Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan-bnk.win32.keylogger.gen

Started by kengal , Nov 27 2011 11:38 AM

  • Please log in to reply

#1
kengal
Posted 27 November 2011 - 11:38 AM

kengal

    Member

  • Member
  • PipPip
  • 23 posts
Hi. I started getting popups from Win 7 2010 spyware that my computer has been infected with trojan-bnk.win32.keylogger.gen. It wants me to buy the spyware, and in the meantime, I can't open up programs like Word or Firefox. I was finally able to run OTL and attached is my log. any help would be greatly appreciated:

OTL logfile created on: 11/27/2011 11:32:29 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sonal\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 38.98% Memory free
7.60 Gb Paging File | 4.86 Gb Available in Paging File | 63.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.46 Gb Total Space | 375.50 Gb Free Space | 84.49% Space Free | Partition Type: NTFS
Drive D: | 21.01 Gb Total Space | 3.06 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 85.75 Mb Free Space | 86.59% Space Free | Partition Type: FAT32
Drive F: | 7.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SCOOBAIL | User Name: Sonal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/11/27 11:32:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sonal\Downloads\OTL(2).scr
PRC - [2011/11/27 11:06:44 | 000,111,616 | ---- | M] () -- C:\Windows\Temp\hki826.exe
PRC - [2011/11/26 00:27:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/05/29 17:13:00 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 15:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/30 19:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/04/30 19:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/24 10:37:58 | 000,076,584 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/13 19:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\InfDefaultInstall.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/26 00:27:36 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 16:23:00 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/09 13:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/22 17:58:05 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/22 17:58:05 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/11/11 13:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 13:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 12:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/12/16 15:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/30 19:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/04/30 19:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/24 10:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/21 20:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 20:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 22:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 18:10:57 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/02 21:56:17 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/11/22 17:58:06 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/16 17:22:25 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/30 19:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/04/28 23:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 20:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/09 17:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/29 21:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/11 16:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/27 19:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/10/13 13:59:27 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/28 19:02:14 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 19:02:13 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 16:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/16 17:39:35 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/16 17:39:35 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sonal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sonal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sonal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sonal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2011/11/27 10:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 08:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/14 19:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/14 19:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/29 17:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/26 00:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/19 22:10:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 08:32:42 | 000,000,000 | ---D | M]

[2010/08/16 17:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Extensions
[2011/11/11 06:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\extensions
[2011/11/11 06:20:52 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/08/16 09:06:22 | 000,000,863 | ---- | M] () -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\searchplugins\conduit.xml
[2011/11/26 00:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 19:47:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/26 00:27:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/11 19:24:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/26 00:27:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [3053613103] C:\Users\Sonal\AppData\Local\xyf.exe ()
O4 - Startup: C:\Users\Sonal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB79A1A3-DD61-4E28-8DD8-E9B4817D5160}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{81423283-C131-4CD1-BA59-FD902DA45859}
[2011/11/27 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{46F50DB4-27CF-404D-8E8C-7FB7CFE6C7D8}
[2011/11/27 10:50:44 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/26 22:12:49 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{E41F9795-276A-45EB-830E-69751C9A9E28}
[2011/11/26 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{2D89A822-67B4-4679-AB49-391BE9DC1877}
[2011/11/24 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{A41ECBAD-7D16-46EA-886E-AB10380D47A2}
[2011/11/24 00:05:40 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{2FA5E48D-1EF4-4DCE-A34C-1E083E670855}
[2011/11/23 14:45:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/11 06:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{27E9F93B-C07D-4FFA-A1B3-752067FAF50B}
[2011/11/11 06:20:39 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{F1DDE06F-2CB2-408C-A556-C0202AE17B18}
[2011/10/31 19:01:05 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{282FC9CB-5E20-40B7-B151-85C6CD93C810}
[2011/10/31 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{9A599EF6-71AC-4220-BBB9-554E8B873B8F}
[2011/10/30 06:59:09 | 000,000,000 | ---D | C] -- C:\Users\Sonal\Desktop\Jaya aunty's music
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Sonal\Desktop\*.tmp files -> C:\Users\Sonal\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 11:30:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001UA.job
[2011/11/27 11:27:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/11/27 11:27:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/11/27 11:07:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\x0X6maGY.com.b
[2011/11/27 11:06:45 | 000,000,112 | ---- | M] () -- C:\ProgramData\v8Fe887E.dat
[2011/11/27 11:06:44 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\x0X6maGY.com_
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/27 11:02:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 11:02:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 11:00:16 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 11:00:16 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/27 11:00:16 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 10:56:53 | 000,002,056 | ---- | M] () -- C:\Users\Sonal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/27 10:56:13 | 000,007,624 | -HS- | M] () -- C:\Users\Sonal\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 10:56:13 | 000,007,624 | -HS- | M] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 10:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 10:53:14 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 10:50:30 | 000,290,304 | ---- | M] () -- C:\Users\Sonal\AppData\Local\xyf.exe
[2011/11/27 09:29:38 | 000,211,077 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_4.pdf
[2011/11/27 08:17:30 | 000,198,045 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_3.pdf
[2011/11/27 08:05:39 | 000,190,531 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_2.pdf
[2011/11/26 17:30:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001Core.job
[2011/11/24 00:04:51 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSonal.job
[2011/11/11 06:19:35 | 000,450,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 13:36:29 | 000,637,565 | ---- | M] () -- C:\Users\Sonal\Desktop\p90x_nutrition_guide_recipes.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Sonal\Desktop\*.tmp files -> C:\Users\Sonal\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 11:35:06 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\x0X6maGY.com
[2011/11/27 11:07:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\x0X6maGY.com.b
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/11/27 11:04:11 | 000,000,112 | ---- | C] () -- C:\ProgramData\v8Fe887E.dat
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/11/27 11:04:07 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\x0X6maGY.com_
[2011/11/27 11:04:07 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/11/27 10:50:35 | 000,007,624 | -HS- | C] () -- C:\Users\Sonal\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 10:50:35 | 000,007,624 | -HS- | C] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 10:50:30 | 000,290,304 | ---- | C] () -- C:\Users\Sonal\AppData\Local\xyf.exe
[2011/11/27 09:29:55 | 000,211,077 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_4.pdf
[2011/11/27 08:17:37 | 000,198,045 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_3.pdf
[2011/11/27 08:06:00 | 000,190,531 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_2.pdf
[2011/10/29 13:36:28 | 000,637,565 | ---- | C] () -- C:\Users\Sonal\Desktop\p90x_nutrition_guide_recipes.pdf
[2011/01/02 21:53:51 | 000,001,854 | ---- | C] () -- C:\Users\Sonal\AppData\Roaming\GhostObjGAFix.xml
[2010/12/23 08:27:17 | 000,208,192 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/09/07 19:50:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/22 14:15:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/26 02:36:07 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/06/26 02:36:07 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/05/16 22:16:29 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/20 10:22:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/02/20 09:27:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/20 09:27:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/01/29 15:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/01/27 18:05:52 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/11/30 16:55:34 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/05 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\Amazon
[2011/03/11 18:47:57 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/14 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\Local
[2010/08/22 14:47:45 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\OpenOffice.org
[2011/11/27 10:52:22 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\SoftGrid Client
[2010/11/03 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\TP
[2011/03/26 19:02:28 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\Windows Live Writer
[2010/08/22 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/11/27 11:27:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/11/27 11:27:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/11/27 11:04:09 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/11/27 11:04:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/11/27 11:04:11 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/11/27 11:04:08 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2009/07/13 23:08:49 | 000,017,158 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 27 November 2011 - 11:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You have several different infections. The worst one is zero access, It is going to take several tries to get it all.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
kengal
Posted 27 November 2011 - 12:09 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Now I can't even get to any site on FireFox or internet explorer. I get an error that says "visiting this site may paise a security threat to your system.". It gives me a choice of buying win 7 antispyware 2012 or continue surfing without any security measures. If I click on continue, it gives me the same error page. Help!
  • 0

#4
RKinner
Posted 27 November 2011 - 12:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Try booting into Safe Mode with Networking


(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)
  • 0

#5
kengal
Posted 27 November 2011 - 12:42 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is my combofix.txt log. I am downloading tdsskiller next and will send you that log file next:

ComboFix 11-11-27.02 - Sonal 11/27/2011 12:28:18.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2628 [GMT -6:00]
Running from: c:\users\Sonal\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Sonal\AppData\Local\xyf.exe
c:\users\Sonal\AppData\Roaming\Local
c:\users\Sonal\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Sonal\AppData\Roaming\Local\Temp\DDM\Settings\cerdy3x6lujof.avi.ddr
c:\users\Sonal\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Sonal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cerdy3x6lujof.avi.ddp
c:\users\Sonal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\fddeixzhqwyy.avi(2).ddp
c:\users\Sonal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\fddeixzhqwyy.avi.ddp
c:\users\Sonal\Favorites\Games.url
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 18:33 . 2011-11-27 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 17:46 . 2011-11-27 17:06 111616 ----a-w- c:\windows\SysWow64\x0X6maGY.com_
2011-11-23 20:46 . 2011-11-23 20:46 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-11 05:35 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-11 05:35 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-11 05:35 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 05:35 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 03:21 . 2011-10-13 02:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 02:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 15149448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-05-29 273544]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\Sonal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [2010-08-31 954928]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSvia64.sys [2010-10-13 476720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-11-22 89600]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-16 132656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\At10.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At12.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At14.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At16.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At18.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At2.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At20.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At22.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At24.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At26.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At28.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At30.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At32.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At34.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At36.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At38.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At4.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At40.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At42.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At44.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At46.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At48.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At6.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-27 c:\windows\Tasks\At8.job
- c:\windows\system32\x0X6maGY.com_ [2011-11-27 17:06]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001Core.job
- c:\users\Sonal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 01:43]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001UA.job
- c:\users\Sonal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 01:43]
.
2011-11-24 c:\windows\Tasks\HPCeeScheduleForSonal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-17 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-11-22 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"combofix"="c:\combofix\CF164.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-11-27 12:40:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 18:40
.
Pre-Run: 404,011,364,352 bytes free
Post-Run: 404,566,765,568 bytes free
.
- - End Of File - - B2BD9C1047ECC315C7C6C8487A44A200
  • 0

#6
kengal
Posted 27 November 2011 - 12:44 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the tdsskiller log:

12:42:43.0264 0752 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:42:43.0639 0752 ============================================================
12:42:43.0639 0752 Current date / time: 2011/11/27 12:42:43.0639
12:42:43.0639 0752 SystemInfo:
12:42:43.0639 0752
12:42:43.0639 0752 OS Version: 6.1.7600 ServicePack: 0.0
12:42:43.0639 0752 Product type: Workstation
12:42:43.0640 0752 ComputerName: SCOOBAIL
12:42:43.0640 0752 UserName: Sonal
12:42:43.0640 0752 Windows directory: C:\Windows
12:42:43.0640 0752 System windows directory: C:\Windows
12:42:43.0640 0752 Running under WOW64
12:42:43.0640 0752 Processor architecture: Intel x64
12:42:43.0640 0752 Number of processors: 4
12:42:43.0640 0752 Page size: 0x1000
12:42:43.0640 0752 Boot type: Normal boot
12:42:43.0640 0752 ============================================================
12:42:44.0261 0752 Initialize success
12:42:50.0322 5204 ============================================================
12:42:50.0322 5204 Scan started
12:42:50.0322 5204 Mode: Manual;
12:42:50.0322 5204 ============================================================
12:42:51.0387 5204 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:42:51.0391 5204 1394ohci - ok
12:42:51.0433 5204 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:42:51.0434 5204 Accelerometer - ok
12:42:51.0471 5204 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:42:51.0475 5204 ACPI - ok
12:42:51.0493 5204 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:42:51.0495 5204 AcpiPmi - ok
12:42:51.0520 5204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:42:51.0527 5204 adp94xx - ok
12:42:51.0608 5204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:42:51.0613 5204 adpahci - ok
12:42:51.0652 5204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:42:51.0655 5204 adpu320 - ok
12:42:51.0731 5204 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:42:51.0739 5204 AFD - ok
12:42:51.0821 5204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:42:51.0823 5204 agp440 - ok
12:42:51.0870 5204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:42:51.0872 5204 aliide - ok
12:42:51.0890 5204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:42:51.0891 5204 amdide - ok
12:42:51.0914 5204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:42:51.0916 5204 AmdK8 - ok
12:42:51.0940 5204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:42:51.0942 5204 AmdPPM - ok
12:42:51.0992 5204 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:42:51.0994 5204 amdsata - ok
12:42:52.0027 5204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:42:52.0031 5204 amdsbs - ok
12:42:52.0093 5204 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:42:52.0094 5204 amdxata - ok
12:42:52.0147 5204 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:42:52.0149 5204 AppID - ok
12:42:52.0224 5204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:42:52.0226 5204 arc - ok
12:42:52.0245 5204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:42:52.0247 5204 arcsas - ok
12:42:52.0325 5204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:42:52.0326 5204 AsyncMac - ok
12:42:52.0355 5204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:42:52.0356 5204 atapi - ok
12:42:52.0427 5204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:42:52.0434 5204 b06bdrv - ok
12:42:52.0554 5204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:42:52.0567 5204 b57nd60a - ok
12:42:52.0723 5204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:42:52.0729 5204 Beep - ok
12:42:52.0958 5204 BHDrvx64 (ddae7b27bdbb3da1276784753138b9c2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys
12:42:52.0967 5204 BHDrvx64 - ok
12:42:53.0073 5204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:42:53.0074 5204 blbdrive - ok
12:42:53.0159 5204 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:42:53.0161 5204 bowser - ok
12:42:53.0192 5204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:42:53.0194 5204 BrFiltLo - ok
12:42:53.0219 5204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:42:53.0220 5204 BrFiltUp - ok
12:42:53.0277 5204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:42:53.0282 5204 Brserid - ok
12:42:53.0361 5204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:42:53.0362 5204 BrSerWdm - ok
12:42:53.0380 5204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:42:53.0381 5204 BrUsbMdm - ok
12:42:53.0399 5204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:42:53.0400 5204 BrUsbSer - ok
12:42:53.0424 5204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:42:53.0426 5204 BTHMODEM - ok
12:42:53.0444 5204 catchme - ok
12:42:53.0546 5204 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
12:42:53.0552 5204 ccHP - ok
12:42:53.0614 5204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:42:53.0616 5204 cdfs - ok
12:42:53.0655 5204 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:42:53.0658 5204 cdrom - ok
12:42:53.0704 5204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:42:53.0706 5204 circlass - ok
12:42:53.0742 5204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:42:53.0747 5204 CLFS - ok
12:42:53.0825 5204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:42:53.0826 5204 CmBatt - ok
12:42:53.0846 5204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:42:53.0847 5204 cmdide - ok
12:42:53.0881 5204 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:42:53.0887 5204 CNG - ok
12:42:53.0922 5204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:42:53.0923 5204 Compbatt - ok
12:42:53.0958 5204 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:42:53.0959 5204 CompositeBus - ok
12:42:53.0996 5204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:42:53.0998 5204 crcdisk - ok
12:42:54.0094 5204 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:42:54.0096 5204 DfsC - ok
12:42:54.0134 5204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:42:54.0135 5204 discache - ok
12:42:54.0179 5204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:42:54.0180 5204 Disk - ok
12:42:54.0212 5204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:42:54.0213 5204 drmkaud - ok
12:42:54.0243 5204 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
12:42:54.0244 5204 DVMIO - ok
12:42:54.0335 5204 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:42:54.0343 5204 DXGKrnl - ok
12:42:54.0438 5204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:42:54.0478 5204 ebdrv - ok
12:42:54.0558 5204 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:42:54.0563 5204 eeCtrl - ok
12:42:54.0661 5204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:42:54.0668 5204 elxstor - ok
12:42:54.0736 5204 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:42:54.0738 5204 EraserUtilRebootDrv - ok
12:42:54.0770 5204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:42:54.0771 5204 ErrDev - ok
12:42:54.0802 5204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:42:54.0805 5204 exfat - ok
12:42:54.0912 5204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:42:54.0918 5204 fastfat - ok
12:42:55.0024 5204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:42:55.0040 5204 fdc - ok
12:42:55.0125 5204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:42:55.0127 5204 FileInfo - ok
12:42:55.0149 5204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:42:55.0150 5204 Filetrace - ok
12:42:55.0172 5204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:42:55.0174 5204 flpydisk - ok
12:42:55.0198 5204 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:42:55.0202 5204 FltMgr - ok
12:42:55.0228 5204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:42:55.0230 5204 FsDepends - ok
12:42:55.0250 5204 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:42:55.0251 5204 Fs_Rec - ok
12:42:55.0284 5204 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:42:55.0287 5204 fvevol - ok
12:42:55.0324 5204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:42:55.0326 5204 gagp30kx - ok
12:42:55.0429 5204 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:42:55.0430 5204 GEARAspiWDM - ok
12:42:55.0469 5204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:42:55.0470 5204 hcw85cir - ok
12:42:55.0507 5204 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:42:55.0512 5204 HdAudAddService - ok
12:42:55.0541 5204 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:42:55.0543 5204 HDAudBus - ok
12:42:55.0592 5204 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:42:55.0593 5204 HECIx64 - ok
12:42:55.0641 5204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:42:55.0642 5204 HidBatt - ok
12:42:55.0664 5204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:42:55.0666 5204 HidBth - ok
12:42:55.0698 5204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:42:55.0700 5204 HidIr - ok
12:42:55.0740 5204 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:42:55.0742 5204 HidUsb - ok
12:42:55.0837 5204 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:42:55.0838 5204 hpdskflt - ok
12:42:55.0901 5204 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:42:55.0903 5204 HpSAMD - ok
12:42:55.0987 5204 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:42:55.0997 5204 HTTP - ok
12:42:56.0030 5204 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:42:56.0031 5204 hwpolicy - ok
12:42:56.0083 5204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:42:56.0086 5204 i8042prt - ok
12:42:56.0135 5204 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
12:42:56.0140 5204 iaStor - ok
12:42:56.0194 5204 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:42:56.0200 5204 iaStorV - ok
12:42:56.0326 5204 IDSVia64 (5b6fde76d72c2a1f0f99cbe5277e82ec) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSvia64.sys
12:42:56.0331 5204 IDSVia64 - ok
12:42:56.0585 5204 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:42:56.0760 5204 igfx - ok
12:42:56.0839 5204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:42:56.0841 5204 iirsp - ok
12:42:56.0877 5204 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
12:42:56.0880 5204 Impcd - ok
12:42:56.0921 5204 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:42:56.0925 5204 IntcDAud - ok
12:42:56.0949 5204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:42:56.0950 5204 intelide - ok
12:42:56.0985 5204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:42:56.0986 5204 intelppm - ok
12:42:57.0019 5204 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:42:57.0021 5204 IpFilterDriver - ok
12:42:57.0171 5204 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:42:57.0179 5204 IPMIDRV - ok
12:42:57.0356 5204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:42:57.0369 5204 IPNAT - ok
12:42:57.0531 5204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:42:57.0532 5204 IRENUM - ok
12:42:57.0574 5204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:42:57.0575 5204 isapnp - ok
12:42:57.0612 5204 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:42:57.0616 5204 iScsiPrt - ok
12:42:57.0653 5204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:42:57.0654 5204 kbdclass - ok
12:42:57.0690 5204 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:42:57.0691 5204 kbdhid - ok
12:42:57.0717 5204 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:42:57.0719 5204 KSecDD - ok
12:42:57.0749 5204 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:42:57.0752 5204 KSecPkg - ok
12:42:57.0799 5204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:42:57.0801 5204 ksthunk - ok
12:42:57.0854 5204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:42:57.0855 5204 lltdio - ok
12:42:57.0912 5204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:42:57.0915 5204 LSI_FC - ok
12:42:57.0936 5204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:42:57.0938 5204 LSI_SAS - ok
12:42:57.0982 5204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:42:57.0984 5204 LSI_SAS2 - ok
12:42:58.0040 5204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:42:58.0043 5204 LSI_SCSI - ok
12:42:58.0066 5204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:42:58.0068 5204 luafv - ok
12:42:58.0110 5204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:42:58.0111 5204 megasas - ok
12:42:58.0141 5204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:42:58.0146 5204 MegaSR - ok
12:42:58.0212 5204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:42:58.0214 5204 Modem - ok
12:42:58.0238 5204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:42:58.0239 5204 monitor - ok
12:42:58.0291 5204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:42:58.0292 5204 mouclass - ok
12:42:58.0335 5204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:42:58.0336 5204 mouhid - ok
12:42:58.0360 5204 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:42:58.0362 5204 mountmgr - ok
12:42:58.0389 5204 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:42:58.0392 5204 mpio - ok
12:42:58.0413 5204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:42:58.0415 5204 mpsdrv - ok
12:42:58.0468 5204 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:42:58.0471 5204 MRxDAV - ok
12:42:58.0522 5204 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:42:58.0525 5204 mrxsmb - ok
12:42:58.0594 5204 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:42:58.0598 5204 mrxsmb10 - ok
12:42:58.0625 5204 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:42:58.0627 5204 mrxsmb20 - ok
12:42:58.0656 5204 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:42:58.0657 5204 msahci - ok
12:42:58.0691 5204 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:42:58.0694 5204 msdsm - ok
12:42:58.0745 5204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:42:58.0746 5204 Msfs - ok
12:42:58.0778 5204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:42:58.0779 5204 mshidkmdf - ok
12:42:58.0830 5204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:42:58.0831 5204 msisadrv - ok
12:42:58.0860 5204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:42:58.0861 5204 MSKSSRV - ok
12:42:58.0881 5204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:42:58.0882 5204 MSPCLOCK - ok
12:42:58.0898 5204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:42:58.0900 5204 MSPQM - ok
12:42:58.0926 5204 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:42:58.0931 5204 MsRPC - ok
12:42:58.0948 5204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:42:58.0949 5204 mssmbios - ok
12:42:58.0992 5204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:42:58.0993 5204 MSTEE - ok
12:42:59.0012 5204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:42:59.0013 5204 MTConfig - ok
12:42:59.0034 5204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:42:59.0035 5204 Mup - ok
12:42:59.0127 5204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:42:59.0133 5204 NativeWifiP - ok
12:42:59.0247 5204 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\ENG64.SYS
12:42:59.0250 5204 NAVENG - ok
12:42:59.0305 5204 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\EX64.SYS
12:42:59.0327 5204 NAVEX15 - ok
12:42:59.0425 5204 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:42:59.0434 5204 NDIS - ok
12:42:59.0463 5204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:42:59.0464 5204 NdisCap - ok
12:42:59.0494 5204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:42:59.0495 5204 NdisTapi - ok
12:42:59.0529 5204 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:42:59.0537 5204 Ndisuio - ok
12:42:59.0684 5204 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:42:59.0687 5204 NdisWan - ok
12:42:59.0729 5204 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:42:59.0738 5204 NDProxy - ok
12:42:59.0866 5204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:42:59.0867 5204 NetBIOS - ok
12:42:59.0893 5204 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:42:59.0897 5204 NetBT - ok
12:43:00.0075 5204 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:43:00.0142 5204 NETw5s64 - ok
12:43:00.0334 5204 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:43:00.0385 5204 netw5v64 - ok
12:43:00.0589 5204 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
12:43:00.0734 5204 NETwNs64 - ok
12:43:00.0814 5204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:43:00.0815 5204 nfrd960 - ok
12:43:00.0859 5204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:43:00.0860 5204 Npfs - ok
12:43:00.0880 5204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:43:00.0881 5204 nsiproxy - ok
12:43:00.0952 5204 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:43:00.0965 5204 Ntfs - ok
12:43:01.0034 5204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:43:01.0035 5204 Null - ok
12:43:01.0081 5204 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:43:01.0083 5204 nvraid - ok
12:43:01.0113 5204 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:43:01.0116 5204 nvstor - ok
12:43:01.0136 5204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:43:01.0138 5204 nv_agp - ok
12:43:01.0171 5204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:43:01.0173 5204 ohci1394 - ok
12:43:01.0215 5204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:43:01.0217 5204 Parport - ok
12:43:01.0239 5204 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:43:01.0240 5204 partmgr - ok
12:43:01.0267 5204 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:43:01.0270 5204 pci - ok
12:43:01.0339 5204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:43:01.0341 5204 pciide - ok
12:43:01.0363 5204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:43:01.0367 5204 pcmcia - ok
12:43:01.0386 5204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:43:01.0387 5204 pcw - ok
12:43:01.0414 5204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:43:01.0422 5204 PEAUTH - ok
12:43:01.0571 5204 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:43:01.0573 5204 PptpMiniport - ok
12:43:01.0593 5204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:43:01.0595 5204 Processor - ok
12:43:01.0632 5204 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:43:01.0634 5204 Psched - ok
12:43:01.0690 5204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:43:01.0711 5204 ql2300 - ok
12:43:01.0730 5204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:43:01.0732 5204 ql40xx - ok
12:43:01.0805 5204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:43:01.0807 5204 QWAVEdrv - ok
12:43:01.0876 5204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:43:01.0889 5204 RasAcd - ok
12:43:02.0020 5204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:43:02.0030 5204 RasAgileVpn - ok
12:43:02.0156 5204 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:43:02.0158 5204 Rasl2tp - ok
12:43:02.0185 5204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:43:02.0187 5204 RasPppoe - ok
12:43:02.0222 5204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:43:02.0223 5204 RasSstp - ok
12:43:02.0245 5204 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:43:02.0250 5204 rdbss - ok
12:43:02.0279 5204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:43:02.0281 5204 rdpbus - ok
12:43:02.0330 5204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:43:02.0331 5204 RDPCDD - ok
12:43:02.0352 5204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:43:02.0353 5204 RDPENCDD - ok
12:43:02.0369 5204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:43:02.0370 5204 RDPREFMP - ok
12:43:02.0393 5204 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:43:02.0397 5204 RDPWD - ok
12:43:02.0420 5204 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:43:02.0423 5204 rdyboost - ok
12:43:02.0496 5204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:43:02.0497 5204 rspndr - ok
12:43:02.0548 5204 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
12:43:02.0552 5204 RSUSBSTOR - ok
12:43:02.0615 5204 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:43:02.0620 5204 RTL8167 - ok
12:43:02.0657 5204 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:43:02.0659 5204 sbp2port - ok
12:43:02.0685 5204 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:43:02.0686 5204 scfilter - ok
12:43:02.0725 5204 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
12:43:02.0728 5204 sdbus - ok
12:43:02.0792 5204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:43:02.0793 5204 secdrv - ok
12:43:02.0818 5204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:43:02.0819 5204 Serenum - ok
12:43:02.0870 5204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:43:02.0873 5204 Serial - ok
12:43:02.0901 5204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:43:02.0902 5204 sermouse - ok
12:43:02.0944 5204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:43:02.0946 5204 sffdisk - ok
12:43:02.0973 5204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:43:02.0974 5204 sffp_mmc - ok
12:43:03.0007 5204 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:43:03.0008 5204 sffp_sd - ok
12:43:03.0026 5204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:43:03.0028 5204 sfloppy - ok
12:43:03.0104 5204 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:43:03.0111 5204 Sftfs - ok
12:43:03.0191 5204 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:43:03.0194 5204 Sftplay - ok
12:43:03.0209 5204 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:43:03.0210 5204 Sftredir - ok
12:43:03.0227 5204 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:43:03.0228 5204 Sftvol - ok
12:43:03.0294 5204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:43:03.0296 5204 SiSRaid2 - ok
12:43:03.0360 5204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:43:03.0362 5204 SiSRaid4 - ok
12:43:03.0418 5204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:43:03.0420 5204 Smb - ok
12:43:03.0447 5204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:43:03.0448 5204 spldr - ok
12:43:03.0553 5204 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
12:43:03.0560 5204 SRTSP - ok
12:43:03.0606 5204 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
12:43:03.0607 5204 SRTSPX - ok
12:43:03.0659 5204 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:43:03.0666 5204 srv - ok
12:43:03.0700 5204 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:43:03.0706 5204 srv2 - ok
12:43:03.0744 5204 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:43:03.0749 5204 SrvHsfHDA - ok
12:43:03.0820 5204 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:43:03.0839 5204 SrvHsfV92 - ok
12:43:03.0874 5204 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:43:03.0884 5204 SrvHsfWinac - ok
12:43:03.0994 5204 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:43:03.0997 5204 srvnet - ok
12:43:04.0050 5204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:43:04.0051 5204 stexstor - ok
12:43:04.0092 5204 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
12:43:04.0099 5204 STHDA - ok
12:43:04.0226 5204 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:43:04.0228 5204 StillCam - ok
12:43:04.0307 5204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:43:04.0308 5204 swenum - ok
12:43:04.0510 5204 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
12:43:04.0517 5204 SymDS - ok
12:43:04.0669 5204 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
12:43:04.0672 5204 SymEFA - ok
12:43:04.0719 5204 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:43:04.0722 5204 SymEvent - ok
12:43:04.0774 5204 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
12:43:04.0776 5204 SymIRON - ok
12:43:04.0800 5204 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
12:43:04.0804 5204 SYMTDIv - ok
12:43:04.0873 5204 SynTP (7369d6268e21481a8dcb8e94063c47b1) C:\Windows\system32\DRIVERS\SynTP.sys
12:43:04.0876 5204 SynTP - ok
12:43:04.0981 5204 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:43:04.0997 5204 Tcpip - ok
12:43:05.0029 5204 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:43:05.0037 5204 TCPIP6 - ok
12:43:05.0073 5204 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:43:05.0074 5204 tcpipreg - ok
12:43:05.0092 5204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:43:05.0093 5204 TDPIPE - ok
12:43:05.0145 5204 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:43:05.0147 5204 TDTCP - ok
12:43:05.0172 5204 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:43:05.0174 5204 tdx - ok
12:43:05.0240 5204 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:43:05.0241 5204 TermDD - ok
12:43:05.0279 5204 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:43:05.0280 5204 tssecsrv - ok
12:43:05.0306 5204 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:43:05.0308 5204 tunnel - ok
12:43:05.0332 5204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:43:05.0334 5204 uagp35 - ok
12:43:05.0365 5204 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
12:43:05.0370 5204 udfs - ok
12:43:05.0435 5204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:43:05.0437 5204 uliagpkx - ok
12:43:05.0463 5204 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:43:05.0464 5204 umbus - ok
12:43:05.0512 5204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:43:05.0513 5204 UmPass - ok
12:43:05.0570 5204 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:43:05.0572 5204 USBAAPL64 - ok
12:43:05.0618 5204 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
12:43:05.0620 5204 usbccgp - ok
12:43:05.0648 5204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:43:05.0649 5204 usbcir - ok
12:43:05.0718 5204 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
12:43:05.0720 5204 usbehci - ok
12:43:05.0780 5204 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
12:43:05.0785 5204 usbhub - ok
12:43:05.0822 5204 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
12:43:05.0823 5204 usbohci - ok
12:43:05.0858 5204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:43:05.0860 5204 usbprint - ok
12:43:05.0906 5204 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:43:05.0908 5204 USBSTOR - ok
12:43:05.0945 5204 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
12:43:05.0946 5204 usbuhci - ok
12:43:06.0034 5204 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
12:43:06.0037 5204 usbvideo - ok
12:43:06.0072 5204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:43:06.0073 5204 vdrvroot - ok
12:43:06.0101 5204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:43:06.0103 5204 vga - ok
12:43:06.0122 5204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:43:06.0123 5204 VgaSave - ok
12:43:06.0162 5204 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:43:06.0166 5204 vhdmp - ok
12:43:06.0183 5204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:43:06.0184 5204 viaide - ok
12:43:06.0207 5204 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:43:06.0209 5204 volmgr - ok
12:43:06.0237 5204 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:43:06.0242 5204 volmgrx - ok
12:43:06.0262 5204 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:43:06.0266 5204 volsnap - ok
12:43:06.0336 5204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:43:06.0339 5204 vsmraid - ok
12:43:06.0366 5204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:43:06.0367 5204 vwifibus - ok
12:43:06.0399 5204 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:43:06.0401 5204 vwififlt - ok
12:43:06.0432 5204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:43:06.0434 5204 WacomPen - ok
12:43:06.0485 5204 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:43:06.0487 5204 WANARP - ok
12:43:06.0492 5204 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:43:06.0493 5204 Wanarpv6 - ok
12:43:06.0542 5204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:43:06.0542 5204 Wd - ok
12:43:06.0576 5204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:43:06.0584 5204 Wdf01000 - ok
12:43:06.0747 5204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:43:06.0749 5204 WfpLwf - ok
12:43:06.0827 5204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:43:06.0834 5204 WIMMount - ok
12:43:06.0985 5204 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
12:43:06.0987 5204 WinUSB - ok
12:43:07.0100 5204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:43:07.0101 5204 WmiAcpi - ok
12:43:07.0374 5204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:43:07.0387 5204 ws2ifsl - ok
12:43:07.0495 5204 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:43:07.0505 5204 WudfPf - ok
12:43:07.0705 5204 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:43:07.0720 5204 WUDFRd - ok
12:43:07.0886 5204 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
12:43:07.0901 5204 yukonw7 - ok
12:43:07.0975 5204 MBR (0x1B8) (9818b3a1a5ac3cbdf707d51af18309fd) \Device\Harddisk0\DR0
12:43:07.0986 5204 \Device\Harddisk0\DR0 - ok
12:43:08.0008 5204 Boot (0x1200) (b91e4a4c3e11a11cf69f5b3e97eb560d) \Device\Harddisk0\DR0\Partition0
12:43:08.0017 5204 \Device\Harddisk0\DR0\Partition0 - ok
12:43:08.0036 5204 Boot (0x1200) (772d80617739859061bd6b0d73f2245f) \Device\Harddisk0\DR0\Partition1
12:43:08.0052 5204 \Device\Harddisk0\DR0\Partition1 - ok
12:43:08.0088 5204 Boot (0x1200) (254c349825798b97a38a42babc32e1dd) \Device\Harddisk0\DR0\Partition2
12:43:08.0125 5204 \Device\Harddisk0\DR0\Partition2 - ok
12:43:08.0153 5204 Boot (0x1200) (f053e9e3e393a8f0cf0e7e457413a078) \Device\Harddisk0\DR0\Partition3
12:43:08.0183 5204 \Device\Harddisk0\DR0\Partition3 - ok
12:43:08.0183 5204 ============================================================
12:43:08.0183 5204 Scan finished
12:43:08.0183 5204 ============================================================
12:43:08.0201 5812 Detected object count: 0
12:43:08.0201 5812 Actual detected object count: 0
  • 0

#7
kengal
Posted 27 November 2011 - 12:47 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-27 12:44:52
-----------------------------
12:44:52.433 OS Version: Windows x64 6.1.7600
12:44:52.433 Number of processors: 4 586 0x2505
12:44:52.434 ComputerName: SCOOBAIL UserName: Sonal
12:44:54.016 Initialize success
12:46:16.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:46:16.105 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
12:46:16.133 Disk 0 MBR read successfully
12:46:16.137 Disk 0 MBR scan
12:46:16.141 Disk 0 unknown MBR code
12:46:16.145 Service scanning
12:46:17.121 Modules scanning
12:46:17.126 Scan finished successfully
12:46:29.203 Disk 0 MBR has been saved successfully to "C:\Users\Sonal\Desktop\MBR.dat"
12:46:29.203 The log file has been saved successfully to "C:\Users\Sonal\Desktop\aswMBR.txt"
  • 0

#8
kengal
Posted 27 November 2011 - 12:54 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8252

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/27/2011 12:52:34 PM
mbam-log-2011-11-27 (12-52-34).txt

Scan type: Quick scan
Objects scanned: 172130
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Sonal\AppData\Local\xyf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Sonal\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Sonal\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Sonal\downloads\xvid_setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Sonal\downloads\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  • 0

#9
kengal
Posted 27 November 2011 - 01:01 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And finally, the OTL log:

OTL logfile created on: 11/27/2011 12:56:22 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sonal\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 54.15% Memory free
7.60 Gb Paging File | 5.84 Gb Available in Paging File | 76.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.46 Gb Total Space | 376.82 Gb Free Space | 84.78% Space Free | Partition Type: NTFS
Drive D: | 21.01 Gb Total Space | 3.06 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 85.75 Mb Free Space | 86.59% Space Free | Partition Type: FAT32
Drive F: | 7.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SCOOBAIL | User Name: Sonal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 12:55:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
PRC - [2011/11/27 12:44:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sonal\Desktop\aswMBR.exe
PRC - [2011/11/26 00:27:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/05/29 17:13:00 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 15:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/30 19:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/04/30 19:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/24 10:37:58 | 000,076,584 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
PRC - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/26 00:27:36 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 16:23:00 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/09 13:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/22 17:58:05 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/22 17:58:05 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/11/11 13:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 13:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 12:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/12/16 15:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/30 19:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/04/30 19:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/24 10:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/21 20:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 20:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 22:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 18:10:57 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/02 21:56:17 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/11/22 17:58:06 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/16 17:22:25 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/30 19:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/04/28 23:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 20:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/09 17:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/29 21:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/11 16:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/27 19:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/10/13 13:59:27 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/28 19:02:14 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 19:02:13 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 16:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/16 17:39:35 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/16 17:39:35 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sonal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sonal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sonal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sonal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2011/11/27 12:34:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 08:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/14 19:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/14 19:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/29 17:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/26 00:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/19 22:10:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 08:32:42 | 000,000,000 | ---D | M]

[2010/08/16 17:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Extensions
[2011/11/11 06:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\extensions
[2011/11/11 06:20:52 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/08/16 09:06:22 | 000,000,863 | ---- | M] () -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\searchplugins\conduit.xml
[2011/11/26 00:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 19:47:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/26 00:27:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/11 19:24:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/26 00:27:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2011/11/27 12:34:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Sonal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB79A1A3-DD61-4E28-8DD8-E9B4817D5160}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 12:55:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
[2011/11/27 12:49:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/27 12:49:42 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Roaming\Malwarebytes
[2011/11/27 12:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/27 12:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/27 12:49:27 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/27 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/27 12:48:27 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sonal\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/27 12:44:33 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sonal\Desktop\aswMBR.exe
[2011/11/27 12:42:31 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sonal\Desktop\tdsskiller.exe
[2011/11/27 12:33:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/27 12:26:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 12:26:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 12:26:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 12:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 12:26:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 12:26:16 | 004,309,802 | R--- | C] (Swearware) -- C:\Users\Sonal\Desktop\ComboFix.exe
[2011/11/27 11:51:31 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{9CC38F60-0E08-4872-9417-334F6D91BF9D}
[2011/11/27 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{7F3A5816-06CA-44E7-8DCE-9183E28FC364}
[2011/11/27 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{81423283-C131-4CD1-BA59-FD902DA45859}
[2011/11/27 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{46F50DB4-27CF-404D-8E8C-7FB7CFE6C7D8}
[2011/11/26 22:12:49 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{E41F9795-276A-45EB-830E-69751C9A9E28}
[2011/11/26 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{2D89A822-67B4-4679-AB49-391BE9DC1877}
[2011/11/24 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{A41ECBAD-7D16-46EA-886E-AB10380D47A2}
[2011/11/24 00:05:40 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{2FA5E48D-1EF4-4DCE-A34C-1E083E670855}
[2011/11/23 14:45:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/11 06:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{27E9F93B-C07D-4FFA-A1B3-752067FAF50B}
[2011/11/11 06:20:39 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{F1DDE06F-2CB2-408C-A556-C0202AE17B18}
[2011/10/31 19:01:05 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{282FC9CB-5E20-40B7-B151-85C6CD93C810}
[2011/10/31 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{9A599EF6-71AC-4220-BBB9-554E8B873B8F}
[2011/10/30 06:59:09 | 000,000,000 | ---D | C] -- C:\Users\Sonal\Desktop\Jaya aunty's music
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Sonal\Desktop\*.tmp files -> C:\Users\Sonal\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 12:55:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
[2011/11/27 12:49:51 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/27 12:48:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sonal\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/27 12:46:29 | 000,000,512 | ---- | M] () -- C:\Users\Sonal\Desktop\MBR.dat
[2011/11/27 12:44:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sonal\Desktop\aswMBR.exe
[2011/11/27 12:43:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 12:43:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 12:42:33 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sonal\Desktop\tdsskiller.exe
[2011/11/27 12:34:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/27 12:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 12:33:55 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 12:26:24 | 004,309,802 | R--- | M] (Swearware) -- C:\Users\Sonal\Desktop\ComboFix.exe
[2011/11/27 12:24:06 | 000,007,636 | -HS- | M] () -- C:\Users\Sonal\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 12:24:06 | 000,007,636 | -HS- | M] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 11:56:16 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 11:56:16 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/27 11:56:16 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/11/27 11:49:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/11/27 11:49:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/11/27 11:49:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/11/27 11:49:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/11/27 11:49:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/11/27 11:49:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/11/27 11:49:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/11/27 11:49:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/11/27 11:49:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/11/27 11:30:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001UA.job
[2011/11/27 11:27:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/11/27 11:07:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\x0X6maGY.com.b
[2011/11/27 11:06:45 | 000,000,112 | ---- | M] () -- C:\ProgramData\v8Fe887E.dat
[2011/11/27 11:06:44 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\x0X6maGY.com_
[2011/11/27 10:56:53 | 000,002,056 | ---- | M] () -- C:\Users\Sonal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/27 09:29:38 | 000,211,077 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_4.pdf
[2011/11/27 08:17:30 | 000,198,045 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_3.pdf
[2011/11/27 08:05:39 | 000,190,531 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_2.pdf
[2011/11/26 17:30:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001Core.job
[2011/11/24 00:04:51 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSonal.job
[2011/11/11 06:19:35 | 000,450,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 13:36:29 | 000,637,565 | ---- | M] () -- C:\Users\Sonal\Desktop\p90x_nutrition_guide_recipes.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Sonal\Desktop\*.tmp files -> C:\Users\Sonal\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 12:46:29 | 000,000,512 | ---- | C] () -- C:\Users\Sonal\Desktop\MBR.dat
[2011/11/27 12:26:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 12:26:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 12:26:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 12:26:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 12:26:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/27 11:46:49 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\x0X6maGY.com_
[2011/11/27 11:07:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\x0X6maGY.com.b
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/11/27 11:04:11 | 000,000,112 | ---- | C] () -- C:\ProgramData\v8Fe887E.dat
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/11/27 10:50:35 | 000,007,636 | -HS- | C] () -- C:\Users\Sonal\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 10:50:35 | 000,007,636 | -HS- | C] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 09:29:55 | 000,211,077 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_4.pdf
[2011/11/27 08:17:37 | 000,198,045 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_3.pdf
[2011/11/27 08:06:00 | 000,190,531 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_2.pdf
[2011/10/29 13:36:28 | 000,637,565 | ---- | C] () -- C:\Users\Sonal\Desktop\p90x_nutrition_guide_recipes.pdf
[2011/01/02 21:53:51 | 000,001,854 | ---- | C] () -- C:\Users\Sonal\AppData\Roaming\GhostObjGAFix.xml
[2010/12/23 08:27:17 | 000,208,192 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/09/07 19:50:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/22 14:15:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/26 02:36:07 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/06/26 02:36:07 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/05/16 22:16:29 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/20 10:22:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/02/20 09:27:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/20 09:27:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/01/29 15:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/01/27 18:05:52 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/11/30 16:55:34 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
  • 0

#10
RKinner
Posted 27 November 2011 - 02:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/11/27 11:46:49 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\x0X6maGY.com_
[2011/11/27 11:07:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\x0X6maGY.com.b
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/11/27 11:04:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/11/27 11:04:11 | 000,000,112 | ---- | C] () -- C:\ProgramData\v8Fe887E.dat
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/11/27 11:04:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/11/27 11:04:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/11/27 11:04:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/11/27 10:50:35 | 000,007,636 | -HS- | C] () -- C:\Users\Sonal\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 10:50:35 | 000,007,636 | -HS- | C] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 11:06:45 | 000,000,112 | ---- | M] () -- C:\ProgramData\v8Fe887E.dat


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Windows\tasks\At*.job

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy and paste the log it creates.

Run OTL again and let it do a Quickscan and Copy and paste that log too.

Copy the next line:

reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.txt

Start, (All) Programs, Accessories, then right click on Command Prompt and Run As Admin.

right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Close the Command window. On your desktop should be a file called winsock2.txt. Please attach it to your next reply.

Ron
  • 0

Advertisements

#11
kengal
Posted 27 November 2011 - 02:55 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the OTL Log:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Windows\SysWOW64\x0X6maGY.com_ moved successfully.
C:\Windows\SysWOW64\x0X6maGY.com.b moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\ProgramData\v8Fe887E.dat moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Users\Sonal\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q moved successfully.
C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q moved successfully.
File C:\ProgramData\v8Fe887E.dat not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sonal\Desktop\cmd.bat deleted successfully.
C:\Users\Sonal\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sonal\Desktop\cmd.bat deleted successfully.
C:\Users\Sonal\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sonal\Desktop\cmd.bat deleted successfully.
C:\Users\Sonal\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sonal\Desktop\cmd.bat deleted successfully.
C:\Users\Sonal\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sonal
->Flash cache emptied: 49141 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Sonal
->Java cache emptied: 5636003 bytes

Total Java Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11272011_145233

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
kengal
Posted 27 November 2011 - 03:00 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the OTL quick scan log:

OTL logfile created on: 11/27/2011 2:56:03 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sonal\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 62.00% Memory free
7.60 Gb Paging File | 6.02 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.46 Gb Total Space | 376.82 Gb Free Space | 84.78% Space Free | Partition Type: NTFS
Drive D: | 21.01 Gb Total Space | 3.06 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 85.75 Mb Free Space | 86.59% Space Free | Partition Type: FAT32
Drive F: | 7.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SCOOBAIL | User Name: Sonal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 12:55:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
PRC - [2011/11/26 00:27:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/05/29 17:13:00 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 15:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/30 19:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/04/30 19:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/24 10:37:58 | 000,076,584 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
PRC - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/16 15:51:38 | 000,008,192 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/26 00:27:36 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 16:23:00 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/09 13:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/16 15:51:38 | 000,008,192 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/22 17:58:05 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/22 17:58:05 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/11/11 13:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 13:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 12:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/12/16 15:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/30 19:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/04/30 19:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/24 10:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/21 20:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 20:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 22:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 18:10:57 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/02 21:56:17 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/11/22 17:58:06 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/16 17:22:25 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/30 19:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/04/28 23:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 20:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/09 17:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/29 21:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/11 16:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/27 19:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/10/13 13:59:27 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/28 19:02:14 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 19:02:13 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 16:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/16 17:39:35 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/16 17:39:35 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sonal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sonal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sonal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sonal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2011/11/27 14:53:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 08:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/14 19:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/14 19:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/29 17:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/26 00:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/19 22:10:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 08:32:42 | 000,000,000 | ---D | M]

[2010/08/16 17:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Extensions
[2011/11/11 06:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\extensions
[2011/11/11 06:20:52 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/08/16 09:06:22 | 000,000,863 | ---- | M] () -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\searchplugins\conduit.xml
[2011/11/26 00:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 19:47:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/26 00:27:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/11 19:24:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/26 00:27:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2011/11/27 12:34:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Sonal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB79A1A3-DD61-4E28-8DD8-E9B4817D5160}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 14:52:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/27 13:03:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/27 12:55:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
[2011/11/27 12:49:42 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Roaming\Malwarebytes
[2011/11/27 12:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/27 12:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/27 12:49:27 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/27 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/27 12:48:27 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sonal\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/27 12:44:33 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sonal\Desktop\aswMBR.exe
[2011/11/27 12:42:31 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sonal\Desktop\tdsskiller.exe
[2011/11/27 12:33:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/27 12:26:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 12:26:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 12:26:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 12:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 12:26:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 12:26:16 | 004,309,802 | R--- | C] (Swearware) -- C:\Users\Sonal\Desktop\ComboFix.exe
[2011/11/27 11:51:31 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{9CC38F60-0E08-4872-9417-334F6D91BF9D}
[2011/11/27 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{7F3A5816-06CA-44E7-8DCE-9183E28FC364}
[2011/11/27 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{81423283-C131-4CD1-BA59-FD902DA45859}
[2011/11/27 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{46F50DB4-27CF-404D-8E8C-7FB7CFE6C7D8}
[2011/11/26 22:12:49 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{E41F9795-276A-45EB-830E-69751C9A9E28}
[2011/11/26 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{2D89A822-67B4-4679-AB49-391BE9DC1877}
[2011/11/24 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{A41ECBAD-7D16-46EA-886E-AB10380D47A2}
[2011/11/24 00:05:40 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{2FA5E48D-1EF4-4DCE-A34C-1E083E670855}
[2011/11/23 14:45:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/11 06:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{27E9F93B-C07D-4FFA-A1B3-752067FAF50B}
[2011/11/11 06:20:39 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{F1DDE06F-2CB2-408C-A556-C0202AE17B18}
[2011/10/31 19:01:05 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{282FC9CB-5E20-40B7-B151-85C6CD93C810}
[2011/10/31 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{9A599EF6-71AC-4220-BBB9-554E8B873B8F}
[2011/10/30 06:59:09 | 000,000,000 | ---D | C] -- C:\Users\Sonal\Desktop\Jaya aunty's music
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Sonal\Desktop\*.tmp files -> C:\Users\Sonal\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 14:53:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 14:53:16 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 14:30:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001UA.job
[2011/11/27 13:11:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 13:11:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 12:55:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
[2011/11/27 12:48:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sonal\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/27 12:46:29 | 000,000,512 | ---- | M] () -- C:\Users\Sonal\Desktop\MBR.dat
[2011/11/27 12:44:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sonal\Desktop\aswMBR.exe
[2011/11/27 12:42:33 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sonal\Desktop\tdsskiller.exe
[2011/11/27 12:34:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/27 12:26:24 | 004,309,802 | R--- | M] (Swearware) -- C:\Users\Sonal\Desktop\ComboFix.exe
[2011/11/27 11:56:16 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 11:56:16 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/27 11:56:16 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 10:56:53 | 000,002,056 | ---- | M] () -- C:\Users\Sonal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/27 09:29:38 | 000,211,077 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_4.pdf
[2011/11/27 08:17:30 | 000,198,045 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_3.pdf
[2011/11/27 08:05:39 | 000,190,531 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_2.pdf
[2011/11/26 17:30:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001Core.job
[2011/11/24 00:04:51 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSonal.job
[2011/11/11 06:19:35 | 000,450,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 13:36:29 | 000,637,565 | ---- | M] () -- C:\Users\Sonal\Desktop\p90x_nutrition_guide_recipes.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Sonal\Desktop\*.tmp files -> C:\Users\Sonal\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 12:46:29 | 000,000,512 | ---- | C] () -- C:\Users\Sonal\Desktop\MBR.dat
[2011/11/27 12:26:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 12:26:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 12:26:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 12:26:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 12:26:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/27 09:29:55 | 000,211,077 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_4.pdf
[2011/11/27 08:17:37 | 000,198,045 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_3.pdf
[2011/11/27 08:06:00 | 000,190,531 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_2.pdf
[2011/10/29 13:36:28 | 000,637,565 | ---- | C] () -- C:\Users\Sonal\Desktop\p90x_nutrition_guide_recipes.pdf
[2011/01/02 21:53:51 | 000,001,854 | ---- | C] () -- C:\Users\Sonal\AppData\Roaming\GhostObjGAFix.xml
[2010/12/23 08:27:17 | 000,208,192 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/09/07 19:50:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/22 14:15:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/26 02:36:07 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/06/26 02:36:07 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/05/16 22:16:29 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/20 10:22:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/02/20 09:27:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/20 09:27:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/01/29 15:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/01/27 18:05:52 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/11/30 16:55:34 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/05 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\Amazon
[2011/03/11 18:47:57 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/22 14:47:45 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\OpenOffice.org
[2011/11/27 11:47:41 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\SoftGrid Client
[2010/11/03 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\TP
[2011/03/26 19:02:28 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\Windows Live Writer
[2010/08/22 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2011/11/27 13:03:46 | 000,018,930 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#13
kengal
Posted 27 November 2011 - 03:02 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And the winsock.txt log:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters]
"NameSpace_Callout"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,66,00,77,00,70,00,75,00,63,00,6c,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\06EBDCB1]
"AppFullPath"="C:\\Windows\\system32\\wininit.exe"
"PermittedLspCategories"=dword:80000040

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k NetworkService"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalServiceNetworkRestricted"
"PermittedLspCategories"=dword:80000040

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalServiceAndNoImpersonation"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalService"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\\Windows\\system32\\lsass.exe"
"PermittedLspCategories"=dword:80000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000004
"Serial_Access_Num"=dword:00000005
"Num_Catalog_Entries64"=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Tcpip"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="NLA-navneområde (Network Location Awareness)"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\\System32\\nwprovau.dll"
"DisplayString"="NWLink IPX/SPX/NetBIOS Compatible Transport Protocol"
"ProviderId"=hex:f0,aa,2d,e0,9f,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:00000001
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007]
"LibraryPath"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WLIDNSP.DLL"
"DisplayString"="WindowsLive NSP"
"ProviderId"=hex:e9,dd,77,41,28,60,9e,47,b7,b7,03,59,1a,63,ff,3a
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008]
"LibraryPath"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WLIDNSP.DLL"
"DisplayString"="WindowsLive Local NSP"
"ProviderId"=hex:2c,2a,9f,22,18,5f,06,4a,8f,89,3a,37,21,70,62,4d
"SupportedNameSpace"=dword:00000013
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009]
"LibraryPath"="C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=hex:e9,e6,00,b6,3b,55,19,4a,86,96,33,5e,5c,89,61,53
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007]
"LibraryPath"="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDNSP.DLL"
"DisplayString"="WindowsLive NSP"
"ProviderId"=hex:e9,dd,77,41,28,60,9e,47,b7,b7,03,59,1a,63,ff,3a
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008]
"LibraryPath"="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDNSP.DLL"
"DisplayString"="WindowsLive Local NSP"
"ProviderId"=hex:2c,2a,9f,22,18,5f,06,4a,8f,89,3a,37,21,70,62,4d
"SupportedNameSpace"=dword:00000013
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009]
"LibraryPath"="C:\\Program Files\\Bonjour\\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=hex:e9,e6,00,b6,3b,55,19,4a,86,96,33,5e,5c,89,61,53
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9]
"Next_Catalog_Entry_ID"=dword:00000409
"Num_Catalog_Entries"=dword:0000001d
"Serial_Access_Num"=dword:0000000c
"Num_Catalog_Entries64"=dword:0000000a

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD Tcpip [TCP/IP]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD Tcpip [UDP/IP]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
00,80,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD Tcpip [RAW/IP]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fc,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,77,00,6c,00,6e,00,6b,00,4e,00,62,00,5d,00,20,00,53,00,45,\
00,51,00,50,00,41,00,43,00,4b,00,45,00,54,00,20,00,34,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NwlnkNb] SEQPACKET 4"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fc,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,77,00,6c,00,6e,00,6b,00,4e,00,62,00,5d,00,20,00,44,00,41,\
00,54,00,41,00,47,00,52,00,41,00,4d,00,20,00,34,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NwlnkNb] DATAGRAM 4"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fb,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,36,00,32,00,33,00,32,00,36,00,33,00,43,00,41,00,2d,00,\
34,00,34,00,36,00,43,00,2d,00,34,00,45,00,43,00,43,00,2d,00,42,00,31,00,37,\
00,33,00,2d,00,39,00,37,00,37,00,36,00,44,00,31,00,34,00,44,00,34,00,42,00,\
32,00,45,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,\
00,54,00,20,00,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip6_{623263CA-446C-4ECC-B173-9776D14D4B2E}] SEQPACKET 5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fb,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,36,00,32,00,33,00,32,00,36,00,33,00,43,00,41,00,2d,00,\
34,00,34,00,36,00,43,00,2d,00,34,00,45,00,43,00,43,00,2d,00,42,00,31,00,37,\
00,33,00,2d,00,39,00,37,00,37,00,36,00,44,00,31,00,34,00,44,00,34,00,42,00,\
32,00,45,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,\
00,20,00,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip6_{623263CA-446C-4ECC-B173-9776D14D4B2E}] DATAGRAM 5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fa,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,46,00,35,00,32,00,45,00,42,00,34,00,44,00,36,00,2d,00,\
36,00,41,00,38,00,38,00,2d,00,34,00,32,00,39,00,32,00,2d,00,38,00,42,00,43,\
00,41,00,2d,00,38,00,45,00,39,00,43,00,36,00,45,00,39,00,37,00,31,00,45,00,\
43,00,41,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,\
00,54,00,20,00,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip6_{F52EB4D6-6A88-4292-8BCA-8E9C6E971ECA}] SEQPACKET 6"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f1,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fa,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,46,00,35,00,32,00,45,00,42,00,34,00,44,00,36,00,2d,00,\
36,00,41,00,38,00,38,00,2d,00,34,00,32,00,39,00,32,00,2d,00,38,00,42,00,43,\
00,41,00,2d,00,38,00,45,00,39,00,43,00,36,00,45,00,39,00,37,00,31,00,45,00,\
43,00,41,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,\
00,20,00,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip6_{F52EB4D6-6A88-4292-8BCA-8E9C6E971ECA}] DATAGRAM 6"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,f9,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,31,00,41,00,41,00,35,00,45,00,46,00,32,00,36,00,2d,00,\
33,00,38,00,33,00,32,00,2d,00,34,00,39,00,33,00,41,00,2d,00,41,00,41,00,36,\
00,32,00,2d,00,45,00,33,00,36,00,30,00,34,00,36,00,41,00,37,00,38,00,32,00,\
32,00,44,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,\
00,54,00,20,00,37,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip6_{1AA5EF26-3832-493A-AA62-E36046A7822D}] SEQPACKET 7"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f3,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,f9,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,31,00,41,00,41,00,35,00,45,00,46,00,32,00,36,00,2d,00,\
33,00,38,00,33,00,32,00,2d,00,34,00,39,00,33,00,41,00,2d,00,41,00,41,00,36,\
00,32,00,2d,00,45,00,33,00,36,00,30,00,34,00,36,00,41,00,37,00,38,00,32,00,\
32,00,44,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,\
00,20,00,37,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip6_{1AA5EF26-3832-493A-AA62-E36046A7822D}] DATAGRAM 7"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f4,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,46,00,35,00,32,00,45,00,42,00,34,00,44,00,36,00,2d,00,36,00,\
41,00,38,00,38,00,2d,00,34,00,32,00,39,00,32,00,2d,00,38,00,42,00,43,00,41,\
00,2d,00,38,00,45,00,39,00,43,00,36,00,45,00,39,00,37,00,31,00,45,00,43,00,\
41,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{F52EB4D6-6A88-4292-8BCA-8E9C6E971ECA}] SEQPACKET 0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f5,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,46,00,35,00,32,00,45,00,42,00,34,00,44,00,36,00,2d,00,36,00,\
41,00,38,00,38,00,2d,00,34,00,32,00,39,00,32,00,2d,00,38,00,42,00,43,00,41,\
00,2d,00,38,00,45,00,39,00,43,00,36,00,45,00,39,00,37,00,31,00,45,00,43,00,\
41,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{F52EB4D6-6A88-4292-8BCA-8E9C6E971ECA}] DATAGRAM 0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f6,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,36,00,32,00,33,00,32,00,36,00,33,00,43,00,41,00,2d,00,34,00,\
34,00,36,00,43,00,2d,00,34,00,45,00,43,00,43,00,2d,00,42,00,31,00,37,00,33,\
00,2d,00,39,00,37,00,37,00,36,00,44,00,31,00,34,00,44,00,34,00,42,00,32,00,\
45,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{623263CA-446C-4ECC-B173-9776D14D4B2E}] SEQPACKET 1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f7,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,36,00,32,00,33,00,32,00,36,00,33,00,43,00,41,00,2d,00,34,00,\
34,00,36,00,43,00,2d,00,34,00,45,00,43,00,43,00,2d,00,42,00,31,00,37,00,33,\
00,2d,00,39,00,37,00,37,00,36,00,44,00,31,00,34,00,44,00,34,00,42,00,32,00,\
45,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{623263CA-446C-4ECC-B173-9776D14D4B2E}] DATAGRAM 1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,44,00,42,00,34,00,39,00,33,00,34,00,43,00,46,00,2d,00,38,00,\
43,00,37,00,44,00,2d,00,34,00,38,00,41,00,32,00,2d,00,42,00,34,00,30,00,36,\
00,2d,00,44,00,39,00,34,00,42,00,34,00,43,00,36,00,37,00,35,00,36,00,35,00,\
42,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{DB4934CF-8C7D-48A2-B406-D94B4C67565B}] SEQPACKET 2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,44,00,42,00,34,00,39,00,33,00,34,00,43,00,46,00,2d,00,38,00,\
43,00,37,00,44,00,2d,00,34,00,38,00,41,00,32,00,2d,00,42,00,34,00,30,00,36,\
00,2d,00,44,00,39,00,34,00,42,00,34,00,43,00,36,00,37,00,35,00,36,00,35,00,\
42,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{DB4934CF-8C7D-48A2-B406-D94B4C67565B}] DATAGRAM 2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fa,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,37,00,31,00,32,00,33,00,32,00,32,00,32,00,2d,00,43,00,\
39,00,31,00,36,00,2d,00,34,00,32,00,45,00,45,00,2d,00,39,00,42,00,31,00,37,\
00,2d,00,36,00,44,00,44,00,32,00,44,00,30,00,41,00,41,00,42,00,36,00,46,00,\
32,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{E7123222-C916-42EE-9B17-6DD2D0AAB6F2}] SEQPACKET 3"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,37,00,31,00,32,00,33,00,32,00,32,00,32,00,2d,00,43,00,\
39,00,31,00,36,00,2d,00,34,00,32,00,45,00,45,00,2d,00,39,00,42,00,31,00,37,\
00,2d,00,36,00,44,00,44,00,32,00,44,00,30,00,41,00,41,00,42,00,36,00,46,00,\
32,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{E7123222-C916-42EE-9B17-6DD2D0AAB6F2}] DATAGRAM 3"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,40,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,fc,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,02,00,00,00,e8,03,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
40,02,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,69,00,70,00,78,00,20,00,5b,00,49,00,50,00,58,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD nwlnkipx [IPX]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,1e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,03,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,05,00,00,00,e8,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
ff,ff,ff,ff,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD nwlnkspx [SPX]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,1e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,01,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,01,00,00,00,e8,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,5d,00,20,00,\
5b,00,50,00,73,00,65,00,75,00,64,00,6f,00,20,00,53,00,74,00,72,00,65,00,61,\
00,6d,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD nwlnkspx [SPX] [Pseudo Stream]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,3e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,03,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,05,00,00,00,e9,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
ff,ff,ff,ff,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,20,00,49,00,\
49,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD nwlnkspx [SPX II]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,3e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,01,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,00,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,01,00,00,00,e9,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,20,00,49,00,\
49,00,5d,00,20,00,5b,00,50,00,73,00,65,00,75,00,64,00,6f,00,20,00,53,00,74,\
00,72,00,65,00,61,00,6d,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD nwlnkspx [SPX II] [Pseudo Stream]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,04,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,55,00,44,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,18,44,19,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,98,\
13,19,00,ee,cf,90,7c,b8,77,13,00,78,01,15,00,61,f6,90,7c,a0,13,19,00,ce,dd,\
90,7c,10,44,19,00,08,00,00,00,78,01,15,00,bb,04,00,00,a8,1a,19,00,78,01,15,\
00,40,13,19,00,48,13,19,00,90,78,13,00,78,01,15,00,90,78,13,00,81,09,91,7c,\
08,06,15,00,5d,00,91,7c,00,00,00,00,d8,f9,18,00,00,00,00,00,00,00,00,00,3c,\
05,00,00,f8,77,13,00,00,00,00,00,b8,00,91,7c,e8,f9,18,00,c4,78,13,00,41,00,\
91,7c,68,08,15,00,5d,00,91,7c,00,00,15,00,78,ad,18,00,00,00,00,00,e8,78,13,\
00,78,01,15,00,e8,78,13,00,81,09,91,7c,08,06,15,00,5d,00,91,7c,00,00,00,00,\
2d,ff,90,7c,00,00,00,00,00,00,00,00,68,f6,90,7c,78,ad,18,00,78,01,15,00,5b,\
d7,dd,77,80,ad,18,00,00,00,00,00,e6,f9,18,00,48,05,00,00,18,44,19,00,00,00,\
00,00,10,44,19,00,00,00,00,00,00,00,00,00,48,05,00,00,c0,78,13,00,38,d8,dd,\
77,48,05,00,00,9c,78,13,00,78,01,15,00,18,4c,00,00,4a,d8,dd,77,48,13,19,00,\
e6,f9,18,00,27,00,00,00,1a,00,1c,00,6c,5d,a6,71,00,00,00,00,90,78,13,00,08,\
78,13,00,00,00,15,00,78,17,df,77,50,d8,dd,77,ff,ff,ff,ff,00,00,00,00,00,00,\
00,00,48,05,01,01,83,09,00,00,2c,78,13,00,fa,cf,90,7c,b0,ff,13,00,20,e9,90,\
7c,60,00,91,7c,ff,ff,ff,ff,5d,00,91,7c,91,30,a7,71,00,00,15,00,00,00,00,00,\
80,ad,18,00,00,00,00,00,cc,05,e0,66,b0,30,a7,71,94,7b,13,00
"ProtocolName"="RSVP UDP Service Provider"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,05,04,00,00,01,00,00,00,f8,74,18,00,98,f9,18,00,48,13,19,00,80,ad,\
18,00,e6,f9,18,00,44,05,00,00,00,00,00,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,54,00,43,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,00,00,15,00,22,02,91,7c,03,00,00,00,18,07,15,\
00,00,00,15,00,00,ad,18,00,bc,79,13,00,22,02,91,7c,00,7c,13,00,20,e9,90,7c,\
28,02,91,7c,ff,ff,ff,ff,22,02,91,7c,9b,01,91,7c,db,01,91,7c,61,ac,80,7c,34,\
7b,13,00,6e,d9,90,7c,74,7a,13,00,30,7a,13,00,5c,f6,90,7c,61,f6,90,7c,74,7a,\
13,00,6e,d9,90,7c,34,7b,13,00,0c,7a,13,00,7a,d9,90,7c,b0,ff,13,00,20,e9,90,\
7c,68,f6,90,7c,ff,ff,ff,ff,61,f6,90,7c,eb,6f,dd,77,00,00,00,00,00,00,00,00,\
d0,9b,18,00,f6,6f,dd,77,58,7b,13,00,54,05,00,00,50,7b,13,00,48,7b,13,00,54,\
05,00,00,d0,9b,18,00,74,7a,13,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,01,00,00,00,24,00,00,00,50,00,72,00,6f,00,74,00,6f,00,63,\
00,6f,00,6c,00,5f,00,43,00,61,00,74,00,61,00,6c,00,6f,00,67,00,39,00,00,00,\
d4,7a,13,00,5c,f6,90,7c,61,f6,90,7c,00,00,00,00,54,7b,13,00,2d,f6,90,7c,b0,\
7a,13,00,b4,7a,13,00,1c,7b,13,00,20,e9,90,7c,68,f6,90,7c,ff,ff,ff,ff,61,f6,\
90,7c,4e,6a,dd,77,87,6a,dd,77,2c,4d,df,66,60,05,00,00,06,00,00,00,18,00,00,\
00,60,05,00,00,54,7b,13,00,40,00,00,00,00,00,00,00,00,00,00,00,25,9a,00,00,\
40,7b,13,00,8b,70,dd,77,54,05,00,00,34,7b,13,00,58,7b,13,00,d0,9b,18,00,50,\
7b,13,00,48,7b,13,00,08,00,00,00,00,00,00,00,ff,6f,dd,77,30,00,32,00,54,4d,\
df,66,00,00,00,00,78,7b,13,00,6e,dc,df,66,24,00,00,00,54,4d,df,66,24,00,00,\
00,70,7b,13,00,01,00,00,00,74,7b,13,00,00,00,00,00,cc,05,e0,66,00,00,00,00,\
d0,9b,18,00,01,00,00,00,16,d6,00,00,a8,7b,13,00,44,dd,df,66
"ProtocolName"="RSVP TCP Service Provider"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,06,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,07,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,08,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
00,80,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60102"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD Tcpip [TCP/IP]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD Tcpip [UDP/IP]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
00,80,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,\
32,00,5c,00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,36,00,30,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="MSAFD Tcpip [RAW/IP]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004]
"PackedCatalogItem"=hex:6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005]
"PackedCatalogItem"=hex:6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006]
"PackedCatalogItem"=hex:6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f1,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-102"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007]
"PackedCatalogItem"=hex:6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,71,00,6f,00,73,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,31,00,30,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-103"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,06,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60100"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,07,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60101"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,08,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
00,80,00,00,00,00,00,00,40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,77,00,73,00,68,00,69,00,70,00,36,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,36,00,30,00,31,00,30,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60102"
  • 0

#14
RKinner
Posted 27 November 2011 - 03:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
OK. Here is where it gets a bit tricky. We are going to try to remove the O10 entries. Sometimes it won't go back on line after this. I will give you some things to try but you may just have to use System Restore to back up to the last available point.

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

:Commands
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If you can get on line afterward then run OTL, Quickscan and post the log.

If not:

First see if you can get on line with the 64 bit version of IE. If you can then just do this again:

Copy the next line:

reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.txt

Start, (All) Programs, Accessories, then right click on Command Prompt and Run As Admin.

right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Close the Command window. On your desktop should be a file called winsock2.txt. Please attach it to your next reply and I can probably fix it.

IF you can't get on at all try this first:
Start, All Programs, Accessories, Command Prompt(Win 7/Vista =>right click and Run As Admin). Type with an Enter after each line in the code box: 



netsh  winsock  reset catalog
netsh int ipv4 reset %userprofile%\Desktop\reset4.log 
netsh int ipv6 reset %userprofile%\Desktop\reset6.log
(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:

Copy the next line:

reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.txt

Start, (All) Programs, Accessories, then right click on Command Prompt and Run As Admin.

right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Close the Command window. On your desktop should be a file called winsock2.txt. Just leave it there then do a System Restore to the latest available restore point.

Ron
  • 0

#15
kengal
Posted 27 November 2011 - 03:48 PM

kengal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I was able to get online, so here's the OTL log:

OTL logfile created on: 11/27/2011 3:43:55 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sonal\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 62.95% Memory free
7.60 Gb Paging File | 6.08 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.46 Gb Total Space | 376.85 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
Drive D: | 21.01 Gb Total Space | 3.06 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 85.75 Mb Free Space | 86.59% Space Free | Partition Type: FAT32
Drive F: | 7.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SCOOBAIL | User Name: Sonal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 12:55:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
PRC - [2011/11/26 00:27:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/05/29 17:13:00 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 15:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/24 10:37:58 | 000,076,584 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
PRC - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/16 15:51:38 | 000,008,192 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/26 00:27:36 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 16:23:00 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/09 13:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/16 15:51:38 | 000,008,192 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/22 17:58:05 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/22 17:58:05 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/11/11 13:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 13:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 12:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/12/16 15:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/30 19:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/04/30 19:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/24 10:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/21 20:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 20:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 22:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 18:10:57 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/02 21:56:17 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/11/22 17:58:06 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/16 17:22:25 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/30 19:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/04/28 23:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 20:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/09 17:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/29 21:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/11 16:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/27 19:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/10/13 13:59:27 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/28 19:02:14 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 19:02:13 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101015.053\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 16:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/16 17:39:35 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/16 17:39:35 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sonal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sonal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sonal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sonal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2011/11/27 15:42:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 08:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/14 19:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/14 19:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/29 17:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/26 00:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/19 22:10:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 08:32:42 | 000,000,000 | ---D | M]

[2010/08/16 17:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Extensions
[2011/11/11 06:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\extensions
[2011/11/11 06:20:52 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/08/16 09:06:22 | 000,000,863 | ---- | M] () -- C:\Users\Sonal\AppData\Roaming\Mozilla\Firefox\Profiles\nuumv579.default\searchplugins\conduit.xml
[2011/11/26 00:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 19:47:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/26 00:27:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/11 19:24:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/26 00:27:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2011/11/27 12:34:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Sonal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB79A1A3-DD61-4E28-8DD8-E9B4817D5160}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 14:52:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/27 13:03:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/27 12:55:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
[2011/11/27 12:49:42 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Roaming\Malwarebytes
[2011/11/27 12:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/27 12:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/27 12:49:27 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/27 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/27 12:48:27 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sonal\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/27 12:44:33 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sonal\Desktop\aswMBR.exe
[2011/11/27 12:42:31 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sonal\Desktop\tdsskiller.exe
[2011/11/27 12:33:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/27 12:26:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 12:26:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 12:26:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 12:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 12:26:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 12:26:16 | 004,309,802 | R--- | C] (Swearware) -- C:\Users\Sonal\Desktop\ComboFix.exe
[2011/11/27 11:51:31 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{9CC38F60-0E08-4872-9417-334F6D91BF9D}
[2011/11/27 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{7F3A5816-06CA-44E7-8DCE-9183E28FC364}
[2011/11/27 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{81423283-C131-4CD1-BA59-FD902DA45859}
[2011/11/27 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{46F50DB4-27CF-404D-8E8C-7FB7CFE6C7D8}
[2011/11/26 22:12:49 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{E41F9795-276A-45EB-830E-69751C9A9E28}
[2011/11/26 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{2D89A822-67B4-4679-AB49-391BE9DC1877}
[2011/11/24 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{A41ECBAD-7D16-46EA-886E-AB10380D47A2}
[2011/11/24 00:05:40 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{2FA5E48D-1EF4-4DCE-A34C-1E083E670855}
[2011/11/23 14:45:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/11 06:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{27E9F93B-C07D-4FFA-A1B3-752067FAF50B}
[2011/11/11 06:20:39 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{F1DDE06F-2CB2-408C-A556-C0202AE17B18}
[2011/10/31 19:01:05 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{282FC9CB-5E20-40B7-B151-85C6CD93C810}
[2011/10/31 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Sonal\AppData\Local\{9A599EF6-71AC-4220-BBB9-554E8B873B8F}
[2011/10/30 06:59:09 | 000,000,000 | ---D | C] -- C:\Users\Sonal\Desktop\Jaya aunty's music
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Sonal\Desktop\*.tmp files -> C:\Users\Sonal\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 15:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 15:41:55 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 15:30:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001UA.job
[2011/11/27 15:00:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 15:00:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 12:55:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sonal\Desktop\OTL(2).exe
[2011/11/27 12:48:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sonal\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/27 12:46:29 | 000,000,512 | ---- | M] () -- C:\Users\Sonal\Desktop\MBR.dat
[2011/11/27 12:44:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sonal\Desktop\aswMBR.exe
[2011/11/27 12:42:33 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sonal\Desktop\tdsskiller.exe
[2011/11/27 12:34:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/27 12:26:24 | 004,309,802 | R--- | M] (Swearware) -- C:\Users\Sonal\Desktop\ComboFix.exe
[2011/11/27 11:56:16 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 11:56:16 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/27 11:56:16 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 10:56:53 | 000,002,056 | ---- | M] () -- C:\Users\Sonal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/27 09:29:38 | 000,211,077 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_4.pdf
[2011/11/27 08:17:30 | 000,198,045 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_3.pdf
[2011/11/27 08:05:39 | 000,190,531 | ---- | M] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_2.pdf
[2011/11/26 17:30:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2872563784-2676608509-1643810392-1001Core.job
[2011/11/24 00:04:51 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSonal.job
[2011/11/11 06:19:35 | 000,450,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 13:36:29 | 000,637,565 | ---- | M] () -- C:\Users\Sonal\Desktop\p90x_nutrition_guide_recipes.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Sonal\Desktop\*.tmp files -> C:\Users\Sonal\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 12:46:29 | 000,000,512 | ---- | C] () -- C:\Users\Sonal\Desktop\MBR.dat
[2011/11/27 12:26:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 12:26:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 12:26:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 12:26:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 12:26:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/27 09:29:55 | 000,211,077 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_4.pdf
[2011/11/27 08:17:37 | 000,198,045 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_3.pdf
[2011/11/27 08:06:00 | 000,190,531 | ---- | C] () -- C:\Users\Sonal\Desktop\I DRIVE SAFELY_2.pdf
[2011/10/29 13:36:28 | 000,637,565 | ---- | C] () -- C:\Users\Sonal\Desktop\p90x_nutrition_guide_recipes.pdf
[2011/01/02 21:53:51 | 000,001,854 | ---- | C] () -- C:\Users\Sonal\AppData\Roaming\GhostObjGAFix.xml
[2010/12/23 08:27:17 | 000,208,192 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/09/07 19:50:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/22 14:15:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/26 02:36:07 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/06/26 02:36:07 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/05/16 22:16:29 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/20 10:22:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/02/20 09:27:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/20 09:27:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/01/29 15:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/01/27 18:05:52 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/11/30 16:55:34 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/05 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\Amazon
[2011/03/11 18:47:57 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/22 14:47:45 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\OpenOffice.org
[2011/11/27 11:47:41 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\SoftGrid Client
[2010/11/03 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\TP
[2011/03/26 19:02:28 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\Windows Live Writer
[2010/08/22 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sonal\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2011/11/27 13:03:46 | 000,019,182 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP