Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win7 Antivirus 2012-- I suspect remnants

Started by JeremyK , Dec 18 2011 12:32 PM

  • Please log in to reply

#1
JeremyK
Posted 18 December 2011 - 12:32 PM

JeremyK

    Member

  • Member
  • PipPip
  • 31 posts
EDITED to add more info for when someone is able to help me out.

Yesterday due to some unwise surfing my PC contracted the Win7 Antivirus 2012 virus. I'm semi-computer savvy and was able to bypass it disabling my Malware Bytes and Security Essentials. After a lengthy battle I removed the virus. After a couple of subsequent scans I found more. I think in total I caught 2-4 viruses. The last two were called fakeAD or something to that effect. I apologize in advance for not having the foresight to write them down. Either way, they were all Trojans. I've since run ADaware, Malware Bytes, and Security Essentials scans... all come back clean. Nevertheless, my PC is acting up.

1) A few moments ago my PC blue screened, which scared me quite a bit. The following file was implicated in the blue screen: WER-52759-0.sysdata.xml. Not sure if that helps.
2) Seemingly at random when I go to a website (doesnt seem to matter which one) I will get a new tab that opens to "Men's Health Base." This happened going to a video game website as well as geeks to go. So it pops up as if it were a pop up add, but is not related to the site I'm visiting. I've closed this from the task manager every time it pops up. I've since installed a script blocker into mozilla as well. EDIT: Script blocker does not appear to block the random website visitation. Its not just men's health base either. I've been directed to some kind of "news canary" website, women's health base, and an allergy website. All of the websites seems rather benign. Its bizarre.
3) My internet has been acting a little clunky. Webpages do not always load when I initially go there-- sometimes I have to refresh once or twice.

I'm not sure how much these are related or unrelated, but it just seems too close together to be a coincidence. I'm a little spooked here.

I read a post below by melanie11127, which resonated with me a bit. The problem-solver in me started to just follow the instructions in her thread to save you the time, but as I read along I thought it might be better to rely on your expertise and do this right. It would also be great if you could give me some pointers on the front end-- in the event that I am still infected, what things should I be worrying about? Below are the OTL outputs.

Thank you so much for your time and everything you all do here.

Best,
Jeremy

(Note: Made a few changes to the PC so this is updated from original post) OTL:

OTL logfile created on: 12/18/2011 9:48:20 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 50.85% Memory free
6.50 Gb Paging File | 4.72 Gb Available in Paging File | 72.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 315.67 Gb Free Space | 67.78% Space Free | Partition Type: NTFS
Drive E: | 37.27 Gb Total Space | 2.42 Gb Free Space | 6.50% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/17 19:00:45 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/12 10:07:28 | 001,101,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/11/09 17:24:58 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/05 11:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/07/07 21:25:20 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/06/23 22:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/10 10:34:22 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/28 10:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/08 06:55:55 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 17:24:58 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/10/12 02:30:39 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/12 02:27:26 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/12 02:23:44 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\PresentationFramework.Classic.ni.dll
MOD - [2011/10/12 02:23:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/12 02:23:30 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/12 02:23:29 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/12 02:23:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 02:23:17 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:23:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 02:23:00 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 02:22:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 02:22:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 02:22:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 02:22:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 02:22:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/07 22:44:44 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/07/07 22:35:08 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/10 08:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/23 06:55:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/18 01:01:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/16 15:45:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/12/15 23:18:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/02/19 11:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/18 11:26:48 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/12/18 11:26:46 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0AEDFB3-C43C-4251-B561-4A05D82CE25F}\MpKsl72fcfa9e.sys -- (MpKsl72fcfa9e)
DRV - [2011/12/18 09:41:12 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0AEDFB3-C43C-4251-B561-4A05D82CE25F}\MpKsleb4ba243.sys -- (MpKsleb4ba243)
DRV - [2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/12 10:07:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/07/07 22:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/07 20:46:42 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 12:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/01/22 16:36:27 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 02:39:17 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/17 14:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/16 01:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/03 20:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A FD 04 3A 29 9D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/02 08:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 17:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 17:24:59 | 000,000,000 | ---D | M]

[2010/12/16 15:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/12/18 18:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions
[2011/12/18 10:22:15 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/11/05 09:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 11:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 09:23:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/10 16:14:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/02 08:43:52 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/05/04 02:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/01/22 14:18:18 | 000,002,280 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D592450-7706-4E38-8CBC-2E0EC730EDF8}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/12 22:18:21 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{de2509d6-2a20-11e0-8ae6-00241d1f19b6}\Shell - "" = AutoRun
O33 - MountPoints2\{de2509d6-2a20-11e0-8ae6-00241d1f19b6}\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 12:03:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/12/18 11:26:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/17 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/17 22:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/12/17 19:00:51 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 18:59:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/17 18:59:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/17 16:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 16:12:46 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/26 12:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/24 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Minecraft Server Marth and Jeremy

========== Files - Modified Within 30 Days ==========

[2011/12/18 15:34:37 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/18 12:34:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 12:34:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/12/18 11:32:56 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/18 11:32:56 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/18 11:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 11:26:30 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 22:11:14 | 000,002,991 | ---- | M] () -- C:\Users\Jeremy\Desktop\HiJackThis.lnk
[2011/12/17 19:00:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 19:00:50 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:39 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/17 18:59:39 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/17 18:59:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/17 16:54:09 | 000,010,364 | ---- | M] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/12/17 16:13:48 | 000,011,288 | -HS- | M] () -- C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/17 16:13:48 | 000,011,288 | -HS- | M] () -- C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/17 16:12:49 | 000,001,095 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/15 07:00:47 | 003,763,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/12/17 23:30:20 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/17 22:11:14 | 000,002,991 | ---- | C] () -- C:\Users\Jeremy\Desktop\HiJackThis.lnk
[2011/12/17 21:59:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/17 18:59:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/17 18:59:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/17 16:54:06 | 000,010,364 | ---- | C] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/12/17 16:12:49 | 000,001,095 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/17 15:35:06 | 000,011,288 | -HS- | C] () -- C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/17 15:35:06 | 000,011,288 | -HS- | C] () -- C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i
[2011/09/10 23:13:19 | 000,007,606 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
[2011/08/10 16:53:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/07 22:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/07/07 05:47:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/07 05:46:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2011/07/07 05:46:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/20 20:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/13 09:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/05/07 16:09:15 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/07 16:09:14 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/05/07 16:08:14 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/05/07 16:08:13 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/07 16:08:13 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/09 16:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 14:36:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/23 14:05:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/06 11:00:11 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/12/16 17:37:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/12/15 23:16:05 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/12/15 23:16:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/16 05:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 003,763,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/13 05:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 04:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/07 04:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2005/07/11 18:01:28 | 000,012,244 | ---- | C] () -- C:\Windows\MSUMLT_Y.INI
[2005/03/08 05:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== LOP Check ==========

[2011/12/11 21:15:53 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\.minecraft
[2011/12/10 18:32:38 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Azureus
[2011/06/27 14:18:58 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DAEMON Tools Lite
[2011/08/18 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\ICAClient
[2011/06/26 12:15:21 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\LolClient
[2011/12/18 15:34:37 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/21 15:53:42 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by JeremyK, 19 December 2011 - 07:11 AM.

  • 0

Advertisements

#2
RKinner
Posted 21 December 2011 - 12:28 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Delete these two files if you can:

C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
JeremyK
Posted 21 December 2011 - 05:16 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ron,

As suspected, there were some nasty bugs hiding in my computer. I'm sure you get this all the time, but you're my hero.

Now to business. See below for all requested information:

First, I was unable to delete as they were not present in the directories... I enabled hidden files and ran a search and could not locate them.:

C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i

I took a screen verifying their absence if you need to see that.

As for the logs, here you go:

COMBOFIX:
ComboFix 11-12-21.01 - Jeremy 12/21/2011 7:24.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.2325 [GMT -6:00]
Running from: c:\users\Jeremy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\$NtUninstallKB10857$\2042975148\@
c:\windows\$NtUninstallKB10857$\2042975148\bckfg.tmp
c:\windows\$NtUninstallKB10857$\2042975148\cfg.ini
c:\windows\$NtUninstallKB10857$\2042975148\Desktop.ini
c:\windows\$NtUninstallKB10857$\2042975148\keywords
c:\windows\$NtUninstallKB10857$\2042975148\kwrd.dll
c:\windows\$NtUninstallKB10857$\2042975148\L\xadqgnnk
c:\windows\$NtUninstallKB10857$\2042975148\lsflt7.ver
c:\windows\$NtUninstallKB10857$\2042975148\U\00000001.@
c:\windows\$NtUninstallKB10857$\2042975148\U\00000002.@
c:\windows\$NtUninstallKB10857$\2042975148\U\00000004.@
c:\windows\$NtUninstallKB10857$\2042975148\U\80000000.@
c:\windows\$NtUninstallKB10857$\2042975148\U\80000004.@
c:\windows\$NtUninstallKB10857$\2042975148\U\80000032.@
c:\windows\$NtUninstallKB10857$\4159917246
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\sp.Dll
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
c:\windows\$NtUninstallKB10857$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 13:30 . 2011-12-21 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 13:22 . 2011-12-21 13:31 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CE4C9C1-13BC-4C67-A3C0-A186BA4EE7BA}\offreg.dll
2011-12-21 13:05 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CE4C9C1-13BC-4C67-A3C0-A186BA4EE7BA}\mpengine.dll
2011-12-18 04:11 . 2011-12-18 04:11 388096 ----a-r- c:\users\Jeremy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-18 03:59 . 2011-12-18 01:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-18 01:00 . 2011-12-18 01:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-18 00:59 . 2011-12-18 00:59 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-18 00:59 . 2011-12-12 16:07 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-18 00:59 . 2011-12-18 00:59 -------- d-----w- c:\programdata\Lavasoft
2011-12-18 00:59 . 2011-12-18 00:59 -------- d-----w- c:\program files\Lavasoft
2011-12-17 22:12 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-15 04:09 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 23:43 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 23:43 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 23:43 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 23:43 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 23:43 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 23:43 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-30 09:01 . 2011-11-30 09:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 13:31 . 2010-12-16 23:37 16608 ----a-w- c:\windows\gdrv.sys
2011-12-08 12:55 . 2011-06-05 14:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 10:47 . 2010-12-17 15:56 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 11:59 . 2011-10-11 11:59 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B16F730-A0EF-4EA4-ACA1-556989CE39EA}\gapaengine.dll
2011-09-29 16:03 . 2011-11-09 11:58 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-26 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-28 264040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4456448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl55b2d481;MpKsl55b2d481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A299BF9D-BDCD-4ED6-969D-842797CCE576}\MpKsl55b2d481.sys [x]
R1 MpKsl74f60940;MpKsl74f60940;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{615866F0-5975-40DF-B367-469A2C8CA571}\MpKsl74f60940.sys [x]
R1 MpKsl8f2d90e6;MpKsl8f2d90e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3445F8C-0059-429C-B78E-C8ACAAC0C14F}\MpKsl8f2d90e6.sys [x]
R1 MpKsla0148213;MpKsla0148213;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{582B251D-93C8-45BD-B6E7-7457D4C75A00}\MpKsla0148213.sys [x]
R1 MpKslaee1f93e;MpKslaee1f93e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E3D5B76-D3FA-4567-9FC5-0535CC1DED88}\MpKslaee1f93e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-16 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-16 79360]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-12 64512]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 294400]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-18 2152152]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 110592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 482304]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-22 218176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-12-21 07:35:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-21 13:35
.
Pre-Run: 358,143,303,680 bytes free
Post-Run: 357,956,382,720 bytes free
.
- - End Of File - - 31BA0421DD63907ED70779F71D405817


