Smitfraud-c et al - been 3 days...HELP PLEASE?

Shaba · Dec 5, 2006

Hi

Go to start -> run -> regedit -> ok

Go to this key

HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion

and remove "TaskManager"-key if present. Did it help?

podinbristol · Dec 7, 2006

Thanks

:sad: No key there. Still nothing when I do Alt/Ctrl/Del.

Shaba · Dec 7, 2006

Hi

Please do a search:
"Run "Start">"Search">"All Files and Folders"> enter taskmgr.exe in "All or part of file name". Select "More advanced options". Check-mark "Search System Folders", "Search hidden files and folders", and "Search subfolders". Click "Search".

Tell me whether or not you find taskmgr.exe.

podinbristol · Dec 8, 2006

it was found in two places:
c:\windows\system32 &
C:\windows/system32\dllcache

Shaba · Dec 8, 2006

Hi

Submit c:\windows\system32\taskmgr.exe to VirusTotal and send results here.

podinbristol · Dec 8, 2006

VirusTotal report

\system32:

Complete scanning result of "taskmgr.exe", received in VirusTotal at 12.08.2006, 19:13:41 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.49 12.08.2006 no virus found
Authentium 4.93.8 12.07.2006 no virus found
Avast 4.7.892.0 12.08.2006 no virus found
AVG 386 12.08.2006 no virus found
BitDefender 7.2 12.08.2006 no virus found
CAT-QuickHeal 8.00 12.08.2006 no virus found
ClamAV devel-20060426 12.08.2006 no virus found
DrWeb 4.33 12.08.2006 no virus found
eSafe 7.0.14.0 12.07.2006 no virus found
eTrust-InoculateIT 23.73.80 12.08.2006 no virus found
eTrust-Vet 30.3.3238 12.08.2006 no virus found
Ewido 4.0 12.08.2006 no virus found
Fortinet 2.82.0.0 12.08.2006 no virus found
F-Prot 3.16f 12.07.2006 no virus found
F-Prot4 4.2.1.29 12.07.2006 no virus found
Ikarus T3.1.0.26 12.07.2006 no virus found
Kaspersky 4.0.2.24 12.08.2006 no virus found
McAfee 4914 12.08.2006 no virus found
Microsoft 1.1804 12.08.2006 no virus found
NOD32v2 1911 12.08.2006 no virus found
Norman 5.80.02 12.08.2006 no virus found
Panda 9.0.0.4 12.08.2006 no virus found
Prevx1 V2 12.08.2006 no virus found
Sophos 4.12.0 12.08.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.130 12.06.2006 no virus found
UNA 1.83 12.08.2006 no virus found
VBA32 3.11.1 12.08.2006 no virus found
VirusBuster 4.3.15:9 12.08.2006 no virus found

Aditional Information
File size: 135680 bytes
MD5: fc160ace21c81837692b339d230dd4be
SHA1: 28e0652d35fcd1e5abd1aa23bb5ee2b180a6693b

and \system32\dllcache:

same result.

Strange eh? :sad:

Shaba · Dec 8, 2006

Hi

Yes, a bit strange

Problem could just be a wrong registry key value somewhere, but let's check this first:

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

podinbristol · Dec 8, 2006

Results:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-08 19:15:59
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT 841C5978 ZwAlertResumeThread
SSDT 8455EE58 ZwAlertThread
SSDT 84079A50 ZwAllocateVirtualMemory
SSDT 8420FF58 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 841212A0 ZwCreateMutant
SSDT 841182E8 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 83F4F118 ZwFreeVirtualMemory
SSDT 841D2060 ZwImpersonateAnonymousToken
SSDT 83F22118 ZwImpersonateThread
SSDT 840CB618 ZwMapViewOfSection
SSDT 83EB5308 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 83F55118 ZwOpenProcessToken
SSDT 83EE5118 ZwOpenThreadToken
SSDT 83ED8008 ZwResumeThread
SSDT 83F00118 ZwSetContextThread
SSDT 841F2ED8 ZwSetInformationProcess
SSDT 83F1B118 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 84074298 ZwSuspendProcess
SSDT 83F17118 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 83F19118 ZwTerminateThread
SSDT 83EC0118 ZwUnmapViewOfSection
SSDT 841D27A0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2B64 80503764 8 Bytes [ 78, 59, 1C, 84, 58, EE, 55, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D1C 8050391C 8 Bytes [ AC, 88, CC, F7, 18, 51, F5, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EC4 80503AC4 8 Bytes [ D8, 2E, 1F, 84, 18, B1, F1, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80503B28 8 Bytes [ 98, 42, 07, 84, 18, 71, F1, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F38 80503B38 8 Bytes [ 12, 88, CC, F7, 18, 91, F1, ... ]
.text ntdll.dll!NtClose 7C90D586 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 7C90D793 5 Bytes JMP 72033FC8

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Compaq_Owner\Desktop\avgas-setup-7.5.0.50.exe:SummaryInformation
ADS C:\Documents and Settings\Compaq_Owner\Desktop\avgas-setup-7.5.0.50.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\Compaq_Owner\Desktop\eTrust Antivirus Web Scanner.url:favicon
ADS C:\Documents and Settings\Compaq_Owner\Desktop\Panda ActiveScan :favicon
ADS C:\Documents and Settings\Compaq_Owner\Favorites\Electric Proms Paul Weller - AV Forums.url:favicon
ADS C:\Documents and Settings\Compaq_Owner\Favorites\HotUKDeals - Main Page.url:favicon
ADS C:\Documents and Settings\Compaq_Owner\Favorites\MySpace.com.url:favicon
ADS C:\Documents and Settings\Compaq_Owner\Favorites\Smitfraud-c et al - been 3 days...HELP PLEASE - Safer Networking Forums.url:favicon
ADS C:\Documents and Settings\Compaq_Owner\Favorites\Understanding and Using Firewalls.url:favicon
ADS C:\Documents and Settings\Compaq_Owner\Favorites\VIRUSTOTAL - Free Online Virus and Malware Scan.url:favicon
ADS C:\Documents and Settings\Compaq_Owner\Favorites\VoucherCodes.com - Free voucher codes, discount codes, coupons & promotional codes.url:favicon
ADS ...

---- EOF - GMER 1.0.12 ----

Shaba · Dec 8, 2006

Hi

I must do some further research now and maybe also ask for help; I'll reply ASAP I have something new to report

Shaba · Dec 9, 2006

Hi

Open Process Explorer

In Process Explorer go Options->uncheck Replace Task Manager

Did it help?

podinbristol · Dec 9, 2006

Missä on ...?

I cannot find Process Explorer! I tried search for process*.* but did not find it, and still nothing happens at Alt/Ctrl/Del, can you advise?

podinbristol · Dec 9, 2006

Mmmm?

Perhaps it is simply that process explorer replaced taskmanager, process explorer is now deleted and now I have nothing?
Not that I know..... : )

Shaba · Dec 10, 2006

Hi

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*) on Desktop

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

Doubleclick fix.reg, press Yes and ok.

Reboot

Does Task Manager work now?

podinbristol · Dec 10, 2006

Oh where oh where has my task manager gone!!

:sad: Followed instructions and rebooted - but still nothing.......over to you

Shaba · Dec 10, 2006

Are you sure that you had all this text on your reg file?

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

podinbristol · Dec 10, 2006

Yep!

I just checked the file again (edit) and it definitely has all the text (I cut and pasted it). Sorry :sad:

Shaba · Dec 11, 2006

Hi

Go to start -> run -> regedit -> ok

Browse to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Right-click that key and choose Export. Save it as txt file and copy/paste contents of that file into this thread, please

podinbristol · Dec 11, 2006

Pasted in 3 parts, as very long....

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Class Name: <NO CLASS>
Last Write Time: 26/11/2006 - 13:40

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 14 02 00 00 10 02 00 00 - 00 02 00 00 90 04 34 00 ..............4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 00 00 07 00 ....½.ïþ........
00000040 0b 00 00 00 00 00 07 00 - 0b 00 00 00 3f 00 00 00 ............?...
00000050 02 00 00 00 04 00 01 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - 44 00 00 00 01 00 56 00 ........D.....V.
00000070 61 00 72 00 46 00 69 00 - 6c 00 65 00 49 00 6e 00 a.r.F.i.l.e.I.n.
00000080 66 00 6f 00 00 00 00 00 - 24 00 04 00 00 00 54 00 f.o.....$.....T.
00000090 72 00 61 00 6e 00 73 00 - 6c 00 61 00 74 00 69 00 r.a.n.s.l.a.t.i.
000000a0 6f 00 6e 00 00 00 00 00 - 09 04 e4 04 f0 03 00 00 o.n..... .ä.ð...
000000b0 01 00 53 00 74 00 72 00 - 69 00 6e 00 67 00 46 00 ..S.t.r.i.n.g.F.
000000c0 69 00 6c 00 65 00 49 00 - 6e 00 66 00 6f 00 00 00 i.l.e.I.n.f.o...
000000d0 cc 03 00 00 01 00 30 00 - 34 00 30 00 39 00 30 00 Ì.....0.4.0.9.0.
000000e0 34 00 45 00 34 00 00 00 - 4a 00 19 00 01 00 43 00 4.E.4...J.....C.
000000f0 6f 00 6d 00 6d 00 65 00 - 6e 00 74 00 73 00 00 00 o.m.m.e.n.t.s...
00000100 43 00 72 00 79 00 73 00 - 74 00 61 00 6c 00 20 00 C.r.y.s.t.a.l. .
00000110 53 00 51 00 4c 00 20 00 - 44 00 65 00 73 00 69 00 S.Q.L. .D.e.s.i.
00000120 67 00 6e 00 65 00 72 00 - 20 00 37 00 2e 00 30 00 g.n.e.r. .7...0.
00000130 00 00 00 00 88 00 34 00 - 01 00 43 00 6f 00 6d 00 ......4...C.o.m.
00000140 70 00 61 00 6e 00 79 00 - 4e 00 61 00 6d 00 65 00 p.a.n.y.N.a.m.e.
00000150 00 00 00 00 53 00 65 00 - 61 00 67 00 61 00 74 00 ....S.e.a.g.a.t.
00000160 65 00 20 00 53 00 6f 00 - 66 00 74 00 77 00 61 00 e. .S.o.f.t.w.a.
00000170 72 00 65 00 20 00 49 00 - 6e 00 66 00 6f 00 72 00 r.e. .I.n.f.o.r.
00000180 6d 00 61 00 74 00 69 00 - 6f 00 6e 00 20 00 4d 00 m.a.t.i.o.n. .M.
00000190 61 00 6e 00 61 00 67 00 - 65 00 6d 00 65 00 6e 00 a.n.a.g.e.m.e.n.
000001a0 74 00 20 00 47 00 72 00 - 6f 00 75 00 70 00 2c 00 t. .G.r.o.u.p.,.
000001b0 20 00 49 00 6e 00 63 00 - 2e 00 00 00 ae 00 45 00 .I.n.c.....®.E.
000001c0 01 00 4c 00 65 00 67 00 - 61 00 6c 00 43 00 6f 00 ..L.e.g.a.l.C.o.
000001d0 70 00 79 00 72 00 69 00 - 67 00 68 00 74 00 00 00 p.y.r.i.g.h.t...
000001e0 43 00 6f 00 70 00 79 00 - 72 00 69 00 67 00 68 00 C.o.p.y.r.i.g.h.
000001f0 74 00 20 00 28 00 63 00 - 29 00 20 00 31 00 39 00 t. .(.c.). .1.9.
00000200 39 00 31 00 2d 00 31 00 - 39 00 39 00 10 00 00 00 9.1.-.1.9.9.....
00000210 00 00 00 00 ....

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: DisableHeapLookAside
Type: REG_SZ
Data: 1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 54 09 00 00 54 02 00 00 - 00 02 00 00 8c 03 34 00 T ..T.........4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 02 00 a8 11 ....½.ïþ......¨.
00000040 2e 04 00 00 02 00 a8 11 - 2e 04 00 00 3f 00 00 00 ......¨.....?...
00000050 20 00 00 00 04 00 00 00 - 01 00 00 00 00 00 00 00 ...............
00000060 00 00 00 00 00 00 00 00 - ec 02 00 00 01 00 53 00 ........ì.....S.
00000070 74 00 72 00 69 00 6e 00 - 67 00 46 00 69 00 6c 00 t.r.i.n.g.F.i.l.
00000080 65 00 49 00 6e 00 66 00 - 6f 00 00 00 c8 02 00 00 e.I.n.f.o...È...
00000090 01 00 30 00 30 00 30 00 - 30 00 30 00 34 00 62 00 ..0.0.0.0.0.4.b.
000000a0 30 00 00 00 38 00 10 00 - 01 00 43 00 6f 00 6d 00 0...8.....C.o.m.
000000b0 6d 00 65 00 6e 00 74 00 - 73 00 00 00 4f 00 72 00 m.e.n.t.s...O.r.
000000c0 69 00 67 00 6e 00 61 00 - 6c 00 20 00 56 00 65 00 i.g.n.a.l. .V.e.
000000d0 72 00 73 00 69 00 6f 00 - 6e 00 00 00 42 00 11 00 r.s.i.o.n...B...
000000e0 01 00 43 00 6f 00 6d 00 - 70 00 61 00 6e 00 79 00 ..C.o.m.p.a.n.y.
000000f0 4e 00 61 00 6d 00 65 00 - 00 00 00 00 53 00 41 00 N.a.m.e.....S.A.
00000100 50 00 20 00 41 00 47 00 - 2c 00 20 00 57 00 61 00 P. .A.G.,. .W.a.
00000110 6c 00 6c 00 64 00 6f 00 - 72 00 66 00 00 00 00 00 l.l.d.o.r.f.....
00000120 5a 00 19 00 01 00 46 00 - 69 00 6c 00 65 00 44 00 Z.....F.i.l.e.D.
00000130 65 00 73 00 63 00 72 00 - 69 00 70 00 74 00 69 00 e.s.c.r.i.p.t.i.
00000140 6f 00 6e 00 00 00 00 00 - 53 00 41 00 50 00 20 00 o.n.....S.A.P. .
00000150 46 00 72 00 6f 00 6e 00 - 74 00 65 00 6e 00 64 00 F.r.o.n.t.e.n.d.
00000160 20 00 66 00 6f 00 72 00 - 20 00 57 00 69 00 6e 00 .f.o.r. .W.i.n.
00000170 64 00 6f 00 77 00 73 00 - 00 00 00 00 3c 00 0e 00 d.o.w.s.....<...
00000180 01 00 46 00 69 00 6c 00 - 65 00 56 00 65 00 72 00 ..F.i.l.e.V.e.r.
00000190 73 00 69 00 6f 00 6e 00 - 00 00 00 00 34 00 35 00 s.i.o.n.....4.5.
000001a0 32 00 30 00 2e 00 32 00 - 2e 00 30 00 2e 00 31 00 2.0...2...0...1.
000001b0 30 00 37 00 30 00 00 00 - 32 00 09 00 01 00 49 00 0.7.0...2. ...I.
000001c0 6e 00 74 00 65 00 72 00 - 6e 00 61 00 6c 00 4e 00 n.t.e.r.n.a.l.N.
000001d0 61 00 6d 00 65 00 00 00 - 46 00 45 00 57 00 46 00 a.m.e...F.E.W.F.
000001e0 52 00 4f 00 4e 00 54 00 - 00 00 00 00 7a 00 2b 00 R.O.N.T.....z.+.
000001f0 01 00 4c 00 65 00 67 00 - 61 00 6c 00 43 00 6f 00 ..L.e.g.a.l.C.o.
00000200 70 00 79 00 72 00 69 00 - 67 00 68 00 02 00 00 00 p.y.r.i.g.h.....
00000210 00 00 00 00 01 00 00 00 - 4c 00 00 00 3c fd 06 00 ........L...<ý..
00000220 04 00 00 00 00 00 00 00 - 65 05 00 00 02 00 00 00 ........e.......
00000230 03 00 00 00 00 00 01 00 - 53 00 65 00 72 00 76 00 ........S.e.r.v.
00000240 69 00 63 00 65 00 20 00 - 50 00 61 00 63 00 6b 00 i.c.e. .P.a.c.k.
00000250 20 00 33 00 00 00 23 00 - 54 02 00 00 00 02 00 00 .3...#.T.......
00000260 8c 03 34 00 00 00 56 00 - 53 00 5f 00 56 00 45 00 ..4...V.S._.V.E.
00000270 52 00 53 00 49 00 4f 00 - 4e 00 5f 00 49 00 4e 00 R.S.I.O.N._.I.N.
00000280 46 00 4f 00 00 00 00 00 - bd 04 ef fe 00 00 01 00 F.O.....½.ïþ....
00000290 03 00 9e 11 26 04 00 00 - 03 00 9e 11 26 04 00 00 ....&.......&...
000002a0 3f 00 00 00 20 00 00 00 - 04 00 00 00 01 00 00 00 ?... ...........
000002b0 00 00 00 00 00 00 00 00 - 00 00 00 00 ec 02 00 00 ............ì...
000002c0 01 00 53 00 74 00 72 00 - 69 00 6e 00 67 00 46 00 ..S.t.r.i.n.g.F.
000002d0 69 00 6c 00 65 00 49 00 - 6e 00 66 00 6f 00 00 00 i.l.e.I.n.f.o...
000002e0 c8 02 00 00 01 00 30 00 - 30 00 30 00 30 00 30 00 È.....0.0.0.0.0.
000002f0 34 00 62 00 30 00 00 00 - 38 00 10 00 01 00 43 00 4.b.0...8.....C.
00000300 6f 00 6d 00 6d 00 65 00 - 6e 00 74 00 73 00 00 00 o.m.m.e.n.t.s...
00000310 4f 00 72 00 69 00 67 00 - 6e 00 61 00 6c 00 20 00 O.r.i.g.n.a.l. .
00000320 56 00 65 00 72 00 73 00 - 69 00 6f 00 6e 00 00 00 V.e.r.s.i.o.n...
00000330 42 00 11 00 01 00 43 00 - 6f 00 6d 00 70 00 61 00 B.....C.o.m.p.a.
00000340 6e 00 79 00 4e 00 61 00 - 6d 00 65 00 00 00 00 00 n.y.N.a.m.e.....
00000350 53 00 41 00 50 00 20 00 - 41 00 47 00 2c 00 20 00 S.A.P. .A.G.,. .
00000360 57 00 61 00 6c 00 6c 00 - 64 00 6f 00 72 00 66 00 W.a.l.l.d.o.r.f.
00000370 00 00 00 00 5a 00 19 00 - 01 00 46 00 69 00 6c 00 ....Z.....F.i.l.
00000380 65 00 44 00 65 00 73 00 - 63 00 72 00 69 00 70 00 e.D.e.s.c.r.i.p.
00000390 74 00 69 00 6f 00 6e 00 - 00 00 00 00 53 00 41 00 t.i.o.n.....S.A.
000003a0 50 00 20 00 46 00 72 00 - 6f 00 6e 00 74 00 65 00 P. .F.r.o.n.t.e.
000003b0 6e 00 64 00 20 00 66 00 - 6f 00 72 00 20 00 57 00 n.d. .f.o.r. .W.
000003c0 69 00 6e 00 64 00 6f 00 - 77 00 73 00 00 00 00 00 i.n.d.o.w.s.....
000003d0 3c 00 0e 00 01 00 46 00 - 69 00 6c 00 65 00 56 00 <.....F.i.l.e.V.
000003e0 65 00 72 00 73 00 69 00 - 6f 00 6e 00 00 00 00 00 e.r.s.i.o.n.....
000003f0 34 00 35 00 31 00 30 00 - 2e 00 33 00 2e 00 30 00 4.5.1.0...3...0.
00000400 2e 00 31 00 30 00 36 00 - 32 00 00 00 32 00 09 00 ..1.0.6.2...2. .
00000410 01 00 49 00 6e 00 74 00 - 65 00 72 00 6e 00 61 00 ..I.n.t.e.r.n.a.
00000420 6c 00 4e 00 61 00 6d 00 - 65 00 00 00 46 00 45 00 l.N.a.m.e...F.E.
00000430 57 00 46 00 52 00 4f 00 - 4e 00 54 00 00 00 00 00 W.F.R.O.N.T.....
00000440 7a 00 2b 00 01 00 4c 00 - 65 00 67 00 61 00 6c 00 z.+...L.e.g.a.l.
00000450 43 00 6f 00 70 00 79 00 - 72 00 69 00 67 00 68 00 C.o.p.y.r.i.g.h.
00000460 02 00 00 00 00 00 00 00 - 01 00 00 00 4c 00 00 00 ............L...
00000470 3c fd 06 00 04 00 00 00 - 00 00 00 00 65 05 00 00 <ý..........e...
00000480 02 00 00 00 03 00 00 00 - 00 00 01 00 53 00 65 00 ............S.e.
00000490 72 00 76 00 69 00 63 00 - 65 00 20 00 50 00 61 00 r.v.i.c.e. .P.a.
000004a0 63 00 6b 00 20 00 33 00 - 00 00 23 00 54 02 00 00 c.k. .3...#.T...
000004b0 00 02 00 00 20 03 34 00 - 00 00 56 00 53 00 5f 00 .... .4...V.S._.
000004c0 56 00 45 00 52 00 53 00 - 49 00 4f 00 4e 00 5f 00 V.E.R.S.I.O.N._.
000004d0 49 00 4e 00 46 00 4f 00 - 00 00 00 00 bd 04 ef fe I.N.F.O.....½.ïþ
000004e0 00 00 01 00 00 00 04 00 - f0 03 00 00 00 00 04 00 ........ð.......
000004f0 f0 03 00 00 3f 00 00 00 - 00 00 00 00 04 00 01 00 ð...?...........
00000500 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000510 7e 02 00 00 01 00 53 00 - 74 00 72 00 69 00 6e 00 ~.....S.t.r.i.n.
00000520 67 00 46 00 69 00 6c 00 - 65 00 49 00 6e 00 66 00 g.F.i.l.e.I.n.f.
00000530 6f 00 00 00 5a 02 00 00 - 01 00 30 00 34 00 30 00 o...Z.....0.4.0.
00000540 39 00 30 00 34 00 45 00 - 34 00 00 00 2e 00 07 00 9.0.4.E.4.......
00000550 01 00 43 00 6f 00 6d 00 - 70 00 61 00 6e 00 79 00 ..C.o.m.p.a.n.y.
00000560 4e 00 61 00 6d 00 65 00 - 00 00 00 00 53 00 41 00 N.a.m.e.....S.A.
00000570 50 00 20 00 41 00 47 00 - 00 00 00 00 5a 00 19 00 P. .A.G.....Z...
00000580 01 00 46 00 69 00 6c 00 - 65 00 44 00 65 00 73 00 ..F.i.l.e.D.e.s.
00000590 63 00 72 00 69 00 70 00 - 74 00 69 00 6f 00 6e 00 c.r.i.p.t.i.o.n.
000005a0 00 00 00 00 53 00 41 00 - 50 00 20 00 46 00 72 00 ....S.A.P. .F.r.
000005b0 6f 00 6e 00 74 00 65 00 - 6e 00 64 00 20 00 66 00 o.n.t.e.n.d. .f.
000005c0 6f 00 72 00 20 00 57 00 - 69 00 6e 00 64 00 6f 00 o.r. .W.i.n.d.o.
000005d0 77 00 73 00 00 00 00 00 - 36 00 0b 00 01 00 46 00 w.s.....6.....F.
000005e0 69 00 6c 00 65 00 56 00 - 65 00 72 00 73 00 69 00 i.l.e.V.e.r.s.i.
000005f0 6f 00 6e 00 00 00 00 00 - 34 00 2e 00 30 00 2e 00 o.n.....4...0...
00000600 30 00 2e 00 31 00 30 00 - 30 00 38 00 00 00 00 00 0...1.0.0.8.....
00000610 2c 00 06 00 01 00 49 00 - 6e 00 74 00 65 00 72 00 ,.....I.n.t.e.r.
00000620 6e 00 61 00 6c 00 4e 00 - 61 00 6d 00 65 00 00 00 n.a.l.N.a.m.e...
00000630 46 00 52 00 4f 00 4e 00 - 54 00 00 00 5e 00 1d 00 F.R.O.N.T...^...
00000640 01 00 4c 00 65 00 67 00 - 61 00 6c 00 43 00 6f 00 ..L.e.g.a.l.C.o.
00000650 70 00 79 00 72 00 69 00 - 67 00 68 00 74 00 00 00 p.y.r.i.g.h.t...
00000660 43 00 6f 00 70 00 79 00 - 72 00 69 00 67 00 68 00 C.o.p.y.r.i.g.h.
00000670 74 00 20 00 a9 00 20 00 - 31 00 39 00 39 00 33 00 t. .©. .1.9.9.3.
00000680 2d 00 31 00 39 00 39 00 - 37 00 20 00 53 00 41 00 -.1.9.9.7. .S.A.
00000690 50 00 20 00 41 00 47 00 - 00 00 00 00 28 00 00 00 P. .A.G.....(...
000006a0 01 00 4c 00 65 00 67 00 - 61 00 6c 00 54 00 72 00 ..L.e.g.a.l.T.r.
000006b0 61 00 64 00 02 00 00 00 - 00 00 00 00 01 00 00 00 a.d.............
000006c0 4c 00 00 00 3c fd 06 00 - 04 00 00 00 00 00 00 00 L...<ý..........
000006d0 65 05 00 00 02 00 00 00 - 03 00 00 00 00 00 01 00 e...............
000006e0 53 00 65 00 72 00 76 00 - 69 00 63 00 65 00 20 00 S.e.r.v.i.c.e. .
000006f0 50 00 61 00 63 00 6b 00 - 20 00 33 00 00 00 23 00 P.a.c.k. .3...#.
00000700 54 02 00 00 00 02 00 00 - 18 03 34 00 00 00 56 00 T.........4...V.
00000710 53 00 5f 00 56 00 45 00 - 52 00 53 00 49 00 4f 00 S._.V.E.R.S.I.O.
00000720 4e 00 5f 00 49 00 4e 00 - 46 00 4f 00 00 00 00 00 N._.I.N.F.O.....
00000730 bd 04 ef fe 00 00 01 00 - 00 00 04 00 dd 03 00 00 ½.ïþ........Ý...
00000740 00 00 04 00 dd 03 00 00 - 3f 00 00 00 00 00 00 00 ....Ý...?.......
00000750 04 00 01 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000760 00 00 00 00 78 02 00 00 - 01 00 53 00 74 00 72 00 ....x.....S.t.r.
00000770 69 00 6e 00 67 00 46 00 - 69 00 6c 00 65 00 49 00 i.n.g.F.i.l.e.I.
00000780 6e 00 66 00 6f 00 00 00 - 54 02 00 00 01 00 30 00 n.f.o...T.....0.
00000790 34 00 30 00 39 00 30 00 - 34 00 45 00 34 00 00 00 4.0.9.0.4.E.4...
000007a0 2e 00 07 00 01 00 43 00 - 6f 00 6d 00 70 00 61 00 ......C.o.m.p.a.
000007b0 6e 00 79 00 4e 00 61 00 - 6d 00 65 00 00 00 00 00 n.y.N.a.m.e.....
000007c0 53 00 41 00 50 00 20 00 - 41 00 47 00 00 00 00 00 S.A.P. .A.G.....
000007d0 5a 00 19 00 01 00 46 00 - 69 00 6c 00 65 00 44 00 Z.....F.i.l.e.D.
000007e0 65 00 73 00 63 00 72 00 - 69 00 70 00 74 00 69 00 e.s.c.r.i.p.t.i.
000007f0 6f 00 6e 00 00 00 00 00 - 53 00 41 00 50 00 20 00 o.n.....S.A.P. .
00000800 46 00 72 00 6f 00 6e 00 - 74 00 65 00 6e 00 64 00 F.r.o.n.t.e.n.d.
00000810 20 00 66 00 6f 00 72 00 - 20 00 57 00 69 00 6e 00 .f.o.r. .W.i.n.
00000820 64 00 6f 00 77 00 73 00 - 00 00 00 00 34 00 0a 00 d.o.w.s.....4...
00000830 01 00 46 00 69 00 6c 00 - 65 00 56 00 65 00 72 00 ..F.i.l.e.V.e.r.
00000840 73 00 69 00 6f 00 6e 00 - 00 00 00 00 34 00 2e 00 s.i.o.n.....4...
00000850 30 00 2e 00 30 00 2e 00 - 39 00 38 00 39 00 00 00 0...0...9.8.9...
00000860 2c 00 06 00 01 00 49 00 - 6e 00 74 00 65 00 72 00 ,.....I.n.t.e.r.
00000870 6e 00 61 00 6c 00 4e 00 - 61 00 6d 00 65 00 00 00 n.a.l.N.a.m.e...
00000880 46 00 52 00 4f 00 4e 00 - 54 00 00 00 5e 00 1d 00 F.R.O.N.T...^...
00000890 01 00 4c 00 65 00 67 00 - 61 00 6c 00 43 00 6f 00 ..L.e.g.a.l.C.o.
000008a0 70 00 79 00 72 00 69 00 - 67 00 68 00 74 00 00 00 p.y.r.i.g.h.t...
000008b0 43 00 6f 00 70 00 79 00 - 72 00 69 00 67 00 68 00 C.o.p.y.r.i.g.h.
000008c0 74 00 20 00 a9 00 20 00 - 31 00 39 00 39 00 33 00 t. .©. .1.9.9.3.
000008d0 2d 00 31 00 39 00 39 00 - 37 00 20 00 53 00 41 00 -.1.9.9.7. .S.A.
000008e0 50 00 20 00 41 00 47 00 - 00 00 00 00 28 00 00 00 P. .A.G.....(...
000008f0 01 00 4c 00 65 00 67 00 - 61 00 6c 00 54 00 72 00 ..L.e.g.a.l.T.r.
00000900 61 00 64 00 65 00 6d 00 - 02 00 00 00 00 00 00 00 a.d.e.m.........
00000910 01 00 00 00 4c 00 00 00 - 3c fd 06 00 04 00 00 00 ....L...<ý......
00000920 00 00 00 00 65 05 00 00 - 02 00 00 00 03 00 00 00 ....e...........
00000930 00 00 01 00 53 00 65 00 - 72 00 76 00 69 00 63 00 ....S.e.r.v.i.c.
00000940 65 00 20 00 50 00 61 00 - 63 00 6b 00 20 00 33 00 e. .P.a.c.k. .3.
00000950 00 00 23 00 ..#.

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

podinbristol · Dec 11, 2006

2

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 58 02 00 00 54 02 00 00 - 00 02 00 00 6c 07 34 00 X...T.......l.4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 05 00 05 00 ....½.ïþ........
00000040 07 00 a8 07 05 00 05 00 - 07 00 a8 07 3f 00 00 00 ..¨.......¨.?...
00000050 00 00 00 00 04 00 04 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - cc 06 00 00 01 00 53 00 ........Ì.....S.
00000070 74 00 72 00 69 00 6e 00 - 67 00 46 00 69 00 6c 00 t.r.i.n.g.F.i.l.
00000080 65 00 49 00 6e 00 66 00 - 6f 00 00 00 54 03 00 00 e.I.n.f.o...T...
00000090 01 00 30 00 34 00 30 00 - 39 00 30 00 34 00 42 00 ..0.4.0.9.0.4.B.
000000a0 30 00 00 00 18 00 00 00 - 01 00 43 00 6f 00 6d 00 0.........C.o.m.
000000b0 6d 00 65 00 6e 00 74 00 - 73 00 00 00 4c 00 16 00 m.e.n.t.s...L...
000000c0 01 00 43 00 6f 00 6d 00 - 70 00 61 00 6e 00 79 00 ..C.o.m.p.a.n.y.
000000d0 4e 00 61 00 6d 00 65 00 - 00 00 00 00 4d 00 69 00 N.a.m.e.....M.i.
000000e0 63 00 72 00 6f 00 73 00 - 6f 00 66 00 74 00 20 00 c.r.o.s.o.f.t. .
000000f0 43 00 6f 00 72 00 70 00 - 6f 00 72 00 61 00 74 00 C.o.r.p.o.r.a.t.
00000100 69 00 6f 00 6e 00 00 00 - 68 00 20 00 01 00 46 00 i.o.n...h. ...F.
00000110 69 00 6c 00 65 00 44 00 - 65 00 73 00 63 00 72 00 i.l.e.D.e.s.c.r.
00000120 69 00 70 00 74 00 69 00 - 6f 00 6e 00 00 00 00 00 i.p.t.i.o.n.....
00000130 4d 00 69 00 63 00 72 00 - 6f 00 73 00 6f 00 66 00 M.i.c.r.o.s.o.f.
00000140 74 00 20 00 45 00 78 00 - 63 00 68 00 61 00 6e 00 t. .E.x.c.h.a.n.
00000150 67 00 65 00 20 00 53 00 - 65 00 72 00 76 00 65 00 g.e. .S.e.r.v.e.
00000160 72 00 20 00 53 00 65 00 - 74 00 75 00 70 00 00 00 r. .S.e.t.u.p...
00000170 36 00 0b 00 01 00 46 00 - 69 00 6c 00 65 00 56 00 6.....F.i.l.e.V.
00000180 65 00 72 00 73 00 69 00 - 6f 00 6e 00 00 00 00 00 e.r.s.i.o.n.....
00000190 35 00 2e 00 35 00 2e 00 - 31 00 39 00 36 00 30 00 5...5...1.9.6.0.
000001a0 2e 00 37 00 00 00 00 00 - 2c 00 06 00 01 00 49 00 ..7.....,.....I.
000001b0 6e 00 74 00 65 00 72 00 - 6e 00 61 00 6c 00 4e 00 n.t.e.r.n.a.l.N.
000001c0 61 00 6d 00 65 00 00 00 - 53 00 65 00 74 00 75 00 a.m.e...S.e.t.u.
000001d0 70 00 00 00 9c 00 3c 00 - 01 00 4c 00 65 00 67 00 p.....<...L.e.g.
000001e0 61 00 6c 00 43 00 6f 00 - 70 00 79 00 72 00 69 00 a.l.C.o.p.y.r.i.
000001f0 67 00 68 00 74 00 00 00 - 43 00 6f 00 70 00 79 00 g.h.t...C.o.p.y.
00000200 72 00 69 00 67 00 68 00 - 74 00 20 00 02 00 00 00 r.i.g.h.t. .....
00000210 00 00 00 00 01 00 00 00 - 4c 00 00 00 3c fd 06 00 ........L...<ý..
00000220 05 00 00 00 00 00 00 00 - 65 05 00 00 02 00 00 00 ........e.......
00000230 03 00 00 00 02 00 00 00 - 53 00 65 00 72 00 76 00 ........S.e.r.v.
00000240 69 00 63 00 65 00 20 00 - 50 00 61 00 63 00 6b 00 i.c.e. .P.a.c.k.
00000250 20 00 34 00 00 00 23 00 - .4...#.

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 58 02 00 00 54 02 00 00 - 00 02 00 00 44 02 34 00 X...T.......D.4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 01 00 01 00 ....½.ïþ........
00000040 0c 00 00 00 01 00 01 00 - 0c 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 04 00 00 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - 44 00 00 00 00 00 56 00 ........D.....V.
00000070 61 00 72 00 46 00 69 00 - 6c 00 65 00 49 00 6e 00 a.r.F.i.l.e.I.n.
00000080 66 00 6f 00 00 00 00 00 - 24 00 04 00 00 00 54 00 f.o.....$.....T.
00000090 72 00 61 00 6e 00 73 00 - 6c 00 61 00 74 00 69 00 r.a.n.s.l.a.t.i.
000000a0 6f 00 6e 00 00 00 00 00 - 09 04 b0 04 a4 01 00 00 o.n..... .°.¤...
000000b0 01 00 53 00 74 00 72 00 - 69 00 6e 00 67 00 46 00 ..S.t.r.i.n.g.F.
000000c0 69 00 6c 00 65 00 49 00 - 6e 00 66 00 6f 00 00 00 i.l.e.I.n.f.o...
000000d0 80 01 00 00 01 00 30 00 - 34 00 30 00 39 00 30 00 ......0.4.0.9.0.
000000e0 34 00 42 00 30 00 00 00 - 40 00 20 00 01 00 43 00 4.B.0...@. ...C.
000000f0 6f 00 6d 00 70 00 61 00 - 6e 00 79 00 4e 00 61 00 o.m.p.a.n.y.N.a.
00000100 6d 00 65 00 00 00 00 00 - 44 00 65 00 4c 00 6f 00 m.e.....D.e.L.o.
00000110 72 00 6d 00 65 00 20 00 - 4d 00 61 00 70 00 70 00 r.m.e. .M.a.p.p.
00000120 69 00 6e 00 67 00 00 00 - 44 00 22 00 01 00 50 00 i.n.g...D."...P.
00000130 72 00 6f 00 64 00 75 00 - 63 00 74 00 4e 00 61 00 r.o.d.u.c.t.N.a.
00000140 6d 00 65 00 00 00 00 00 - 52 00 65 00 67 00 20 00 m.e.....R.e.g. .
00000150 28 00 44 00 4c 00 69 00 - 62 00 62 00 79 00 5c 00 (.D.L.i.b.b.y.\.
00000160 6d 00 73 00 66 00 29 00 - 00 00 00 00 34 00 14 00 m.s.f.).....4...
00000170 01 00 46 00 69 00 6c 00 - 65 00 56 00 65 00 72 00 ..F.i.l.e.V.e.r.
00000180 73 00 69 00 6f 00 6e 00 - 00 00 00 00 31 00 2e 00 s.i.o.n.....1...
00000190 30 00 31 00 2e 00 30 00 - 30 00 31 00 32 00 00 00 0.1...0.0.1.2...
000001a0 38 00 14 00 01 00 50 00 - 72 00 6f 00 64 00 75 00 8.....P.r.o.d.u.
000001b0 63 00 74 00 56 00 65 00 - 72 00 73 00 69 00 6f 00 c.t.V.e.r.s.i.o.
000001c0 6e 00 00 00 31 00 2e 00 - 30 00 31 00 2e 00 30 00 n...1...0.1...0.
000001d0 30 00 31 00 32 00 00 00 - 34 00 12 00 01 00 49 00 0.1.2...4.....I.
000001e0 6e 00 74 00 65 00 72 00 - 6e 00 61 00 6c 00 4e 00 n.t.e.r.n.a.l.N.
000001f0 61 00 6d 00 65 00 00 00 - 4d 00 4e 00 47 00 52 00 a.m.e...M.N.G.R.
00000200 45 00 47 00 33 00 32 00 - 00 00 00 00 02 00 00 00 E.G.3.2.........
00000210 00 00 00 00 01 00 00 00 - 4c 00 00 00 3c fd 06 00 ........L...<ý..
00000220 04 00 00 00 00 00 00 00 - 65 05 00 00 02 00 00 00 ........e.......
00000230 03 00 00 00 00 00 01 00 - 53 00 65 00 72 00 76 00 ........S.e.r.v.
00000240 69 00 63 00 65 00 20 00 - 50 00 61 00 63 00 6b 00 i.c.e. .P.a.c.k.
00000250 20 00 33 00 00 00 23 00 - .3...#.

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: GlobalFlag
Type: REG_SZ
Data: 0x00200000

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: GlobalFlag
Type: REG_SZ
Data: 0x00200000

podinbristol · Dec 11, 2006

3

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: DisableHeapLookAside
Type: REG_SZ
Data: 1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: DisableHeapLookAside
Type: REG_SZ
Data: 1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 14 02 00 00 10 02 00 00 - 00 02 00 00 b4 02 34 00 ............´.4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 35 00 07 00 ....½.ïþ....5...
00000040 00 00 00 00 35 00 07 00 - 00 00 00 00 3f 00 00 00 ....5.......?...
00000050 00 00 00 00 04 00 00 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - 12 02 00 00 01 00 53 00 ..............S.
00000070 74 00 72 00 69 00 6e 00 - 67 00 46 00 69 00 6c 00 t.r.i.n.g.F.i.l.
00000080 65 00 49 00 6e 00 66 00 - 6f 00 00 00 ee 01 00 00 e.I.n.f.o...î...
00000090 01 00 30 00 34 00 30 00 - 39 00 30 00 34 00 62 00 ..0.4.0.9.0.4.b.
000000a0 30 00 00 00 42 00 11 00 - 01 00 43 00 6f 00 6d 00 0...B.....C.o.m.
000000b0 70 00 61 00 6e 00 79 00 - 4e 00 61 00 6d 00 65 00 p.a.n.y.N.a.m.e.
000000c0 00 00 00 00 50 00 65 00 - 6f 00 70 00 6c 00 65 00 ....P.e.o.p.l.e.
000000d0 53 00 6f 00 66 00 74 00 - 2c 00 20 00 49 00 6e 00 S.o.f.t.,. .I.n.
000000e0 63 00 2e 00 00 00 00 00 - 28 00 00 00 01 00 46 00 c.......(.....F.
000000f0 69 00 6c 00 65 00 44 00 - 65 00 73 00 63 00 72 00 i.l.e.D.e.s.c.r.
00000100 69 00 70 00 74 00 69 00 - 6f 00 6e 00 00 00 00 00 i.p.t.i.o.n.....
00000110 2a 00 05 00 01 00 46 00 - 69 00 6c 00 65 00 56 00 *.....F.i.l.e.V.
00000120 65 00 72 00 73 00 69 00 - 6f 00 6e 00 00 00 00 00 e.r.s.i.o.n.....
00000130 37 00 2e 00 35 00 33 00 - 00 00 00 00 9c 00 3c 00 7...5.3.......<.
00000140 01 00 4c 00 65 00 67 00 - 61 00 6c 00 43 00 6f 00 ..L.e.g.a.l.C.o.
00000150 70 00 79 00 72 00 69 00 - 67 00 68 00 74 00 00 00 p.y.r.i.g.h.t...
00000160 43 00 6f 00 70 00 79 00 - 72 00 69 00 67 00 68 00 C.o.p.y.r.i.g.h.
00000170 74 00 20 00 a9 00 20 00 - 31 00 39 00 38 00 38 00 t. .©. .1.9.8.8.
00000180 2d 00 31 00 39 00 39 00 - 38 00 20 00 50 00 65 00 -.1.9.9.8. .P.e.
00000190 6f 00 70 00 6c 00 65 00 - 53 00 6f 00 66 00 74 00 o.p.l.e.S.o.f.t.
000001a0 2c 00 20 00 49 00 6e 00 - 63 00 2e 00 20 00 20 00 ,. .I.n.c... . .
000001b0 41 00 6c 00 6c 00 20 00 - 52 00 69 00 67 00 68 00 A.l.l. .R.i.g.h.
000001c0 74 00 73 00 20 00 52 00 - 65 00 73 00 65 00 72 00 t.s. .R.e.s.e.r.
000001d0 76 00 65 00 64 00 00 00 - 3c 00 0a 00 01 00 4f 00 v.e.d...<.....O.
000001e0 72 00 69 00 67 00 69 00 - 6e 00 61 00 6c 00 46 00 r.i.g.i.n.a.l.F.
000001f0 69 00 6c 00 65 00 6e 00 - 61 00 6d 00 65 00 00 00 i.l.e.n.a.m.e...
00000200 70 00 73 00 64 00 6d 00 - 74 00 2e 00 10 00 00 00 p.s.d.m.t.......
00000210 00 00 00 00 ....

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: DisableHeapLookAside
Type: REG_SZ
Data: 1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: DisableHeapLookAside
Type: REG_SZ
Data: 1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 00 07 00 00 54 02 00 00 - 00 02 00 00 84 07 34 00 ....T.........4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 05 00 05 00 ....½.ïþ........
00000040 07 00 a8 07 05 00 05 00 - 07 00 a8 07 3f 00 00 00 ..¨.......¨.?...
00000050 00 00 00 00 04 00 04 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - e4 06 00 00 01 00 53 00 ........ä.....S.
00000070 74 00 72 00 69 00 6e 00 - 67 00 46 00 69 00 6c 00 t.r.i.n.g.F.i.l.
00000080 65 00 49 00 6e 00 66 00 - 6f 00 00 00 60 03 00 00 e.I.n.f.o...`...
00000090 01 00 30 00 34 00 30 00 - 39 00 30 00 34 00 42 00 ..0.4.0.9.0.4.B.
000000a0 30 00 00 00 18 00 00 00 - 01 00 43 00 6f 00 6d 00 0.........C.o.m.
000000b0 6d 00 65 00 6e 00 74 00 - 73 00 00 00 4c 00 16 00 m.e.n.t.s...L...
000000c0 01 00 43 00 6f 00 6d 00 - 70 00 61 00 6e 00 79 00 ..C.o.m.p.a.n.y.
000000d0 4e 00 61 00 6d 00 65 00 - 00 00 00 00 4d 00 69 00 N.a.m.e.....M.i.
000000e0 63 00 72 00 6f 00 73 00 - 6f 00 66 00 74 00 20 00 c.r.o.s.o.f.t. .
000000f0 43 00 6f 00 72 00 70 00 - 6f 00 72 00 61 00 74 00 C.o.r.p.o.r.a.t.
00000100 69 00 6f 00 6e 00 00 00 - 68 00 20 00 01 00 46 00 i.o.n...h. ...F.
00000110 69 00 6c 00 65 00 44 00 - 65 00 73 00 63 00 72 00 i.l.e.D.e.s.c.r.
00000120 69 00 70 00 74 00 69 00 - 6f 00 6e 00 00 00 00 00 i.p.t.i.o.n.....
00000130 4d 00 69 00 63 00 72 00 - 6f 00 73 00 6f 00 66 00 M.i.c.r.o.s.o.f.
00000140 74 00 20 00 45 00 78 00 - 63 00 68 00 61 00 6e 00 t. .E.x.c.h.a.n.
00000150 67 00 65 00 20 00 53 00 - 65 00 72 00 76 00 65 00 g.e. .S.e.r.v.e.
00000160 72 00 20 00 53 00 65 00 - 74 00 75 00 70 00 00 00 r. .S.e.t.u.p...
00000170 36 00 0b 00 01 00 46 00 - 69 00 6c 00 65 00 56 00 6.....F.i.l.e.V.
00000180 65 00 72 00 73 00 69 00 - 6f 00 6e 00 00 00 00 00 e.r.s.i.o.n.....
00000190 35 00 2e 00 35 00 2e 00 - 31 00 39 00 36 00 30 00 5...5...1.9.6.0.
000001a0 2e 00 37 00 00 00 00 00 - 2c 00 06 00 01 00 49 00 ..7.....,.....I.
000001b0 6e 00 74 00 65 00 72 00 - 6e 00 61 00 6c 00 4e 00 n.t.e.r.n.a.l.N.
000001c0 61 00 6d 00 65 00 00 00 - 53 00 65 00 74 00 75 00 a.m.e...S.e.t.u.
000001d0 70 00 00 00 9e 00 3d 00 - 01 00 4c 00 65 00 67 00 p.....=...L.e.g.
000001e0 61 00 6c 00 43 00 6f 00 - 70 00 79 00 72 00 69 00 a.l.C.o.p.y.r.i.
000001f0 67 00 68 00 74 00 00 00 - 43 00 6f 00 70 00 79 00 g.h.t...C.o.p.y.
00000200 72 00 69 00 67 00 68 00 - 74 00 20 00 02 00 00 00 r.i.g.h.t. .....
00000210 00 00 00 00 01 00 00 00 - 4c 00 00 00 3c fd 06 00 ........L...<ý..
00000220 05 00 00 00 00 00 00 00 - 65 05 00 00 02 00 00 00 ........e.......
00000230 00 00 00 00 00 00 00 00 - 53 00 65 00 72 00 76 00 ........S.e.r.v.
00000240 69 00 63 00 65 00 20 00 - 50 00 61 00 63 00 6b 00 i.c.e. .P.a.c.k.
00000250 20 00 33 00 00 00 24 00 - 54 02 00 00 00 02 00 00 .3...$.T.......
00000260 a4 08 34 00 00 00 56 00 - 53 00 5f 00 56 00 45 00 ¤.4...V.S._.V.E.
00000270 52 00 53 00 49 00 4f 00 - 4e 00 5f 00 49 00 4e 00 R.S.I.O.N._.I.N.
00000280 46 00 4f 00 00 00 00 00 - bd 04 ef fe 00 00 01 00 F.O.....½.ïþ....
00000290 05 00 05 00 07 00 a8 07 - 05 00 05 00 07 00 a8 07 ......¨.......¨.
000002a0 3f 00 00 00 00 00 00 00 - 04 00 04 00 01 00 00 00 ?...............
000002b0 00 00 00 00 00 00 00 00 - 00 00 00 00 04 08 00 00 ................
000002c0 01 00 53 00 74 00 72 00 - 69 00 6e 00 67 00 46 00 ..S.t.r.i.n.g.F.
000002d0 69 00 6c 00 65 00 49 00 - 6e 00 66 00 6f 00 00 00 i.l.e.I.n.f.o...
000002e0 f0 03 00 00 01 00 30 00 - 34 00 30 00 39 00 30 00 ð.....0.4.0.9.0.
000002f0 34 00 42 00 30 00 00 00 - 18 00 00 00 01 00 43 00 4.B.0.........C.
00000300 6f 00 6d 00 6d 00 65 00 - 6e 00 74 00 73 00 00 00 o.m.m.e.n.t.s...
00000310 4c 00 16 00 01 00 43 00 - 6f 00 6d 00 70 00 61 00 L.....C.o.m.p.a.
00000320 6e 00 79 00 4e 00 61 00 - 6d 00 65 00 00 00 00 00 n.y.N.a.m.e.....
00000330 4d 00 69 00 63 00 72 00 - 6f 00 73 00 6f 00 66 00 M.i.c.r.o.s.o.f.
00000340 74 00 20 00 43 00 6f 00 - 72 00 70 00 6f 00 72 00 t. .C.o.r.p.o.r.
00000350 61 00 74 00 69 00 6f 00 - 6e 00 00 00 68 00 20 00 a.t.i.o.n...h. .
00000360 01 00 46 00 69 00 6c 00 - 65 00 44 00 65 00 73 00 ..F.i.l.e.D.e.s.
00000370 63 00 72 00 69 00 70 00 - 74 00 69 00 6f 00 6e 00 c.r.i.p.t.i.o.n.
00000380 00 00 00 00 4d 00 69 00 - 63 00 72 00 6f 00 73 00 ....M.i.c.r.o.s.
00000390 6f 00 66 00 74 00 20 00 - 45 00 78 00 63 00 68 00 o.f.t. .E.x.c.h.
000003a0 61 00 6e 00 67 00 65 00 - 20 00 53 00 65 00 72 00 a.n.g.e. .S.e.r.
000003b0 76 00 65 00 72 00 20 00 - 53 00 65 00 74 00 75 00 v.e.r. .S.e.t.u.
000003c0 70 00 00 00 36 00 0b 00 - 01 00 46 00 69 00 6c 00 p...6.....F.i.l.
000003d0 65 00 56 00 65 00 72 00 - 73 00 69 00 6f 00 6e 00 e.V.e.r.s.i.o.n.
000003e0 00 00 00 00 35 00 2e 00 - 35 00 2e 00 31 00 39 00 ....5...5...1.9.
000003f0 36 00 30 00 2e 00 37 00 - 00 00 00 00 2c 00 06 00 6.0...7.....,...
00000400 01 00 49 00 6e 00 74 00 - 65 00 72 00 6e 00 61 00 ..I.n.t.e.r.n.a.
00000410 6c 00 4e 00 61 00 6d 00 - 65 00 00 00 53 00 65 00 l.N.a.m.e...S.e.
00000420 74 00 75 00 70 00 00 00 - a6 00 41 00 01 00 4c 00 t.u.p...¦.A...L.
00000430 65 00 67 00 61 00 6c 00 - 43 00 6f 00 70 00 79 00 e.g.a.l.C.o.p.y.
00000440 72 00 69 00 67 00 68 00 - 74 00 00 00 43 00 6f 00 r.i.g.h.t...C.o.
00000450 70 00 79 00 72 00 69 00 - 67 00 68 00 74 00 20 00 p.y.r.i.g.h.t. .
00000460 02 00 00 00 00 00 00 00 - 01 00 00 00 4c 00 00 00 ............L...
00000470 3c fd 06 00 05 00 00 00 - 00 00 00 00 65 05 00 00 <ý..........e...
00000480 02 00 00 00 00 00 00 00 - 00 00 00 00 53 00 65 00 ............S.e.
00000490 72 00 76 00 69 00 63 00 - 65 00 20 00 50 00 61 00 r.v.i.c.e. .P.a.
000004a0 63 00 6b 00 20 00 33 00 - 00 00 24 00 54 02 00 00 c.k. .3...$.T...
000004b0 00 02 00 00 18 04 34 00 - 00 00 56 00 53 00 5f 00 ......4...V.S._.
000004c0 56 00 45 00 52 00 53 00 - 49 00 4f 00 4e 00 5f 00 V.E.R.S.I.O.N._.
000004d0 49 00 4e 00 46 00 4f 00 - 00 00 00 00 bd 04 ef fe I.N.F.O.....½.ïþ
000004e0 00 00 01 00 05 00 05 00 - 07 00 a8 07 05 00 05 00 ..........¨.....
000004f0 07 00 a8 07 3f 00 00 00 - 00 00 00 00 04 00 04 00 ..¨.?...........
00000500 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000510 78 03 00 00 01 00 53 00 - 74 00 72 00 69 00 6e 00 x.....S.t.r.i.n.
00000520 67 00 46 00 69 00 6c 00 - 65 00 49 00 6e 00 66 00 g.F.i.l.e.I.n.f.
00000530 6f 00 00 00 54 03 00 00 - 01 00 30 00 34 00 30 00 o...T.....0.4.0.
00000540 39 00 30 00 34 00 42 00 - 30 00 00 00 18 00 00 00 9.0.4.B.0.......
00000550 01 00 43 00 6f 00 6d 00 - 6d 00 65 00 6e 00 74 00 ..C.o.m.m.e.n.t.
00000560 73 00 00 00 4c 00 16 00 - 01 00 43 00 6f 00 6d 00 s...L.....C.o.m.
00000570 70 00 61 00 6e 00 79 00 - 4e 00 61 00 6d 00 65 00 p.a.n.y.N.a.m.e.
00000580 00 00 00 00 4d 00 69 00 - 63 00 72 00 6f 00 73 00 ....M.i.c.r.o.s.
00000590 6f 00 66 00 74 00 20 00 - 43 00 6f 00 72 00 70 00 o.f.t. .C.o.r.p.
000005a0 6f 00 72 00 61 00 74 00 - 69 00 6f 00 6e 00 00 00 o.r.a.t.i.o.n...
000005b0 68 00 20 00 01 00 46 00 - 69 00 6c 00 65 00 44 00 h. ...F.i.l.e.D.
000005c0 65 00 73 00 63 00 72 00 - 69 00 70 00 74 00 69 00 e.s.c.r.i.p.t.i.
000005d0 6f 00 6e 00 00 00 00 00 - 4d 00 69 00 63 00 72 00 o.n.....M.i.c.r.
000005e0 6f 00 73 00 6f 00 66 00 - 74 00 20 00 45 00 78 00 o.s.o.f.t. .E.x.
000005f0 63 00 68 00 61 00 6e 00 - 67 00 65 00 20 00 53 00 c.h.a.n.g.e. .S.
00000600 65 00 72 00 76 00 65 00 - 72 00 20 00 53 00 65 00 e.r.v.e.r. .S.e.
00000610 74 00 75 00 70 00 00 00 - 36 00 0b 00 01 00 46 00 t.u.p...6.....F.
00000620 69 00 6c 00 65 00 56 00 - 65 00 72 00 73 00 69 00 i.l.e.V.e.r.s.i.
00000630 6f 00 6e 00 00 00 00 00 - 35 00 2e 00 35 00 2e 00 o.n.....5...5...
00000640 31 00 39 00 36 00 30 00 - 2e 00 37 00 00 00 00 00 1.9.6.0...7.....
00000650 2c 00 06 00 01 00 49 00 - 6e 00 74 00 65 00 72 00 ,.....I.n.t.e.r.
00000660 6e 00 61 00 6c 00 4e 00 - 61 00 6d 00 65 00 00 00 n.a.l.N.a.m.e...
00000670 53 00 65 00 74 00 75 00 - 70 00 00 00 9a 00 3b 00 S.e.t.u.p.....;.
00000680 01 00 4c 00 65 00 67 00 - 61 00 6c 00 43 00 6f 00 ..L.e.g.a.l.C.o.
00000690 70 00 79 00 72 00 69 00 - 67 00 68 00 74 00 00 00 p.y.r.i.g.h.t...
000006a0 43 00 6f 00 70 00 79 00 - 72 00 69 00 67 00 68 00 C.o.p.y.r.i.g.h.
000006b0 74 00 20 00 02 00 00 00 - 00 00 00 00 01 00 00 00 t. .............
000006c0 4c 00 00 00 3c fd 06 00 - 05 00 00 00 00 00 00 00 L...<ý..........
000006d0 65 05 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 e...............
000006e0 53 00 65 00 72 00 76 00 - 69 00 63 00 65 00 20 00 S.e.r.v.i.c.e. .
000006f0 50 00 61 00 63 00 6b 00 - 20 00 33 00 00 00 24 00 P.a.c.k. .3...$.

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 14 02 00 00 10 02 00 00 - 00 02 00 00 04 03 34 00 ..............4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 1c 00 08 00 ....½.ïþ........
00000040 00 00 00 00 00 00 08 00 - 00 00 00 00 3f 00 00 00 ............?...
00000050 00 00 00 00 04 00 00 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - 64 02 00 00 01 00 53 00 ........d.....S.
00000070 74 00 72 00 69 00 6e 00 - 67 00 46 00 69 00 6c 00 t.r.i.n.g.F.i.l.
00000080 65 00 49 00 6e 00 66 00 - 6f 00 00 00 40 02 00 00 e.I.n.f.o...@...
00000090 01 00 30 00 34 00 30 00 - 39 00 30 00 34 00 62 00 ..0.4.0.9.0.4.b.
000000a0 30 00 00 00 44 00 12 00 - 01 00 43 00 6f 00 6d 00 0...D.....C.o.m.
000000b0 70 00 61 00 6e 00 79 00 - 4e 00 61 00 6d 00 65 00 p.a.n.y.N.a.m.e.
000000c0 00 00 00 00 43 00 6f 00 - 72 00 65 00 6c 00 20 00 ....C.o.r.e.l. .
000000d0 43 00 6f 00 72 00 70 00 - 6f 00 72 00 61 00 74 00 C.o.r.p.o.r.a.t.
000000e0 69 00 6f 00 6e 00 00 00 - 4e 00 13 00 01 00 46 00 i.o.n...N.....F.
000000f0 69 00 6c 00 65 00 44 00 - 65 00 73 00 63 00 72 00 i.l.e.D.e.s.c.r.
00000100 69 00 70 00 74 00 69 00 - 6f 00 6e 00 00 00 00 00 i.p.t.i.o.n.....
00000110 43 00 6f 00 72 00 65 00 - 6c 00 20 00 53 00 65 00 C.o.r.e.l. .S.e.
00000120 74 00 75 00 70 00 20 00 - 57 00 69 00 7a 00 61 00 t.u.p. .W.i.z.a.
00000130 72 00 64 00 00 00 00 00 - 2c 00 06 00 01 00 46 00 r.d.....,.....F.
00000140 69 00 6c 00 65 00 56 00 - 65 00 72 00 73 00 69 00 i.l.e.V.e.r.s.i.
00000150 6f 00 6e 00 00 00 00 00 - 38 00 2e 00 30 00 32 00 o.n.....8...0.2.
00000160 38 00 00 00 46 00 13 00 - 01 00 49 00 6e 00 74 00 8...F.....I.n.t.
00000170 65 00 72 00 6e 00 61 00 - 6c 00 4e 00 61 00 6d 00 e.r.n.a.l.N.a.m.
00000180 65 00 00 00 43 00 6f 00 - 72 00 65 00 6c 00 20 00 e...C.o.r.e.l. .
00000190 53 00 65 00 74 00 75 00 - 70 00 20 00 57 00 69 00 S.e.t.u.p. .W.i.
000001a0 7a 00 61 00 72 00 64 00 - 00 00 00 00 6c 00 24 00 z.a.r.d.....l.$.
000001b0 01 00 4c 00 65 00 67 00 - 61 00 6c 00 43 00 6f 00 ..L.e.g.a.l.C.o.
000001c0 70 00 79 00 72 00 69 00 - 67 00 68 00 74 00 00 00 p.y.r.i.g.h.t...
000001d0 43 00 6f 00 70 00 79 00 - 72 00 69 00 67 00 68 00 C.o.p.y.r.i.g.h.
000001e0 74 00 20 00 a9 00 20 00 - 31 00 39 00 39 00 37 00 t. .©. .1.9.9.7.
000001f0 2c 00 20 00 43 00 6f 00 - 72 00 65 00 6c 00 20 00 ,. .C.o.r.e.l. .
00000200 43 00 6f 00 72 00 70 00 - 6f 00 72 00 08 00 00 00 C.o.r.p.o.r.....
00000210 00 00 00 00 ....

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 14 02 00 00 10 02 00 00 - 00 02 00 00 38 03 34 00 ............8.4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 02 00 0a 00 ....½.ïþ........
00000040 01 00 0a 00 02 00 0a 00 - 01 00 0a 00 00 00 00 00 ................
00000050 00 00 00 00 04 00 01 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - 98 02 00 00 01 00 53 00 ..............S.
00000070 74 00 72 00 69 00 6e 00 - 67 00 46 00 69 00 6c 00 t.r.i.n.g.F.i.l.
00000080 65 00 49 00 6e 00 66 00 - 6f 00 00 00 74 02 00 00 e.I.n.f.o...t...
00000090 01 00 30 00 34 00 30 00 - 39 00 30 00 34 00 45 00 ..0.4.0.9.0.4.E.
000000a0 34 00 00 00 4a 00 15 00 - 01 00 43 00 6f 00 6d 00 4...J.....C.o.m.
000000b0 70 00 61 00 6e 00 79 00 - 4e 00 61 00 6d 00 65 00 p.a.n.y.N.a.m.e.
000000c0 00 00 00 00 53 00 79 00 - 6d 00 61 00 6e 00 74 00 ....S.y.m.a.n.t.
000000d0 65 00 63 00 20 00 43 00 - 6f 00 72 00 70 00 6f 00 e.c. .C.o.r.p.o.
000000e0 72 00 61 00 74 00 69 00 - 6f 00 6e 00 00 00 00 00 r.a.t.i.o.n.....
000000f0 60 00 1c 00 01 00 46 00 - 69 00 6c 00 65 00 44 00 `.....F.i.l.e.D.
00000100 65 00 73 00 63 00 72 00 - 69 00 70 00 74 00 69 00 e.s.c.r.i.p.t.i.
00000110 6f 00 6e 00 00 00 00 00 - 53 00 79 00 6d 00 61 00 o.n.....S.y.m.a.
00000120 6e 00 74 00 65 00 63 00 - 20 00 53 00 79 00 6d 00 n.t.e.c. .S.y.m.
00000130 65 00 76 00 65 00 6e 00 - 74 00 20 00 49 00 6e 00 e.v.e.n.t. .I.n.
00000140 73 00 74 00 61 00 6c 00 - 6c 00 65 00 72 00 00 00 s.t.a.l.l.e.r...
00000150 34 00 0a 00 01 00 46 00 - 69 00 6c 00 65 00 56 00 4.....F.i.l.e.V.
00000160 65 00 72 00 73 00 69 00 - 6f 00 6e 00 00 00 00 00 e.r.s.i.o.n.....
00000170 31 00 30 00 2e 00 32 00 - 2e 00 31 00 30 00 2e 00 1.0...2...1.0...
00000180 31 00 00 00 30 00 08 00 - 01 00 49 00 6e 00 74 00 1...0.....I.n.t.
00000190 65 00 72 00 6e 00 61 00 - 6c 00 4e 00 61 00 6d 00 e.r.n.a.l.N.a.m.
000001a0 65 00 00 00 53 00 45 00 - 56 00 49 00 4e 00 53 00 e...S.E.V.I.N.S.
000001b0 54 00 00 00 7e 00 2d 00 - 01 00 4c 00 65 00 67 00 T...~.-...L.e.g.
000001c0 61 00 6c 00 43 00 6f 00 - 70 00 79 00 72 00 69 00 a.l.C.o.p.y.r.i.
000001d0 67 00 68 00 74 00 00 00 - 43 00 6f 00 70 00 79 00 g.h.t...C.o.p.y.
000001e0 72 00 69 00 67 00 68 00 - 74 00 20 00 28 00 43 00 r.i.g.h.t. .(.C.
000001f0 29 00 20 00 53 00 79 00 - 6d 00 61 00 6e 00 74 00 ). .S.y.m.a.n.t.
00000200 65 00 63 00 20 00 43 00 - 6f 00 72 00 01 00 00 00 e.c. .C.o.r.....
00000210 00 00 00 00 ....

....

Smitfraud-c et al - been 3 days...HELP PLEASE?

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member