Help MUCH Appreciated.

Injigo · #21 (**permalink**) 14-06-2009, 02:43 PM

Hmm, well I did what you said and it still seems to hang and be rather draggy. Although it is slightly better but not much.

Neal · #22 (**permalink**) 14-06-2009, 11:04 PM

Delete the copy of combofix you have and download a new and updated copy and run another scan please and post that. Thanks.

Download SDFIX and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

Injigo · #23 (**permalink**) 15-06-2009, 06:09 AM

ComboFix 09-06-14.02 - Administrator 06/14/2009 19:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1678 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gxvxccount

c:\windows\system32\grpconv.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-21 11:38 . 2002-01-01 11:15 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-21 11:12 . 2009-06-21 11:12 -------- d-----w- c:\program files\Trend Micro
2009-06-21 10:24 . 2009-03-09 18:34 971776 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ajfzlr43.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071303000006.dll
2009-06-21 10:15 . 2009-06-02 06:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-06-21 10:14 . 2009-06-21 10:14 -------- d-----w- c:\program files\MSXML 4.0
2009-06-21 08:45 . 2002-01-01 11:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Meebo
2009-06-20 09:31 . 2009-06-20 09:31 -------- d-----w- c:\program files\TightVNC
2009-06-20 09:10 . 2009-06-20 09:10 -------- d-----w- c:\windows\system32\logs
2009-06-20 09:10 . 2009-06-20 09:10 -------- d-----w- C:\Binaries
2009-06-20 09:10 . 2009-06-20 09:10 -------- d-----w- c:\program files\BitDefender
2009-06-20 09:08 . 2009-06-20 09:08 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-20 08:45 . 2009-06-14 14:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2009-06-20 08:45 . 2009-06-20 08:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DNA
2009-06-20 08:45 . 2009-06-20 09:13 -------- d-----w- c:\program files\DNA
2009-06-20 08:45 . 2009-06-05 02:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2009-06-20 08:45 . 2009-06-20 08:45 -------- d-----w- c:\program files\BitTorrent
2009-06-20 08:39 . 2009-06-05 02:04 -------- d-----w- c:\program files\Vuze
2009-06-14 14:00 . 2009-06-14 14:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire
2009-06-14 13:59 . 2009-06-14 14:00 -------- d-----w- c:\program files\FrostWire
2009-06-13 10:02 . 2009-06-13 10:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Macrovision
2009-06-13 09:57 . 2009-06-13 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Strands
2009-06-13 09:57 . 2009-06-13 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-06-13 09:39 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-13 09:38 . 2009-06-13 09:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-13 09:38 . 2009-06-13 09:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-13 09:38 . 2009-06-13 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-13 09:35 . 2009-06-13 09:29 33731296 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_us_web.e xe
2009-06-13 09:34 . 2009-06-13 09:34 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst CCD.exe
2009-06-13 09:34 . 2009-06-13 09:34 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-06-13 09:34 . 2009-06-13 09:34 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCS.exe
2009-06-13 09:34 . 2009-06-13 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-13 09:29 . 2009-06-13 09:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\MyStrands_Winamp
2009-06-13 09:29 . 2009-06-14 14:05 -------- d-----w- c:\program files\MyStrands
2009-06-12 00:17 . 2009-06-12 00:17 -------- d-----w- c:\program files\CCleaner
2009-06-05 03:39 . 2009-06-05 03:39 -------- d-----w- c:\program files\Engelmann Media
2009-06-05 03:12 . 2009-06-05 03:12 -------- d-----w- c:\documents and settings\Administrator\ErrorLogs
2009-06-05 03:01 . 2008-10-26 04:55 2567159 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
2009-06-05 03:00 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\AF01B0B\6383BC9B\Xc eedZip.dll
2009-06-05 03:00 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\52CD59C9\6383BC9B\u pdate.dll
2009-06-05 03:00 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7390E4F0\6383BC9B\S tartRegistryBooster.exe
2009-06-05 03:00 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\2B86F085\6383BC9B\U BVarRB.dll
2009-06-05 03:00 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\4E45A1A4\6383BC9B\R egistryBooster.dll
2009-06-05 03:00 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7CE1607E\6383BC9B\R egistryBooster.exe
2009-06-05 03:00 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\65B92A91\6383BC9B\K illRBProcess.exe
2009-06-05 03:00 . 2009-06-05 03:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-06-05 02:41 . 2009-06-05 03:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\uniblue
2009-06-05 02:37 . 2009-06-05 03:01 -------- d-----w- c:\program files\Uniblue
2009-06-05 01:10 . 2009-06-05 01:10 -------- d-----w- c:\windows\system32\xircom
2009-06-05 01:10 . 2009-06-05 01:10 -------- d-----w- c:\windows\system32\wbem\snmp
2009-06-05 01:10 . 2009-06-05 01:10 -------- d-----w- c:\windows\system32\oobe
2009-06-05 01:10 . 2009-06-05 01:10 -------- d-----w- c:\windows\srchasst
2009-06-05 01:10 . 2009-06-05 01:10 -------- d-----w- c:\windows\msagent
2009-06-05 01:10 . 2009-06-05 01:10 -------- d-----w- c:\program files\microsoft frontpage
2009-06-04 13:17 . 2009-01-13 01:07 2633728 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ajfzlr43.default\ext ensions\LogMeInClient@logmein.com\plugins\npRACtrl .dll
2009-06-04 13:17 . 2007-08-06 19:07 8784 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ajfzlr43.default\ext ensions\LogMeInClient@logmein.com\plugins\ractrlke yhook.dll
2009-06-04 13:17 . 2007-08-06 19:07 71248 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ajfzlr43.default\ext ensions\LogMeInClient@logmein.com\plugins\LMIProxy Helper.exe
2009-06-04 13:17 . 2007-07-18 21:54 245408 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ajfzlr43.default\ext ensions\LogMeInClient@logmein.com\plugins\unicows. dll
2009-06-04 12:52 . 2009-06-04 12:53 -------- d-----w- c:\program files\CrossLoop
2009-06-04 06:38 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-04 06:35 . 2009-06-04 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-04 06:33 . 2005-08-26 02:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-06-04 06:13 . 2009-06-04 06:43 -------- d-----w- c:\program files\Sunbelt Software
2009-06-04 03:43 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-02 13:22 . 2009-06-02 13:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-06-02 13:22 . 2009-06-02 13:22 -------- d-----w- c:\program files\IObit
2009-06-02 09:05 . 2009-06-02 09:05 4846 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{4FD3EFE2-C856-4C55-AF0F-B29C1E2D6A24}\_4ae13d6c.exe
2009-06-02 09:05 . 2009-06-02 09:05 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{4FD3EFE2-C856-4C55-AF0F-B29C1E2D6A24}\_2cd672ae.exe
2009-06-02 09:05 . 2009-06-02 09:05 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{4FD3EFE2-C856-4C55-AF0F-B29C1E2D6A24}\_18be6784.exe
2009-06-02 09:05 . 2009-06-02 09:05 23558 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{4FD3EFE2-C856-4C55-AF0F-B29C1E2D6A24}\_69525f90.exe
2009-06-02 09:05 . 2009-06-02 09:05 23558 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{4FD3EFE2-C856-4C55-AF0F-B29C1E2D6A24}\_294823.exe
2009-06-02 08:45 . 2009-06-02 08:45 -------- d-----w- c:\program files\AdventNet
2009-06-01 06:38 . 2009-06-01 06:53 -------- d-----w- c:\program files\Hero Designer
2009-06-01 00:29 . 2009-06-01 00:32 -------- d-----w- C:\DeusEx
2009-05-29 11:09 . 2009-06-12 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-28 23:38 . 2009-05-28 23:59 -------- d-----w- C:\OUTPUT.tmp
2009-05-25 00:26 . 2009-05-26 12:59 -------- d-----w- C:\DOS
2009-05-24 00:11 . 2009-05-24 00:11 -------- d-----w- C:\MBAUTIL
2009-05-23 22:14 . 2009-05-23 22:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-23 21:58 . 2009-05-23 21:58 -------- d-----w- c:\windows\ie8updates
2009-05-23 21:57 . 2009-05-23 21:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-23 21:57 . 2009-05-23 21:57 -------- d-----w- c:\program files\Windows Desktop Search
2009-05-23 21:56 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-05-23 21:56 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-05-23 21:56 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-05-23 21:56 . 2009-04-25 05:30 102400 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-05-23 10:40 . 2009-05-23 10:40 766 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D48511FA-71C5-4059-88D0-B99AA08AA798}\NewIcon1.exe
2009-05-23 10:40 . 2009-05-23 10:40 65536 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D48511FA-71C5-4059-88D0-B99AA08AA798}\NewIcon2.exe
2009-05-23 10:40 . 2009-05-23 10:40 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D48511FA-71C5-4059-88D0-B99AA08AA798}\NewIcon.exe
2009-05-23 10:40 . 2009-05-23 10:40 -------- d-----w- c:\program files\DVD_Generator
2009-05-23 08:30 . 2009-05-23 08:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-23 08:30 . 2009-05-23 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 06:55 . 2009-05-22 06:55 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-05-22 06:00 . 2009-05-22 06:00 167376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ajfzlr43.default\Fla shGot.exe
2009-05-22 00:32 . 2005-10-16 15:00 12928 ----a-w- c:\windows\system32\drivers\filedisk.sys
2009-05-22 00:31 . 2009-05-22 00:31 -------- d-----w- c:\program files\WinImage
2009-05-21 22:44 . 2009-05-21 22:44 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-05-18 04:18 . 2009-06-21 10:27 -------- d-----w- c:\program files\Unlocker
2009-05-18 04:18 . 2009-05-18 04:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-05-16 16:38 . 2009-05-16 16:38 -------- d-----w- c:\program files\7-Zip
2009-05-16 14:05 . 2009-05-16 14:05 118784 ----a-w- c:\windows\system32\sgcncaj0e373.dll
2009-05-16 14:05 . 2009-05-16 14:05 33280 ----a-w- c:\windows\system32\emsbqij.exe
2009-05-16 12:39 . 2009-05-16 12:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL OCP
2009-05-16 12:39 . 2009-05-16 12:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-05-16 12:39 . 2009-05-18 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-16 12:39 . 2009-05-16 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-05-16 12:38 . 2009-05-16 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-16 12:38 . 2009-05-16 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-16 12:36 . 2009-05-16 12:36 -------- d-----w- c:\program files\Common Files\AOL
2009-05-16 12:35 . 2009-05-16 12:39 -------- d-----w- c:\program files\AIM6
2009-05-16 12:27 . 2009-05-16 12:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2009-05-16 12:26 . 2009-05-16 12:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\LAIM
2009-05-16 12:26 . 2009-05-16 12:26 -------- d-----w- c:\program files\AIM Lite
2009-05-16 12:13 . 2009-05-16 12:13 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D21B65C4-F7ED-4805-8781-BB835AC85D14}\_AF6EF1E1D61E94F138937B.exe
2009-05-16 12:13 . 2009-05-16 12:13 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D21B65C4-F7ED-4805-8781-BB835AC85D14}\_AC451EB93647F071F44C3B.exe
2009-05-16 12:13 . 2009-05-16 12:13 -------- d-----w- c:\program files\Thoosje

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-21 13:00 . 2009-05-14 07:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Move Networks
2009-06-21 10:58 . 2008-04-24 01:34 192512 ----a-w- c:\windows\system32\txmlutil.dll
2009-06-14 13:56 . 2009-05-05 09:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-06-14 02:46 . 2009-04-30 03:36 -------- d-----w- c:\program files\City of Heroes
2009-06-13 10:19 . 2009-05-09 06:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Free Download Manager
2009-06-13 09:42 . 2009-05-09 10:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Systweak
2009-06-13 09:39 . 2009-06-13 09:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-06-13 09:39 . 2009-06-13 09:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-06-13 09:37 . 2009-06-13 09:37 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-13 09:37 . 2009-06-13 09:37 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 09:37 . 2009-06-13 09:36 -------- d-----w- c:\program files\Nokia
2009-06-13 09:36 . 2009-06-13 09:36 -------- d-----w- c:\program files\DIFX
2009-06-13 09:36 . 2009-06-13 09:36 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-12 00:43 . 2009-05-02 11:48 -------- d-----w- c:\program files\Steam
2009-06-05 02:51 . 2009-06-05 02:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-06-02 08:45 . 2009-04-29 23:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-28 09:41 . 2009-05-05 06:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-05-26 04:53 . 2009-04-29 23:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-23 10:31 . 2009-04-29 23:02 8224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 05:23 . 2009-04-29 23:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-15 10:22 . 2009-05-15 10:22 -------- d-----w- c:\program files\Tftpd32
2009-05-14 12:55 . 2009-05-14 12:53 4506256 ----a-w- c:\documents and settings\Administrator\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
2009-05-12 21:51 . 2009-05-12 21:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-12 21:51 . 2009-05-12 21:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-05-12 00:46 . 2009-05-12 00:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-05-12 00:41 . 2009-05-12 00:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-05-12 00:41 . 2009-05-12 00:41 -------- d-----w- c:\program files\iTunes
2009-05-12 00:41 . 2009-05-12 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-05-12 00:41 . 2009-05-12 00:41 -------- d-----w- c:\program files\iPod
2009-05-12 00:41 . 2009-05-12 00:41 -------- d-----w- c:\program files\Bonjour
2009-05-12 00:41 . 2009-05-12 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-05-12 00:39 . 2009-04-29 23:23 -------- d-----w- c:\program files\QuickTime
2009-05-12 00:39 . 2009-05-01 15:27 -------- d-----w- c:\program files\DivX
2009-05-12 00:38 . 2009-05-01 15:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-12 00:37 . 2009-05-01 15:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-12 00:32 . 2009-05-12 00:32 -------- d-----w- c:\program files\Secunia
2009-05-09 10:10 . 2008-04-14 04:42 146432 ----a-w- c:\windows\regedit.exe
2009-05-09 06:52 . 2009-04-29 23:16 -------- d-----w- c:\program files\MultiRes
2009-05-09 06:51 . 2009-05-09 06:51 -------- d-----w- c:\program files\Radeon Omega Drivers
2009-05-09 06:42 . 2009-05-09 06:42 -------- d-----w- c:\program files\Free Download Manager
2009-05-09 06:42 . 2009-05-09 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-05-09 06:39 . 2009-04-30 01:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRight
2009-05-09 04:35 . 2009-05-09 04:35 0 ----a-w- c:\windows\ativpsrm.bin
2009-05-09 03:53 . 2009-04-29 23:01 1887 ----a-w- c:\documents and settings\All Users\Application Data\xml2C.tmp
2009-05-09 03:53 . 2009-04-29 23:01 13375 ----a-w- c:\documents and settings\All Users\Application Data\xml2B.tmp
2009-05-09 03:53 . 2009-04-29 23:01 7972 ----a-w- c:\documents and settings\All Users\Application Data\xml2A.tmp
2009-05-08 08:13 . 2009-05-08 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-05-05 09:03 . 2009-05-05 09:03 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-05 06:34 . 2009-05-05 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-05-04 08:46 . 2009-06-05 02:51 2835656 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\speedupmypc2009.exe
2009-05-03 16:58 . 2009-04-29 22:56 -------- d-----w- c:\program files\Firefox Downloads
2009-05-03 04:02 . 2009-05-03 03:59 102262 ----a-w- c:\windows\hpoins05.dat
2009-05-03 04:01 . 2009-05-03 04:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-03 04:00 . 2009-05-03 04:00 -------- d-----w- c:\program files\HP
2009-05-01 23:48 . 2009-05-01 23:48 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-01 23:37 . 2009-04-29 23:17 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-01 15:51 . 2009-04-29 23:27 -------- d-----w- c:\program files\NOS
2009-05-01 15:51 . 2009-04-29 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-01 15:39 . 2009-05-01 15:39 -------- d-----w- c:\program files\MSBuild
2009-05-01 15:38 . 2009-05-01 15:38 -------- d-----w- c:\program files\Reference Assemblies
2009-05-01 15:31 . 2009-05-01 15:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-01 15:29 . 2009-05-01 15:27 -------- d-----w- c:\program files\Google
2009-05-01 12:54 . 2009-05-01 12:54 -------- d-----w- c:\program files\Realtek
2009-04-30 07:21 . 2009-04-30 07:21 -------- d-----w- c:\program files\Microsoft
2009-04-30 07:21 . 2009-04-30 07:21 -------- d-----w- c:\program files\Windows Live
2009-04-30 07:21 . 2009-04-30 07:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-30 07:17 . 2009-04-30 07:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-30 02:38 . 2009-04-30 02:38 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-04-30 02:19 . 2009-04-30 02:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-04-30 01:55 . 2009-04-30 01:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\atitray
2009-04-30 01:37 . 2009-04-30 01:37 -------- d-----w- c:\program files\Intel
2009-04-30 01:26 . 2009-04-30 01:26 -------- d-----w- c:\program files\GetRight
2009-04-29 23:45 . 2009-04-29 23:45 -------- d-----w- c:\program files\Analog Devices
2009-04-29 23:23 . 2009-04-29 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-29 23:23 . 2009-04-29 23:23 -------- d-----w- c:\program files\Apple Software Update
2009-04-29 23:23 . 2009-04-29 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-04-29 23:20 . 2009-04-29 23:20 -------- d-----w- c:\program files\Java
2009-04-29 23:16 . 2009-04-29 23:16 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-04-29 22:52 . 2009-04-29 22:52 0 ----a-w- c:\windows\nsreg.dat
2009-04-29 22:36 . 2009-04-29 22:36 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-29 09:45 . 2009-06-05 02:49 845128 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\58D97068\B74607BA\Sy stem.Data.SQLite.dll
2009-04-29 09:45 . 2009-06-05 02:49 771368 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\9966075F\B74607BA\UB SysMan.dll
2009-04-29 09:45 . 2009-06-05 02:49 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\D720648F\B74607BA\In terop.IWshRuntimeLibrary.dll
2009-04-29 09:45 . 2009-06-05 02:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\78B94F67\B74607BA\Is License40.dll
2009-04-29 09:45 . 2009-06-05 02:49 395048 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\C77843B\B74607BA\SUM PBackend.dll
2009-04-29 09:45 . 2009-06-05 02:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\4BF757A\B74607BA\IsL icense30.dll
2009-04-29 09:45 . 2009-06-05 02:49 236840 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\683B013A\B74607BA\Po werSuiteBackendUtils.dll
2009-04-29 09:45 . 2009-06-05 02:49 614696 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\La uncher.exe
2009-04-29 09:45 . 2009-06-05 02:49 474408 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\62A3297F\B74607BA\Av alonCommon.dll
2009-04-29 09:45 . 2009-06-05 02:49 197968 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\6A0591D6\B74607BA\IC SharpCode.SharpZipLib.dll
2009-04-29 09:45 . 2009-06-05 02:49 1250600 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\B430549D\B74607BA\SU MP.exe
2009-04-15 20:25 . 2009-05-01 15:28 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-01 15:28 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\Administrator\Application Data\Desktopicon\eBayShortcuts.exe
.

------- Sigcheck -------

[-] 2009-03-03 00:36 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableCAD"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\emsbqij.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [5/8/2009 11:51 PM 17952]
S3 DbusAudio;DbusAudio;c:\windows\system32\drivers\Db usAudio.sys [5/5/2009 1:52 AM 23096]
S3 DbusVideo;DbusVideo;c:\windows\system32\drivers\Db usVideo.sys [5/5/2009 1:52 AM 3768]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 4:03 AM 7808]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [4/29/2009 4:00 PM 98488]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V023 0Vfx.sys [5/4/2009 2:07 AM 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [5/4/2009 2:07 AM 500608]
S3 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
FF - ProfilePath -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-14 19:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1965331169-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,7d,d2 ,50,63,2b,af,40,b3,38,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,7d,d2 ,50,63,2b,af,40,b3,38,16,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-15 20:00
ComboFix-quarantined-files.txt 2009-06-15 03:00
ComboFix2.txt 2009-05-09 10:10

Pre-Run: 72,824,082,432 bytes free
Post-Run: 72,815,034,368 bytes free

347

Injigo · #24 (**permalink**) 15-06-2009, 10:22 AM

SDFix log:

SDFix: Version 1.240
Run by Administrator on Sun 06/14/2009 at 11:56 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-15 00:02:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\sys tem32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"="C:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\emsbqij.exe"="C:\\WINDOWS\ \system32\\emsbqij.exe:*:Enabled:ENABLE"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled

NA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"="C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"="C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe:*:Enabled:TrackMani a Nations Forever"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"="D:\\Progra m Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:Si Software Sandra Agent Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :

Files with Hidden Attributes :

Tue 5 May 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 5 May 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Finished!

And the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:50 AM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1241051856718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1241182120609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: strands - {5EB36782-53FB-44F8-A28B-2C5C9E559A38} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5248 bytes

HijackThis Uninstall manager list:

5star GameTuner
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Advanced SystemCare 3
AIM 6
AIM Lite 0.33
Apple Software Update
ATI Display Driver (Omega 3.8.442)
Bonjour
CCleaner (remove only)
Choice Guard
City of Heroes (remove only)
Combined Community Codec Pack 2008-09-21 16:18
Counter-Strike: Source
Creative Live! Cam Video IM Pro Driver (1.02.02.1018)
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.44
Deus Ex
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD_Generator-1.14-EN-R1
EndItAll 2.0
Free Download Manager 3.0
FrostWire 4.18.0
GetRight
GTA San Andreas
Half-Life 2
HashCheck Shell Extension (x86-32)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB961118)
HP PSC & OfficeJet 5.3.B
Insurgency
iTunes
Java(TM) 6 Update 13
Left 4 Dead
LimeWire PRO 4.17.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.10)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MultiRes (remove only)
NetInfo
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
PC Connectivity Solution
QuickTime
Radeon Omega Drivers v4.8.442 Setup Files and Tools
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Secunia PSI
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Segoe UI
SiSoftware Sandra Professional Business 2009.SP2
SoundMAX
Spybot - Search & Destroy
Steam
Tftpd32 Standalone Edition (remove only)
Thoosje Quick Xp Optimizer Installer V2
TightVNC 1.3.10
TrackMania Nations Forever
Trillian
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpeedUpMyPC 2009
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB943729)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
VC80CRTRedist - 8.0.50727.762
VLC media player 0.9.8a
Winamp
Windows Defender
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem (02/24/2009 4.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
WinRAR archiver

Neal · #25 (**permalink**) 15-06-2009, 10:13 PM

You must get an anti-virus program immediately before it is to late.

Here is a free one:

Download FREE antivirus software - avast! Home Edition

Update the program and run a scan please.

Then:

Go here to learn how to show hidden files/folders:

Help Centre Home : www.telecom.co.nz/help

Re-hide after we are done

Then:

Go to next site:
VirusTotal - Free Online Virus and Malware Scan
On top you'll find 'Browse'
Click the browse button and browse to next file:

c:\windows\system32\txmlutil.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

If that one is to busy here is another option:

Jotti's malware scan

And

Virus File Scanner

Please do the same for these:

c:\windows\system32\bdod.bin
c:\windows\srchasst
c:\windows\system32\sgcncaj0e373.dll
c:\windows\system32\emsbqij.exe
c:\\WINDOWS\\system32\\emsbqij.exe

Injigo · #26 (**permalink**) 17-06-2009, 12:46 AM

File txmlutil.dll received on 2009.06.16 23:38:25 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.16 -
AhnLab-V3 5.0.0.2 2009.06.16 -
AntiVir 7.9.0.187 2009.06.16 -
Antiy-AVL 2.0.3.1 2009.06.16 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.16 -
AVG 8.5.0.339 2009.06.16 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.16 -
ClamAV 0.94.1 2009.06.16 -
Comodo 1346 2009.06.16 -
DrWeb 5.0.0.12182 2009.06.16 -
eSafe 7.0.17.0 2009.06.16 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
F-Secure 8.0.14470.0 2009.06.16 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.16 -
Jiangmin 11.0.706 2009.06.16 -
K7AntiVirus 7.10.765 2009.06.16 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5648 2009.06.16 -
McAfee+Artemis 5648 2009.06.16 -
McAfee-GW-Edition 6.7.6 2009.06.16 -
Microsoft 1.4701 2009.06.17 -
NOD32 4160 2009.06.16 -
Norman 6.01.09 2009.06.16 -
nProtect 2009.1.8.0 2009.06.16 -
Panda 10.0.0.14 2009.06.16 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.17 -
Rising 21.34.13.00 2009.06.16 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.16 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1094 2009.06.16 -
VBA32 3.12.10.7 2009.06.16 -
ViRobot 2009.6.16.1789 2009.06.16 -
VirusBuster 4.6.5.0 2009.06.16 -
Additional information
File size: 192512 bytes
MD5...: 9eca1c9c5b145f1b2620fa35737ae532
SHA1..: f605594fbf4737e2e2238101c87d874134e1ef1f
SHA256: 51b5d881d1be73efe919207e66d9a8bb52552e243ed28f554d c24ff47681dd5d
ssdeep: - 
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x18efe timedatestamp.....: 0x48ee07c9 (Thu Oct 09 13:31:53 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x19fd1 0x1a000 6.09 2a5e05e0ee0318a60b6ad40117bdd385 .rdata 0x1b000 0xf460 0x10000 5.32 46b2131d3b4eb9edf662bbf16f08a400 .data 0x2b000 0xb2c 0x1000 2.13 f549330df6d1f7e9a3e34a7f96502eac .rsrc 0x2c000 0x4d0 0x1000 4.04 e5ba5c1c6838fc57c666a4be5abba253 .reloc 0x2d000 0x19bc 0x2000 5.67 74ed9e3baa31cebadb24638e1b521736 ( 3 imports ) > KERNEL32.dll: MultiByteToWideChar, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, Sleep, InterlockedExchange, GetSystemTimeAsFileTime > MSVCR80.dll: _encode_pointer, _malloc_crt, _encoded_null, _decode_pointer, _initterm, _initterm_e, _amsg_exit, _adjust_fdiv, _terminate@@YAXXZ, __type_info_dtor_internal_method@type_info@@QAEXXZ , _except_handler4_common, _crt_debugger_hook, __clean_type_info_names_internal, _unlock, __dllonexit, _lock, _onexit, fabs, wcsncpy_s, floor, wcsstr, ceil, _CxxThrowException, wprintf_s, qsort, wcschr, wcsncmp, isalnum, isalpha, _vsnwprintf_s, swscanf_s, fputc, ferror, fseek, ftell, malloc, fread, free, fclose, fwprintf_s, _wfopen_s, wcsrchr, memcpy_s, _gcvt_s, swprintf_s, _itow_s, memset, _i64tow_s, _wtoi64, wcstok_s, __2@YAPAXI@Z, wcscpy_s, wcslen, ___U@YAPAXI@Z, memcpy, _wtof, _wtoi, wcscmp, __iob_func, __CxxFrameHandler3, iswspace, _purecall, ___V@YAXPAX@Z, __3@YAXPAX@Z, __CppXcptFilter > MSVCP80.dll: _at@_$basic_string@_WU_$char_traits@_W@std@@V_$all ocator@_W@2@@std@@QAEAA_WI@Z, _assign@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@PB_WI@Z, _good@ios_base@std@@QBE_NXZ, _peek@_$basic_istream@_WU_$char_traits@_W@std@@@st d@@QAEGXZ, _get@_$basic_istream@_WU_$char_traits@_W@std@@@std @@QAEGXZ, _append@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@ABV12@@Z, __$_6_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YAAAV_$basic_ostream@_WU_$char_traits@_W@std@@ @0@AAV10@ABV_$basic_string@_WU_$char_traits@_W@std @@V_$allocator@_W@2@@0@@Z, _find@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@QBEI_WI@Z, _npos@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@2IB, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@PB_W@Z, _reserve@_$basic_string@_WU_$char_traits@_W@std@@V _$allocator@_W@2@@std@@QAEXI@Z, __0_$basic_ostringstream@_WU_$char_traits@_W@std@@ V_$allocator@_W@2@@std@@QAE@H@Z, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@H@Z, _str@_$basic_ostringstream@_WU_$char_traits@_W@std @@V_$allocator@_W@2@@std@@QBE_AV_$basic_string@_WU _$char_traits@_W@std@@V_$allocator@_W@2@@2@XZ, ___D_$basic_ostringstream@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@std@@QAEXXZ, _length@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QBEIXZ, __A_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QBEAB_WI@Z, _append@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@PB_WI@Z, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@_W@Z, _empty@_$basic_string@_WU_$char_traits@_W@std@@V_$ allocator@_W@2@@std@@QBE_NXZ, __$_8_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@PB_W@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@ABV01@@Z, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@ABV01@@Z, _size@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@QBEIXZ, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@PB_W@Z, __$_O_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@0@Z, __$_M_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@0@Z, __$_8_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@0@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@XZ, __1_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@XZ, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@ABV01@@Z, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@PB_W@Z, _c_str@_$basic_string@_WU_$char_traits@_W@std@@V_$ allocator@_W@2@@std@@QBEPB_WXZ, __A_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAA_WI@Z ( 634 exports ) __0CBDTinyXml@@QAE@ABV0@@Z, __0CBDTinyXml@@QAE@ABVTiXmlDocument@@@Z, __0CBDTinyXml@@QAE@PB_W@Z, __0CBDTinyXml@@QAE@XZ, __0TiXmlAttribute@@QAE@ABV_$basic_string@_WU_$char _traits@_W@std@@V_$allocator@_W@2@@std@@0@Z, __0TiXmlAttribute@@QAE@PB_W0@Z, __0TiXmlAttribute@@QAE@XZ, __0TiXmlAttributeSet@@QAE@XZ, __0TiXmlBase@@QAE@XZ, __0TiXmlComment@@QAE@ABV0@@Z, __0TiXmlComment@@QAE@PB_W@Z, __0TiXmlComment@@QAE@XZ, __0TiXmlCursor@@QAE@XZ, __0TiXmlDeclaration@@QAE@ABV0@@Z, __0TiXmlDeclaration@@QAE@ABV_$basic_string@_WU_$ch ar_traits@_W@std@@V_$allocator@_W@2@@std@@00@Z, __0TiXmlDeclaration@@QAE@PB_W00@Z, __0TiXmlDeclaration@@QAE@XZ, __0TiXmlDocument@@QAE@ABV0@@Z, __0TiXmlDocument@@QAE@ABV_$basic_string@_WU_$char_ traits@_W@std@@V_$allocator@_W@2@@std@@@Z, __0TiXmlDocument@@QAE@PB_W@Z, __0TiXmlDocument@@QAE@XZ, __0TiXmlElement@@QAE@ABV0@@Z, __0TiXmlElement@@QAE@ABV_$basic_string@_WU_$char_t raits@_W@std@@V_$allocator@_W@2@@std@@@Z, __0TiXmlElement@@QAE@PB_W@Z, __0TiXmlHandle@@QAE@ABV0@@Z, __0TiXmlHandle@@QAE@PAVTiXmlNode@@@Z, __0TiXmlNode@@IAE@W4NodeType@0@@Z, __0TiXmlParsingData@@AAE@PB_WHHH@Z, __0TiXmlPrinter@@QAE@ABV0@@Z, __0TiXmlPrinter@@QAE@XZ, __0TiXmlText@@QAE@ABV0@@Z, __0TiXmlText@@QAE@ABV_$basic_string@_WU_$char_trai ts@_W@std@@V_$allocator@_W@2@@std@@@Z, __0TiXmlText@@QAE@PB_W@Z, __0TiXmlUnknown@@QAE@ABV0@@Z, __0TiXmlUnknown@@QAE@XZ, __0TiXmlVisitor@@QAE@ABV0@@Z, __0TiXmlVisitor@@QAE@XZ, __0action_item@TinyXPath@@QAE@ABV01@@Z, __0action_item@TinyXPath@@QAE@HHHPB_W@Z, __0action_store@TinyXPath@@QAE@XZ, __0byte_stream@TinyXPath@@QAE@PB_W@Z, __0error_not_yet@TinyXPath@@QAE@XZ, __0execution_error@TinyXPath@@QAE@H@Z, __0expression_result@TinyXPath@@QAE@ABV01@@Z, __0expression_result@TinyXPath@@QAE@PBVTiXmlNode@@ @Z, __0expression_result@TinyXPath@@QAE@XZ, __0node_set@TinyXPath@@QAE@ABV01@@Z, __0node_set@TinyXPath@@QAE@XZ, __0result_and_next@TinyXPath@@QAE@ABV01@@Z, __0result_and_next@TinyXPath@@QAE@Vexpression_resu lt@1@PAV01@@Z, __0syntax_error@TinyXPath@@QAE@PB_W@Z, __0token_list@TinyXPath@@QAE@ABV01@@Z, __0token_list@TinyXPath@@QAE@XZ, __0token_redef@TinyXPath@@QAE@ABV01@@Z, __0token_redef@TinyXPath@@QAE@PAVxpath_stream@1@@Z , __0token_syntax_decoder@TinyXPath@@QAE@ABV01@@Z, __0token_syntax_decoder@TinyXPath@@QAE@XZ, __0xpath_processor@TinyXPath@@QAE@ABV01@@Z, __0xpath_processor@TinyXPath@@QAE@PBVTiXmlNode@@PB _W@Z, __0xpath_stack@TinyXPath@@QAE@XZ, __0xpath_stream@TinyXPath@@QAE@ABV01@@Z, __0xpath_stream@TinyXPath@@QAE@PB_W@Z, __1CBDTinyXml@@QAE@XZ, __1TiXmlAttribute@@UAE@XZ, __1TiXmlAttributeSet@@QAE@XZ, __1TiXmlBase@@UAE@XZ, __1TiXmlComment@@UAE@XZ, __1TiXmlDeclaration@@UAE@XZ, __1TiXmlDocument@@UAE@XZ, __1TiXmlElement@@UAE@XZ, __1TiXmlNode@@UAE@XZ, __1TiXmlPrinter@@UAE@XZ, __1TiXmlText@@UAE@XZ, __1TiXmlUnknown@@UAE@XZ, __1TiXmlVisitor@@UAE@XZ, __1action_item@TinyXPath@@QAE@XZ, __1action_store@TinyXPath@@QAE@XZ, __1byte_stream@TinyXPath@@QAE@XZ, __1expression_result@TinyXPath@@QAE@XZ, __1node_set@TinyXPath@@QAE@XZ, __1result_and_next@TinyXPath@@QAE@XZ, __1token_list@TinyXPath@@UAE@XZ, __1token_redef@TinyXPath@@UAE@XZ, __1token_syntax_decoder@TinyXPath@@UAE@XZ, __1xpath_processor@TinyXPath@@UAE@XZ, __1xpath_stack@TinyXPath@@QAE@XZ, __1xpath_stream@TinyXPath@@UAE@XZ, __4CBDTinyXml@@QAEABV0@ABV0@@Z, __4CBDTinyXml@@QAEABV0@ABVTiXmlDocument@@@Z, __4TiXmlComment@@QAEXABV0@@Z, __4TiXmlCursor@@QAEAAU0@ABU0@@Z, __4TiXmlDeclaration@@QAEXABV0@@Z, __4TiXmlDocument@@QAEXABV0@@Z, __4TiXmlElement@@QAEXABV0@@Z, __4TiXmlHandle@@QAE_AV0@ABV0@@Z, __4TiXmlParsingData@@QAEAAV0@ABV0@@Z, __4TiXmlPrinter@@QAEAAV0@ABV0@@Z, __4TiXmlText@@QAEXABV0@@Z, __4TiXmlUnknown@@QAEXABV0@@Z, __4TiXmlVisitor@@QAEAAV0@ABV0@@Z, __4action_item@TinyXPath@@QAEAAV01@ABV01@@Z, __4action_store@TinyXPath@@QAEAAV01@ABV01@@Z, __4byte_stream@TinyXPath@@QAEAAV01@ABV01@@Z, __4error_not_yet@TinyXPath@@QAEAAV01@ABV01@@Z, __4execution_error@TinyXPath@@QAEAAV01@ABV01@@Z, __4expression_result@TinyXPath@@QAEAAV01@ABV01@@Z, __4node_set@TinyXPath@@QAEAAV01@ABV01@@Z, __4ptr_2_and_flag@TinyXPath@@QAEAAV01@ABV01@@Z, __4result_and_next@TinyXPath@@QAEAAV01@ABV01@@Z, __4syntax_error@TinyXPath@@QAEAAV01@ABV01@@Z, __4syntax_overflow@TinyXPath@@QAEAAV01@ABV01@@Z, __4token_list@TinyXPath@@QAEAAV01@ABV01@@Z, __4token_redef@TinyXPath@@QAEAAV01@ABV01@@Z, __4token_syntax_decoder@TinyXPath@@QAEAAV01@ABV01@ @Z, __4xpath_processor@TinyXPath@@QAEAAV01@ABV01@@Z, __4xpath_stack@TinyXPath@@QAEAAV01@ABV01@@Z, __4xpath_stream@TinyXPath@@QAEAAV01@ABV01@@Z, __8TiXmlAttribute@@QBE_NABV0@@Z, __MTiXmlAttribute@@QBE_NABV0@@Z, __OTiXmlAttribute@@QBE_NABV0@@Z, ___7CBDTinyXml@@6B@, ___7TiXmlAttribute@@6B@, ___7TiXmlBase@@6B@, ___7TiXmlComment@@6B@, ___7TiXmlDeclaration@@6B@, ___7TiXmlDocument@@6B@, ___7TiXmlElement@@6B@, ___7TiXmlNode@@6B@, ___7TiXmlPrinter@@6B@, ___7TiXmlText@@6B@, ___7TiXmlUnknown@@6B@, ___7TiXmlVisitor@@6B@, ___7token_list@TinyXPath@@6B@, ___7token_redef@TinyXPath@@6B@, ___7token_syntax_decoder@TinyXPath@@6B@, ___7xpath_processor@TinyXPath@@6B@, ___7xpath_stream@TinyXPath@@6B@, ___Fsyntax_error@TinyXPath@@QAEXXZ, _Accept@TiXmlComment@@UBE_NPAVTiXmlVisitor@@@Z, _Accept@TiXmlDeclaration@@UBE_NPAVTiXmlVisitor@@@Z , _Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z, _Accept@TiXmlElement@@UBE_NPAVTiXmlVisitor@@@Z, _Accept@TiXmlText@@UBE_NPAVTiXmlVisitor@@@Z, _Accept@TiXmlUnknown@@UBE_NPAVTiXmlVisitor@@@Z, _Add@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z, _Attach@CBDTinyXml@@QAEXAAVTiXmlDocument@@@Z, _Attribute@TiXmlElement@@QBEPBV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@std@@ABV23 @@Z, _Attribute@TiXmlElement@@QBEPBV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@std@@ABV23 @PAH@Z, _Attribute@TiXmlElement@@QBEPBV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@std@@ABV23 @PAN@Z, _Attribute@TiXmlElement@@QBEPB_WPB_W@Z, _Attribute@TiXmlElement@@QBEPB_WPB_WPAH@Z, _Attribute@TiXmlElement@@QBEPB_WPB_WPAN@Z, _Blank@TiXmlText@@IBE_NXZ, _CDATA@TiXmlText@@QBE_NXZ, _CStr@TiXmlPrinter@@QAEPB_WXZ, _Child@TiXmlHandle@@QBE_AV1@ABV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@std@@H@Z, _Child@TiXmlHandle@@QBE_AV1@H@Z, _Child@TiXmlHandle@@QBE_AV1@PB_WH@Z, _ChildElement@TiXmlHandle@@QBE_AV1@ABV_$basic_stri ng@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std @@H@Z, _ChildElement@TiXmlHandle@@QBE_AV1@H@Z, _ChildElement@TiXmlHandle@@QBE_AV1@PB_WH@Z, _Clear@TiXmlCursor@@QAEXXZ, _Clear@TiXmlNode@@QAEXXZ, _ClearError@TiXmlDocument@@QAEXXZ, _ClearThis@TiXmlElement@@IAEXXZ, _Clone@TiXmlComment@@UBEPAVTiXmlNode@@XZ, _Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ, _Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ, _Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ, _Clone@TiXmlText@@MBEPAVTiXmlNode@@XZ, _Clone@TiXmlUnknown@@UBEPAVTiXmlNode@@XZ, _Column@TiXmlBase@@QBEHXZ, _Compare@CBDTinyXml@@SA_NPBVTiXmlElement@@0@Z, _CompareChildren@CBDTinyXml@@SA_NPBVTiXmlElement@@ 0@Z, _ConvertUTF32ToUTF8@TiXmlBase@@KAXKPA_WPAH@Z, _CopyTo@TiXmlComment@@IBEXPAV1@@Z, _CopyTo@TiXmlDeclaration@@IBEXPAV1@@Z, _CopyTo@TiXmlDocument@@ABEXPAV1@@Z, _CopyTo@TiXmlElement@@IBEXPAV1@@Z, _CopyTo@TiXmlNode@@IBEXPAV1@@Z, _CopyTo@TiXmlText@@IBEXPAV1@@Z, _CopyTo@TiXmlUnknown@@IBEXPAV1@@Z, _CreatePath@CBDTinyXml@@QAEPAVTiXmlElement@@PBV2@P B_W@Z, _Cursor@TiXmlParsingData@@QAEABUTiXmlCursor@@XZ, _Detach@CBDTinyXml@@QAEXXZ, _DoIndent@TiXmlPrinter@@AAEXXZ, _DoLineBreak@TiXmlPrinter@@AAEXXZ, _DoubleValue@TiXmlAttribute@@QBENXZ, _Element@TiXmlHandle@@QBEPAVTiXmlElement@@XZ, _ElementToText@CBDTinyXml@@SA_AV_$basic_string@_WU _$char_traits@_W@std@@V_$allocator@_W@2@@std@@PBVT iXmlElement@@_N@Z, _EncodeString@TiXmlBase@@SAXABV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@std@@PAV23 @@Z, _Encoding@TiXmlDeclaration@@QBEPB_WXZ, _Error@TiXmlDocument@@QBE_NXZ, _ErrorCol@TiXmlDocument@@QBEHXZ, _ErrorDesc@TiXmlDocument@@QBEPB_WXZ, _ErrorId@TiXmlDocument@@QBEHXZ, _ErrorRow@TiXmlDocument@@QBEHXZ, _Find@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@ABV _$basic_string@_WU_$char_traits@_W@std@@V_$allocat or@_W@2@@std@@@Z, _Find@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@PB_ W@Z, _Find@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@ABV _$basic_string@_WU_$char_traits@_W@std@@V_$allocat or@_W@2@@std@@@Z, _Find@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@PB_ W@Z, _First@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@XZ , _First@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@XZ , _FirstAttribute@TiXmlElement@@QAEPAVTiXmlAttribute @@XZ, _FirstAttribute@TiXmlElement@@QBEPBVTiXmlAttribute @@XZ, _FirstChild@TiXmlHandle@@QBE_AV1@ABV_$basic_string @_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@ @Z, _FirstChild@TiXmlHandle@@QBE_AV1@PB_W@Z, _FirstChild@TiXmlHandle@@QBE_AV1@XZ, _FirstChild@TiXmlNode@@QAEPAV1@ABV_$basic_string@_ WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z , _FirstChild@TiXmlNode@@QAEPAV1@PB_W@Z, _FirstChild@TiXmlNode@@QAEPAV1@XZ, _FirstChild@TiXmlNode@@QBEPBV1@ABV_$basic_string@_ WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z , _FirstChild@TiXmlNode@@QBEPBV1@PB_W@Z, _FirstChild@TiXmlNode@@QBEPBV1@XZ, _FirstChildElement@TiXmlHandle@@QBE_AV1@ABV_$basic _string@_WU_$char_traits@_W@std@@V_$allocator@_W@2 @@std@@@Z, _FirstChildElement@TiXmlHandle@@QBE_AV1@PB_W@Z, _FirstChildElement@TiXmlHandle@@QBE_AV1@XZ, _FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@ ABV_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@@Z, _FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@ PB_W@Z, _FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@ XZ, _FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@ ABV_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@@Z, _FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@ PB_W@Z, _FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@ XZ, _GetChar@TiXmlBase@@KAPB_WPB_WPA_WPAHW4TiXmlEncodi ng@@@Z, _GetDeepestElement@CBDTinyXml@@QAEPAVTiXmlElement@ @PB_W@Z, _GetDeepestElement@CBDTinyXml@@QBEPBVTiXmlElement@ @PB_W@Z, _GetDocument@CBDTinyXml@@QAEAAVTiXmlDocument@@XZ, _GetDocument@CBDTinyXml@@QBEABVTiXmlDocument@@XZ, _GetDocument@TiXmlNode@@QAEPAVTiXmlDocument@@XZ, _GetDocument@TiXmlNode@@QBEPBVTiXmlDocument@@XZ, _GetDoubleValue@CBDTinyXml@@QBENPBVTiXmlElement@@P B_WNPA_N@Z, _GetElement@CBDTinyXml@@QAEPAVTiXmlElement@@PAV2@P B_W@Z, _GetElement@CBDTinyXml@@QBEPBVTiXmlElement@@PBV2@P B_W@Z, _GetEntity@TiXmlBase@@KAPB_WPB_WPA_WPAHW4TiXmlEnco ding@@@Z, _GetInt64Value@CBDTinyXml@@QBE_JPBVTiXmlElement@@P B_W_JPA_N@Z, _GetIntValue@CBDTinyXml@@QBEHPBVTiXmlElement@@PB_W HPA_N@Z, _GetRootElement@CBDTinyXml@@QAEPAVTiXmlElement@@XZ , _GetRootElement@CBDTinyXml@@QBEPBVTiXmlElement@@XZ , _GetText@TiXmlElement@@QBEPB_WXZ, _GetUserData@TiXmlBase@@QAEPAXXZ, _GetUserData@TiXmlBase@@QBEPBXXZ, _GetValue@CBDTinyXml@@QBE_AV_$basic_string@_WU_$ch ar_traits@_W@std@@V_$allocator@_W@2@@std@@PBVTiXml Element@@PB_W1PA_N@Z, _Identify@TiXmlNode@@IAEPAV1@PB_WW4TiXmlEncoding@@ @Z, _Indent@TiXmlPrinter@@QAEPB_WXZ, _InsertAfterChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z, _InsertBeforeChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z , _InsertChildElement@CBDTinyXml@@SAPAVTiXmlElement@ @PAV2@PB_W1@Z, _InsertChildElement@CBDTinyXml@@SAPAVTiXmlElement@ @PAV2@PB_W@Z, _InsertChildElement@CBDTinyXml@@SAPAVTiXmlElement@ @PAV2@PB_WH@Z, _InsertChildElement@CBDTinyXml@@SAPAVTiXmlElement@ @PAV2@PB_WN@Z, _InsertChildElement@CBDTinyXml@@SAPAVTiXmlElement@ @PAV2@PB_W_J@Z, _InsertDeclaration@CBDTinyXml@@QAEPAVTiXmlDeclarat ion@@PB_W00@Z, _InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z, _InsertRootElement@CBDTinyXml@@QAEPAVTiXmlElement@ @PB_W@Z, _IntValue@TiXmlAttribute@@QBEHXZ, _IsAlpha@TiXmlBase@@KAHIW4TiXmlEncoding@@@Z, _IsAlphaNum@TiXmlBase@@KAHIW4TiXmlEncoding@@@Z, _IsAttached@CBDTinyXml@@QBE_NXZ, _IsWhiteSpace@TiXmlBase@@KA_NH@Z, _IsWhiteSpace@TiXmlBase@@KA_N_W@Z, _IsWhiteSpaceCondensed@TiXmlBase@@SA_NXZ, _IterateChildren@CBDTinyXml@@QAEHPAVTiXmlElement@@ P6A_NPBV2@@Z_N@Z, _IterateChildren@TiXmlNode@@QAEPAV1@ABV_$basic_str ing@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@st d@@PBV1@@Z, _IterateChildren@TiXmlNode@@QAEPAV1@PBV1@@Z, _IterateChildren@TiXmlNode@@QAEPAV1@PB_WPBV1@@Z, _IterateChildren@TiXmlNode@@QBEPBV1@ABV_$basic_str ing@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@st d@@PBV1@@Z, _IterateChildren@TiXmlNode@@QBEPBV1@PBV1@@Z, _IterateChildren@TiXmlNode@@QBEPBV1@PB_WPBV1@@Z, _IterateChildrenInternal@CBDTinyXml@@IAEHPAVTiXmlE lement@@P6A_NPBV2@@Z_NAA_N@Z, _Last@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@XZ, _Last@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@XZ, _LastAttribute@TiXmlElement@@QAEPAVTiXmlAttribute@ @XZ, _LastAttribute@TiXmlElement@@QBEPBVTiXmlAttribute@ @XZ, _LastChild@TiXmlNode@@QAEPAV1@ABV_$basic_string@_W U_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _LastChild@TiXmlNode@@QAEPAV1@PB_W@Z, _LastChild@TiXmlNode@@QAEPAV1@XZ, _LastChild@TiXmlNode@@QBEPBV1@ABV_$basic_string@_W U_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _LastChild@TiXmlNode@@QBEPBV1@PB_W@Z, _LastChild@TiXmlNode@@QBEPBV1@XZ, _LineBreak@TiXmlPrinter@@QAEPB_WXZ, _LinkEndChild@TiXmlNode@@QAEPAV1@PAV1@@Z, _LoadFile@CBDTinyXml@@UAE_NPB_W@Z, _LoadFile@TiXmlDocument@@QAE_NABV_$basic_string@_W U_$char_traits@_W@std@@V_$allocator@_W@2@@std@@W4T iXmlEncoding@@@Z, _LoadFile@TiXmlDocument@@QAE_NPAU_iobuf@@W4TiXmlEn coding@@@Z, _LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@ @@Z, _LoadFile@TiXmlDocument@@QAE_NW4TiXmlEncoding@@@Z, _Name@TiXmlAttribute@@QBEPB_WXZ, _NameTStr@TiXmlAttribute@@QBEABV_$basic_string@_WU _$char_traits@_W@std@@V_$allocator@_W@2@@std@@XZ, _NewElementFromText@CBDTinyXml@@SAPAVTiXmlElement@ @PB_W@Z, _Next@TiXmlAttribute@@QAEPAV1@XZ, _Next@TiXmlAttribute@@QBEPBV1@XZ, _NextSibling@TiXmlNode@@QAEPAV1@ABV_$basic_string@ _WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@ Z, _NextSibling@TiXmlNode@@QAEPAV1@PB_W@Z, _NextSibling@TiXmlNode@@QAEPAV1@XZ, _NextSibling@TiXmlNode@@QBEPBV1@ABV_$basic_string@ _WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@ Z, _NextSibling@TiXmlNode@@QBEPBV1@PB_W@Z, _NextSibling@TiXmlNode@@QBEPBV1@XZ, _NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@ @ABV_$basic_string@_WU_$char_traits@_W@std@@V_$all ocator@_W@2@@std@@@Z, _NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@ @PB_W@Z, _NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@ @XZ, _NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@ @ABV_$basic_string@_WU_$char_traits@_W@std@@V_$all ocator@_W@2@@std@@@Z, _NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@ @PB_W@Z, _NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@ @XZ, _NoChildren@TiXmlNode@@QBE_NXZ, _Node@TiXmlHandle@@QBEPAVTiXmlNode@@XZ, _Parent@TiXmlNode@@QAEPAV1@XZ, _Parent@TiXmlNode@@QBEPBV1@XZ, _Parse@CBDTinyXml@@QAE_NPB_W@Z, _Parse@TiXmlAttribute@@UAEPB_WPB_WPAVTiXmlParsingD ata@@W4TiXmlEncoding@@@Z, _Parse@TiXmlComment@@UAEPB_WPB_WPAVTiXmlParsingDat a@@W4TiXmlEncoding@@@Z, _Parse@TiXmlDeclaration@@UAEPB_WPB_WPAVTiXmlParsin gData@@W4TiXmlEncoding@@@Z, _Parse@TiXmlDocument@@UAEPB_WPB_WPAVTiXmlParsingDa ta@@W4TiXmlEncoding@@@Z, _Parse@TiXmlElement@@UAEPB_WPB_WPAVTiXmlParsingDat a@@W4TiXmlEncoding@@@Z, _Parse@TiXmlText@@UAEPB_WPB_WPAVTiXmlParsingData@@ W4TiXmlEncoding@@@Z, _Parse@TiXmlUnknown@@UAEPB_WPB_WPAVTiXmlParsingDat a@@W4TiXmlEncoding@@@Z, _Previous@TiXmlAttribute@@QAEPAV1@XZ, _Previous@TiXmlAttribute@@QBEPBV1@XZ, _PreviousSibling@TiXmlNode@@QAEPAV1@ABV_$basic_str ing@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@st d@@@Z, _PreviousSibling@TiXmlNode@@QAEPAV1@PB_W@Z, _PreviousSibling@TiXmlNode@@QAEPAV1@XZ, _PreviousSibling@TiXmlNode@@QBEPBV1@ABV_$basic_str ing@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@st d@@@Z, _PreviousSibling@TiXmlNode@@QBEPBV1@PB_W@Z, _PreviousSibling@TiXmlNode@@QBEPBV1@XZ, _Print@TiXmlAttribute@@QBEXPAU_iobuf@@HPAV_$basic_ string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@ @std@@@Z, _Print@TiXmlAttribute@@UBEXPAU_iobuf@@H@Z, _Print@TiXmlComment@@UBEXPAU_iobuf@@H@Z, _Print@TiXmlDeclaration@@UBEXPAU_iobuf@@H@Z, _Print@TiXmlDeclaration@@UBEXPAU_iobuf@@HPAV_$basi c_string@_WU_$char_traits@_W@std@@V_$allocator@_W@ 2@@std@@@Z, _Print@TiXmlDocument@@QBEXXZ, _Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z, _Print@TiXmlElement@@UBEXPAU_iobuf@@H@Z, _Print@TiXmlText@@UBEXPAU_iobuf@@H@Z, _Print@TiXmlUnknown@@UBEXPAU_iobuf@@H@Z, _QueryDoubleAttribute@TiXmlElement@@QBEHABV_$basic _string@_WU_$char_traits@_W@std@@V_$allocator@_W@2 @@std@@PAN@Z, _QueryDoubleAttribute@TiXmlElement@@QBEHPB_WPAN@Z, _QueryDoubleValue@TiXmlAttribute@@QBEHPAN@Z, _QueryFloatAttribute@TiXmlElement@@QBEHPB_WPAM@Z, _QueryIntAttribute@TiXmlElement@@QBEHABV_$basic_st ring@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@s td@@PAH@Z, _QueryIntAttribute@TiXmlElement@@QBEHPB_WPAH@Z, _QueryIntValue@TiXmlAttribute@@QBEHPAH@Z, _ReadName@TiXmlBase@@KAPB_WPB_WPAV_$basic_string@_ WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@W4 TiXmlEncoding@@@Z, _ReadText@TiXmlBase@@KAPB_WPB_WPAV_$basic_string@_ WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@_N 02W4TiXmlEncoding@@@Z, _ReadValue@TiXmlElement@@IAEPB_WPB_WPAVTiXmlParsin gData@@W4TiXmlEncoding@@@Z, _Remove@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@ @Z, _RemoveAll@CBDTinyXml@@QAEXXZ, _RemoveAllButRoot@CBDTinyXml@@QAEXXZ, _RemoveAllButRootAndDeclaration@CBDTinyXml@@QAEXXZ , _RemoveAllChildren@CBDTinyXml@@SAXPAVTiXmlElement@ @@Z, _RemoveAttribute@TiXmlElement@@QAEXABV_$basic_stri ng@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std @@@Z, _RemoveAttribute@TiXmlElement@@QAEXPB_W@Z, _RemoveChild@TiXmlNode@@QAE_NPAV1@@Z, _RemoveElement@CBDTinyXml@@QAE_NPAVTiXmlElement@@@ Z, _ReplaceChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z, _RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ , _RootElement@TiXmlDocument@@QBEPBVTiXmlElement@@XZ , _Row@TiXmlBase@@QBEHXZ, _S_compute_xpath@xpath_processor@TinyXPath@@QAE_AV _$basic_string@_WU_$char_traits@_W@std@@V_$allocat or@_W@2@@std@@XZ, _S_get_string@expression_result@TinyXPath@@QAE_AV_ $basic_string@_WU_$char_traits@_W@std@@V_$allocato r@_W@2@@std@@XZ, _S_get_string_value@node_set@TinyXPath@@QBE_AV_$ba sic_string@_WU_$char_traits@_W@std@@V_$allocator@_ W@2@@std@@XZ, _S_get_value@node_set@TinyXPath@@QAE_AV_$basic_str ing@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@st d@@I@Z, _S_pop_string@xpath_processor@TinyXPath@@IAE_AV_$b asic_string@_WU_$char_traits@_W@std@@V_$allocator@ _W@2@@std@@XZ, _S_pop_string@xpath_stack@TinyXPath@@QAE_AV_$basic _string@_WU_$char_traits@_W@std@@V_$allocator@_W@2 @@std@@XZ, _S_xpath_string@TinyXPath@@YA_AV_$basic_string@_WU _$char_traits@_W@std@@V_$allocator@_W@2@@std@@PBVT iXmlNode@@PB_W@Z, _SaveFile@CBDTinyXml@@UBE_NPB_W@Z, _SaveFile@TiXmlDocument@@QBE_NABV_$basic_string@_W U_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _SaveFile@TiXmlDocument@@QBE_NPAU_iobuf@@@Z, _SaveFile@TiXmlDocument@@QBE_NPB_W@Z, _SaveFile@TiXmlDocument@@QBE_NXZ, _SetAttribute@CBDTinyXml@@SAXPAVTiXmlElement@@PB_W 1@Z, _SetAttribute@CBDTinyXml@@SAXPAVTiXmlElement@@PB_W H@Z, _SetAttribute@CBDTinyXml@@SAXPAVTiXmlElement@@PB_W N@Z, _SetAttribute@CBDTinyXml@@SAXPAVTiXmlElement@@PB_W _J@Z, _SetAttribute@TiXmlElement@@QAEXABV_$basic_string@ _WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@0 @Z, _SetAttribute@TiXmlElement@@QAEXABV_$basic_string@ _WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@H @Z, _SetAttribute@TiXmlElement@@QAEXPB_W0@Z, _SetAttribute@TiXmlElement@@QAEXPB_WH@Z, _SetCDATA@TiXmlText@@QAEX_N@Z, _SetComment@CBDTinyXml@@SAPAVTiXmlComment@@PAVTiXm lElement@@PB_W@Z, _SetCondenseWhiteSpace@TiXmlBase@@SAX_N@Z, _SetDocument@TiXmlAttribute@@QAEXPAVTiXmlDocument@ @@Z, _SetDoubleAttribute@TiXmlElement@@QAEXPB_WN@Z, _SetDoubleValue@TiXmlAttribute@@QAEXN@Z, _SetError@TiXmlDocument@@QAEXHPB_WPAVTiXmlParsingD ata@@W4TiXmlEncoding@@@Z, _SetIndent@TiXmlPrinter@@QAEXPB_W@Z, _SetIntValue@TiXmlAttribute@@QAEXH@Z, _SetLineBreak@TiXmlPrinter@@QAEXPB_W@Z, _SetName@TiXmlAttribute@@QAEXABV_$basic_string@_WU _$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _SetName@TiXmlAttribute@@QAEXPB_W@Z, _SetStreamPrinting@TiXmlPrinter@@QAEXXZ, _SetTabSize@TiXmlDocument@@QAEXH@Z, _SetText@CBDTinyXml@@SAPAVTiXmlText@@PAVTiXmlEleme nt@@H@Z, _SetText@CBDTinyXml@@SAPAVTiXmlText@@PAVTiXmlEleme nt@@N@Z, _SetText@CBDTinyXml@@SAPAVTiXmlText@@PAVTiXmlEleme nt@@PB_W@Z, _SetText@CBDTinyXml@@SAPAVTiXmlText@@PAVTiXmlEleme nt@@_J@Z, _SetUserData@TiXmlBase@@QAEXPAX@Z, _SetValue@CBDTinyXml@@QAE_NPAVTiXmlElement@@PB_W1@ Z, _SetValue@TiXmlAttribute@@QAEXABV_$basic_string@_W U_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _SetValue@TiXmlAttribute@@QAEXPB_W@Z, _SetValue@TiXmlNode@@QAEXABV_$basic_string@_WU_$ch ar_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _SetValue@TiXmlNode@@QAEXPB_W@Z, _Size@TiXmlPrinter@@QAEIXZ, _SkipWhiteSpace@TiXmlBase@@KAPB_WPB_WW4TiXmlEncodi ng@@@Z, _Stamp@TiXmlParsingData@@QAEXPB_WW4TiXmlEncoding@@ @Z, _Standalone@TiXmlDeclaration@@QBEPB_WXZ, _Str@TiXmlPrinter@@QAEABV_$basic_string@_WU_$char_ traits@_W@std@@V_$allocator@_W@2@@std@@XZ, _StreamIn@TiXmlComment@@MAEXPAV_$basic_istream@_WU _$char_traits@_W@std@@@std@@PAV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _StreamIn@TiXmlDeclaration@@MAEXPAV_$basic_istream @_WU_$char_traits@_W@std@@@std@@PAV_$basic_string@ _WU_$char_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _StreamIn@TiXmlDocument@@MAEXPAV_$basic_istream@_W U_$char_traits@_W@std@@@std@@PAV_$basic_string@_WU _$char_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _StreamIn@TiXmlElement@@MAEXPAV_$basic_istream@_WU _$char_traits@_W@std@@@std@@PAV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _StreamIn@TiXmlText@@MAEXPAV_$basic_istream@_WU_$c har_traits@_W@std@@@std@@PAV_$basic_string@_WU_$ch ar_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _StreamIn@TiXmlUnknown@@MAEXPAV_$basic_istream@_WU _$char_traits@_W@std@@@std@@PAV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _StreamTo@TiXmlBase@@KA_NPAV_$basic_istream@_WU_$c har_traits@_W@std@@@std@@HPAV_$basic_string@_WU_$c har_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _StreamWhiteSpace@TiXmlBase@@KA_NPAV_$basic_istrea m@_WU_$char_traits@_W@std@@@std@@PAV_$basic_string @_WU_$char_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _StringEqual@TiXmlBase@@KA_NPB_W0_NW4TiXmlEncoding @@@Z, _TabSize@TiXmlDocument@@QBEHXZ, _Text@TiXmlHandle@@QBEPAVTiXmlText@@XZ, _ToComment@TiXmlComment@@UAEPAV1@XZ, _ToComment@TiXmlComment@@UBEPBV1@XZ, _ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ, _ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ, _ToDeclaration@TiXmlDeclaration@@UAEPAV1@XZ, _ToDeclaration@TiXmlDeclaration@@UBEPBV1@XZ, _ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@ XZ, _ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@ XZ, _ToDocument@TiXmlDocument@@UAEPAV1@XZ, _ToDocument@TiXmlDocument@@UBEPBV1@XZ, _ToDocument@TiXmlNode@@UAEPAVTiXmlDocument@@XZ, _ToDocument@TiXmlNode@@UBEPBVTiXmlDocument@@XZ, _ToElement@TiXmlElement@@UAEPAV1@XZ, _ToElement@TiXmlElement@@UBEPBV1@XZ, _ToElement@TiXmlHandle@@QBEPAVTiXmlElement@@XZ, _ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ, _ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ, _ToLower@TiXmlBase@@KAHHW4TiXmlEncoding@@@Z, _ToNode@TiXmlHandle@@QBEPAVTiXmlNode@@XZ, _ToText@CBDTinyXml@@QBE_AV_$basic_string@_WU_$char _traits@_W@std@@V_$allocator@_W@2@@std@@_N@Z, _ToText@TiXmlHandle@@QBEPAVTiXmlText@@XZ, _ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ, _ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ, _ToText@TiXmlText@@UAEPAV1@XZ, _ToText@TiXmlText@@UBEPBV1@XZ, _ToUnknown@TiXmlHandle@@QBEPAVTiXmlUnknown@@XZ, _ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ, _ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ, _ToUnknown@TiXmlUnknown@@UAEPAV1@XZ, _ToUnknown@TiXmlUnknown@@UBEPBV1@XZ, _Type@TiXmlNode@@QBEHXZ, _Unknown@TiXmlHandle@@QBEPAVTiXmlUnknown@@XZ, _Value@TiXmlAttribute@@QBEPB_WXZ, _Value@TiXmlNode@@QBEPB_WXZ, _ValueStr@TiXmlAttribute@@QBEABV_$basic_string@_WU _$char_traits@_W@std@@V_$allocator@_W@2@@std@@XZ, _ValueStr@TiXmlNode@@QBEABV_$basic_string@_WU_$cha r_traits@_W@std@@V_$allocator@_W@2@@std@@XZ, _ValueTStr@TiXmlNode@@QBEABV_$basic_string@_WU_$ch ar_traits@_W@std@@V_$allocator@_W@2@@std@@XZ, _Version@TiXmlDeclaration@@QBEPB_WXZ, _Visit@TiXmlPrinter@@UAE_NABVTiXmlComment@@@Z, _Visit@TiXmlPrinter@@UAE_NABVTiXmlDeclaration@@@Z, _Visit@TiXmlPrinter@@UAE_NABVTiXmlText@@@Z, _Visit@TiXmlPrinter@@UAE_NABVTiXmlUnknown@@@Z, _Visit@TiXmlVisitor@@UAE_NABVTiXmlComment@@@Z, _Visit@TiXmlVisitor@@UAE_NABVTiXmlDeclaration@@@Z, _Visit@TiXmlVisitor@@UAE_NABVTiXmlText@@@Z, _Visit@TiXmlVisitor@@UAE_NABVTiXmlUnknown@@@Z, _VisitEnter@TiXmlPrinter@@UAE_NABVTiXmlDocument@@@ Z, _VisitEnter@TiXmlPrinter@@UAE_NABVTiXmlElement@@PB VTiXmlAttribute@@@Z, _VisitEnter@TiXmlVisitor@@UAE_NABVTiXmlDocument@@@ Z, _VisitEnter@TiXmlVisitor@@UAE_NABVTiXmlElement@@PB VTiXmlAttribute@@@Z, _VisitExit@TiXmlPrinter@@UAE_NABVTiXmlDocument@@@Z , _VisitExit@TiXmlPrinter@@UAE_NABVTiXmlElement@@@Z, _VisitExit@TiXmlVisitor@@UAE_NABVTiXmlDocument@@@Z , _VisitExit@TiXmlVisitor@@UAE_NABVTiXmlElement@@@Z, _XAp_get_attribute_in_set@node_set@TinyXPath@@QAEP BVTiXmlAttribute@@I@Z, _XAp_get_xpath_attribute@xpath_processor@TinyXPath @@QAEPAVTiXmlAttribute@@I@Z, _XAp_xpath_attribute@TinyXPath@@YAPAVTiXmlAttribut e@@PBVTiXmlNode@@PB_W@Z, _XBp_get_base_in_set@node_set@TinyXPath@@QAEPBVTiX mlBase@@I@Z, _XEp_get_context@xpath_processor@TinyXPath@@IAEPBV TiXmlElement@@XZ, _XNp_get_node_in_set@node_set@TinyXPath@@QAEPBVTiX mlNode@@I@Z, _XNp_get_xpath_node@xpath_processor@TinyXPath@@QAE PAVTiXmlNode@@I@Z, _XNp_xpath_node@TinyXPath@@YAPAVTiXmlNode@@PBV2@PB _W@Z, _b_forward@byte_stream@TinyXPath@@QAE_WI@Z, _b_pop@byte_stream@TinyXPath@@QAE_WXZ, _b_top@byte_stream@TinyXPath@@QAE_WXZ, _bp_get_backward@byte_stream@TinyXPath@@QAEPB_WI@Z , _condenseWhiteSpace@TiXmlBase@@0_NA, _cp_get_string@expression_result@TinyXPath@@QAEPB_ WXZ, _d_compute_xpath@xpath_processor@TinyXPath@@QAENXZ , _d_get_double@expression_result@TinyXPath@@QAENXZ, _d_get_value@node_set@TinyXPath@@QAENI@Z, _d_xpath_double@TinyXPath@@YANPBVTiXmlNode@@PB_W@Z , _entity@TiXmlBase@@0PAUEntity@1@A, _er_compute_xpath@xpath_processor@TinyXPath@@QAE_A Vexpression_result@2@XZ, _erp_previous@xpath_stack@TinyXPath@@QAEPAVexpress ion_result@2@I@Z, _erp_top@xpath_stack@TinyXPath@@QAEPAVexpression_r esult@2@XZ, _errorString@TiXmlBase@@1PAPB_WA, _i_compute_xpath@xpath_processor@TinyXPath@@QAEHXZ , _i_get_action_counter@token_redef@TinyXPath@@UAEHX Z, _i_get_action_counter@xpath_processor@TinyXPath@@M AEHXZ, _i_get_int@expression_result@TinyXPath@@QAEHXZ, _i_get_position@action_store@TinyXPath@@QAEHXZ, _i_get_size@action_store@TinyXPath@@QAEHXZ, _i_get_value@node_set@TinyXPath@@QAEHI@Z, _i_pop_int@xpath_processor@TinyXPath@@IAEHXZ, _i_pop_int@xpath_stack@TinyXPath@@QAEHXZ, _i_top_int@xpath_stack@TinyXPath@@QAEHXZ, _i_xml_cardinality@TinyXPath@@YAHPBVTiXmlElement@@ _N@Z, _i_xml_family_size@TinyXPath@@YAHPBVTiXmlElement@@ @Z, _i_xpath_int@TinyXPath@@YAHPBVTiXmlNode@@PB_W@Z, _ltp_freeze@token_list@TinyXPath@@QAEPAVlex_token@ 2@XZ, _ltp_get@token_list@TinyXPath@@QAEPAVlex_token@2@H @Z, _ns_pop_node_set@xpath_processor@TinyXPath@@IAE_AV node_set@2@XZ, _ns_pop_node_set@xpath_stack@TinyXPath@@QAE_AVnode _set@2@XZ, _nsp_get_node_set@expression_result@TinyXPath@@QAE PAVnode_set@2@XZ, _o_check_predicate@xpath_processor@TinyXPath@@IAE_ NPBVTiXmlElement@@_N@Z, _o_compute_xpath@xpath_processor@TinyXPath@@QAE_NX Z, _o_exist_in_set@node_set@TinyXPath@@QAE_NPBVTiXmlB ase@@@Z, _o_get_bool@expression_result@TinyXPath@@QAE_NXZ, _o_is_attrib@node_set@TinyXPath@@QAE_NI@Z, _o_is_valid@byte_stream@TinyXPath@@QAE_NXZ, _o_pop_bool@xpath_processor@TinyXPath@@IAE_NXZ, _o_pop_bool@xpath_stack@TinyXPath@@QAE_NXZ, _o_recognize@token_syntax_decoder@TinyXPath@@IAE_N W4xpath_construct@2@_N@Z, _o_xpath_attribute@TinyXPath@@YA_NPBVTiXmlNode@@PB _WAAPBVTiXmlAttribute@@@Z, _o_xpath_bool@TinyXPath@@YA_NPBVTiXmlNode@@PB_W@Z, _o_xpath_bool@TinyXPath@@YA_NPBVTiXmlNode@@PB_WAA_ N@Z, _o_xpath_double@TinyXPath@@YA_NPBVTiXmlNode@@PB_WA AN@Z, _o_xpath_int@TinyXPath@@YA_NPBVTiXmlNode@@PB_WAAH@ Z, _o_xpath_node@TinyXPath@@YA_NPBVTiXmlNode@@PB_WAAP BV2@@Z, _o_xpath_string@TinyXPath@@YA_NPBVTiXmlNode@@PB_WA AV_$basic_string@_WU_$char_traits@_W@std@@V_$alloc ator@_W@2@@std@@@Z, _rnp_get_next@result_and_next@TinyXPath@@QAEPAV12@ XZ, _u_compute_xpath_node_set@xpath_processor@TinyXPat h@@QAEIXZ, _u_get_nb_node_in_set@node_set@TinyXPath@@QBEIXZ, _u_get_size@xpath_stack@TinyXPath@@QAEIXZ, _u_remain@byte_stream@TinyXPath@@QAEIXZ, _utf8ByteTable@TiXmlBase@@2QBHB, _v_action@token_redef@TinyXPath@@UAEXW4xpath_const ruct@2@IIPB_W@Z, _v_action@xpath_processor@TinyXPath@@MAEXW4xpath_c onstruct@2@IIPB_W@Z, _v_add@action_store@TinyXPath@@QAEXHHHPB_W@Z, _v_add_all_foll_node@node_set@TinyXPath@@QAEXPBVTi XmlNode@@ABV_$basic_string@_WU_$char_traits@_W@std @@V_$allocator@_W@2@@std@@@Z, _v_add_all_prec_node@node_set@TinyXPath@@QAEXPBVTi XmlNode@@ABV_$basic_string@_WU_$char_traits@_W@std @@V_$allocator@_W@2@@std@@@Z, _v_add_attrib_in_set@node_set@TinyXPath@@QAEXPBVTi XmlAttribute@@@Z, _v_add_attrib_in_set_if_name_or_star@node_set@Tiny XPath@@QAEXPBVTiXmlAttribute@@ABV_$basic_string@_W U_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _v_add_base_in_set@node_set@TinyXPath@@QAEXPBVTiXm lBase@@_N@Z, _v_add_node_in_set@node_set@TinyXPath@@QAEXPBVTiXm lNode@@@Z, _v_add_node_in_set_if_name_or_star@node_set@TinyXP ath@@QAEXPBVTiXmlNode@@ABV_$basic_string@_WU_$char _traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _v_add_token@token_list@TinyXPath@@QAEXW4lexico@2@ PB_WI@Z, _v_build_root@xpath_processor@TinyXPath@@IAEXXZ, _v_copy_node_children@node_set@TinyXPath@@QAEXPBVT iXmlNode@@@Z, _v_copy_node_children@node_set@TinyXPath@@QAEXPBVT iXmlNode@@PB_W@Z, _v_copy_selected_node_recursive@node_set@TinyXPath @@QAEXPBVTiXmlNode@@@Z, _v_copy_selected_node_recursive@node_set@TinyXPath @@QAEXPBVTiXmlNode@@PB_W@Z, _v_copy_selected_node_recursive_no_attrib@node_set @TinyXPath@@QAEXPBVTiXmlNode@@PB_W@Z, _v_copy_selected_node_recursive_root_only@node_set @TinyXPath@@QAEXPBVTiXmlNode@@0@Z, _v_dec_position@action_store@TinyXPath@@QAEXXZ, _v_delete_current@token_list@TinyXPath@@QAEXXZ, _v_delete_next@token_list@TinyXPath@@QAEXXZ, _v_document_sort@node_set@TinyXPath@@QAEXPBVTiXmlN ode@@@Z, _v_dump@node_set@TinyXPath@@QAEXXZ, _v_evaluate@xpath_stream@TinyXPath@@QAEXXZ, _v_execute_absolute_path@xpath_processor@TinyXPath @@IAEXI_N0@Z, _v_execute_function@xpath_processor@TinyXPath@@IAE XAAV_$basic_string@_WU_$char_traits@_W@std@@V_$all ocator@_W@2@@std@@IPAPAVexpression_result@2@@Z, _v_execute_one@xpath_processor@TinyXPath@@IAEXW4xp ath_construct@2@_N@Z, _v_execute_stack@xpath_processor@TinyXPath@@IAEXXZ , _v_execute_step@xpath_processor@TinyXPath@@IAEXAAH _N@Z, _v_function_and@xpath_processor@TinyXPath@@IAEXPAP AVexpression_result@2@@Z, _v_function_ceiling@xpath_processor@TinyXPath@@IAE XIPAPAVexpression_result@2@@Z, _v_function_concat@xpath_processor@TinyXPath@@IAEX IPAPAVexpression_result@2@@Z, _v_function_contains@xpath_processor@TinyXPath@@IA EXIPAPAVexpression_result@2@@Z, _v_function_count@xpath_processor@TinyXPath@@IAEXI PAPAVexpression_result@2@@Z, _v_function_equal@xpath_processor@TinyXPath@@IAEXP APAVexpression_result@2@@Z, _v_function_equal_2_node@xpath_processor@TinyXPath @@IAEXPAVexpression_result@2@0@Z, _v_function_equal_node_and_other@xpath_processor@T inyXPath@@IAEXPAVexpression_result@2@0@Z, _v_function_false@xpath_processor@TinyXPath@@IAEXI PAPAVexpression_result@2@@Z, _v_function_floor@xpath_processor@TinyXPath@@IAEXI PAPAVexpression_result@2@@Z, _v_function_last@xpath_processor@TinyXPath@@IAEXIP APAVexpression_result@2@@Z, _v_function_minus@xpath_processor@TinyXPath@@IAEXP APAVexpression_result@2@@Z, _v_function_mult@xpath_processor@TinyXPath@@IAEXPA PAVexpression_result@2@I@Z, _v_function_name@xpath_processor@TinyXPath@@IAEXIP APAVexpression_result@2@@Z, _v_function_normalize_space@xpath_processor@TinyXP ath@@IAEXIPAPAVexpression_result@2@@Z, _v_function_not@xpath_processor@TinyXPath@@IAEXIPA PAVexpression_result@2@@Z, _v_function_not_equal@xpath_processor@TinyXPath@@I AEXPAPAVexpression_result@2@@Z, _v_function_opposite@xpath_processor@TinyXPath@@IA EXXZ, _v_function_or@xpath_processor@TinyXPath@@IAEXPAPA Vexpression_result@2@@Z, _v_function_plus@xpath_processor@TinyXPath@@IAEXPA PAVexpression_result@2@@Z, _v_function_position@xpath_processor@TinyXPath@@IA EXIPAPAVexpression_result@2@@Z, _v_function_relational@xpath_processor@TinyXPath@@ IAEXPAPAVexpression_result@2@I@Z, _v_function_starts_with@xpath_processor@TinyXPath@ @IAEXIPAPAVexpression_result@2@@Z, _v_function_string_length@xpath_processor@TinyXPat h@@IAEXIPAPAVexpression_result@2@@Z, _v_function_substring@xpath_processor@TinyXPath@@I AEXIPAPAVexpression_result@2@@Z, _v_function_sum@xpath_processor@TinyXPath@@IAEXIPA PAVexpression_result@2@@Z, _v_function_text@xpath_processor@TinyXPath@@IAEXIP APAVexpression_result@2@@Z, _v_function_translate@xpath_processor@TinyXPath@@I AEXIPAPAVexpression_result@2@@Z, _v_function_true@xpath_processor@TinyXPath@@IAEXIP APAVexpression_result@2@@Z, _v_function_union@xpath_processor@TinyXPath@@IAEXA AVnode_set@2@0@Z, _v_get@action_item@TinyXPath@@QAEXAAH00AAV_$basic_ string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@ @std@@@Z, _v_get@action_store@TinyXPath@@QAEXHAAH00AAV_$basi c_string@_WU_$char_traits@_W@std@@V_$allocator@_W@ 2@@std@@@Z, _v_get_xpath_base@xpath_processor@TinyXPath@@QAEXI AAPBVTiXmlBase@@AA_N@Z, _v_inc_current@token_list@TinyXPath@@QAEXH@Z, _v_levelize@@YAXHPAU_iobuf@@_N@Z, _v_lexico_decode@xpath_stream@TinyXPath@@QAEXXZ, _v_out_html@@YAXPAU_iobuf@@PBVTiXmlNode@@I@Z, _v_pop@xpath_stack@TinyXPath@@QAEXI@Z, _v_pop_one@xpath_stack@TinyXPath@@IAEXXZ, _v_pop_one_action@xpath_processor@TinyXPath@@IAEXA AW4xpath_construct@2@AAI1AAV_$basic_string@_WU_$ch ar_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _v_push@xpath_stack@TinyXPath@@QAEXVexpression_res ult@2@@Z, _v_push_bool@xpath_processor@TinyXPath@@IAEX_N@Z, _v_push_bool@xpath_stack@TinyXPath@@QAEX_N@Z, _v_push_double@xpath_processor@TinyXPath@@IAEXN@Z, _v_push_double@xpath_stack@TinyXPath@@QAEXN@Z, _v_push_int@xpath_processor@TinyXPath@@IAEXHPB_W@Z , _v_push_int@xpath_stack@TinyXPath@@QAEXHPB_W@Z, _v_push_node_set@xpath_processor@TinyXPath@@IAEXPA Vnode_set@2@@Z, _v_push_node_set@xpath_stack@TinyXPath@@QAEXPAVnod e_set@2@@Z, _v_push_string@xpath_processor@TinyXPath@@IAEXV_$b asic_string@_WU_$char_traits@_W@std@@V_$allocator@ _W@2@@std@@@Z, _v_push_string@xpath_stack@TinyXPath@@QAEXV_$basic _string@_WU_$char_traits@_W@std@@V_$allocator@_W@2 @@std@@@Z, _v_replace_current@token_list@TinyXPath@@QAEXW4lex ico@2@PB_W@Z, _v_set_bool@expression_result@TinyXPath@@QAEX_N@Z, _v_set_comment@expression_result@TinyXPath@@QAEXPB _W@Z, _v_set_context@xpath_processor@TinyXPath@@IAEXPBVT iXmlElement@@_N@Z, _v_set_current@token_list@TinyXPath@@QAEXPAVlex_to ken@2@@Z, _v_set_current_top@token_list@TinyXPath@@QAEXXZ, _v_set_double@expression_result@TinyXPath@@QAEXN@Z , _v_set_int@expression_result@TinyXPath@@QAEXH@Z, _v_set_node_set@expression_result@TinyXPath@@QAEXP AVTiXmlNode@@@Z, _v_set_node_set@expression_result@TinyXPath@@QAEXP AVTiXmlNode@@PB_W@Z, _v_set_node_set@expression_result@TinyXPath@@QAEXP AVnode_set@2@@Z, _v_set_node_set@expression_result@TinyXPath@@QAEXX Z, _v_set_node_set_recursive@expression_result@TinyXP ath@@QAEXPAVTiXmlNode@@@Z, _v_set_node_set_recursive@expression_result@TinyXP ath@@QAEXPAVTiXmlNode@@PB_W@Z, _v_set_position@action_store@TinyXPath@@QAEXH@Z, _v_set_root@expression_result@TinyXPath@@QAEXPBVTi XmlNode@@@Z, _v_set_root@xpath_stack@TinyXPath@@QAEXPBVTiXmlNod e@@@Z, _v_set_string@expression_result@TinyXPath@@QAEXPB_ W@Z, _v_set_string@expression_result@TinyXPath@@QAEXV_$ basic_string@_WU_$char_traits@_W@std@@V_$allocator @_W@2@@std@@@Z, _v_syntax_decode@token_syntax_decoder@TinyXPath@@Q AEXXZ, _v_tokenize_expression@token_list@TinyXPath@@QAEXX Z 
PDFiD.: -
RDS...: NSRL Reference Data Set -
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9eca1c9c5b145f1b2620fa35737ae532' target='_blank'>Malware Report for ID: 6538244
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=9eca1c9c5b145f1b2620fa35737ae532' target='_blank'>ThreatExpert Report

Injigo · #27 (**permalink**) 17-06-2009, 12:54 AM

File bdod.bin received on 2009.06.16 23:50:29 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.16 -
AhnLab-V3 5.0.0.2 2009.06.16 -
AntiVir 7.9.0.187 2009.06.16 -
Antiy-AVL 2.0.3.1 2009.06.16 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.16 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.16 -
ClamAV 0.94.1 2009.06.16 -
Comodo 1346 2009.06.16 -
DrWeb 5.0.0.12182 2009.06.16 -
eSafe 7.0.17.0 2009.06.16 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
F-Secure 8.0.14470.0 2009.06.16 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.16 -
Jiangmin 11.0.706 2009.06.16 -
K7AntiVirus 7.10.765 2009.06.16 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5648 2009.06.16 -
McAfee+Artemis 5648 2009.06.16 -
McAfee-GW-Edition 6.7.6 2009.06.16 -
Microsoft 1.4701 2009.06.17 -
NOD32 4160 2009.06.16 -
Norman 6.01.09 2009.06.16 -
nProtect 2009.1.8.0 2009.06.16 -
Panda 10.0.0.14 2009.06.16 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.17 -
Rising 21.34.13.00 2009.06.16 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.16 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1094 2009.06.16 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.16.1789 2009.06.16 -
VirusBuster 4.6.5.0 2009.06.16 -
Additional information
File size: 81984 bytes
MD5...: fdf06637a62677613683d05d9fa001e9
SHA1..: 456f9d6dfd32565891fe17497f8b3fb38bd3db05
SHA256: b92bfb533fcb86a699b9b2e0c2d1d6469fce7f035bb09f18cc 8a6fb2f47db069
ssdeep: - 
PEiD..: -
TrID..: File type identification HSC music composer song (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set -

Injigo · #28 (**permalink**) 17-06-2009, 01:07 AM

I installed Avast Anti-Virus and updated and ran a scan and it found two infected files. Here is the log:

06/15/2009 18:39
Scan of all local drives

File C:\WINDOWS\system32\emsbqij.exe is infected by Win32:Trojan-gen {Other}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Repair: Error 42060 {The file was not repaired.}, Move: Error 0xC0000034 {Object Name not found.}
File C:\WINDOWS\system32\sgcncaj0e373.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
Number of searched folders: 6706
Number of tested files: 68703
Number of infected files: 2

"c:\windows\srchasst" had no files in it.

These next three could not be found:
c:\windows\system32\sgcncaj0e373.dll
c:\windows\system32\emsbqij.exe
c:\\WINDOWS\\system32\\emsbqij.exe

Neal · #29 (**permalink**) 17-06-2009, 02:19 AM

Avast took care of those files, what is going on now?

Injigo · #30 (**permalink**) 17-06-2009, 02:14 PM

Game frame rates are low. Much lower than normal