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE0D3EF007D3-6E5A-C974-2523-DA176FC1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}47AFCE686E93-F85A-CF14-16D9-11100013{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B70ABCCA70CC-1378-0F14-34BD-AFD2B156{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35E798EFEC70-D549-9C64-6E8F-FFCECBB6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A43783711B01-59BB-20F4-E2BE-9C35CC80{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E7B7E7C0AE72-855B-9344-C516-0CA878E1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B6C8594449D3-4BD8-5684-7CCC-6AA49BA4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6708081DC71A-7219-9AB4-52FC-2823C8AF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6045E4A776CF-5EC9-4064-06B5-89D5A6F8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D32CCB298C4-DB59-BF64-7960-85A6592B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}72BAD6369323-C2D8-0AA4-2C52-57BB4D57{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE271755670D-D248-4AB4-EFBB-1A6DB0A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F14D830DC9E0-8928-F674-EE34-3BE07C41{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2E5B4944B9EB-61E8-4B94-C266-AA26E40E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F0B43003536D-AF99-94C4-F653-0560945A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}29DD55ADF7C2-769A-AB44-1E47-6EAE3360{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6C3EB3A75129-7AEA-71F4-066B-BA753B61{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D42563136384-178A-B344-7BD4-0BE76B41{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CDCD6656B279-7319-4AC4-C8FB-7FC823E2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}30AC6A8FDBCC-5EBB-F3D4-1244-3B68CE5D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E2A9A3D3F63F-2CAA-3214-4124-D11FCFE7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AC9322337EC5-0C99-AEA4-E031-2239FFFB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21CB2C170664-4F4B-CF04-6531-C54D160E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D6359DBE0042-5768-E994-A55F-2B0851D2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}57E70DB47DC8-E4DB-EB24-268E-3BD45320{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}07927A7E8054-6BD9-FD74-A96F-267A504F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5C36BFB20897-B31A-C074-E596-ED9E574A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DD2BA4CD0079-025A-B2B4-8EF7-55DB0D7E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F6CC2DCDD0AE-066B-C7C4-E42A-ECD94785{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CF1D56EC5E9-0498-7EB4-2692-6BB716F9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}014F172A95B5-1498-A224-A157-1DF7CF32{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}76F80DFFFB6C-D0C9-1CF4-0F2F-D6C95C3D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C58344AA157-7509-8C94-2B64-822D9C93{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F98ACED9F58B-2B1B-F914-5ECE-2E0BC129{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A4B5E161C1F-BEDA-1F94-F510-A635C8C3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}611D11545A6C-BA99-4294-8339-9B6D4BDF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}951CED9C3138-80FA-EF34-6241-1E49EB86{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B33255873879-C16B-BBC4-53E8-8787E4E1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C89BAFCA598D-A2F9-DC64-6A28-5A3A4CFF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4A7B9C919D3D-63BB-5A54-AFE6-2137A8F6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B3A9BA34AA7C-138A-CD34-DC7C-ADE0D178{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmvak.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSFUH.EXE
* csr.exe C:\WINDOWS\System32\CSPVE.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSFUH.EXE 51,229 2006-07-08
C:\WINDOWS\SYSTEM32\CSPVE.EXE 51,202 2006-07-05
Other suspects
Directory of C:\WINDOWS\system32
{871D0EDA-C7CD-43DC-A831-C7AA43AB9A3B}.exe
{6F8A7312-6EFA-45A5-BB36-D3D919C9B7A4}.exe
{68BE94E1-1426-43FE-AF08-8313C9DEC159}.exe
{FDB4D6B9-9338-4924-99AB-C6A54511D116}.exe
{3C8C536A-015F-49F1-ADEB-F1C161E5B4A0}.exe
{921CB0E2-ECE5-419F-B1B2-B85F9DECA89F}.exe
{39C9D228-46B2-49C8-9057-751AA44385C0}.exe
{D3C59C6D-F2F0-4FC1-9C0D-C6BFFFD08F67}.exe
{58749DCE-A24E-4C7C-B660-EA0DDCD2CC6F}.exe
{E7D0BD55-7FE8-4B2B-A520-9700DC4AB2DD}.exe
{A475E9DE-695E-470C-A13B-79802BFB63C5}.exe
{F405A762-F69A-47DF-9DB6-4508E7A72970}.exe
{2D1580B2-F55A-499E-8675-2400EBD9536D}.exe
{E061D45C-1356-40FC-B4F4-466071C2BC12}.exe
{BFFF9322-130E-4AEA-99C0-5CE7332239CA}.exe
{7EFCF11D-4214-4123-AAC2-F36F3D3A9A2E}.exe
{D5EC86B3-4421-4D3F-BBE5-CCBDF8A6CA03}.exe
{2E328CF7-BF8C-4CA4-9137-972B6566DCDC}.exe
{14B67EB0-4DB7-443B-A871-48363136524D}.exe
{16B357AB-B660-4F17-AEA7-92157A3BE3C6}.exe
{0633EAE6-74E1-44BA-A967-2C7FDA55DD92}.exe
{A5490650-356F-4C49-99FA-D63530034B0F}.exe
{E04E62AA-662C-49B4-8E16-BE9B4494B5E2}.exe
{14C70EB3-43EE-476F-8298-0E9CD038D41F}.exe
{7A0BD6A1-BBFE-4BA4-842D-D076557172EE}.exe
{75D4BB75-25C2-4AA0-8D2C-3239636DAB27}.exe
{B2956A58-0697-46FB-95BD-4C892BCC23D6}.exe
{8F6A5D98-5B60-4604-9CE5-FC677A4E5406}.exe
{FA8C3282-CF25-4BA9-9127-A17CD1808076}.exe
{4AB94AA6-CCC7-4865-8DB4-3D9444958C6B}.exe
{31000111-9D61-41FC-A58F-39E686ECFA74}.exe
{1CF671AD-3252-479C-A5E6-3D700FE3D0EA}.exe
{DDA4A1D2-CCC2-4AEC-BEDA-C1373710EA07}.exe
{AE93DADB-CD9A-4C2F-A5DC-6D986AC333CD}.exe
{9625A9DB-F558-4501-9BE2-DB2A355060F1}.exe
{C9639AE6-9EE5-40EB-9424-6E45CEE97A74}.exe
{FDAB6A8E-2634-4F33-9F77-075158034738}.exe
{F7896725-2A2A-4FEB-B176-2DFFCB96ED29}.exe
{BFF79799-B33D-4969-A3A0-DB14C48A6F70}.exe
{77487BD3-C0FC-4187-9749-F4BA18E22384}.exe
{233C3572-6643-4C45-8B8D-342888A6F7A4}.exe
{D0F752B0-0049-42E4-A2A9-1243C0192C38}.exe
{15CE9E65-E59D-4DD7-B89B-2F041A946F20}.exe
{7F6BD499-D796-49E5-A69C-656777A43AAE}.exe
{5945BC83-08E0-4258-8BBB-1520C47CD841}.exe
{6463F82C-1ACF-4622-9779-72E5D22AEC34}.exe
{1196355B-8E47-4ECA-AAAC-A491DF116543}.exe
{3949C960-EB61-4DD7-93D0-F0C48CC4B3D1}.exe
{6C249C1D-5E1C-4A88-A6FD-DA06D723CA89}.exe
{19472574-CC18-49E3-A9DB-CB6BE8437BB7}.exe
{8CC9C404-28F3-4465-8A8E-85B483B07034}.exe

[TheJoker]

You are better off quarantining the file. If the scanner were to delete a file that shouldn't have been deleted, it can be recovered. The files ewido puts in Quarantine are encrypted and safe.

I see a new entry that indicates you may be running in "Selective Startup" mode of MSCONFIG. Please re-run MSCONFIG, select "Normal Mode" then click "OK". You will be prompted to reboot. Instead, select "Exit Without Restart".

Run Ewido

• From the main ewido screen, click on update, then click the Start update button.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
  
• Exit Ewido. DO NOT scan yet.

Now reboot to Safe Mode - Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Run a complete system scan with ewido.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

• Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
  
• If you have any infections you will prompted, then select "Apply all actions"
  
• Next select the "Reports" icon at the top.
  
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  
• Close ewido

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{34506365-0E8B-44A7-AA94-2972568DD6FD}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{946CB07F-E5D9-46E0-9B68-E27B85BC0E04}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0AB5989-318A-49CD-826D-C9471F57AC6A}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48E1B0B-6D84-4B2A-920D-447D20A09C58}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\..\{2F13FCF4-D2AC-45D0-9B35-36DAF3A9F5F2}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Locate Fixwareout.exe on your Desktop and run it again.
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please the text that will open (report.txt) and a new Hijackthis log.

Note: ONLY if you have connection problems - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Please go to VirusTotal and submit the following file for a scan and post the results in your next reply:
C:\WINDOWS\System32\CSFUH.EXE
C:\WINDOWS\System32\CSPVE.EXE

In internet explorer, please run the BitDefender online scan at BitDefender.com
You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Please attach the bdscan.html file to your next post. You will have to Zip it to attach it.
The reason for attaching it is the file isn't in plain text, it will be in html.
To attach a file, you need to be viewing the full version of the site.
While viewing the main page of the site, or when viewing this topic (but not in a reply window), scroll to the bottom of the page.
If you see:
Lo-Fi Version, then you are already viewing the "full version"
If you see:
"This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.", then you are in "lo-fi" and you need to click where it says "click here" to switch to "full version"
In a Reply window, the option to attach a file is just below the box where you type in your reply:



If you can't attach the file, go to http://savefile.com and you can upload the zipped log file there. There is no need to register, just click the "UPLOAD MY FILE" button. After you upload the file, please post the link to the file in your topic. That way, anyone on the board can see the log almost as easily as if it were posted here.

Please post a new HijackThis log (be certain you run it from Normal mode, NOT in Safe mode), the log from ewido, the log from FixWareout (report.txt), the results from scanning the two files at VirusTotal, and attach the zipped log from BitDefender (or if you can't attach the file, uplod it at savefile.com). After posting, please check the topic to be certain nothing was cut off. If it was, post the remainder in a second reply.

[TheJoker]

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.