Jump to content

Malwarebytes

Video codec

Started by Maniac, Feb 04 2009 07:24 AM

2 replies to this topic

#1
Maniac
Posted 04 February 2009 - 07:24 AM

    I Love Andriana

  • Experts
  • PipPipPipPipPipPip
  • 10,166 posts
  • Gender:Male
  • Location:Bulgaria, EU
  • Interests:Information security and web development
New video codec. Not detected by MBAM.
h**p://viewformex.com/software/1e15e7e354/10031/1/movie434.avi.exe

Here's what do this codec:

Quote

----------------------------------
Keys added:41
----------------------------------
HKLM\SOFTWARE\Microsoft\Tracing\FWCFG
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Control
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\Control
HKLM\SYSTEM\ControlSet001\Services\napagent\LocalConfig\Enroll
HKLM\SYSTEM\ControlSet001\Services\napagent\LocalConfig\Enroll\HcsGroups
HKLM\SYSTEM\ControlSet001\Services\napagent\LocalConfig\UI
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\Security
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\Enum
HKLM\SYSTEM\ControlSet001\Services\nfr.sys
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Security
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Enum
HKLM\SYSTEM\ControlSet001\Service
HKLM\SYSTEM\ControlSet001\Service\Logical Disk Manager (NDIS)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\napagent\LocalConfig\Enroll
HKLM\SYSTEM\CurrentControlSet\Services\napagent\LocalConfig\Enroll\HcsGroups
HKLM\SYSTEM\CurrentControlSet\Services\napagent\LocalConfig\UI
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\Security
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\Enum
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Security
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Enum
HKLM\SYSTEM\CurrentControlSet\Service
HKLM\SYSTEM\CurrentControlSet\Service\Logical Disk Manager (NDIS)
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

----------------------------------
Values added:102
----------------------------------
HKLM\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing: 0x00000000
HKLM\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing: 0x00000000
HKLM\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask: 0xFFFF0000
HKLM\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask: 0xFFFF0000
HKLM\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize: 0x00100000
HKLM\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory: "%windir%\tracing"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer: "http=127.0.0.1:7070"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride: "*.local;<local>"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\Guid: "710adbf0-ce88-40b4-a50d-231ada6593f0"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\BitNames: " NAP_TRACE_BASE NAP_TRACE_NETSH"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\LogSessionName: "stdout"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Active: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\ControlFlags: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier\Guid: "b0278a28-76f1-4e15-b1df-14b209a12613"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier\BitNames: " Error Unusual Info Debug"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\LogSessionName: "stdout"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\Active: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\ControlFlags: 0x00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Control\ActiveService: "Logical Disk Manager (NDIS)"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Service: "Logical Disk Manager (NDIS)"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Legacy: 0x00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Class: "LegacyDriver"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\DeviceDesc: "Logical Disk Manager (NDIS)"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\Control\ActiveService: "nfr.sys"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\Service: "nfr.sys"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\Legacy: 0x00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\Class: "LegacyDriver"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\0000\DeviceDesc: "nfr.sys"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NFR.SYS\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\Enum\0: "Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000"
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\Type: 0x00000010
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\Start: 0x00000002
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\ImagePath: "C:\Program Files\system\smss.exe"
HKLM\SYSTEM\ControlSet001\Services\Logical Disk Manager (NDIS)\ObjectName: "LocalSystem"
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Enum\0: "Root\LEGACY_NFR.SYS\0000"
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Type: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Start: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Tag: 0x0000000A
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\ImagePath: "\??\C:\WINDOWS\system32\drivers\nfr.sys"
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\DisplayName: "nfr.sys"
HKLM\SYSTEM\ControlSet001\Services\nfr.sys\Group: "PNP_TDI"
HKLM\SYSTEM\ControlSet001\Service\Logical Disk Manager (NDIS)\FailureActions: 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Control\ActiveService: "Logical Disk Manager (NDIS)"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Service: "Logical Disk Manager (NDIS)"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000\DeviceDesc: "Logical Disk Manager (NDIS)"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\Control\ActiveService: "nfr.sys"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\Service: "nfr.sys"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\0000\DeviceDesc: "nfr.sys"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NFR.SYS\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\Enum\0: "Root\LEGACY_LOGICAL_DISK_MANAGER_(NDIS)\0000"
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\Type: 0x00000010
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\ImagePath: "C:\Program Files\system\smss.exe"
HKLM\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (NDIS)\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Enum\0: "Root\LEGACY_NFR.SYS\0000"
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Start: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Tag: 0x0000000A
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\ImagePath: "\??\C:\WINDOWS\system32\drivers\nfr.sys"
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\DisplayName: "nfr.sys"
HKLM\SYSTEM\CurrentControlSet\Services\nfr.sys\Group: "PNP_TDI"
HKLM\SYSTEM\CurrentControlSet\Service\Logical Disk Manager (NDIS)\FailureActions: 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Fhccbeg\Zl Qbphzragf\zbivr434.niv.rkr: 06 00 00 00 06 00 00 00 A0 5B D2 E9 9B 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer: "http=127.0.0.1:7070"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride: "*.local;<local>"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31234: "These tasks apply to the files and folders you select."
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Support\My Documents\movie434.avi.exe: "movie434.avi"

----------------------------------
Values modified:14
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: B7 93 FF C8 09 CC 12 A2 F9 B6 66 E0 6B C9 BD 68 73 12 F3 6F F1 20 FE CE 0A 9A CD 0E BA A2 53 B6 52 81 6A E1 19 05 5E 67 8F 15 12 0B C7 1F 2A 9C 17 F4 D7 32 33 76 4C BD 00 13 EB 97 A7 71 92 87 3E 70 8F E6 9D 4B 71 98 01 77 D3 09 DB 1D 78 B7
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: B8 E1 40 38 C0 26 A1 85 A2 D7 E6 32 08 3B 8E E3 C7 7A DE C3 5A ED 1A AD E3 FC EE 6A E6 1A F5 69 8D 2A 6A 9D EF 04 B7 DA DA B6 71 35 69 DC 63 49 7B 6D 20 00 D6 91 65 D5 22 9C 70 B6 9F 30 D0 B1 99 A8 CB 23 90 15 C9 BA 8B DA E0 C1 4B 88 8B E0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x0000000B
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x0000001B
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x00000008
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x0000000D
HKLM\SYSTEM\ControlSet001\Control\ServiceCurrent\: 0x0000000A
HKLM\SYSTEM\ControlSet001\Control\ServiceCurrent\: 0x0000000B
HKLM\SYSTEM\CurrentControlSet\Control\ServiceCurrent\: 0x0000000A
HKLM\SYSTEM\CurrentControlSet\Control\ServiceCurrent\: 0x0000000B
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA: 86 31 4C 0E 07 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA: DF 34 4C 0E 08 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 06 00 00 00 A7 00 00 00 E0 97 42 DA 9B 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 06 00 00 00 A9 00 00 00 A0 5B D2 E9 9B 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 06 00 00 00 68 00 00 00 50 44 C2 D9 9B 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 06 00 00 00 69 00 00 00 B0 FE F3 E7 9B 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:::{450Q8SON-NQ25-11Q0-98N8-0800361O1103}: 06 00 00 00 18 00 00 00 80 29 1C AA 39 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:::{450Q8SON-NQ25-11Q0-98N8-0800361O1103}: 06 00 00 00 19 00 00 00 B0 FE F3 E7 9B 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable: 0x00000000
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable: 0x00000001
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401: 00 00 00 00 31 00 31 00 00 EC 19 51 96 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401: 00 00 00 00 31 00 31 00 70 DD 21 EA 9B 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401: 00 00 00 00 31 00 31 00 B0 EB A1 51 96 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401: 00 00 00 00 31 00 31 00 10 B5 4F EA 9B 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ScrollPos800x600(1).y: 0x00000460
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ScrollPos800x600(1).y: 0x00000428
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ItemPos800x600(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 4C 00 31 00 00 00 00 00 3F 3A 24 B9 10 00 41 2D 53 51 55 41 7E 31 00 00 34 00 03 00 04 00 EF BE 3F 3A 24 B9 43 3A 31 9F 14 00 00 00 61 00 2D 00 73 00 71 00 75 00 61 00 72 00 65 00 64 00 20 00 46 00 72 00 65 00 65 00 00 00 18 00 02 00 00 00 3A 00 00 00 5A 00 31 00 00 00 00 00 3E 3A 3B 7A 11 00 4D 59 4D 55 53 49 7E 31 00 00 28 00 03 00 04 00 EF BE 3E 3A 33 7A 43 3A A5 9E 14 00 00 00 4D 00 79 00 20 00 4D 00 75 00 73 00 69 00 63 00 00 00 18 00 1A 00 0D 00 06 00 EF BE 53 00 75 00 70 00 70 00 6F 00 72 00 74 00 00 00 18 00 02 00 00 00 72 00 00 00 60 00 31 00 00 00 00 00 3E 3A 3B 7A 11 00 4D 59 50 49 43 54 7E 31 00 00 2E 00 03 00 04 00 EF BE 3E 3A 33 7A 43 3A A5 9E 14 00 00 00 4D 00 79 00 20 00 50 00 69 00 63 00 74 00 75 00 72 00 65 00 73 00 00 00 18 00 1A 00 27 00 06 00 EF BE 53 00 75 00 70 00 70 00 6F 00 72 00 74 00 00 00 18 00 02 00 00 00 AA 00 00 00 3A 00 31 00 00 00 00 00 41 3A 75 9C 10 00 51 6F 6F 62 6F 78 00 00 24 00 03 00 04 00 EF BE 41 3A 75 9C 43 3A 31 9F 14 00 00 00 51 00 6F 00 6F 00 62 00 6F 00 78 00 00 00 16 00 02 00 00 00 E2 00 00 00 5E 00 31 00 00 00 00 00 3E 3A AE 7E 10 00 52 45 47 53 48 4F 7E 31 2E 32 5F 53 00 00 42 00 03 00 04 00 EF BE 3E 3A A9 7E 43 3A 31 9F 14 00 00 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 5F 00 31 00 2E 00 38 00 2E 00 32 00 5F 00 73 00 72 00 63 00 5F 00 62 00 69 00 6E 00 00 00 1C 00 02 00 00 00 1A 01 00 00 42 00 32 00 B2 56 0E 00 3E 3A 9D 7E 20 00 37 7A 34 36 34 2E 65 78 65 00 2A 00 03 00 04 00 EF BE 3E 3A 9B 7E 43 3A 44 3C 14 00 00 00 37 00 7A 00 34 00 36 00 34 00 2E 00 65 00 78 00 65 00 00 00 18 00 02 00 00 00 52 01 00 00 52 00 32 00 76 D6 C3 02 3F 3A 1D B9 20 00 41 32 46 52 45 45 7E 31 2E 45 58 45 00 00 36 00 03 00 04 00 EF BE 3F 3A 06 B8 43 3A 44 3C 14 00 00 00 61 00 32 00 46 00 72 00 65 00 65 00 53 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 8A 01 00 00 8C 00 32 00 70 DD 2E 01 3E 3A 1C 7D 20 00 41 44 2D 41 57 41 7E 31 2E 45 58 45 00 00 70 00 03 00 04 00 EF BE 3E 3A 26 7B 43 3A 45 3C 14 00 00 00 41 00 64 00 2D 00 41 00 77 00 61 00 72 00 65 00 20 00 32 00 30 00 30 00 38 00 20 00 50 00 72 00 6F 00 20 00 37 00 2E 00 31 00 2E 00 30 00 2E 00 31 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 C2 01 00 00 76 00 32 00 10 C3 3A 02 3E 3A 26 7C 20 00 41 53 48 41 4D 50 7E 31 2E 45 58 45 00 00 5A 00 03 00 04 00 EF BE 3E 3A 21 7C 43 3A 45 3C 14 00 00 00 61 00 73 00 68 00 61 00 6D 00 70 00 6F 00 6F 00 5F 00 61 00 6E 00 74 00 69 00 73 00 70 00 79 00 77 00 61 00 72 00 65 00 5F 00 32 00 5F 00 32 00 30 00 35 00 5F 00 73 00 6D 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 FA 01 00 00 94 00 32 00 00 6A BD 00 3E 3A 07 7C 20 00 41 56 47 41 4E 54 7E 31 2E 45 58 45 00 00 78 00 03 00 04 00 EF BE 3E 3A 3B 7B 43 3A 46 3C 14 00 00 00 41 00 56 00 47 00 20 00 41 00 6E 00 74 00 69 00 2D 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 20 00 46 00 72 00 65 00 65 00 20 00 37 00 2E 00 35 00 2E 00 31 00 2E 00 34 00 33 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 32 02 00 00 50 00 32 00 88 63 30 00 3E 3A C1 B2 20 00 43 43 53 45 54 55 7E 31 2E 45 58 45 00 00 34 00 03 00 04 00 EF BE 3E 3A BC B2 43 3A 48 3B 14 00 00 00 63 00 63 00 73 00 65 00 74 00 75 00 70 00 32 00 31 00 36 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 D2 04 00 00 54 00 32 00 00 D0 50 01 43 3A 74 9B 20 00 45 41 56 5F 4E 54 7E 32 2E 4D 53 49 00 00 38 00 03 00 04 00 EF BE 43 3A 19 9B 43 3A 74 9B 14 00 00 00 65 00 61 00 76 00 5F 00 6E 00 74 00 33 00 32 00 5F 00 62 00 67 00 72 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 02 00 00 00 6A 02 00 00 54 00 32 00 00 D6 8D 01 41 3A 80 9C 20 00 45 41 56 5F 4E 54 7E 31 2E 4D 53 49 00 00 38 00 03 00 04 00 EF BE 3E 3A 3D 9C 43 3A 3C 38 14 00 00 00 65 00 61 00 76 00 5F 00 6E 00 74 00 33 00 32 00 5F 00 65 00 6E 00 75 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 02 00 00 00 9A 04 00 00 48 00 32 00 1A 98 00 00 43 3A AE 34 20 00 69 6E 73 74 61 6C 6C 2E 65 78 65 00 2E 00 03 00 04 00 EF BE 43 3A AC 34 43 3A 49 3B 14 00 00 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 2E 00 65 00 78 00 65 00 00 00 1A 00 02 00 00 00 A2 02 00 00 50 00 32 00 88 C6 29 00 3E 3A D4 7A 20 00 4D 42 41 4D 2D 53 7E 31 2E 45 58 45 00 00 34 00 03 00 04 00 EF BE 3E 3A C6 7A 43 3A 4A 3B 14 00 00 00 6D 00 62 00 61 00 6D 00 2D 00 73 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 0A 05 00 00 52 00 32 00 C0 40 6D 00 43 3A 0E 9F 20 00 4F 31 30 30 53 5F 7E 31 2E 45 58 45 00 00 36 00 03 00 04 00 EF BE 43 3A 0A 9F 43 3A 22 9F 14 00 00 00 6F 00 31 00 30 00 30 00 73 00 5F 00 31 00 32 00 32 00 39 00 6D 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 DA 02 00 00 66 00 32 00 AD 64 01 00 3E 3A A2 7E 20 00 52 45 47 53 48 4F 7E 31 2E 5A 49 50 00 00 4A 00 03 00 04 00 EF BE 3E 3A 66 7E 43 3A 3D 38 14 00 00 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 5F 00 31 00 2E 00 38 00 2E 00 32 00 5F 00 73 00 72 00 63 00 5F 00 62 00 69 00 6E 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 12 03 00 00 4E 00 32 00 30 14 10 00 3E 3A 4B 80 20 00 52 45 56 4F 53 45 7E 31 2E 45 58 45 00 00 32 00 03 00 04 00 EF BE 3E 3A 4A 80 43 3A 4C 3B 14 00 00 00 72 00 65 00 76 00 6F 00 73 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 42 05 00 00 50 00 32 00 00 A0 01 00 43 3A 24 9F 20 00 53 45 54 55 50 5F 7E 31 2E 45 58 45 00 00 34 00 03 00 04 00 EF BE 43 3A 24 9F 43 3A 24 9F 14 00 00 00 73 00 65 00 74 00 75 00 70 00 5F 00 31 00 5F 00 31 00 5F 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 4A 03 00 00 52 00 32 00 68 65 FA 00 3E 3A CA 7A 20 00 53 50 59 42 4F 54 7E 31 2E 45 58 45 00 00 36 00 03 00 04 00 EF BE 3E 3A C6 7A 43 3A 4D 3B 14 00 00 00 73 00 70 00 79 00 62 00 6F 00 74 00 73 00 64 00 31 00 36 00 32 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 82 03 00 00 66 00 32 00 80 81 40 02 3E 3A 62 7C 20 00 53 50 59 53 57 45 7E 31 2E 45 58 45 00 00 4A 00 03 00 04 00 EF BE 3E 3A D5 7B 43 3A 4E 3B 14 00 00 00 53 00 70 00 79 00 53 00 77 00 65 00 65 00 70 00 65 00 72 00 53 00 4E 00 52 00 53 00 65 00 74 00 75 00 70 00 5F 00 45 00 4E 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 62 04 00 00 6C 00 32 00 E5 1F 04 00 42 3A 21 9A 20 00 53 50 59 57 41 52 7E 31 2E 5A 49 50 00 00 50 00 03 00 04 00 EF BE 42 3A 1C 9A 43 3A BD 33 14 00 00 00 73 00 70 00 79 00 77 00 61 00 72 00 65 00 5F 00 53 00 68 00 61 00 72 00 65 00 72 00 65 00 61 00 63 00 74 00 6F 00 72 00 2E 00 63 00 6F 00 6D 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 BA 03 00 00 7C 00 32 00 20 C9 2B 00 3E 3A 7A 7B 20 00 53 50 59 57 41 52 7E 31 2E 45 58 45 00 00 60 00 03 00 04 00 EF BE 3E 3A 5A 7B 43 3A 4E 3B 14 00 00 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 42 00 6C 00 61 00 73 00 74 00 65 00 72 00 20 00 34 00 2E 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 F2 03 00 00 5C 00 32 00 20 0A 5B 00 3E 3A B2 7B 20 00 53 55 50 45 52 41 7E 31 2E 45 58 45 00 00 40 00 03 00 04 00 EF BE 3E 3A 56 7B 43 3A 4F 3B 14 00 00 00 53 00 55 00 50 00 45 00 52 00 41 00 6E 00 74 00 69 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 2A 04 00 00 A6 00 32 00 10 24 4D 00 3E 3A ED 7B 20 00 54 52 45 4E 44 4D 7E 31 2E 45 58 45 00 00 8A 00 03 00 04 00 EF BE 3E 3A 50 7B 43 3A 4F 3B 14 00 00 00 54 00 72 00 65 00 6E 00 64 00 20 00 4D 00 69 00 63 00 72 00 6F 00 20 00 41 00 6E 00 74 00 69 00 2D 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 20 00 33 00 2E 00 35 00 20 00 42 00 75 00 69 00 6C 00 64 00 20 00 31 00 30 00 34 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 2A 04 00 00 00 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ItemPos800x600(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 4C 00 31 00 00 00 00 00 3F 3A 24 B9 10 00 41 2D 53 51 55 41 7E 31 00 00 34 00 03 00 04 00 EF BE 3F 3A 24 B9 44 3A EE 3A 14 00 00 00 61 00 2D 00 73 00 71 00 75 00 61 00 72 00 65 00 64 00 20 00 46 00 72 00 65 00 65 00 00 00 18 00 02 00 00 00 3A 00 00 00 5A 00 31 00 00 00 00 00 3E 3A 3B 7A 11 00 4D 59 4D 55 53 49 7E 31 00 00 28 00 03 00 04 00 EF BE 3E 3A 33 7A 44 3A 0D 38 14 00 00 00 4D 00 79 00 20 00 4D 00 75 00 73 00 69 00 63 00 00 00 18 00 1A 00 0D 00 06 00 EF BE 53 00 75 00 70 00 70 00 6F 00 72 00 74 00 00 00 18 00 02 00 00 00 72 00 00 00 60 00 31 00 00 00 00 00 3E 3A 3B 7A 11 00 4D 59 50 49 43 54 7E 31 00 00 2E 00 03 00 04 00 EF BE 3E 3A 33 7A 44 3A 0D 38 14 00 00 00 4D 00 79 00 20 00 50 00 69 00 63 00 74 00 75 00 72 00 65 00 73 00 00 00 18 00 1A 00 27 00 06 00 EF BE 53 00 75 00 70 00 70 00 6F 00 72 00 74 00 00 00 18 00 02 00 00 00 AA 00 00 00 3A 00 31 00 00 00 00 00 41 3A 75 9C 10 00 51 6F 6F 62 6F 78 00 00 24 00 03 00 04 00 EF BE 41 3A 75 9C 44 3A F4 3A 14 00 00 00 51 00 6F 00 6F 00 62 00 6F 00 78 00 00 00 16 00 02 00 00 00 E2 00 00 00 5E 00 31 00 00 00 00 00 3E 3A AE 7E 10 00 52 45 47 53 48 4F 7E 31 2E 32 5F 53 00 00 42 00 03 00 04 00 EF BE 3E 3A A9 7E 44 3A F5 3A 14 00 00 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 5F 00 31 00 2E 00 38 00 2E 00 32 00 5F 00 73 00 72 00 63 00 5F 00 62 00 69 00 6E 00 00 00 1C 00 02 00 00 00 1A 01 00 00 42 00 32 00 B2 56 0E 00 3E 3A 9D 7E 20 00 37 7A 34 36 34 2E 65 78 65 00 2A 00 03 00 04 00 EF BE 3E 3A 9B 7E 44 3A EE 3A 14 00 00 00 37 00 7A 00 34 00 36 00 34 00 2E 00 65 00 78 00 65 00 00 00 18 00 02 00 00 00 52 01 00 00 52 00 32 00 76 D6 C3 02 3F 3A 1D B9 20 00 41 32 46 52 45 45 7E 31 2E 45 58 45 00 00 36 00 03 00 04 00 EF BE 3F 3A 06 B8 44 3A EF 3A 14 00 00 00 61 00 32 00 46 00 72 00 65 00 65 00 53 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 8A 01 00 00 8C 00 32 00 70 DD 2E 01 3E 3A 1C 7D 20 00 41 44 2D 41 57 41 7E 31 2E 45 58 45 00 00 70 00 03 00 04 00 EF BE 3E 3A 26 7B 44 3A F0 3A 14 00 00 00 41 00 64 00 2D 00 41 00 77 00 61 00 72 00 65 00 20 00 32 00 30 00 30 00 38 00 20 00 50 00 72 00 6F 00 20 00 37 00 2E 00 31 00 2E 00 30 00 2E 00 31 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 C2 01 00 00 76 00 32 00 10 C3 3A 02 3E 3A 26 7C 20 00 41 53 48 41 4D 50 7E 31 2E 45 58 45 00 00 5A 00 03 00 04 00 EF BE 3E 3A 21 7C 44 3A F1 3A 14 00 00 00 61 00 73 00 68 00 61 00 6D 00 70 00 6F 00 6F 00 5F 00 61 00 6E 00 74 00 69 00 73 00 70 00 79 00 77 00 61 00 72 00 65 00 5F 00 32 00 5F 00 32 00 30 00 35 00 5F 00 73 00 6D 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 FA 01 00 00 94 00 32 00 00 6A BD 00 3E 3A 07 7C 20 00 41 56 47 41 4E 54 7E 31 2E 45 58 45 00 00 78 00 03 00 04 00 EF BE 3E 3A 3B 7B 44 3A F2 3A 14 00 00 00 41 00 56 00 47 00 20 00 41 00 6E 00 74 00 69 00 2D 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 20 00 46 00 72 00 65 00 65 00 20 00 37 00 2E 00 35 00 2E 00 31 00 2E 00 34 00 33 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 32 02 00 00 50 00 32 00 88 63 30 00 3E 3A C1 B2 20 00 43 43 53 45 54 55 7E 31 2E 45 58 45 00 00 34 00 03 00 04 00 EF BE 3E 3A BC B2 44 3A F2 3A 14 00 00 00 63 00 63 00 73 00 65 00 74 00 75 00 70 00 32 00 31 00 36 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 9A 04 00 00 54 00 32 00 00 D0 50 01 43 3A 74 9B 20 00 45 41 56 5F 4E 54 7E 32 2E 4D 53 49 00 00 38 00 03 00 04 00 EF BE 43 3A 19 9B 44 3A F2 3A 14 00 00 00 65 00 61 00 76 00 5F 00 6E 00 74 00 33 00 32 00 5F 00 62 00 67 00 72 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 02 00 00 00 6A 02 00 00 54 00 32 00 00 D6 8D 01 41 3A 80 9C 20 00 45 41 56 5F 4E 54 7E 31 2E 4D 53 49 00 00 38 00 03 00 04 00 EF BE 3E 3A 3D 9C 44 3A F2 3A 14 00 00 00 65 00 61 00 76 00 5F 00 6E 00 74 00 33 00 32 00 5F 00 65 00 6E 00 75 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 02 00 00 00 A2 02 00 00 50 00 32 00 88 C6 29 00 3E 3A D4 7A 20 00 4D 42 41 4D 2D 53 7E 31 2E 45 58 45 00 00 34 00 03 00 04 00 EF BE 3E 3A C6 7A 44 3A F3 3A 14 00 00 00 6D 00 62 00 61 00 6D 00 2D 00 73 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 0A 05 00 00 54 00 32 00 84 72 00 00 44 3A 0C 3D 20 00 4D 4F 56 49 45 34 7E 31 2E 45 58 45 00 00 38 00 03 00 04 00 EF BE 44 3A 0C 3D 44 3A 0C 3D 14 00 00 00 6D 00 6F 00 76 00 69 00 65 00 34 00 33 00 34 00 2E 00 61 00 76 00 69 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 D2 04 00 00 52 00 32 00 C0 40 6D 00 43 3A 0E 9F 20 00 4F 31 30 30 53 5F 7E 31 2E 45 58 45 00 00 36 00 03 00 04 00 EF BE 43 3A 0A 9F 44 3A F4 3A 14 00 00 00 6F 00 31 00 30 00 30 00 73 00 5F 00 31 00 32 00 32 00 39 00 6D 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 DA 02 00 00 66 00 32 00 AD 64 01 00 3E 3A A2 7E 20 00 52 45 47 53 48 4F 7E 31 2E 5A 49 50 00 00 4A 00 03 00 04 00 EF BE 3E 3A 66 7E 44 3A F5 3A 14 00 00 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 5F 00 31 00 2E 00 38 00 2E 00 32 00 5F 00 73 00 72 00 63 00 5F 00 62 00 69 00 6E 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 12 03 00 00 4E 00 32 00 30 14 10 00 3E 3A 4B 80 20 00 52 45 56 4F 53 45 7E 31 2E 45 58 45 00 00 32 00 03 00 04 00 EF BE 3E 3A 4A 80 44 3A F5 3A 14 00 00 00 72 00 65 00 76 00 6F 00 73 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 4A 03 00 00 52 00 32 00 68 65 FA 00 3E 3A CA 7A 20 00 53 50 59 42 4F 54 7E 31 2E 45 58 45 00 00 36 00 03 00 04 00 EF BE 3E 3A C6 7A 44 3A F5 3A 14 00 00 00 73 00 70 00 79 00 62 00 6F 00 74 00 73 00 64 00 31 00 36 00 32 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 82 03 00 00 66 00 32 00 80 81 40 02 3E 3A 62 7C 20 00 53 50 59 53 57 45 7E 31 2E 45 58 45 00 00 4A 00 03 00 04 00 EF BE 3E 3A D5 7B 44 3A F6 3A 14 00 00 00 53 00 70 00 79 00 53 00 77 00 65 00 65 00 70 00 65 00 72 00 53 00 4E 00 52 00 53 00 65 00 74 00 75 00 70 00 5F 00 45 00 4E 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 62 04 00 00 6C 00 32 00 E5 1F 04 00 42 3A 21 9A 20 00 53 50 59 57 41 52 7E 31 2E 5A 49 50 00 00 50 00 03 00 04 00 EF BE 42 3A 1C 9A 44 3A F6 3A 14 00 00 00 73 00 70 00 79 00 77 00 61 00 72 00 65 00 5F 00 53 00 68 00 61 00 72 00 65 00 72 00 65 00 61 00 63 00 74 00 6F 00 72 00 2E 00 63 00 6F 00 6D 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 BA 03 00 00 7C 00 32 00 20 C9 2B 00 3E 3A 7A 7B 20 00 53 50 59 57 41 52 7E 31 2E 45 58 45 00 00 60 00 03 00 04 00 EF BE 3E 3A 5A 7B 44 3A F6 3A 14 00 00 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 42 00 6C 00 61 00 73 00 74 00 65 00 72 00 20 00 34 00 2E 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 F2 03 00 00 5C 00 32 00 20 0A 5B 00 3E 3A B2 7B 20 00 53 55 50 45 52 41 7E 31 2E 45 58 45 00 00 40 00 03 00 04 00 EF BE 3E 3A 56 7B 44 3A F7 3A 14 00 00 00 53 00 55 00 50 00 45 00 52 00 41 00 6E 00 74 00 69 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 2A 04 00 00 A6 00 32 00 10 24 4D 00 3E 3A ED 7B 20 00 54 52 45 4E 44 4D 7E 31 2E 45 58 45 00 00 8A 00 03 00 04 00 EF BE 3E 3A 50 7B 44 3A F7 3A 14 00 00 00 54 00 72 00 65 00 6E 00 64 00 20 00 4D 00 69 00 63 00 72 00 6F 00 20 00 41 00 6E 00 74 00 69 00 2D 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 20 00 33 00 2E 00 35 00 20 00 42 00 75 00 69 00 6C 00 64 00 20 00 31 00 30 00 34 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 2A 04 00 00 00 00 00 00

----------------------------------
Files added:6
----------------------------------
C:\Program Files\system\smss.exe
C:\Program Files\system\smss.exe.assembly
C:\WINDOWS\system32\drivers\nfr.sys
C:\WINDOWS\system32\wbem\Logs\wbemcore.log
C:\WINDOWS\system32\wbem\Logs\wbemess.log
C:\WINDOWS\temp\Perflib_Perfdata_e54.dat

----------------------------------
Files deleted:1
----------------------------------
C:\Documents and Settings\Support\My Documents\movie434.avi.exe

----------------------------------
Files[attr]modified:7
----------------------------------
C:\Documents and Settings\Support\NTUSER.DAT.LOG
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\config\system.LOG

----------------------------------
Folders added:1
----------------------------------
C:\Program Files\system

----------------------------------
Total changes:172
----------------------------------

I use MalwareBytes' Anti-Malware to remove this codec:

Quote

Malwarebytes' Anti-Malware 1.33
Database version: 1725
Windows 5.1.2600 Service Pack 3

2009-02-04 10:14:55
mbam-log-2009-02-04 (10-14-55).txt

Scan type: Quick Scan
Objects scanned: 42863
Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Program Files\system\smss.exe (Trojan.Agent) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nfr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\logical disk manager (ndis) (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\logical disk manager (ndis) (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\nfr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\system\smss.exe (Trojan.Agent) -> Delete on reboot.

The first time I pointed to MBAM to remove detected threats, it freeze. On the second time remove them, but after restart I had no internet and I was forced to use System Restore.

Bad codec, bad... :D
Posted Image

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#2
Maniac
Posted 07 February 2009 - 08:01 AM

    I Love Andriana

  • Experts
  • PipPipPipPipPipPip
  • 10,166 posts
  • Gender:Male
  • Location:Bulgaria, EU
  • Interests:Information security and web development
New...
h**p://www.lilaloft.cn/windows-player.exe
Posted Image

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#3
Maniac
Posted 21 February 2009 - 09:46 PM

    I Love Andriana

  • Experts
  • PipPipPipPipPipPip
  • 10,166 posts
  • Gender:Male
  • Location:Bulgaria, EU
  • Interests:Information security and web development
New...

Links: h**p://xp-police-09.com/lands/tube/?title=Best%20Porn%20Online
h**p://angelinajmovies.cn/rs-free-movie/index4.php
Posted Image

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us