TDSSKILLER:
16:50:07.0761 3440 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
16:50:08.0057 3440 ============================================================
16:50:08.0057 3440 Current date / time: 2011/12/21 16:50:08.0057
16:50:08.0057 3440 SystemInfo:
16:50:08.0057 3440
16:50:08.0057 3440 OS Version: 6.1.7601 ServicePack: 1.0
16:50:08.0057 3440 Product type: Workstation
16:50:08.0057 3440 ComputerName: JEREMY-PC
16:50:08.0057 3440 UserName: Jeremy
16:50:08.0057 3440 Windows directory: C:\Windows
16:50:08.0057 3440 System windows directory: C:\Windows
16:50:08.0057 3440 Processor architecture: Intel x86
16:50:08.0057 3440 Number of processors: 4
16:50:08.0057 3440 Page size: 0x1000
16:50:08.0057 3440 Boot type: Normal boot
16:50:08.0057 3440 ============================================================
16:50:08.0775 3440 Initialize success
16:50:21.0629 1256 ============================================================
16:50:21.0629 1256 Scan started
16:50:21.0629 1256 Mode: Manual;
16:50:21.0629 1256 ============================================================
16:50:22.0628 1256 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:50:22.0628 1256 1394ohci - ok
16:50:22.0659 1256 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:50:22.0690 1256 ACPI - ok
16:50:22.0737 1256 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:50:22.0737 1256 AcpiPmi - ok
16:50:22.0784 1256 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:50:22.0784 1256 adp94xx - ok
16:50:22.0799 1256 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:50:22.0799 1256 adpahci - ok
16:50:22.0815 1256 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:50:22.0862 1256 adpu320 - ok
16:50:22.0940 1256 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:50:22.0940 1256 AFD - ok
16:50:22.0971 1256 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:50:22.0987 1256 agp440 - ok
16:50:23.0018 1256 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:50:23.0018 1256 aic78xx - ok
16:50:23.0065 1256 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:50:23.0065 1256 aliide - ok
16:50:23.0080 1256 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:50:23.0080 1256 amdagp - ok
16:50:23.0096 1256 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:50:23.0096 1256 amdide - ok
16:50:23.0127 1256 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
16:50:23.0127 1256 amdiox86 - ok
16:50:23.0143 1256 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:50:23.0158 1256 AmdK8 - ok
16:50:23.0517 1256 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys
16:50:23.0595 1256 amdkmdag - ok
16:50:23.0751 1256 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys
16:50:23.0751 1256 amdkmdap - ok
16:50:23.0876 1256 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:50:23.0876 1256 AmdPPM - ok
16:50:23.0969 1256 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:50:23.0985 1256 amdsata - ok
16:50:23.0985 1256 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:50:23.0985 1256 amdsbs - ok
16:50:24.0001 1256 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:50:24.0001 1256 amdxata - ok
16:50:24.0063 1256 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:50:24.0063 1256 AppID - ok
16:50:24.0110 1256 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:50:24.0110 1256 arc - ok
16:50:24.0125 1256 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:50:24.0125 1256 arcsas - ok
16:50:24.0141 1256 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:24.0141 1256 AsyncMac - ok
16:50:24.0157 1256 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:50:24.0157 1256 atapi - ok
16:50:24.0219 1256 AtiHDAudioService (45fe74599fba4070e7c7dac928896474) C:\Windows\system32\drivers\AtihdW73.sys
16:50:24.0219 1256 AtiHDAudioService - ok
16:50:24.0250 1256 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:50:24.0250 1256 b06bdrv - ok
16:50:24.0281 1256 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:50:24.0281 1256 b57nd60x - ok
16:50:24.0281 1256 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:50:24.0281 1256 Beep - ok
16:50:24.0297 1256 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:50:24.0297 1256 blbdrive - ok
16:50:24.0328 1256 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:50:24.0328 1256 bowser - ok
16:50:24.0328 1256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:50:24.0328 1256 BrFiltLo - ok
16:50:24.0344 1256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:50:24.0344 1256 BrFiltUp - ok
16:50:24.0359 1256 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:50:24.0359 1256 Brserid - ok
16:50:24.0375 1256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:50:24.0375 1256 BrSerWdm - ok
16:50:24.0391 1256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:50:24.0391 1256 BrUsbMdm - ok
16:50:24.0391 1256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:50:24.0391 1256 BrUsbSer - ok
16:50:24.0406 1256 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:50:24.0406 1256 BTHMODEM - ok
16:50:24.0515 1256 catchme - ok
16:50:24.0531 1256 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:24.0531 1256 cdfs - ok
16:50:24.0562 1256 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:50:24.0562 1256 cdrom - ok
16:50:24.0578 1256 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:50:24.0578 1256 circlass - ok
16:50:24.0609 1256 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:50:24.0609 1256 CLFS - ok
16:50:24.0625 1256 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:24.0625 1256 CmBatt - ok
16:50:24.0656 1256 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:50:24.0656 1256 cmdide - ok
16:50:24.0671 1256 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:50:24.0671 1256 CNG - ok
16:50:24.0687 1256 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:24.0687 1256 Compbatt - ok
16:50:24.0734 1256 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:50:24.0734 1256 CompositeBus - ok
16:50:24.0749 1256 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:50:24.0749 1256 crcdisk - ok
16:50:24.0796 1256 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:50:24.0796 1256 CSC - ok
16:50:24.0859 1256 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:50:24.0859 1256 DfsC - ok
16:50:24.0874 1256 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:50:24.0874 1256 discache - ok
16:50:24.0905 1256 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:50:24.0905 1256 Disk - ok
16:50:24.0937 1256 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:50:24.0937 1256 drmkaud - ok
16:50:25.0046 1256 dtsoftbus01 (b672b993207dd5e2f73fcda8c0427b0f) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:50:25.0046 1256 dtsoftbus01 - ok
16:50:25.0108 1256 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:25.0108 1256 DXGKrnl - ok
16:50:25.0171 1256 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:50:25.0202 1256 ebdrv - ok
16:50:25.0217 1256 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:50:25.0217 1256 elxstor - ok
16:50:25.0249 1256 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:50:25.0249 1256 ErrDev - ok
16:50:25.0280 1256 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:50:25.0280 1256 exfat - ok
16:50:25.0295 1256 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:50:25.0295 1256 fastfat - ok
16:50:25.0327 1256 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:50:25.0327 1256 fdc - ok
16:50:25.0327 1256 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:50:25.0342 1256 FileInfo - ok
16:50:25.0358 1256 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:50:25.0358 1256 Filetrace - ok
16:50:25.0358 1256 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:25.0358 1256 flpydisk - ok
16:50:25.0373 1256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:50:25.0389 1256 FltMgr - ok
16:50:25.0389 1256 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:50:25.0405 1256 FsDepends - ok
16:50:25.0405 1256 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:25.0405 1256 Fs_Rec - ok
16:50:25.0451 1256 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:50:25.0467 1256 fvevol - ok
16:50:25.0498 1256 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:50:25.0514 1256 gagp30kx - ok
16:50:25.0561 1256 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
16:50:25.0561 1256 gdrv - ok
16:50:25.0592 1256 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:50:25.0607 1256 hcw85cir - ok
16:50:25.0639 1256 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:50:25.0639 1256 HdAudAddService - ok
16:50:25.0670 1256 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:25.0670 1256 HDAudBus - ok
16:50:25.0670 1256 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:50:25.0670 1256 HidBatt - ok
16:50:25.0685 1256 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:50:25.0685 1256 HidBth - ok
16:50:25.0701 1256 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:50:25.0701 1256 HidIr - ok
16:50:25.0732 1256 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:25.0732 1256 HidUsb - ok
16:50:25.0763 1256 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:50:25.0763 1256 HpSAMD - ok
16:50:25.0841 1256 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:50:25.0841 1256 HTTP - ok
16:50:25.0857 1256 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:50:25.0857 1256 hwpolicy - ok
16:50:25.0919 1256 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:50:25.0919 1256 i8042prt - ok
16:50:25.0997 1256 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:50:25.0997 1256 iaStorV - ok
16:50:26.0013 1256 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:50:26.0029 1256 iirsp - ok
16:50:26.0091 1256 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:50:26.0091 1256 intelide - ok
16:50:26.0138 1256 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:26.0138 1256 intelppm - ok
16:50:26.0153 1256 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:26.0153 1256 IpFilterDriver - ok
16:50:26.0231 1256 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:50:26.0231 1256 IPMIDRV - ok
16:50:26.0247 1256 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:50:26.0247 1256 IPNAT - ok
16:50:26.0278 1256 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:50:26.0278 1256 IRENUM - ok
16:50:26.0294 1256 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:50:26.0309 1256 isapnp - ok
16:50:26.0325 1256 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:50:26.0341 1256 iScsiPrt - ok
16:50:26.0419 1256 JRAID (a324485106f133e751f4b7f47c4be3ea) C:\Windows\system32\DRIVERS\jraid.sys
16:50:26.0419 1256 JRAID - ok
16:50:26.0465 1256 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:50:26.0465 1256 kbdclass - ok
16:50:26.0497 1256 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
16:50:26.0497 1256 kbdhid - ok
16:50:26.0528 1256 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
16:50:26.0543 1256 KSecDD - ok
16:50:26.0559 1256 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
16:50:26.0559 1256 KSecPkg - ok
16:50:26.0621 1256 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:50:26.0621 1256 Lavasoft Kernexplorer - ok
16:50:26.0653 1256 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
16:50:26.0653 1256 Lbd - ok
16:50:26.0668 1256 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:50:26.0668 1256 lltdio - ok
16:50:26.0715 1256 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:50:26.0715 1256 LSI_FC - ok
16:50:26.0715 1256 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:50:26.0715 1256 LSI_SAS - ok
16:50:26.0731 1256 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:50:26.0731 1256 LSI_SAS2 - ok
16:50:26.0746 1256 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:50:26.0746 1256 LSI_SCSI - ok
16:50:26.0777 1256 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:50:26.0777 1256 luafv - ok
16:50:26.0793 1256 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:50:26.0793 1256 megasas - ok
16:50:26.0840 1256 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:50:26.0840 1256 MegaSR - ok
16:50:26.0855 1256 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:50:26.0855 1256 Modem - ok
16:50:26.0871 1256 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:50:26.0871 1256 monitor - ok
16:50:26.0902 1256 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:50:26.0902 1256 mouclass - ok
16:50:26.0918 1256 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:50:26.0918 1256 mouhid - ok
16:50:26.0949 1256 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:50:26.0949 1256 mountmgr - ok
16:50:26.0980 1256 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
16:50:26.0980 1256 MpFilter - ok
16:50:27.0011 1256 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:50:27.0011 1256 mpio - ok
16:50:27.0058 1256 MpKsl55b2d481 - ok
16:50:27.0074 1256 MpKsl74f60940 - ok
16:50:27.0074 1256 MpKsl8f2d90e6 - ok
16:50:27.0105 1256 MpKsla0148213 - ok
16:50:27.0105 1256 MpKslaee1f93e - ok
16:50:27.0121 1256 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:50:27.0121 1256 MpNWMon - ok
16:50:27.0136 1256 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:50:27.0136 1256 mpsdrv - ok
16:50:27.0152 1256 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:50:27.0152 1256 MRxDAV - ok
16:50:27.0183 1256 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:50:27.0183 1256 mrxsmb - ok
16:50:27.0214 1256 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:50:27.0214 1256 mrxsmb10 - ok
16:50:27.0230 1256 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:50:27.0230 1256 mrxsmb20 - ok
16:50:27.0261 1256 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:50:27.0261 1256 msahci - ok
16:50:27.0277 1256 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:50:27.0277 1256 msdsm - ok
16:50:27.0308 1256 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:50:27.0308 1256 Msfs - ok
16:50:27.0323 1256 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:50:27.0323 1256 mshidkmdf - ok
16:50:27.0339 1256 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:50:27.0339 1256 msisadrv - ok
16:50:27.0370 1256 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:50:27.0370 1256 MSKSSRV - ok
16:50:27.0386 1256 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:50:27.0386 1256 MSPCLOCK - ok
16:50:27.0401 1256 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:50:27.0401 1256 MSPQM - ok
16:50:27.0417 1256 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:50:27.0417 1256 MsRPC - ok
16:50:27.0448 1256 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:50:27.0448 1256 mssmbios - ok
16:50:27.0464 1256 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:50:27.0464 1256 MSTEE - ok
16:50:27.0464 1256 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:50:27.0464 1256 MTConfig - ok
16:50:27.0479 1256 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:50:27.0479 1256 Mup - ok
16:50:27.0557 1256 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:50:27.0557 1256 NativeWifiP - ok
16:50:27.0604 1256 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:50:27.0620 1256 NDIS - ok
16:50:27.0651 1256 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:50:27.0651 1256 NdisCap - ok
16:50:27.0682 1256 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:50:27.0682 1256 NdisTapi - ok
16:50:27.0698 1256 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:50:27.0698 1256 Ndisuio - ok
16:50:27.0729 1256 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:50:27.0729 1256 NdisWan - ok
16:50:27.0745 1256 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:50:27.0745 1256 NDProxy - ok
16:50:27.0760 1256 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:50:27.0760 1256 NetBIOS - ok
16:50:27.0791 1256 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:50:27.0791 1256 NetBT - ok
16:50:27.0823 1256 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:50:27.0823 1256 nfrd960 - ok
16:50:27.0854 1256 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:50:27.0854 1256 NisDrv - ok
16:50:27.0869 1256 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:50:27.0869 1256 Npfs - ok
16:50:27.0885 1256 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:50:27.0885 1256 nsiproxy - ok
16:50:27.0963 1256 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:50:27.0979 1256 Ntfs - ok
16:50:27.0994 1256 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:50:27.0994 1256 Null - ok
16:50:28.0010 1256 nvlddmkm - ok
16:50:28.0057 1256 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:50:28.0057 1256 nvraid - ok
16:50:28.0057 1256 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:50:28.0072 1256 nvstor - ok
16:50:28.0088 1256 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:50:28.0088 1256 nv_agp - ok
16:50:28.0088 1256 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:50:28.0088 1256 ohci1394 - ok
16:50:28.0150 1256 P17 (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys
16:50:28.0166 1256 P17 - ok
16:50:28.0181 1256 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:50:28.0181 1256 Parport - ok
16:50:28.0197 1256 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:50:28.0197 1256 partmgr - ok
16:50:28.0213 1256 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:50:28.0213 1256 Parvdm - ok
16:50:28.0244 1256 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:50:28.0244 1256 pci - ok
16:50:28.0244 1256 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:50:28.0244 1256 pciide - ok
16:50:28.0259 1256 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:50:28.0259 1256 pcmcia - ok
16:50:28.0275 1256 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:50:28.0275 1256 pcw - ok
16:50:28.0291 1256 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:50:28.0291 1256 PEAUTH - ok
16:50:28.0353 1256 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:50:28.0353 1256 PptpMiniport - ok
16:50:28.0369 1256 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:50:28.0369 1256 Processor - ok
16:50:28.0400 1256 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:50:28.0400 1256 Psched - ok
16:50:28.0431 1256 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:50:28.0447 1256 ql2300 - ok
16:50:28.0447 1256 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:50:28.0447 1256 ql40xx - ok
16:50:28.0462 1256 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:50:28.0462 1256 QWAVEdrv - ok
16:50:28.0478 1256 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:50:28.0478 1256 RasAcd - ok
16:50:28.0509 1256 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:50:28.0509 1256 RasAgileVpn - ok
16:50:28.0525 1256 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:50:28.0525 1256 Rasl2tp - ok
16:50:28.0556 1256 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:50:28.0556 1256 RasPppoe - ok
16:50:28.0571 1256 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:50:28.0571 1256 RasSstp - ok
16:50:28.0603 1256 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:50:28.0603 1256 rdbss - ok
16:50:28.0618 1256 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:50:28.0618 1256 rdpbus - ok
16:50:28.0665 1256 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:50:28.0665 1256 RDPCDD - ok
16:50:28.0712 1256 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:50:28.0712 1256 RDPDR - ok
16:50:28.0743 1256 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:50:28.0743 1256 RDPENCDD - ok
16:50:28.0774 1256 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:50:28.0774 1256 RDPREFMP - ok
16:50:28.0821 1256 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
16:50:28.0821 1256 RdpVideoMiniport - ok
16:50:28.0852 1256 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
16:50:28.0852 1256 RDPWD - ok
16:50:28.0883 1256 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:50:28.0883 1256 rdyboost - ok
16:50:28.0930 1256 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:50:28.0930 1256 rspndr - ok
16:50:28.0961 1256 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
16:50:28.0961 1256 RTL8167 - ok
16:50:28.0993 1256 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:50:28.0993 1256 s3cap - ok
16:50:29.0024 1256 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:50:29.0024 1256 sbp2port - ok
16:50:29.0055 1256 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:50:29.0055 1256 scfilter - ok
16:50:29.0071 1256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:50:29.0071 1256 secdrv - ok
16:50:29.0102 1256 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:50:29.0102 1256 Serenum - ok
16:50:29.0117 1256 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:50:29.0117 1256 Serial - ok
16:50:29.0117 1256 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:50:29.0117 1256 sermouse - ok
16:50:29.0133 1256 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:50:29.0133 1256 sffdisk - ok
16:50:29.0149 1256 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:50:29.0149 1256 sffp_mmc - ok
16:50:29.0149 1256 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:50:29.0149 1256 sffp_sd - ok
16:50:29.0180 1256 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:50:29.0180 1256 sfloppy - ok
16:50:29.0211 1256 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:50:29.0211 1256 sisagp - ok
16:50:29.0273 1256 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:50:29.0273 1256 SiSRaid2 - ok
16:50:29.0289 1256 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:50:29.0289 1256 SiSRaid4 - ok
16:50:29.0305 1256 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:50:29.0305 1256 Smb - ok
16:50:29.0367 1256 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:50:29.0367 1256 spldr - ok
16:50:29.0429 1256 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:50:29.0445 1256 srv - ok
16:50:29.0445 1256 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:50:29.0445 1256 srv2 - ok
16:50:29.0461 1256 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:50:29.0461 1256 srvnet - ok
16:50:29.0492 1256 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:50:29.0492 1256 stexstor - ok
16:50:29.0523 1256 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:50:29.0523 1256 storflt - ok
16:50:29.0539 1256 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:50:29.0539 1256 storvsc - ok
16:50:29.0554 1256 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:50:29.0554 1256 swenum - ok
16:50:29.0601 1256 Synth3dVsc - ok
16:50:29.0648 1256 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:50:29.0648 1256 Tcpip - ok
16:50:29.0679 1256 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:50:29.0679 1256 TCPIP6 - ok
16:50:29.0710 1256 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:50:29.0710 1256 tcpipreg - ok
16:50:29.0741 1256 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:50:29.0741 1256 TDPIPE - ok
16:50:29.0757 1256 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
16:50:29.0757 1256 TDTCP - ok
16:50:29.0788 1256 tdx (0b82444215871fa9284a9a88f9019503) C:\Windows\system32\DRIVERS\tdx.sys
16:50:29.0788 1256 tdx - ok
16:50:29.0804 1256 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:50:29.0804 1256 TermDD - ok
16:50:29.0835 1256 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:50:29.0835 1256 tssecsrv - ok
16:50:29.0866 1256 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:50:29.0866 1256 TsUsbFlt - ok
16:50:29.0866 1256 tsusbhub - ok
16:50:29.0897 1256 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:50:29.0897 1256 tunnel - ok
16:50:29.0929 1256 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:50:29.0929 1256 uagp35 - ok
16:50:29.0960 1256 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:50:29.0960 1256 udfs - ok
16:50:29.0991 1256 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:50:29.0991 1256 uliagpkx - ok
16:50:30.0038 1256 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:50:30.0038 1256 umbus - ok
16:50:30.0053 1256 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:50:30.0053 1256 UmPass - ok
16:50:30.0085 1256 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
16:50:30.0085 1256 usbaudio - ok
16:50:30.0100 1256 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:50:30.0100 1256 usbccgp - ok
16:50:30.0100 1256 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:50:30.0100 1256 usbcir - ok
16:50:30.0116 1256 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:50:30.0116 1256 usbehci - ok
16:50:30.0131 1256 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:50:30.0147 1256 usbhub - ok
16:50:30.0147 1256 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
16:50:30.0147 1256 usbohci - ok
16:50:30.0163 1256 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:50:30.0163 1256 usbprint - ok
16:50:30.0178 1256 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:50:30.0178 1256 USBSTOR - ok
16:50:30.0194 1256 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
16:50:30.0194 1256 usbuhci - ok
16:50:30.0225 1256 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:50:30.0225 1256 vdrvroot - ok
16:50:30.0241 1256 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:50:30.0241 1256 vga - ok
16:50:30.0241 1256 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:50:30.0256 1256 VgaSave - ok
16:50:30.0256 1256 VGPU - ok
16:50:30.0272 1256 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:50:30.0287 1256 vhdmp - ok
16:50:30.0287 1256 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:50:30.0287 1256 viaagp - ok
16:50:30.0303 1256 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:50:30.0319 1256 ViaC7 - ok
16:50:30.0319 1256 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:50:30.0319 1256 viaide - ok
16:50:30.0350 1256 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:50:30.0350 1256 vmbus - ok
16:50:30.0365 1256 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:50:30.0365 1256 VMBusHID - ok
16:50:30.0381 1256 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:50:30.0381 1256 volmgr - ok
16:50:30.0381 1256 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:50:30.0397 1256 volmgrx - ok
16:50:30.0412 1256 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:50:30.0412 1256 volsnap - ok
16:50:30.0475 1256 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
16:50:30.0475 1256 vpnva - ok
16:50:30.0521 1256 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:50:30.0521 1256 vsmraid - ok
16:50:30.0537 1256 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:50:30.0537 1256 vwifibus - ok
16:50:30.0553 1256 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:50:30.0553 1256 WacomPen - ok
16:50:30.0599 1256 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:50:30.0599 1256 WANARP - ok
16:50:30.0599 1256 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:50:30.0599 1256 Wanarpv6 - ok
16:50:30.0615 1256 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:50:30.0615 1256 Wd - ok
16:50:30.0646 1256 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
16:50:30.0646 1256 WDC_SAM - ok
16:50:30.0724 1256 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:50:30.0802 1256 Wdf01000 - ok
16:50:30.0880 1256 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:50:30.0880 1256 WfpLwf - ok
16:50:30.0880 1256 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:50:30.0880 1256 WIMMount - ok
16:50:30.0958 1256 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:50:30.0958 1256 WinUsb - ok
16:50:30.0974 1256 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:50:30.0974 1256 WmiAcpi - ok
16:50:31.0005 1256 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:50:31.0005 1256 ws2ifsl - ok
16:50:31.0036 1256 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:50:31.0036 1256 WudfPf - ok
16:50:31.0067 1256 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:50:31.0067 1256 WUDFRd - ok
16:50:31.0083 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:50:31.0099 1256 \Device\Harddisk0\DR0 - ok
16:50:31.0099 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:50:31.0114 1256 \Device\Harddisk1\DR1 - ok
16:50:31.0114 1256 Boot (0x1200) (a3c17c0b61bc2b230078eac161341c66) \Device\Harddisk0\DR0\Partition0
16:50:31.0114 1256 \Device\Harddisk0\DR0\Partition0 - ok
16:50:31.0130 1256 Boot (0x1200) (eb28b92a9e39663b8d9a686a7d4abe34) \Device\Harddisk1\DR1\Partition0
16:50:31.0130 1256 \Device\Harddisk1\DR1\Partition0 - ok
16:50:31.0130 1256 ============================================================
16:50:31.0130 1256 Scan finished
16:50:31.0130 1256 ============================================================
16:50:31.0130 2096 Detected object count: 0
16:50:31.0130 2096 Actual detected object count: 0
16:51:09.0073 2492 Deinitialize success


ASWMBR:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 16:53:01
-----------------------------
16:53:01.994 OS Version: Windows 6.1.7601 Service Pack 1
16:53:01.994 Number of processors: 4 586 0x402
16:53:01.994 ComputerName: JEREMY-PC UserName: Jeremy
16:53:02.369 Initialize success
16:53:46.975 AVAST engine defs: 11122102
16:53:57.225 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
16:53:57.225 Disk 0 Vendor: MAXTOR_6L040J2 A93.0500 Size: 38171MB BusType: 3
16:53:57.240 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5
16:53:57.240 Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476938MB BusType: 3
16:53:59.253 Disk 1 MBR read successfully
16:53:59.268 Disk 1 MBR scan
16:53:59.268 Disk 1 Windows 7 default MBR code
16:53:59.268 Disk 1 scanning sectors +976766976
16:53:59.331 Disk 1 scanning C:\Windows\system32\drivers
16:54:09.377 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Aluroot [Rtk]
16:54:10.563 Service scanning
16:54:11.452 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:54:12.076 Modules scanning
16:54:15.367 Scan finished successfully
16:54:51.887 Disk 1 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\G2G Fixes\MBR.dat"
16:54:51.887 The log file has been saved successfully to "C:\Users\Jeremy\Desktop\G2G Fixes\aswMBR log.txt"


MBAM:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122107

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/21/2011 5:01:46 PM
mbam-log-2011-12-21 (17-01-46).txt

Scan type: Quick scan
Objects scanned: 162623
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL LOG:
OTL logfile created on: 12/21/2011 5:02:58 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.52% Memory free
6.50 Gb Paging File | 5.35 Gb Available in Paging File | 82.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 332.36 Gb Free Space | 71.36% Space Free | Partition Type: NTFS
Drive E: | 37.27 Gb Total Space | 2.42 Gb Free Space | 6.50% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/17 19:00:45 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/09/05 11:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/07/07 21:25:20 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/06/26 11:09:47 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/10 10:34:22 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/28 10:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2009/07/13 19:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:30:39 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/12 02:27:26 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/12 02:23:44 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\PresentationFramework.Classic.ni.dll
MOD - [2011/10/12 02:23:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/12 02:23:30 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/12 02:23:29 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/12 02:23:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 02:23:17 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:23:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 02:23:00 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 02:22:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 02:22:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 02:22:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 02:22:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 02:22:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/07 22:44:44 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/07/07 22:35:08 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/06/26 11:09:47 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/10 08:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/23 06:55:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/18 01:01:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/16 15:45:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/12/15 23:18:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/02/19 11:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/21 16:56:19 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/12 10:07:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/07/07 22:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/07 20:46:42 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 12:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/01/22 16:36:27 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 02:39:17 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/17 14:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/16 01:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/03 20:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A FD 04 3A 29 9D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/02 08:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 17:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 17:24:59 | 000,000,000 | ---D | M]

[2010/12/16 15:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/12/20 20:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions
[2011/12/20 20:40:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/11/05 09:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 11:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 09:23:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/10 16:14:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/02 08:43:52 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/05/04 02:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/21 07:32:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D592450-7706-4E38-8CBC-2E0EC730EDF8}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/12 22:18:21 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 16:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/21 16:58:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/21 16:57:51 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/21 07:35:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/21 07:32:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/21 07:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\temp
[2011/12/21 07:21:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.svs
[2011/12/21 07:17:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 07:17:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 07:17:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 07:17:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/21 07:13:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 07:07:29 | 004,346,890 | R--- | C] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/21 07:03:38 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\G2G Fixes
[2011/12/18 12:03:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/12/18 11:26:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/17 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/17 22:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/12/17 19:00:51 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 18:59:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/17 18:59:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/14 22:10:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 22:10:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 22:10:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 22:10:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 22:10:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 22:09:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 17:43:43 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 17:43:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 17:43:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 17:43:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 17:43:36 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 17:43:36 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/11/26 12:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/24 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Minecraft Server Marth and Jeremy

========== Files - Modified Within 30 Days ==========

[2011/12/21 17:03:29 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 17:03:29 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 17:03:14 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/21 17:03:14 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/21 16:58:17 | 000,001,095 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/21 16:57:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/21 16:56:23 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 16:56:19 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2011/12/21 16:56:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/21 16:56:10 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 07:32:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/21 07:07:31 | 004,346,890 | R--- | M] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/20 19:00:28 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/20 19:00:28 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/12/17 22:11:14 | 000,002,991 | ---- | M] () -- C:\Users\Jeremy\Desktop\HiJackThis.lnk
[2011/12/17 19:00:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 19:00:50 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/17 16:54:09 | 000,010,364 | ---- | M] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/12/17 16:13:48 | 000,011,288 | -HS- | M] () -- C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/17 16:13:48 | 000,011,288 | -HS- | M] () -- C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/15 07:00:47 | 003,763,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/08 06:55:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/23 22:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files Created - No Company Name ==========

[2011/12/21 16:58:17 | 000,001,095 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/21 16:56:23 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 07:17:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 07:17:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 07:17:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 07:17:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 07:17:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/17 22:11:14 | 000,002,991 | ---- | C] () -- C:\Users\Jeremy\Desktop\HiJackThis.lnk
[2011/12/17 21:59:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/17 18:59:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/17 18:59:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/17 16:54:06 | 000,010,364 | ---- | C] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/12/17 15:35:06 | 000,011,288 | -HS- | C] () -- C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/17 15:35:06 | 000,011,288 | -HS- | C] () -- C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i
[2011/09/10 23:13:19 | 000,007,606 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
[2011/08/10 16:53:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/07 22:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/07/07 05:47:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/07 05:46:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2011/07/07 05:46:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/20 20:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/13 09:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/05/07 16:09:15 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/07 16:09:14 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/05/07 16:08:14 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/05/07 16:08:13 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/07 16:08:13 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/09 16:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 14:36:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/23 14:05:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/06 11:00:11 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/12/16 17:37:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/12/15 23:16:05 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/12/15 23:16:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/16 05:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 003,763,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/13 05:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 04:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/07 04:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2005/07/11 18:01:28 | 000,012,244 | ---- | C] () -- C:\Windows\MSUMLT_Y.INI
[2005/03/08 05:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

< End of report >


OTL EXTRA:
OTL Extras logfile created on: 12/21/2011 5:02:58 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.52% Memory free
6.50 Gb Paging File | 5.35 Gb Available in Paging File | 82.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 332.36 Gb Free Space | 71.36% Space Free | Partition Type: NTFS
Drive E: | 37.27 Gb Total Space | 2.42 Gb Free Space | 6.50% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F81710-7F87-ECFC-BFD3-5F5C4045433A}" = AMD Media Foundation Decoders
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11661616-6C82-1CA6-874A-2C7A5A7BF72C}" = ATI Catalyst Install Manager
"{1668DB7B-3631-4F23-B1CB-8981979860FB}" = Combat Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{341739C6-79A4-4F7B-A34E-FDAE88749246}" = G*Power 3.1.2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D4D4CBF-79F3-4E38-A1DC-30646F030443}" = Microsoft LifeChat
"{3FCB20AD-FFFB-75AD-6A74-887ACED18CC3}" = Catalyst Control Center Graphics Previews Common
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43867B63-C464-4570-823D-D92DC08E3400}_is1" = Army Builder 3.3b
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}" = ILLUSION ジンコウガクエン きゃらめいく
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54DBFEC2-ABD3-4088-7B71-353063908CFD}" = AMD VISION Engine Control Center
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F2E5BB1-33E8-B06B-E965-19EE7117A445}" = AMD Drag and Drop Transcoding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{841C7C00-3FAE-4862-989D-4D564DC6D504}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1" = HF pAppLoc version 0.8
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD1D6AB-CD40-5E5B-72F2-8F258F58B905}" = CCC Help English
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C109AF5B-69D0-4C93-B360-F28D9FAB6084}" = ILLUSION ジンコウガクエン
"{C885824E-188F-8206-E2C2-B32728D6E52A}" = Catalyst Control Center InstallProxy
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F1FA508A-526F-CCA9-0998-D904BF1A80A1}" = ccc-utility
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8A2C087-24EA-E873-FBD9-C901E2EFF299}" = AMD Fuel
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Comical_is1" = Comical 0.8
"ConstructMap46 beta_is1" = ConstructMap v4.6.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DAEMON Tools Lite" = DAEMON Tools Lite
"Hero Lab V3.6g" = Hero Lab V3.6g
"hon" = Heroes of Newerth
"KONICA MINOLTA PagePro 1400W" = KONICA MINOLTA PagePro 1400W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDFCanvas V1.5" = PDFCanvas V1.5
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Steam App 19900" = Far Cry 2
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 7760" = X-COM: UFO Defense
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 Indiana" = TaxACT 2010 Indiana
"VASSAL (3.1.15)" = VASSAL (3.1.15)
"Vuze Toolbar" = Vuze Toolbar
"WaveStudio 7" = Creative WaveStudio 7
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >




That should do it. Note that with aswMBR.exe the "Fix" button was NOT highlighted.

Thank you so much for all you do here.

Jeremy

Attached Thumbnails

  • Disk management.jpg

Edited by JeremyK, 21 December 2011 - 05:19 PM.

  • 0

#4
RKinner
Posted 21 December 2011 - 05:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt


attach the file \windows\logs\cbs\junk.txt to your next reply.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.




Copy the text in the code box:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
mdnsNSP.dll
tdx.sys
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Run aswMBR again. This time do not uncheck trace disk IO calls

Ron
  • 0

#5
JeremyK
Posted 21 December 2011 - 06:51 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ron--

Here we go:

Junk.txt:
2011-12-21 18:26:04, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:04, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:07, Info CSI 0000000c [SR] Verify complete
2011-12-21 18:26:07, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:07, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:09, Info CSI 00000010 [SR] Verify complete
2011-12-21 18:26:09, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:09, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:11, Info CSI 00000014 [SR] Verify complete
2011-12-21 18:26:11, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:11, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:14, Info CSI 00000018 [SR] Verify complete
2011-12-21 18:26:14, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:14, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:16, Info CSI 0000001c [SR] Verify complete
2011-12-21 18:26:16, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:16, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:19, Info CSI 00000020 [SR] Verify complete
2011-12-21 18:26:19, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:19, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:21, Info CSI 00000024 [SR] Verify complete
2011-12-21 18:26:22, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:22, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:24, Info CSI 00000028 [SR] Verify complete
2011-12-21 18:26:24, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:24, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:27, Info CSI 0000002c [SR] Verify complete
2011-12-21 18:26:27, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:27, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:29, Info CSI 00000030 [SR] Verify complete
2011-12-21 18:26:29, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:29, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:31, Info CSI 00000034 [SR] Verify complete
2011-12-21 18:26:31, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:31, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:35, Info CSI 00000038 [SR] Verify complete
2011-12-21 18:26:35, Info CSI 00000039 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:35, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:38, Info CSI 0000003e [SR] Verify complete
2011-12-21 18:26:38, Info CSI 0000003f [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:38, Info CSI 00000040 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:41, Info CSI 00000044 [SR] Verify complete
2011-12-21 18:26:41, Info CSI 00000045 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:41, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:43, Info CSI 00000048 [SR] Verify complete
2011-12-21 18:26:43, Info CSI 00000049 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:43, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:47, Info CSI 00000051 [SR] Verify complete
2011-12-21 18:26:47, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:47, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:52, Info CSI 0000005a [SR] Verify complete
2011-12-21 18:26:52, Info CSI 0000005b [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:52, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:56, Info CSI 0000005e [SR] Verify complete
2011-12-21 18:26:56, Info CSI 0000005f [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:56, Info CSI 00000060 [SR] Beginning Verify and Repair transaction
2011-12-21 18:26:59, Info CSI 00000062 [SR] Verify complete
2011-12-21 18:26:59, Info CSI 00000063 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:26:59, Info CSI 00000064 [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:02, Info CSI 00000066 [SR] Verify complete
2011-12-21 18:27:02, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:02, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:05, Info CSI 0000006a [SR] Verify complete
2011-12-21 18:27:05, Info CSI 0000006b [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:05, Info CSI 0000006c [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:10, Info CSI 0000006e [SR] Verify complete
2011-12-21 18:27:10, Info CSI 0000006f [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:10, Info CSI 00000070 [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:17, Info CSI 00000074 [SR] Verify complete
2011-12-21 18:27:17, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:17, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:21, Info CSI 00000078 [SR] Verify complete
2011-12-21 18:27:21, Info CSI 00000079 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:21, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:31, Info CSI 0000007c [SR] Verify complete
2011-12-21 18:27:32, Info CSI 0000007d [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:32, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:38, Info CSI 00000080 [SR] Verify complete
2011-12-21 18:27:38, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:38, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:40, Info CSI 00000084 [SR] Verify complete
2011-12-21 18:27:40, Info CSI 00000085 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:40, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:41, Info CSI 00000088 [SR] Verify complete
2011-12-21 18:27:41, Info CSI 00000089 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:41, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:42, Info CSI 0000008c [SR] Verify complete
2011-12-21 18:27:42, Info CSI 0000008d [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:42, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:50, Info CSI 000000ac [SR] Verify complete
2011-12-21 18:27:50, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:50, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:52, Info CSI 000000b0 [SR] Verify complete
2011-12-21 18:27:52, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:52, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:54, Info CSI 000000b4 [SR] Verify complete
2011-12-21 18:27:55, Info CSI 000000b5 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:55, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2011-12-21 18:27:57, Info CSI 000000b8 [SR] Verify complete
2011-12-21 18:27:57, Info CSI 000000b9 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:27:57, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:01, Info CSI 000000bc [SR] Verify complete
2011-12-21 18:28:01, Info CSI 000000bd [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:01, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:08, Info CSI 000000c1 [SR] Verify complete
2011-12-21 18:28:08, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:08, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:11, Info CSI 000000c5 [SR] Verify complete
2011-12-21 18:28:11, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:11, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:13, Info CSI 000000c9 [SR] Verify complete
2011-12-21 18:28:13, Info CSI 000000ca [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:13, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:16, Info CSI 000000cd [SR] Verify complete
2011-12-21 18:28:17, Info CSI 000000ce [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:17, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:20, Info CSI 000000d1 [SR] Verify complete
2011-12-21 18:28:20, Info CSI 000000d2 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:20, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:23, Info CSI 000000d5 [SR] Verify complete
2011-12-21 18:28:23, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:23, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:30, Info CSI 000000da [SR] Verify complete
2011-12-21 18:28:30, Info CSI 000000db [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:30, Info CSI 000000dc [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:37, Info CSI 00000101 [SR] Verify complete
2011-12-21 18:28:37, Info CSI 00000102 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:37, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:42, Info CSI 00000105 [SR] Verify complete
2011-12-21 18:28:42, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:42, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2011-12-21 18:28:55, Info CSI 00000109 [SR] Verify complete
2011-12-21 18:28:55, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2011-12-21 18:28:55, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:02, Info CSI 0000010e [SR] Verify complete
2011-12-21 18:29:02, Info CSI 0000010f [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:02, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:09, Info CSI 00000112 [SR] Verify complete
2011-12-21 18:29:09, Info CSI 00000113 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:09, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:14, Info CSI 00000116 [SR] Verify complete
2011-12-21 18:29:14, Info CSI 00000117 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:14, Info CSI 00000118 [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:17, Info CSI 0000011a [SR] Verify complete
2011-12-21 18:29:17, Info CSI 0000011b [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:17, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:21, Info CSI 0000011e [SR] Verify complete
2011-12-21 18:29:21, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:21, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:25, Info CSI 00000123 [SR] Verify complete
2011-12-21 18:29:25, Info CSI 00000124 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:25, Info CSI 00000125 [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:27, Info CSI 00000127 [SR] Verify complete
2011-12-21 18:29:27, Info CSI 00000128 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:27, Info CSI 00000129 [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:39, Info CSI 0000012b [SR] Verify complete
2011-12-21 18:29:40, Info CSI 0000012c [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:40, Info CSI 0000012d [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:46, Info CSI 00000130 [SR] Verify complete
2011-12-21 18:29:46, Info CSI 00000131 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:46, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:50, Info CSI 00000134 [SR] Verify complete
2011-12-21 18:29:50, Info CSI 00000135 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:50, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2011-12-21 18:29:55, Info CSI 00000138 [SR] Verify complete
2011-12-21 18:29:55, Info CSI 00000139 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:29:55, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:03, Info CSI 0000013d [SR] Verify complete
2011-12-21 18:30:03, Info CSI 0000013e [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:03, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:06, Info CSI 00000141 [SR] Verify complete
2011-12-21 18:30:07, Info CSI 00000142 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:07, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:11, Info CSI 00000145 [SR] Verify complete
2011-12-21 18:30:11, Info CSI 00000146 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:11, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:15, Info CSI 00000149 [SR] Verify complete
2011-12-21 18:30:16, Info CSI 0000014a [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:16, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:20, Info CSI 0000014e [SR] Verify complete
2011-12-21 18:30:20, Info CSI 0000014f [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:20, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:23, Info CSI 00000151 [SR] Cannot repair member file [l:14{7}]"tdx.sys" of Microsoft-Windows-TDI-Over-TCPIP, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2011-12-21 18:30:24, Info CSI 00000152 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:14{7}]"tdx.sys" by copying from backup
2011-12-21 18:30:24, Info CSI 00000154 [SR] Repairing corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\System32\drivers"\[l:14{7}]"tdx.sys" from store
2011-12-21 18:30:25, Info CSI 00000156 [SR] Verify complete
2011-12-21 18:30:25, Info CSI 00000157 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:25, Info CSI 00000158 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:28, Info CSI 0000015a [SR] Verify complete
2011-12-21 18:30:28, Info CSI 0000015b [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:28, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:32, Info CSI 0000015e [SR] Verify complete
2011-12-21 18:30:33, Info CSI 0000015f [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:33, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:38, Info CSI 00000163 [SR] Verify complete
2011-12-21 18:30:38, Info CSI 00000164 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:38, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:42, Info CSI 00000167 [SR] Verify complete
2011-12-21 18:30:42, Info CSI 00000168 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:42, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:48, Info CSI 0000016b [SR] Verify complete
2011-12-21 18:30:48, Info CSI 0000016c [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:48, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:53, Info CSI 0000016f [SR] Verify complete
2011-12-21 18:30:53, Info CSI 00000170 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:53, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:57, Info CSI 00000173 [SR] Verify complete
2011-12-21 18:30:57, Info CSI 00000174 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:57, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2011-12-21 18:30:59, Info CSI 00000177 [SR] Verify complete
2011-12-21 18:30:59, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:30:59, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:02, Info CSI 0000017b [SR] Verify complete
2011-12-21 18:31:03, Info CSI 0000017c [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:03, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:06, Info CSI 0000017f [SR] Verify complete
2011-12-21 18:31:06, Info CSI 00000180 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:06, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:10, Info CSI 00000183 [SR] Verify complete
2011-12-21 18:31:10, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:10, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:12, Info CSI 00000187 [SR] Verify complete
2011-12-21 18:31:13, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:13, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:16, Info CSI 0000018b [SR] Verify complete
2011-12-21 18:31:17, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:17, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:29, Info CSI 0000018f [SR] Verify complete
2011-12-21 18:31:29, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:29, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:47, Info CSI 00000193 [SR] Verify complete
2011-12-21 18:31:47, Info CSI 00000194 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:47, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:51, Info CSI 00000197 [SR] Verify complete
2011-12-21 18:31:51, Info CSI 00000198 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:51, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:53, Info CSI 0000019b [SR] Verify complete
2011-12-21 18:31:53, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:53, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:55, Info CSI 0000019f [SR] Verify complete
2011-12-21 18:31:55, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:55, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2011-12-21 18:31:57, Info CSI 000001a3 [SR] Verify complete
2011-12-21 18:31:57, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:31:57, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2011-12-21 18:32:00, Info CSI 000001a7 [SR] Verify complete
2011-12-21 18:32:00, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2011-12-21 18:32:00, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2011-12-21 18:32:05, Info CSI 000001ab [SR] Verify complete
2011-12-21 18:32:05, Info CSI 000001ac [SR] Verifying 14 (0x0000000e) components
2011-12-21 18:32:05, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2011-12-21 18:32:05, Info CSI 000001af [SR] Verify complete
2011-12-21 18:32:05, Info CSI 000001b0 [SR] Repairing 1 components
2011-12-21 18:32:05, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2011-12-21 18:32:05, Info CSI 000001b2 [SR] Cannot repair member file [l:14{7}]"tdx.sys" of Microsoft-Windows-TDI-Over-TCPIP, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2011-12-21 18:32:05, Info CSI 000001b3 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:14{7}]"tdx.sys" by copying from backup
2011-12-21 18:32:05, Info CSI 000001b5 [SR] Repairing corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\System32\drivers"\[l:14{7}]"tdx.sys" from store
2011-12-21 18:32:05, Info CSI 000001b7 [SR] Repair complete
2011-12-21 18:32:05, Info CSI 000001b8 [SR] Committing transaction
2011-12-21 18:32:05, Info CSI 000001b9 [SR] Cannot commit interactively, there are boot critical components being repaired
2011-12-21 18:32:05, Info CSI 000001ba [SR] Repairing 1 components
2011-12-21 18:32:05, Info CSI 000001bb [SR] Beginning Verify and Repair transaction
2011-12-21 18:32:05, Info CSI 000001bc [SR] Cannot repair member file [l:14{7}]"tdx.sys" of Microsoft-Windows-TDI-Over-TCPIP, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2011-12-21 18:32:05, Info CSI 000001bd [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:14{7}]"tdx.sys" by copying from backup
2011-12-21 18:32:05, Info CSI 000001bf [SR] Repairing corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\System32\drivers"\[l:14{7}]"tdx.sys" from store
2011-12-21 18:32:05, Info CSI 000001c1 [SR] Repair complete

TDSS:

18:36:04.0812 3552 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:36:05.0312 3552 ============================================================
18:36:05.0312 3552 Current date / time: 2011/12/21 18:36:05.0312
18:36:05.0312 3552 SystemInfo:
18:36:05.0312 3552
18:36:05.0312 3552 OS Version: 6.1.7601 ServicePack: 1.0
18:36:05.0312 3552 Product type: Workstation
18:36:05.0312 3552 ComputerName: JEREMY-PC
18:36:05.0312 3552 UserName: Jeremy
18:36:05.0312 3552 Windows directory: C:\Windows
18:36:05.0312 3552 System windows directory: C:\Windows
18:36:05.0312 3552 Processor architecture: Intel x86
18:36:05.0312 3552 Number of processors: 4
18:36:05.0312 3552 Page size: 0x1000
18:36:05.0312 3552 Boot type: Normal boot
18:36:05.0312 3552 ============================================================
18:36:09.0321 3552 Initialize success
18:36:42.0409 3856 ============================================================
18:36:42.0409 3856 Scan started
18:36:42.0409 3856 Mode: Manual; SigCheck; TDLFS;
18:36:42.0409 3856 ============================================================
18:36:43.0220 3856 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:36:43.0267 3856 1394ohci - ok
18:36:43.0298 3856 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:36:43.0313 3856 ACPI - ok
18:36:43.0329 3856 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:36:43.0360 3856 AcpiPmi - ok
18:36:43.0423 3856 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:36:43.0454 3856 adp94xx - ok
18:36:43.0469 3856 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:36:43.0485 3856 adpahci - ok
18:36:43.0501 3856 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:36:43.0516 3856 adpu320 - ok
18:36:43.0547 3856 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:36:43.0563 3856 AFD - ok
18:36:43.0579 3856 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:36:43.0579 3856 agp440 - ok
18:36:43.0594 3856 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:36:43.0610 3856 aic78xx - ok
18:36:43.0641 3856 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:36:43.0657 3856 aliide - ok
18:36:43.0688 3856 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:36:43.0703 3856 amdagp - ok
18:36:43.0719 3856 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:36:43.0719 3856 amdide - ok
18:36:43.0750 3856 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
18:36:43.0781 3856 amdiox86 - ok
18:36:43.0797 3856 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:36:43.0813 3856 AmdK8 - ok
18:36:43.0969 3856 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys
18:36:44.0125 3856 amdkmdag - ok
18:36:44.0203 3856 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys
18:36:44.0265 3856 amdkmdap - ok
18:36:44.0312 3856 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:36:44.0343 3856 AmdPPM - ok
18:36:44.0374 3856 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:36:44.0405 3856 amdsata - ok
18:36:44.0421 3856 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:36:44.0437 3856 amdsbs - ok
18:36:44.0437 3856 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:36:44.0452 3856 amdxata - ok
18:36:44.0499 3856 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:36:44.0577 3856 AppID - ok
18:36:44.0608 3856 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:36:44.0624 3856 arc - ok
18:36:44.0639 3856 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:36:44.0639 3856 arcsas - ok
18:36:44.0671 3856 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:36:44.0749 3856 AsyncMac - ok
18:36:44.0764 3856 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:36:44.0780 3856 atapi - ok
18:36:44.0811 3856 AtiHDAudioService (45fe74599fba4070e7c7dac928896474) C:\Windows\system32\drivers\AtihdW73.sys
18:36:44.0827 3856 AtiHDAudioService - ok
18:36:44.0858 3856 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:36:44.0905 3856 b06bdrv - ok
18:36:44.0936 3856 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:36:44.0936 3856 b57nd60x - ok
18:36:44.0951 3856 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:36:44.0983 3856 Beep - ok
18:36:44.0998 3856 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:36:45.0014 3856 blbdrive - ok
18:36:45.0029 3856 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:36:45.0045 3856 bowser - ok
18:36:45.0061 3856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:36:45.0076 3856 BrFiltLo - ok
18:36:45.0076 3856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:36:45.0092 3856 BrFiltUp - ok
18:36:45.0123 3856 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:36:45.0139 3856 Brserid - ok
18:36:45.0139 3856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:36:45.0170 3856 BrSerWdm - ok
18:36:45.0185 3856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:36:45.0217 3856 BrUsbMdm - ok
18:36:45.0232 3856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:36:45.0263 3856 BrUsbSer - ok
18:36:45.0263 3856 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:36:45.0295 3856 BTHMODEM - ok
18:36:45.0388 3856 catchme - ok
18:36:45.0419 3856 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:36:45.0482 3856 cdfs - ok
18:36:45.0529 3856 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:36:45.0560 3856 cdrom - ok
18:36:45.0575 3856 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:36:45.0591 3856 circlass - ok
18:36:45.0607 3856 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:36:45.0622 3856 CLFS - ok
18:36:45.0653 3856 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:36:45.0669 3856 CmBatt - ok
18:36:45.0700 3856 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:36:45.0700 3856 cmdide - ok
18:36:45.0731 3856 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:36:45.0747 3856 CNG - ok
18:36:45.0763 3856 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:36:45.0778 3856 Compbatt - ok
18:36:45.0794 3856 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:36:45.0809 3856 CompositeBus - ok
18:36:45.0841 3856 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:36:45.0841 3856 crcdisk - ok
18:36:45.0903 3856 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:36:45.0934 3856 CSC - ok
18:36:45.0997 3856 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:36:46.0043 3856 DfsC - ok
18:36:46.0075 3856 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:36:46.0106 3856 discache - ok
18:36:46.0137 3856 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:36:46.0137 3856 Disk - ok
18:36:46.0168 3856 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:36:46.0168 3856 drmkaud - ok
18:36:46.0199 3856 dtsoftbus01 (b672b993207dd5e2f73fcda8c0427b0f) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:36:46.0215 3856 dtsoftbus01 - ok
18:36:46.0246 3856 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:36:46.0262 3856 DXGKrnl - ok
18:36:46.0340 3856 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:36:46.0402 3856 ebdrv - ok
18:36:46.0433 3856 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:36:46.0449 3856 elxstor - ok
18:36:46.0480 3856 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:36:46.0480 3856 ErrDev - ok
18:36:46.0511 3856 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:36:46.0543 3856 exfat - ok
18:36:46.0558 3856 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:36:46.0574 3856 fastfat - ok
18:36:46.0605 3856 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:36:46.0605 3856 fdc - ok
18:36:46.0621 3856 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:36:46.0636 3856 FileInfo - ok
18:36:46.0636 3856 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:36:46.0667 3856 Filetrace - ok
18:36:46.0699 3856 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:36:46.0714 3856 flpydisk - ok
18:36:46.0730 3856 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:36:46.0761 3856 FltMgr - ok
18:36:46.0777 3856 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:36:46.0792 3856 FsDepends - ok
18:36:46.0792 3856 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:36:46.0792 3856 Fs_Rec - ok
18:36:46.0823 3856 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:36:46.0839 3856 fvevol - ok
18:36:46.0870 3856 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:36:46.0870 3856 gagp30kx - ok
18:36:46.0901 3856 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
18:36:46.0901 3856 gdrv - ok
18:36:46.0917 3856 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:36:46.0964 3856 hcw85cir - ok
18:36:47.0011 3856 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:36:47.0042 3856 HdAudAddService - ok
18:36:47.0073 3856 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:36:47.0089 3856 HDAudBus - ok
18:36:47.0089 3856 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:36:47.0104 3856 HidBatt - ok
18:36:47.0135 3856 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:36:47.0167 3856 HidBth - ok
18:36:47.0198 3856 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:36:47.0229 3856 HidIr - ok
18:36:47.0260 3856 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:36:47.0276 3856 HidUsb - ok
18:36:47.0291 3856 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:36:47.0307 3856 HpSAMD - ok
18:36:47.0338 3856 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:36:47.0385 3856 HTTP - ok
18:36:47.0401 3856 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:36:47.0416 3856 hwpolicy - ok
18:36:47.0432 3856 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:36:47.0432 3856 i8042prt - ok
18:36:47.0463 3856 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:36:47.0479 3856 iaStorV - ok
18:36:47.0494 3856 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:36:47.0494 3856 iirsp - ok
18:36:47.0541 3856 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:36:47.0557 3856 intelide - ok
18:36:47.0588 3856 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:36:47.0635 3856 intelppm - ok
18:36:47.0650 3856 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:36:47.0697 3856 IpFilterDriver - ok
18:36:47.0713 3856 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:36:47.0744 3856 IPMIDRV - ok
18:36:47.0759 3856 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:36:47.0822 3856 IPNAT - ok
18:36:47.0837 3856 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:36:47.0915 3856 IRENUM - ok
18:36:47.0931 3856 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:36:47.0931 3856 isapnp - ok
18:36:47.0947 3856 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:36:47.0962 3856 iScsiPrt - ok
18:36:47.0993 3856 JRAID (a324485106f133e751f4b7f47c4be3ea) C:\Windows\system32\DRIVERS\jraid.sys
18:36:48.0040 3856 JRAID - ok
18:36:48.0056 3856 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:36:48.0071 3856 kbdclass - ok
18:36:48.0087 3856 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:36:48.0103 3856 kbdhid - ok
18:36:48.0134 3856 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:36:48.0134 3856 KSecDD - ok
18:36:48.0149 3856 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:36:48.0149 3856 KSecPkg - ok
18:36:48.0212 3856 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
18:36:48.0227 3856 Lavasoft Kernexplorer - ok
18:36:48.0259 3856 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
18:36:48.0290 3856 Lbd - ok
18:36:48.0305 3856 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:36:48.0352 3856 lltdio - ok
18:36:48.0399 3856 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:36:48.0399 3856 LSI_FC - ok
18:36:48.0415 3856 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:36:48.0415 3856 LSI_SAS - ok
18:36:48.0430 3856 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:36:48.0430 3856 LSI_SAS2 - ok
18:36:48.0446 3856 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:36:48.0461 3856 LSI_SCSI - ok
18:36:48.0477 3856 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:36:48.0508 3856 luafv - ok
18:36:48.0539 3856 MBAMSwissArmy - ok
18:36:48.0555 3856 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:36:48.0571 3856 megasas - ok
18:36:48.0571 3856 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:36:48.0602 3856 MegaSR - ok
18:36:48.0617 3856 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:36:48.0649 3856 Modem - ok
18:36:48.0664 3856 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:36:48.0680 3856 monitor - ok
18:36:48.0711 3856 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:36:48.0727 3856 mouclass - ok
18:36:48.0742 3856 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:36:48.0742 3856 mouhid - ok
18:36:48.0758 3856 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:36:48.0773 3856 mountmgr - ok
18:36:48.0805 3856 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:36:48.0836 3856 MpFilter - ok
18:36:48.0867 3856 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:36:48.0867 3856 mpio - ok
18:36:48.0914 3856 MpKsl55b2d481 - ok
18:36:48.0929 3856 MpKsl74f60940 - ok
18:36:48.0945 3856 MpKsl8f2d90e6 - ok
18:36:48.0961 3856 MpKsla0148213 - ok
18:36:48.0961 3856 MpKslaee1f93e - ok
18:36:48.0976 3856 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:36:48.0992 3856 MpNWMon - ok
18:36:49.0007 3856 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:36:49.0039 3856 mpsdrv - ok
18:36:49.0054 3856 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:36:49.0101 3856 MRxDAV - ok
18:36:49.0132 3856 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:36:49.0179 3856 mrxsmb - ok
18:36:49.0195 3856 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:36:49.0210 3856 mrxsmb10 - ok
18:36:49.0226 3856 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:36:49.0241 3856 mrxsmb20 - ok
18:36:49.0273 3856 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:36:49.0288 3856 msahci - ok
18:36:49.0319 3856 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:36:49.0319 3856 msdsm - ok
18:36:49.0351 3856 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:36:49.0382 3856 Msfs - ok
18:36:49.0397 3856 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:36:49.0444 3856 mshidkmdf - ok
18:36:49.0460 3856 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:36:49.0460 3856 msisadrv - ok
18:36:49.0491 3856 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:36:49.0522 3856 MSKSSRV - ok
18:36:49.0538 3856 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:36:49.0585 3856 MSPCLOCK - ok
18:36:49.0585 3856 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:36:49.0631 3856 MSPQM - ok
18:36:49.0647 3856 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:36:49.0647 3856 MsRPC - ok
18:36:49.0663 3856 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:36:49.0678 3856 mssmbios - ok
18:36:49.0678 3856 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:36:49.0709 3856 MSTEE - ok
18:36:49.0725 3856 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:36:49.0741 3856 MTConfig - ok
18:36:49.0756 3856 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:36:49.0756 3856 Mup - ok
18:36:49.0787 3856 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:36:49.0803 3856 NativeWifiP - ok
18:36:49.0834 3856 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:36:49.0850 3856 NDIS - ok
18:36:49.0865 3856 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:36:49.0881 3856 NdisCap - ok
18:36:49.0912 3856 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:36:49.0928 3856 NdisTapi - ok
18:36:49.0959 3856 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:36:50.0006 3856 Ndisuio - ok
18:36:50.0037 3856 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:36:50.0068 3856 NdisWan - ok
18:36:50.0099 3856 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:36:50.0115 3856 NDProxy - ok
18:36:50.0115 3856 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:36:50.0146 3856 NetBIOS - ok
18:36:50.0177 3856 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:36:50.0209 3856 NetBT - ok
18:36:50.0240 3856 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:36:50.0255 3856 nfrd960 - ok
18:36:50.0287 3856 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:36:50.0287 3856 NisDrv - ok
18:36:50.0318 3856 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:36:50.0333 3856 Npfs - ok
18:36:50.0349 3856 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:36:50.0396 3856 nsiproxy - ok
18:36:50.0443 3856 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:36:50.0458 3856 Ntfs - ok
18:36:50.0474 3856 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:36:50.0505 3856 Null - ok
18:36:50.0521 3856 nvlddmkm - ok
18:36:50.0536 3856 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:36:50.0552 3856 nvraid - ok
18:36:50.0583 3856 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:36:50.0599 3856 nvstor - ok
18:36:50.0614 3856 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:36:50.0630 3856 nv_agp - ok
18:36:50.0630 3856 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:36:50.0645 3856 ohci1394 - ok
18:36:50.0692 3856 P17 (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys
18:36:50.0739 3856 P17 - ok
18:36:50.0755 3856 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:36:50.0786 3856 Parport - ok
18:36:50.0801 3856 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:36:50.0817 3856 partmgr - ok
18:36:50.0833 3856 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:36:50.0864 3856 Parvdm - ok
18:36:50.0895 3856 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:36:50.0911 3856 pci - ok
18:36:50.0926 3856 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:36:50.0926 3856 pciide - ok
18:36:50.0942 3856 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:36:50.0957 3856 pcmcia - ok
18:36:50.0973 3856 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:36:50.0973 3856 pcw - ok
18:36:51.0004 3856 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:36:51.0035 3856 PEAUTH - ok
18:36:51.0129 3856 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:36:51.0191 3856 PptpMiniport - ok
18:36:51.0207 3856 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:36:51.0254 3856 Processor - ok
18:36:51.0301 3856 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:36:51.0347 3856 Psched - ok
18:36:51.0379 3856 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:36:51.0425 3856 ql2300 - ok
18:36:51.0441 3856 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:36:51.0457 3856 ql40xx - ok
18:36:51.0472 3856 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:36:51.0472 3856 QWAVEdrv - ok
18:36:51.0488 3856 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:36:51.0519 3856 RasAcd - ok
18:36:51.0535 3856 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:36:51.0550 3856 RasAgileVpn - ok
18:36:51.0566 3856 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:36:51.0581 3856 Rasl2tp - ok
18:36:51.0613 3856 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:36:51.0644 3856 RasPppoe - ok
18:36:51.0659 3856 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:36:51.0675 3856 RasSstp - ok
18:36:51.0706 3856 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:36:51.0722 3856 rdbss - ok
18:36:51.0737 3856 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:36:51.0753 3856 rdpbus - ok
18:36:51.0784 3856 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:36:51.0831 3856 RDPCDD - ok
18:36:51.0862 3856 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:36:51.0925 3856 RDPDR - ok
18:36:51.0940 3856 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:36:51.0987 3856 RDPENCDD - ok
18:36:52.0018 3856 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:36:52.0049 3856 RDPREFMP - ok
18:36:52.0096 3856 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:36:52.0143 3856 RdpVideoMiniport - ok
18:36:52.0190 3856 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:36:52.0283 3856 RDPWD - ok
18:36:52.0315 3856 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:36:52.0330 3856 rdyboost - ok
18:36:52.0393 3856 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:36:52.0471 3856 rspndr - ok
18:36:52.0502 3856 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:36:52.0533 3856 RTL8167 - ok
18:36:52.0549 3856 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:36:52.0580 3856 s3cap - ok
18:36:52.0611 3856 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:36:52.0642 3856 sbp2port - ok
18:36:52.0673 3856 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:36:52.0689 3856 scfilter - ok
18:36:52.0720 3856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:36:52.0751 3856 secdrv - ok
18:36:52.0767 3856 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:36:52.0783 3856 Serenum - ok
18:36:52.0798 3856 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:36:52.0798 3856 Serial - ok
18:36:52.0814 3856 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:36:52.0814 3856 sermouse - ok
18:36:52.0829 3856 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:36:52.0845 3856 sffdisk - ok
18:36:52.0845 3856 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:36:52.0861 3856 sffp_mmc - ok
18:36:52.0861 3856 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:36:52.0876 3856 sffp_sd - ok
18:36:52.0907 3856 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:36:52.0939 3856 sfloppy - ok
18:36:52.0970 3856 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:36:52.0970 3856 sisagp - ok
18:36:52.0985 3856 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:36:53.0001 3856 SiSRaid2 - ok
18:36:53.0017 3856 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:36:53.0017 3856 SiSRaid4 - ok
18:36:53.0048 3856 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:36:53.0063 3856 Smb - ok
18:36:53.0095 3856 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:36:53.0095 3856 spldr - ok
18:36:53.0141 3856 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:36:53.0173 3856 srv - ok
18:36:53.0188 3856 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:36:53.0204 3856 srv2 - ok
18:36:53.0204 3856 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:36:53.0219 3856 srvnet - ok
18:36:53.0266 3856 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:36:53.0282 3856 stexstor - ok
18:36:53.0313 3856 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:36:53.0329 3856 storflt - ok
18:36:53.0344 3856 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:36:53.0360 3856 storvsc - ok
18:36:53.0360 3856 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:36:53.0375 3856 swenum - ok
18:36:53.0422 3856 Synth3dVsc - ok
18:36:53.0500 3856 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:36:53.0531 3856 Tcpip - ok
18:36:53.0547 3856 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:36:53.0563 3856 TCPIP6 - ok
18:36:53.0594 3856 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:36:53.0641 3856 tcpipreg - ok
18:36:53.0672 3856 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:36:53.0687 3856 TDPIPE - ok
18:36:53.0703 3856 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:36:53.0719 3856 TDTCP - ok
18:36:53.0750 3856 tdx (0b82444215871fa9284a9a88f9019503) C:\Windows\system32\DRIVERS\tdx.sys
18:36:53.0750 3856 tdx ( UnsignedFile.Multi.Generic ) - warning
18:36:53.0750 3856 tdx - detected UnsignedFile.Multi.Generic (1)
18:36:53.0765 3856 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:36:53.0781 3856 TermDD - ok
18:36:53.0797 3856 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:36:53.0812 3856 tssecsrv - ok
18:36:53.0859 3856 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:36:53.0921 3856 TsUsbFlt - ok
18:36:53.0921 3856 tsusbhub - ok
18:36:53.0953 3856 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:36:53.0999 3856 tunnel - ok
18:36:54.0031 3856 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:36:54.0031 3856 uagp35 - ok
18:36:54.0062 3856 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:36:54.0093 3856 udfs - ok
18:36:54.0124 3856 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:36:54.0124 3856 uliagpkx - ok
18:36:54.0155 3856 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:36:54.0187 3856 umbus - ok
18:36:54.0202 3856 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:36:54.0233 3856 UmPass - ok
18:36:54.0280 3856 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
18:36:54.0311 3856 usbaudio - ok
18:36:54.0327 3856 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:36:54.0343 3856 usbccgp - ok
18:36:54.0358 3856 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:36:54.0374 3856 usbcir - ok
18:36:54.0389 3856 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:36:54.0405 3856 usbehci - ok
18:36:54.0421 3856 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:36:54.0436 3856 usbhub - ok
18:36:54.0452 3856 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
18:36:54.0452 3856 usbohci - ok
18:36:54.0467 3856 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:36:54.0483 3856 usbprint - ok
18:36:54.0499 3856 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:36:54.0499 3856 USBSTOR - ok
18:36:54.0514 3856 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:36:54.0514 3856 usbuhci - ok
18:36:54.0545 3856 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:36:54.0561 3856 vdrvroot - ok
18:36:54.0561 3856 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:36:54.0577 3856 vga - ok
18:36:54.0577 3856 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:36:54.0608 3856 VgaSave - ok
18:36:54.0608 3856 VGPU - ok
18:36:54.0623 3856 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:36:54.0639 3856 vhdmp - ok
18:36:54.0670 3856 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:36:54.0670 3856 viaagp - ok
18:36:54.0686 3856 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:36:54.0701 3856 ViaC7 - ok
18:36:54.0717 3856 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:36:54.0733 3856 viaide - ok
18:36:54.0733 3856 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:36:54.0748 3856 vmbus - ok
18:36:54.0764 3856 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:36:54.0764 3856 VMBusHID - ok
18:36:54.0779 3856 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:36:54.0779 3856 volmgr - ok
18:36:54.0795 3856 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:36:54.0811 3856 volmgrx - ok
18:36:54.0826 3856 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:36:54.0826 3856 volsnap - ok
18:36:54.0873 3856 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
18:36:54.0889 3856 vpnva - ok
18:36:54.0920 3856 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:36:54.0920 3856 vsmraid - ok
18:36:54.0935 3856 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:36:54.0967 3856 vwifibus - ok
18:36:54.0982 3856 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:36:54.0998 3856 WacomPen - ok
18:36:55.0029 3856 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:36:55.0076 3856 WANARP - ok
18:36:55.0076 3856 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:36:55.0091 3856 Wanarpv6 - ok
18:36:55.0123 3856 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:36:55.0138 3856 Wd - ok
18:36:55.0169 3856 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
18:36:55.0169 3856 WDC_SAM - ok
18:36:55.0201 3856 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:36:55.0201 3856 Wdf01000 - ok
18:36:55.0232 3856 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:36:55.0247 3856 WfpLwf - ok
18:36:55.0263 3856 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:36:55.0263 3856 WIMMount - ok
18:36:55.0294 3856 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:36:55.0310 3856 WinUsb - ok
18:36:55.0325 3856 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:36:55.0341 3856 WmiAcpi - ok
18:36:55.0357 3856 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:36:55.0388 3856 ws2ifsl - ok
18:36:55.0419 3856 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:36:55.0450 3856 WudfPf - ok
18:36:55.0466 3856 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:36:55.0497 3856 WUDFRd - ok
18:36:55.0513 3856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:36:55.0575 3856 \Device\Harddisk0\DR0 - ok
18:36:55.0575 3856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:36:55.0622 3856 \Device\Harddisk1\DR1 - ok
18:36:55.0637 3856 Boot (0x1200) (a3c17c0b61bc2b230078eac161341c66) \Device\Harddisk0\DR0\Partition0
18:36:55.0637 3856 \Device\Harddisk0\DR0\Partition0 - ok
18:36:55.0669 3856 Boot (0x1200) (eb28b92a9e39663b8d9a686a7d4abe34) \Device\Harddisk1\DR1\Partition0
18:36:55.0669 3856 \Device\Harddisk1\DR1\Partition0 - ok
18:36:55.0669 3856 ============================================================
18:36:55.0669 3856 Scan finished
18:36:55.0669 3856 ============================================================
18:36:55.0684 0592 Detected object count: 1
18:36:55.0684 0592 Actual detected object count: 1
18:38:03.0497 0592 tdx ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:03.0497 0592 tdx ( UnsignedFile.Multi.Generic ) - User select action: Skip


I also took a screen shot of an identified threat in case that is helpful.


OTL:
OTL logfile created on: 12/21/2011 6:40:17 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 57.95% Memory free
6.50 Gb Paging File | 5.24 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 332.36 Gb Free Space | 71.36% Space Free | Partition Type: NTFS
Drive E: | 37.27 Gb Total Space | 2.42 Gb Free Space | 6.50% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/17 19:00:45 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/11/09 17:24:58 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/05 11:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/07/07 21:25:20 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/06/26 11:09:47 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/10 10:34:22 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/28 10:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 17:24:58 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/10/12 02:30:39 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/12 02:27:26 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/12 02:23:44 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\PresentationFramework.Classic.ni.dll
MOD - [2011/10/12 02:23:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/12 02:23:30 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/12 02:23:29 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/12 02:23:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 02:23:17 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:23:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 02:23:00 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 02:22:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 02:22:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 02:22:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 02:22:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 02:22:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/07 22:44:44 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/07/07 22:35:08 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/06/26 11:09:47 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/10 08:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/23 06:55:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/18 01:01:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/16 15:45:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/12/15 23:18:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/02/19 11:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/21 16:56:19 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/12 10:07:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/07/07 22:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/07 20:46:42 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 12:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/01/22 16:36:27 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 02:39:17 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/17 14:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/16 01:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/03 20:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A FD 04 3A 29 9D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/02 08:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 17:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 17:24:59 | 000,000,000 | ---D | M]

[2010/12/16 15:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/12/20 20:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions
[2011/12/20 20:40:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/11/05 09:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 11:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 09:23:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/10 16:14:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/02 08:43:52 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/05/04 02:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/21 07:32:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D592450-7706-4E38-8CBC-2E0EC730EDF8}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/12 22:18:21 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 16:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/21 16:58:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/21 16:57:51 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/21 07:35:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/21 07:32:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/21 07:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\temp
[2011/12/21 07:21:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.svs
[2011/12/21 07:17:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 07:17:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 07:17:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 07:17:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/21 07:13:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 07:07:29 | 004,346,890 | R--- | C] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/21 07:03:38 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\G2G Fixes
[2011/12/18 12:03:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/12/18 11:26:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/17 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/17 22:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/12/17 19:00:51 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 18:59:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/17 18:59:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/14 22:10:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 22:10:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 22:10:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 22:10:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 22:10:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 22:09:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 17:43:43 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 17:43:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 17:43:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 17:43:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 17:43:36 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 17:43:36 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/11/26 12:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/24 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Minecraft Server Marth and Jeremy

========== Files - Modified Within 30 Days ==========

[2011/12/21 17:03:29 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 17:03:29 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 17:03:14 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/21 17:03:14 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/21 16:58:17 | 000,001,095 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/21 16:57:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/21 16:56:23 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 16:56:19 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2011/12/21 16:56:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/21 16:56:10 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 07:32:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/21 07:07:31 | 004,346,890 | R--- | M] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/20 19:00:28 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/20 19:00:28 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/12/17 22:11:14 | 000,002,991 | ---- | M] () -- C:\Users\Jeremy\Desktop\HiJackThis.lnk
[2011/12/17 19:00:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 19:00:50 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/17 16:54:09 | 000,010,364 | ---- | M] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/12/17 16:13:48 | 000,011,288 | -HS- | M] () -- C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/17 16:13:48 | 000,011,288 | -HS- | M] () -- C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/15 07:00:47 | 003,763,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/08 06:55:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/23 22:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files Created - No Company Name ==========

[2011/12/21 16:58:17 | 000,001,095 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/21 16:56:23 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 07:17:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 07:17:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 07:17:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 07:17:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 07:17:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/17 22:11:14 | 000,002,991 | ---- | C] () -- C:\Users\Jeremy\Desktop\HiJackThis.lnk
[2011/12/17 21:59:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/17 18:59:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/17 18:59:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/17 16:54:06 | 000,010,364 | ---- | C] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/12/17 15:35:06 | 000,011,288 | -HS- | C] () -- C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
[2011/12/17 15:35:06 | 000,011,288 | -HS- | C] () -- C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i
[2011/09/10 23:13:19 | 000,007,606 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
[2011/08/10 16:53:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/07 22:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/07/07 05:47:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/07 05:46:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2011/07/07 05:46:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/20 20:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/13 09:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/05/07 16:09:15 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/07 16:09:14 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/05/07 16:08:14 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/05/07 16:08:13 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/07 16:08:13 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/09 16:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 14:36:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/23 14:05:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/06 11:00:11 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/12/16 17:37:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/12/15 23:16:05 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/12/15 23:16:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/16 05:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 003,763,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/13 05:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 04:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/07 04:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2005/07/11 18:01:28 | 000,012,244 | ---- | C] () -- C:\Windows\MSUMLT_Y.INI
[2005/03/08 05:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/12/21 16:56:10 | 000,002,292 | ---- | M] () -- C:\aaw7boot.log
[2011/06/25 20:07:01 | 001,391,104 | ---- | M] () -- C:\apploc.msi
[2009/06/10 15:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 15:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/12/16 17:38:52 | 000,000,197 | ---- | M] () -- C:\csb.log
[2011/12/21 16:56:10 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 16:56:10 | 3488,079,872 | -HS- | M] () -- C:\pagefile.sys
[2011/12/21 16:56:21 | 000,000,124 | ---- | M] () -- C:\service.log
[2011/12/21 18:39:18 | 000,078,972 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_21.12.2011_18.36.04_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 22:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 19:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2005/02/09 09:40:18 | 000,010,240 | ---- | M] (Zenographics, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\MIMFPR_Y.DLL
[2010/11/20 06:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 04:12:11


< MD5 for: BEEP.SYS >
[2009/07/13 17:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys
[2009/07/13 17:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009/07/13 17:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CONNECT.DLL >
[2009/07/13 19:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\System32\connect.dll
[2009/07/13 19:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.1.7600.16385_none_64e4e40af80e0f24\connect.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 19:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2010/11/20 06:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\System32\netcfgx.dll
[2010/11/20 06:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_401c514f83c9df99\netcfgx.dll
[2009/07/13 19:16:02 | 000,403,456 | ---- | M] (Microsoft Corporation) MD5=C5B5CCDBF8ED1475240313ED88234E3F -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7600.16385_none_3deb3d8786db5bff\netcfgx.dll

< MD5 for: NETMAN.DLL >
[2009/07/13 19:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\ERDNT\cache\netman.dll
[2009/07/13 19:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/13 19:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: NETSHELL.DLL >
[2010/11/20 06:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\System32\netshell.dll
[2010/11/20 06:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_d78ad4be6c4ce238\netshell.dll
[2009/07/13 19:16:03 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=F7611E0F05B4EB272102CA9883CA98A7 -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7600.16385_none_d559c0f66f5e5e9e\netshell.dll

< MD5 for: TDX.SYS >
[2010/11/20 02:39:17 | 000,074,752 | ---- | M] () MD5=0B82444215871FA9284A9A88F9019503 -- C:\Windows\System32\drivers\tdx.sys
[2009/07/13 17:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< End of report >


OTL Extra:
OTL Extras logfile created on: 12/21/2011 6:40:17 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 57.95% Memory free
6.50 Gb Paging File | 5.24 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 332.36 Gb Free Space | 71.36% Space Free | Partition Type: NTFS
Drive E: | 37.27 Gb Total Space | 2.42 Gb Free Space | 6.50% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F81710-7F87-ECFC-BFD3-5F5C4045433A}" = AMD Media Foundation Decoders
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11661616-6C82-1CA6-874A-2C7A5A7BF72C}" = ATI Catalyst Install Manager
"{1668DB7B-3631-4F23-B1CB-8981979860FB}" = Combat Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{341739C6-79A4-4F7B-A34E-FDAE88749246}" = G*Power 3.1.2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D4D4CBF-79F3-4E38-A1DC-30646F030443}" = Microsoft LifeChat
"{3FCB20AD-FFFB-75AD-6A74-887ACED18CC3}" = Catalyst Control Center Graphics Previews Common
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43867B63-C464-4570-823D-D92DC08E3400}_is1" = Army Builder 3.3b
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}" = ILLUSION ジンコウガクエン きゃらめいく
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54DBFEC2-ABD3-4088-7B71-353063908CFD}" = AMD VISION Engine Control Center
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F2E5BB1-33E8-B06B-E965-19EE7117A445}" = AMD Drag and Drop Transcoding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{841C7C00-3FAE-4862-989D-4D564DC6D504}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1" = HF pAppLoc version 0.8
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD1D6AB-CD40-5E5B-72F2-8F258F58B905}" = CCC Help English
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C109AF5B-69D0-4C93-B360-F28D9FAB6084}" = ILLUSION ジンコウガクエン
"{C885824E-188F-8206-E2C2-B32728D6E52A}" = Catalyst Control Center InstallProxy
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F1FA508A-526F-CCA9-0998-D904BF1A80A1}" = ccc-utility
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8A2C087-24EA-E873-FBD9-C901E2EFF299}" = AMD Fuel
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Comical_is1" = Comical 0.8
"ConstructMap46 beta_is1" = ConstructMap v4.6.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DAEMON Tools Lite" = DAEMON Tools Lite
"Hero Lab V3.6g" = Hero Lab V3.6g
"hon" = Heroes of Newerth
"KONICA MINOLTA PagePro 1400W" = KONICA MINOLTA PagePro 1400W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDFCanvas V1.5" = PDFCanvas V1.5
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Steam App 19900" = Far Cry 2
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 7760" = X-COM: UFO Defense
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 Indiana" = TaxACT 2010 Indiana
"VASSAL (3.1.15)" = VASSAL (3.1.15)
"Vuze Toolbar" = Vuze Toolbar
"WaveStudio 7" = Creative WaveStudio 7
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


ASWMBR:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 18:47:09
-----------------------------
18:47:09.225 OS Version: Windows 6.1.7601 Service Pack 1
18:47:09.225 Number of processors: 4 586 0x402
18:47:09.225 ComputerName: JEREMY-PC UserName: Jeremy
18:47:11.238 Initialize success
18:47:15.668 AVAST engine defs: 11122102
18:47:37.056 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
18:47:37.056 Disk 0 Vendor: MAXTOR_6L040J2 A93.0500 Size: 38171MB BusType: 3
18:47:37.056 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-7
18:47:37.071 Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476938MB BusType: 3
18:47:39.099 Disk 1 MBR read successfully
18:47:39.099 Disk 1 MBR scan
18:47:39.115 Disk 1 Windows 7 default MBR code
18:47:39.115 Disk 1 scanning sectors +976766976
18:47:39.177 Disk 1 scanning C:\Windows\system32\drivers
18:47:44.154 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Aluroot [Rtk]
18:47:45.168 Service scanning
18:47:45.605 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:47:46.213 Modules scanning
18:47:49.473 Disk 1 trace - called modules:
18:47:49.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:47:49.489 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x863e27c0]
18:47:49.505 3 CLASSPNP.SYS[8bd9159e] -> nt!IofCallDriver -> [0x8625d758]
18:47:49.505 5 ACPI.sys[8b83d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0x8624b908]
18:47:49.505 Scan finished successfully
18:48:30.704 Disk 1 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\G2G Fixes\MBR.dat"
18:48:30.720 The log file has been saved successfully to "C:\Users\Jeremy\Desktop\G2G Fixes\aswMBR Scan 2.txt"

Attached Thumbnails

  • TDSS Threat.JPG

  • 0

#6
RKinner
Posted 21 December 2011 - 07:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i

Firefox::
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys | C:\Windows\System32\drivers\tdx.sys

Driver::
MpKsl55b2d481
MpKsl74f60940
MpKsl8f2d90e6
MpKsla0148213
MpKslaee1f93e

RootKit::
C:\Users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
C:\ProgramData\rqefos8v2ndy2jys4jux3u007j1i


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run aswMBR again. Does it still see tdx.sys as malware?

Have to go over to some friend's house for supper. Won't be back on line for 3 or 4 hours.

Ron
  • 0

#7
JeremyK
Posted 21 December 2011 - 08:08 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hope dinner is tasty!

Here are the next set of logs:

Combofix:

ComboFix 11-12-21.02 - Jeremy 12/21/2011 19:22:02.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1926 [GMT -6:00]
Running from: c:\users\Jeremy\Desktop\ComboFix.exe
Command switches used :: c:\users\Jeremy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\rqefos8v2ndy2jys4jux3u007j1i"
"c:\users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\rqefos8v2ndy2jys4jux3u007j1i
c:\users\Jeremy\AppData\Local\rqefos8v2ndy2jys4jux3u007j1i
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys --> c:\windows\System32\drivers\tdx.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL55B2D481
-------\Legacy_MPKSL74F60940
-------\Legacy_MPKSL8F2D90E6
-------\Legacy_MPKSLA0148213
-------\Legacy_MPKSLAEE1F93E
-------\Service_MpKsl55b2d481
-------\Service_MpKsl74f60940
-------\Service_MpKsl8f2d90e6
-------\Service_MpKsla0148213
-------\Service_MpKslaee1f93e
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 01:25 . 2011-12-22 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 22:58 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 22:56 . 2011-12-22 01:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CE4C9C1-13BC-4C67-A3C0-A186BA4EE7BA}\offreg.dll
2011-12-21 13:05 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CE4C9C1-13BC-4C67-A3C0-A186BA4EE7BA}\mpengine.dll
2011-12-18 04:11 . 2011-12-18 04:11 388096 ----a-r- c:\users\Jeremy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-18 03:59 . 2011-12-18 01:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-18 01:00 . 2011-12-18 01:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-18 00:59 . 2011-12-18 00:59 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-18 00:59 . 2011-12-12 16:07 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-18 00:59 . 2011-12-18 00:59 -------- d-----w- c:\programdata\Lavasoft
2011-12-18 00:59 . 2011-12-18 00:59 -------- d-----w- c:\program files\Lavasoft
2011-12-15 04:09 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 23:43 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 23:43 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 23:43 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 23:43 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 23:43 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 23:43 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-30 09:01 . 2011-11-30 09:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 01:27 . 2010-12-16 23:37 16608 ----a-w- c:\windows\gdrv.sys
2011-12-08 12:55 . 2011-06-05 14:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 10:47 . 2010-12-17 15:56 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 11:59 . 2011-10-11 11:59 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B16F730-A0EF-4EA4-ACA1-556989CE39EA}\gapaengine.dll
2011-09-29 16:03 . 2011-11-09 11:58 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-26 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-28 264040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4456448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-16 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-16 79360]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-12 64512]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 294400]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-18 2152152]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 110592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 482304]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-22 218176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-12-21 19:31:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 01:31
.
Pre-Run: 356,727,566,336 bytes free
Post-Run: 356,768,940,032 bytes free
.
- - End Of File - - 36C820BA89402AEBF11B2101F09814B4


aswMBR:

The scan did not pick up tdx.sys as malware this time.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 20:04:12
-----------------------------
20:04:12.484 OS Version: Windows 6.1.7601 Service Pack 1
20:04:12.484 Number of processors: 4 586 0x402
20:04:12.484 ComputerName: JEREMY-PC UserName: Jeremy
20:04:13.171 Initialize success
20:04:52.312 AVAST engine defs: 11122102
20:05:37.256 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
20:05:37.272 Disk 0 Vendor: MAXTOR_6L040J2 A93.0500 Size: 38171MB BusType: 3
20:05:37.272 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5
20:05:37.287 Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476938MB BusType: 3
20:05:39.300 Disk 1 MBR read successfully
20:05:39.300 Disk 1 MBR scan
20:05:39.315 Disk 1 Windows 7 default MBR code
20:05:39.315 Disk 1 scanning sectors +976766976
20:05:39.393 Disk 1 scanning C:\Windows\system32\drivers
20:05:45.524 Service scanning
20:05:46.211 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:05:46.803 Modules scanning
20:05:50.079 Disk 1 trace - called modules:
20:05:50.095 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:05:50.095 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x863e56c8]
20:05:50.095 3 CLASSPNP.SYS[8bdab59e] -> nt!IofCallDriver -> [0x85e9c918]
20:05:50.111 5 ACPI.sys[8b8343d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-5[0x85e9f908]
20:05:50.111 Scan finished successfully
20:06:00.687 Disk 1 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\G2G Fixes\MBR.dat"
20:06:00.687 The log file has been saved successfully to "C:\Users\Jeremy\Desktop\G2G Fixes\aswMBR LOG 3.txt"
  • 0

#8
RKinner
Posted 22 December 2011 - 12:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It was pretty good. Home made pizza.

Your logs are looking better.

Uninstall

Java™ 6 Update 17
Java™ 6 Update 26

These are obsolete and dangerous to have on your PC. Get the latest version from java.com

Run OTL, Quickscan and post the log.

Let's see if we missed anything.

Let's check to see if anything else is wrong:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#9
JeremyK
Posted 22 December 2011 - 07:19 AM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Your pizza sounds better than the Papa Johns I just had for breakfast. I'll be at work from 8-5:30 central. Thanks for everything so far Ron. It'll be nice to feel safe working on my dissertation at home again.

J

Here are the logs:

OTL:
OTL logfile created on: 12/22/2011 7:06:04 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 56.70% Memory free
6.50 Gb Paging File | 5.27 Gb Available in Paging File | 81.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 331.61 Gb Free Space | 71.20% Space Free | Partition Type: NTFS
Drive E: | 37.27 Gb Total Space | 2.42 Gb Free Space | 6.50% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 19:45:26 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/17 19:00:45 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/09/05 11:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/07/07 21:25:20 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/06/26 11:09:47 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/30 07:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/10 10:34:22 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/28 10:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 19:45:26 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/10/12 02:30:39 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/12 02:27:26 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/12 02:23:44 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\PresentationFramework.Classic.ni.dll
MOD - [2011/10/12 02:23:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/12 02:23:30 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/12 02:23:29 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/12 02:23:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 02:23:17 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:23:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 02:23:00 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 02:22:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 02:22:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 02:22:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 02:22:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 02:22:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/07 22:44:44 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/07/07 22:35:08 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/06/26 11:09:47 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/10 08:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/23 06:55:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/18 01:01:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/16 15:45:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/12/15 23:18:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/02/19 11:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/22 06:52:49 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{29476093-737B-4806-ADC8-9C5D802ABA95}\MpKsl4933d642.sys -- (MpKsl4933d642)
DRV - [2011/12/22 06:52:48 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/07 22:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/07 20:46:42 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 12:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/01/22 16:36:27 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/17 14:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/16 01:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/03 20:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A FD 04 3A 29 9D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/02 08:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 19:45:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 19:45:27 | 000,000,000 | ---D | M]

[2010/12/16 15:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/12/21 20:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions
[2011/12/20 20:40:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/12/22 07:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 11:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 09:23:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/12/22 07:05:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/10/02 08:43:52 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/22 07:05:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/21 19:27:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D592450-7706-4E38-8CBC-2E0EC730EDF8}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/12 22:18:21 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 07:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/21 21:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/21 21:37:30 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/21 21:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/21 19:31:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/21 19:27:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/21 19:25:20 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\temp
[2011/12/21 16:57:51 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/21 07:17:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 07:17:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 07:17:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 07:17:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/21 07:13:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 07:07:29 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/21 07:03:38 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\G2G Fixes
[2011/12/18 12:03:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/12/18 11:26:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/17 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/17 22:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/12/17 19:00:51 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 18:59:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/17 18:59:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/26 12:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/24 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Minecraft Server Marth and Jeremy

========== Files - Modified Within 30 Days ==========

[2011/12/22 06:59:57 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 06:59:57 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 06:59:46 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/22 06:59:46 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/22 06:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 06:52:36 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 21:37:33 | 000,001,095 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/21 19:27:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/21 19:20:20 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/21 16:57:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/20 19:00:28 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/20 19:00:28 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/12/17 22:11:14 | 000,002,991 | ---- | M] () -- C:\Users\Jeremy\Desktop\HiJackThis.lnk
[2011/12/17 19:00:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 19:00:50 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/17 16:54:09 | 000,010,364 | ---- | M] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/12/15 07:00:47 | 003,763,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/12/21 21:37:33 | 000,001,095 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/21 07:17:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 07:17:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 07:17:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 07:17:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 07:17:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/17 22:11:14 | 000,002,991 | ---- | C] () -- C:\Users\Jeremy\Desktop\HiJackThis.lnk
[2011/12/17 21:59:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/17 18:59:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/17 18:59:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/17 16:54:06 | 000,010,364 | ---- | C] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/09/10 23:13:19 | 000,007,606 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
[2011/08/10 16:53:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/07 22:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/07/07 05:47:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/07 05:46:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/20 20:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/13 09:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/05/07 16:09:15 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/07 16:09:14 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/05/07 16:08:14 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/05/07 16:08:13 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/07 16:08:13 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/09 16:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 14:36:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/23 14:05:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/06 11:00:11 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/12/16 17:37:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/12/15 23:16:05 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/12/15 23:16:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/16 05:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 003,763,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/13 05:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 04:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/07 04:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2005/07/11 18:01:28 | 000,012,244 | ---- | C] () -- C:\Windows\MSUMLT_Y.INI
[2005/03/08 05:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== LOP Check ==========

[2011/12/11 21:15:53 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\.minecraft
[2011/12/20 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Azureus
[2011/06/27 14:18:58 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DAEMON Tools Lite
[2011/08/18 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\ICAClient
[2011/06/26 12:15:21 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\LolClient
[2011/06/21 15:53:42 | 000,032,696 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Event Viewer System Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/12/2011 7:15:09 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/12/2011 1:12:13 PM
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 22/12/2011 1:11:55 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 22/12/2011 1:11:53 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 22/12/2011 1:11:53 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 22/12/2011 1:11:53 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 22/12/2011 1:10:51 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Event Viewer Application Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/12/2011 7:15:52 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/12/2011 1:12:28 PM
Type: Error Category: 16
Event: 16386 Source: ATIeRecord
ATI EEU Client has failed to start

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
RKinner
Posted 22 December 2011 - 10:34 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

net  start  bfe

It should say:

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Does it or do you get an error message? What does it say?


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
[2011/02/02 11:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 09:23:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
  • 0

Advertisements

#11
JeremyK
Posted 22 December 2011 - 06:00 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hey there. Attached is a sceenshot of the message in the cmd prompt. Below is the OTL log generated following the fix you provided.

OTL:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jeremy
->Flash cache emptied: 911 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jeremy
->Java cache emptied: 68995248 bytes

User: Public

Total Java Files Cleaned = 66.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12222011_175435

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Attached Thumbnails

  • CmdPromptError.JPG

  • 0

#12
RKinner
Posted 22 December 2011 - 06:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Pretty much what I expected. The malware has eaten the BFE service.

Follow the procedure in Post #13 at http://www.geekstogo...st__p__2090351.
  • 0

#13
JeremyK
Posted 22 December 2011 - 06:24 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Merged BFE.reg and got the same cmd prompt error message as I posted before.
  • 0

#14
RKinner
Posted 22 December 2011 - 07:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the next line:

reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE %userprofile%\Desktop\BFE2.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

This should create a file BFE2.txt

Copy and paste it into a reply.
  • 0

#15
JeremyK
Posted 22 December 2011 - 07:35 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here you go:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE]
"DisplayName"="@%SystemRoot%\\system32\\bfe.dll,-1001"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\bfe.dll,-1002"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,66,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="BfeServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter]
"{dc95b53e-01cf-4058-821d-350b3d0d4676}"=hex:01,10,08,00,cc,cc,cc,cc,98,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,e3,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,02,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,e0,00,10,02,00,00,00,05,00,00,00,00,00,00,00,01,00,00,00,\
01,00,00,00,3a,00,00,00,04,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,87,\
00,00,00,00,00,00,00
"{0c41d586-9c19-4e01-9d66-b5b98a97576e}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,e5,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,12,00,00,00,06,00,00,00,03,00,00,00,\
03,00,00,00,01,00,00,00
"{12c38916-82ac-4737-8f38-b6957ffebad6}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,e6,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,12,00,00,00,06,00,00,00,03,00,00,00,\
03,00,00,00,01,00,00,00
"{c970a45d-57f9-4e32-a5bd-886a9662641e}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,e7,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,0b,00,00,00,06,00,00,00,03,00,00,00,\
03,00,00,00,01,00,00,00
"{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,e8,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,0b,00,00,00,06,00,00,00,03,00,00,00,\
03,00,00,00,01,00,00,00
"{074f7f68-ee10-428a-89d1-ba78f6c327ca}"=hex:01,10,08,00,cc,cc,cc,cc,68,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,f1,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,00,00,00,00,00,00,\
00,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}"=hex:01,10,08,00,cc,cc,cc,cc,68,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,f2,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,00,00,00,00,00,00,\
00,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"{a47525e2-725b-4888-8af1-ba5a60c04f4d}"=hex:01,10,08,00,cc,cc,cc,cc,68,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,f3,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,00,00,00,00,00,00,\
00,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}"=hex:01,10,08,00,cc,cc,cc,cc,68,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,f4,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,00,00,00,00,00,00,\
00,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"{2dd96961-5757-434f-b617-34e732517c0e}"=hex:01,10,08,00,cc,cc,cc,cc,a8,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,f9,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,01,00,00,00,03,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,0c,02,00,00,00,03,00,00,00,13,00,00,00,00,00,00,00,03,00,00,00,\
03,00,00,00,83,00,00,00,14,00,00,00,00,00,00,00,03,00,00,00,03,00,00,00,0e,\
00,00,00,0b,00,00,00,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00
"{2db25e6c-f07a-44f4-b6c8-50a330d2790b}"=hex:01,10,08,00,cc,cc,cc,cc,a8,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,fb,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,01,00,00,00,03,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,0c,02,00,00,00,03,00,00,00,13,00,00,00,00,00,00,00,03,00,00,00,\
03,00,00,00,83,00,00,00,14,00,00,00,00,00,00,00,03,00,00,00,03,00,00,00,01,\
00,00,00,0b,00,00,00,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00
"{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}"=hex:01,10,08,00,cc,cc,cc,cc,a8,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,fc,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,01,00,00,00,03,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,30,08,00,00,00,03,00,00,00,13,00,00,00,00,00,00,00,03,00,00,00,\
03,00,00,00,83,00,00,00,14,00,00,00,00,00,00,00,03,00,00,00,03,00,00,00,01,\
00,00,00,0b,00,00,00,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00
"{935b7f48-0ede-44dd-9bc2-e00bb635cda3}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,08,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,ff,3a,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,00,00,01,00,00,00,09,00,00,00,08,00,00,00,03,00,00,00,\
03,00,00,00,00,00,0c,00
"{941dad9d-7b1a-4354-997b-00cf1aa9b35c}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,0a,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,00,3b,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,00,00,01,00,00,00,09,00,00,00,08,00,00,00,03,00,00,00,\
03,00,00,00,00,00,0c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter]
"{dc95b53e-01cf-4058-821d-350b3d0d4676}"=hex:01,10,08,00,cc,cc,cc,cc,20,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,98,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,98,01,00,00,01,10,08,00,cc,cc,cc,cc,88,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,3e,b5,95,dc,cf,01,58,40,82,1d,35,0b,3d,0d,46,76,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e3,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,2b,ef,71,39,3e,62,9a,4f,8c,b1,\
6e,79,b8,06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,00,3a,00,00,00,af,a1,1b,\
0c,65,57,3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,02,00,00,00,02,00,00,00,\
87,00,00,00,00,00,00,00,00,00,00,00,00,e0,00,10,68,01,00,00,01,00,04,8c,50,\
01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,\
18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,\
00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,\
ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,\
ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,\
00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,\
56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,\
45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,\
06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,\
c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,\
00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,\
f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,\
3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,\
05,13,00,00,00
"{f444c576-6e60-4ea2-9faa-80d57ed12cd2}"=hex:01,10,08,00,cc,cc,cc,cc,20,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,98,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,98,01,00,00,01,10,08,00,cc,cc,cc,cc,88,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,76,c5,44,f4,60,6e,a2,4e,9f,aa,80,d5,7e,d1,2c,d2,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e4,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,2b,ef,71,39,3e,62,9a,4f,8c,b1,\
6e,79,b8,06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,00,3a,00,00,00,af,a1,1b,\
0c,65,57,3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,02,00,00,00,02,00,00,00,\
87,00,00,00,00,00,00,00,00,00,00,00,00,e0,00,10,68,01,00,00,01,00,04,8c,50,\
01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,\
18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,\
00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,\
ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,\
ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,\
00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,\
56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,\
45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,\
06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,\
c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,\
00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,\
f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,\
3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,\
05,13,00,00,00
"{0c41d586-9c19-4e01-9d66-b5b98a97576e}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,86,d5,41,0c,19,9c,01,4e,9d,66,b5,b9,8a,97,57,6e,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,90,99,49,\
61,b6,3c,84,4e,b9,50,53,b9,4b,69,64,f3,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e5,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{12c38916-82ac-4737-8f38-b6957ffebad6}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,16,89,c3,12,ac,82,37,47,8f,38,b6,95,7f,fe,ba,d6,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,ff,bd,f9,\
65,2d,3b,5d,4e,b8,c6,c7,20,65,1f,e8,98,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e6,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{c970a45d-57f9-4e32-a5bd-886a9662641e}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,5d,a4,70,c9,f9,57,32,4e,a5,bd,88,6a,96,62,64,1e,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e7,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,1b,e0,3b,0c,70,fe,c4,4c,89,dc,c0,79,96,b6,7e,6d,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{4d9581d2-aef8-4993-84cd-b986ced80d42}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,d2,81,95,4d,f8,ae,93,49,84,cd,b9,86,ce,d8,0d,42,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,90,99,49,\
61,b6,3c,84,4e,b9,50,53,b9,4b,69,64,f3,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e9,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,f4,bd,7c,be,92,b1,a5,4a,94,f8,1f,b5,c5,ee,07,bc,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,ff,bd,f9,\
65,2d,3b,5d,4e,b8,c6,c7,20,65,1f,e8,98,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ea,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{716b48eb-0a35-4a76-92ab-1d987230d288}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,eb,48,6b,71,35,0a,76,4a,92,ab,1d,98,72,30,d2,88,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,eb,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{1165065e-4996-4338-abaf-4b8556b4d431}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,5e,06,65,11,96,49,38,43,ab,af,4b,85,56,b4,d4,31,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ec,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{07a24961-a760-4e80-b263-6d275e1b09cb}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,61,49,a2,07,60,a7,80,4e,b2,63,6d,27,5e,1b,09,cb,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,00,01,39,\
41,4c,56,32,4b,bc,1d,71,80,48,35,4d,7c,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ed,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,e2,b2,0c,5b,87,ab,74,49,9f,1c,2f,22,a6,54,ee,b9,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,60,3b,b0,\
7f,8d,7b,fa,4d,ba,dd,98,01,76,fc,4e,12,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ee,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,61,ca,b2,b6,98,fb,22,44,ad,c2,e7,cf,56,b3,68,0c,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,d1,57,8d,\
c3,a7,05,33,4c,90,4f,7f,bc,ee,e6,0e,82,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ef,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{0aa7fff8-919f-453c-928c-28a12122ba38}"=hex:01,10,08,00,cc,cc,cc,cc,08,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,f8,ff,a7,0a,9f,91,3c,45,92,8c,28,a1,21,22,ba,38,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,3b,39,72,\
4a,9f,31,bc,44,84,c3,ba,54,dc,b3,b6,b4,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f0,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,68,01,00,00,01,00,04,8c,\
50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,\
10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,\
18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,\
a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,\
00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,\
13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,\
bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,\
1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,\
00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,\
4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,\
00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,\
00,05,13,00,00,00
"{074f7f68-ee10-428a-89d1-ba78f6c327ca}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,68,7f,4f,07,10,ee,8a,42,89,d1,ba,78,f6,c3,27,ca,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,90,99,49,\
61,b6,3c,84,4e,b9,50,53,b9,4b,69,64,f3,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f1,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,5c,10,16,c0,34,eb,19,45,a5,fd,5f,4e,4a,d4,d1,8e,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,ff,bd,f9,\
65,2d,3b,5d,4e,b8,c6,c7,20,65,1f,e8,98,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f2,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{a47525e2-725b-4888-8af1-ba5a60c04f4d}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,e2,25,75,a4,5b,72,88,48,8a,f1,ba,5a,60,c0,4f,4d,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f3,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,a3,96,cc,0c,5c,8c,e2,45,b8,0e,7e,37,b1,6c,c1,ad,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f4,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{91ffecf0-0a9e-4572-95f1-a7111af86967}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,f0,ec,ff,91,9e,0a,72,45,95,f1,a7,11,1a,f8,69,67,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,90,99,49,\
61,b6,3c,84,4e,b9,50,53,b9,4b,69,64,f3,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f5,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{64e55933-15a5-495d-a928-ccca43d44875}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,33,59,e5,64,a5,15,5d,49,a9,28,cc,ca,43,d4,48,75,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,ff,bd,f9,\
65,2d,3b,5d,4e,b8,c6,c7,20,65,1f,e8,98,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f6,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{13bfd422-6f75-4408-8924-9400ec0cb19c}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,22,d4,bf,13,75,6f,08,44,89,24,94,00,ec,0c,b1,9c,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f7,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,db,56,fb,cb,85,3c,43,45,9b,c2,76,ea,28,cd,d7,4e,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f8,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{2dd96961-5757-434f-b617-34e732517c0e}"=hex:01,10,08,00,cc,cc,cc,cc,40,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,61,69,d9,2d,57,57,4f,43,b6,17,34,e7,32,51,7c,0e,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f9,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
0e,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,0c,02,00,00,00,68,01,\
00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,\
01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,\
10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,\
a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,\
00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,\
d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,\
83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,\
1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,\
00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,\
01,01,00,00,00,00,00,05,13,00,00,00
"{375fb39b-08c6-40f2-bdf2-08fa63f970a2}"=hex:01,10,08,00,cc,cc,cc,cc,40,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,9b,b3,5f,37,c6,08,f2,40,bd,f2,08,fa,63,f9,70,a2,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
0e,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,0c,02,00,00,00,68,01,\
00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,\
01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,\
10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,\
a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,\
00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,\
d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,\
83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,\
1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,\
00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,\
01,01,00,00,00,00,00,05,13,00,00,00
"{2db25e6c-f07a-44f4-b6c8-50a330d2790b}"=hex:01,10,08,00,cc,cc,cc,cc,40,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,6c,5e,b2,2d,7a,f0,f4,44,b6,c8,50,a3,30,d2,79,0b,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fb,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,0c,02,00,00,00,68,01,\
00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,\
01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,\
10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,\
a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,\
00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,\
d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,\
83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,\
1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,\
00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,\
01,01,00,00,00,00,00,05,13,00,00,00
"{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}"=hex:01,10,08,00,cc,cc,cc,cc,40,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,d6,1c,2f,c4,95,3a,e2,4a,a5,13,79,3c,3a,e6,10,c7,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fc,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,30,08,00,00,00,68,01,\
00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,\
01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,\
10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,\
a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,\
00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,\
d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,\
83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,\
1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,\
00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,\
01,01,00,00,00,00,00,05,13,00,00,00
"{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}"=hex:01,10,08,00,cc,cc,cc,cc,40,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,6b,ab,fd,b6,c6,dc,e3,43,99,ce,7a,ec,a6,50,63,a4,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,0c,02,00,00,00,68,01,\
00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,\
01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,\
10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,\
a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,\
00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,\
d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,\
83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,\
1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,\
00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,\
01,01,00,00,00,00,00,05,13,00,00,00
"{3697a558-3ed3-49be-a4c1-c1a4448653b4}"=hex:01,10,08,00,cc,cc,cc,cc,40,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,58,a5,97,36,d3,3e,be,49,a4,c1,c1,a4,44,86,53,b4,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fe,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,30,08,00,00,00,68,01,\
00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,\
01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,\
10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,\
a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,\
00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,\
d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,\
83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,\
1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,\
00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,\
01,01,00,00,00,00,00,05,13,00,00,00
"{935b7f48-0ede-44dd-9bc2-e00bb635cda3}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,48,7f,5b,93,de,0e,dd,44,9b,c2,e0,0b,b6,35,cd,a3,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,24,cc,2a,\
a8,e1,4e,e1,4e,b4,65,fd,1d,25,cb,10,a4,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,3a,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,\
e9,03,68,4a,a8,0c,08,00,00,00,03,00,00,00,03,00,00,00,00,00,0c,00,00,00,00,\
00,02,00,00,00,00,00,00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{941dad9d-7b1a-4354-997b-00cf1aa9b35c}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,9d,ad,1d,94,1a,7b,54,43,99,7b,00,cf,1a,a9,b3,5c,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,18,48,96,\
7b,c7,19,3a,49,b7,1f,83,2c,36,84,d2,8c,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,\
e9,03,68,4a,a8,0c,08,00,00,00,03,00,00,00,03,00,00,00,00,00,0c,00,00,00,00,\
00,02,00,00,00,00,00,00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{b02a4013-b6b5-4859-9168-1e3299e43b24}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,13,40,2a,b0,b5,b6,59,48,91,68,1e,32,99,e4,3b,24,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,\
4a,a8,0c,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,02,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{d870c96c-75ee-46a6-8a02-8e4401a73423}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,6c,c9,70,d8,ee,75,a6,46,8a,02,8e,44,01,a7,34,23,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,\
4a,a8,0c,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,08,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,ec,e2,50,8b,f0,7c,71,4b,b4,2e,5b,05,36,f6,ca,b8,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,03,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,7c,95,58,\
29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,00,00,00,08,00,00,\
00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{4137b143-2770-43d4-91a2-55bb0a069830}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,43,b1,37,41,70,27,d4,43,91,a2,55,bb,0a,06,98,30,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,04,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,7c,95,58,\
29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,00,00,00,20,00,00,\
00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{3180114b-8338-4740-9a16-444134ad62f4}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,4b,11,80,31,38,83,40,47,9a,16,44,41,34,ad,62,f4,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,05,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,6c,7c,53,97,a3,d9,67,47,a3,81,e9,42,67,\
5c,d9,20,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,3b,e2,2c,63,67,51,\
5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,00,04,00,00,\
00,00,00,00,08,02,00,00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{17043d46-fac2-4561-bca1-0c7a05e95f5f}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,46,3d,04,17,c2,fa,61,45,bc,a1,0c,7a,05,e9,5f,5f,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,06,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,6c,7c,53,97,a3,d9,67,47,a3,81,e9,42,67,\
5c,d9,20,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,3b,e2,2c,63,67,51,\
5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,00,04,00,00,\
00,00,00,00,20,08,00,00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{567d3836-3f5b-4067-b9c4-952f677010a2}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,36,38,7d,56,5b,3f,67,40,b9,c4,95,2f,67,70,10,a2,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,07,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,2b,ef,71,39,3e,62,9a,4f,8c,b1,6e,79,b8,\
06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,00,3a,00,00,00,af,a1,1b,0c,65,57,\
3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,02,00,00,00,02,00,00,00,87,00,00,\
00,00,00,00,00,00,e0,00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{4e718c57-c397-4221-9fbb-14fd51701d6a}"=hex:01,10,08,00,cc,cc,cc,cc,20,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,98,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,98,01,00,00,01,10,08,00,cc,cc,cc,cc,88,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,57,8c,71,4e,97,c3,21,42,9f,bb,14,fd,51,70,1d,6a,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,03,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,2b,ef,71,39,3e,62,9a,4f,8c,b1,6e,79,b8,\
06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,00,11,00,00,00,af,a1,1b,0c,65,57,\
3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,02,00,00,00,02,00,00,00,44,00,00,\
00,4d,60,5a,c3,2b,d2,1a,4e,91,b4,68,f6,74,ee,67,4b,00,00,00,00,02,00,00,00,\
02,00,00,00,43,00,00,00,00,00,00,00,00,83,07,10,68,01,00,00,01,00,04,8c,50,\
01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,\
18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,\
00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,\
ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,\
ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,\
00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,\
56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,\
45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,\
06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,\
c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,\
00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,\
f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,\
3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,\
05,13,00,00,00
"{3a90a266-1519-4d23-911b-e84cd0f02ab8}"=hex:01,10,08,00,cc,cc,cc,cc,20,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,98,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,98,01,00,00,01,10,08,00,cc,cc,cc,cc,88,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,66,a2,90,3a,19,15,23,4d,91,1b,e8,4c,d0,f0,2a,b8,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,03,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,3b,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,2b,ef,71,39,3e,62,9a,4f,8c,b1,6e,79,b8,\
06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,00,11,00,00,00,af,a1,1b,0c,65,57,\
3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,02,00,00,00,02,00,00,00,22,02,00,\
00,4d,60,5a,c3,2b,d2,1a,4e,91,b4,68,f6,74,ee,67,4b,00,00,00,00,02,00,00,00,\
02,00,00,00,23,02,00,00,00,00,00,00,c0,e1,00,10,68,01,00,00,01,00,04,8c,50,\
01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,\
18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,\
00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,\
ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,\
ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,\
00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,\
56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,\
45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,\
06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,\
c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,\
00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,\
f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,\
3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,\
05,13,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider]
"{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}"=hex:01,10,08,00,cc,cc,cc,cc,f0,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,d0,00,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,d0,00,00,00,01,10,08,00,cc,cc,cc,cc,c0,00,00,00,00,00,00,00,00,\
00,02,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,18,00,00,00,00,00,00,\
00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,\
50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,31,\
00,00,00,18,00,00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,\
77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,33,00,35,00,30,00,32,00,00,00,07,00,00,00,00,00,00,00,07,00,00,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,00,00,00,00,00,00,00,00
"{4b153735-1049-4480-aab4-d1b9bdc03710}"=hex:01,10,08,00,cc,cc,cc,cc,f0,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,d0,00,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,d0,00,00,00,01,10,08,00,cc,cc,cc,cc,c0,00,00,00,00,00,00,00,00,\
00,02,00,35,37,15,4b,49,10,80,44,aa,b4,d1,b9,bd,c0,37,10,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,18,00,00,00,00,00,00,\
00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,\
50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,31,\
00,00,00,18,00,00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,\
77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,33,00,35,00,30,00,32,00,00,00,07,00,00,00,00,00,00,00,07,00,00,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,00,00,00,00,00,00,00,00
"{1bebc969-61a5-4732-a177-847a0817862a}"=hex:01,10,08,00,cc,cc,cc,cc,58,02,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,d0,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,d0,00,00,00,01,10,08,00,cc,cc,cc,cc,c0,00,00,00,00,00,00,00,00,\
00,02,00,69,c9,eb,1b,a5,61,32,47,a1,77,84,7a,08,17,86,2a,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,18,00,00,00,00,00,00,\
00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,\
50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,32,00,31,\
00,00,00,18,00,00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,\
77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,33,00,35,00,32,00,32,00,00,00,07,00,00,00,00,00,00,00,07,00,00,00,\
4d,00,50,00,53,00,53,00,56,00,43,00,00,00,00,00,68,01,00,00,01,00,04,8c,50,\
01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,\
18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,\
00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,\
ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,\
ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,\
00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,\
56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,\
45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,\
06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,\
c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,\
00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,\
f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,\
3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,\
05,13,00,00,00
"{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}"=hex:01,10,08,00,cc,cc,cc,cc,50,02,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,c8,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,c8,00,00,00,01,10,08,00,cc,cc,cc,cc,b8,00,00,00,00,00,00,00,00,\
00,02,00,87,7d,6a,aa,8f,7f,2a,4d,be,53,fd,a5,55,cd,5f,e3,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,14,00,00,00,00,00,00,\
00,14,00,00,00,40,00,70,00,6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,\
64,00,6c,00,6c,00,2c,00,2d,00,35,00,30,00,31,00,33,00,00,00,14,00,00,00,00,\
00,00,00,14,00,00,00,40,00,70,00,6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,\
2e,00,64,00,6c,00,6c,00,2c,00,2d,00,35,00,30,00,31,00,34,00,00,00,0c,00,00,\
00,00,00,00,00,0c,00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,61,00,67,00,\
65,00,6e,00,74,00,00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,\
00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,\
00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,\
00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,\
4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,\
9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,\
00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,\
f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,\
00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,\
18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,\
00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,\
58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,\
00,00,00,00,00,05,14,00,00,00,01,01,00,00,00,00,00,05,14,00,00,00
"{d4bd4a0f-7591-4da2-ae67-3aa97c3c34c2}"=hex:01,10,08,00,cc,cc,cc,cc,20,02,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,90,00,00,00,04,00,02,00,6c,01,00,00,\
08,00,02,00,90,00,00,00,01,10,08,00,cc,cc,cc,cc,80,00,00,00,00,00,00,00,00,\
00,02,00,0f,4a,bd,d4,91,75,a2,4d,ae,67,3a,a9,7c,3c,34,c2,04,00,02,00,00,00,\
00,00,01,00,00,00,00,00,00,00,00,00,00,00,08,00,02,00,16,00,00,00,00,00,00,\
00,16,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,49,00,\
50,00,53,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,08,\
00,00,00,00,00,00,00,08,00,00,00,44,00,69,00,6e,00,67,00,53,00,76,00,63,00,\
00,00,6c,01,00,00,01,00,04,8c,50,01,00,00,60,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,00,00
"{42ff0794-3627-44c1-9886-765010075254}"=hex:01,10,08,00,cc,cc,cc,cc,70,02,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,e8,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,e8,00,00,00,01,10,08,00,cc,cc,cc,cc,d8,00,00,00,00,00,00,00,00,\
00,02,00,94,07,ff,42,27,36,c1,44,98,86,76,50,10,07,52,54,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,16,00,00,00,00,00,00,\
00,16,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,\
41,00,6e,00,74,00,69,00,6d,00,61,00,6c,00,77,00,61,00,72,00,65,00,00,00,16,\
00,00,00,00,00,00,00,16,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,20,00,41,00,6e,00,74,00,69,00,6d,00,61,00,6c,00,77,00,61,00,72,\
00,65,00,00,00,16,00,00,00,00,00,00,00,16,00,00,00,4d,00,69,00,63,00,72,00,\
6f,00,73,00,6f,00,66,00,74,00,20,00,41,00,6e,00,74,00,69,00,6d,00,61,00,6c,\
00,77,00,61,00,72,00,65,00,00,00,00,00,00,00,68,01,00,00,01,00,04,8c,50,01,\
00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,\
00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,\
ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,\
07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,\
0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,\
05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,\
00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,\
ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,\
00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,\
5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,\
0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,\
03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,\
45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,\
01,00,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer]
"{b3cdd441-af90-41ba-a745-7c6008ff2300}"=hex:01,10,08,00,cc,cc,cc,cc,c0,00,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,a0,00,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,a0,00,00,00,01,10,08,00,cc,cc,cc,cc,90,00,00,00,00,00,00,00,00,\
00,02,00,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,08,ff,23,00,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,03,00,00,00,18,00,00,\
00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,\
6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,\
00,30,00,31,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,35,37,\
15,4b,49,10,80,44,aa,b4,d1,b9,bd,c0,37,10,00,00,00,00,00,00,00,00
"{b3cdd441-af90-41ba-a745-7c6008ff2301}"=hex:01,10,08,00,cc,cc,cc,cc,c0,00,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,a0,00,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,a0,00,00,00,01,10,08,00,cc,cc,cc,cc,90,00,00,00,00,00,00,00,00,\
00,02,00,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,08,ff,23,01,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,02,00,00,00,18,00,00,\
00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,\
6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,\
00,30,00,31,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,ca,16,\
cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,00,00,00,00,00,00,00,00
"{b3cdd441-af90-41ba-a745-7c6008ff2302}"=hex:01,10,08,00,cc,cc,cc,cc,28,02,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,a0,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,a0,00,00,00,01,10,08,00,cc,cc,cc,cc,90,00,00,00,00,00,00,00,00,\
00,02,00,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,08,ff,23,02,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,04,00,00,00,18,00,00,\
00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,\
6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,\
00,30,00,31,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,35,37,\
15,4b,49,10,80,44,aa,b4,d1,b9,bd,c0,37,10,00,00,00,00,68,01,00,00,01,00,04,\
8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,\
00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,\
57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,\
42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,\
41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,\
ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,\
00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,\
28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,\
b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,\
00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,\
00,00,05,13,00,00,00
"{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}"=hex:01,10,08,00,cc,cc,cc,cc,28,02,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,a0,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,a0,00,00,00,01,10,08,00,cc,cc,cc,cc,90,00,00,00,00,00,00,00,00,\
00,02,00,13,00,a3,9b,4e,c8,e5,47,ac,6e,1e,1a,ed,72,fa,69,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,01,a0,00,00,18,00,00,\
00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,\
6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,\
00,32,00,31,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,69,c9,\
eb,1b,a5,61,32,47,a1,77,84,7a,08,17,86,2a,00,00,00,00,68,01,00,00,01,00,04,\
8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,\
00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,\
57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,\
42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,\
41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,\
ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,\
00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,\
28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,\
b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,\
00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,\
00,00,05,13,00,00,00
"{4224eab7-7d61-4fe0-9264-6d6568d2ddff}"=hex:01,10,08,00,cc,cc,cc,cc,20,02,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,98,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,98,00,00,00,01,10,08,00,cc,cc,cc,cc,88,00,00,00,00,00,00,00,00,\
00,02,00,b7,ea,24,42,61,7d,e0,4f,92,64,6d,65,68,d2,dd,ff,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,07,00,00,00,16,00,00,\
00,00,00,00,00,16,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,\
74,00,20,00,41,00,6e,00,74,00,69,00,6d,00,61,00,6c,00,77,00,61,00,72,00,65,\
00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,94,07,ff,42,27,36,\
c1,44,98,86,76,50,10,07,52,54,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,\
00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,\
02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,\
00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,\
42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,\
49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,\
03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,\
92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,\
05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,\
00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,\
c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,\
00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,\
27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,\
01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP