Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirects and audio ads in the background

Started by maverick0987 , Sep 18 2012 04:41 PM

Please log in to reply

#1
maverick0987

Posted 18 September 2012 - 04:41 PM

Member

Member
48 posts

I've had an infection for about 2 weeks. It started out as constant redirects and pop-up ads. Also a fake antivirus. I was able to get rid of most of that but it left audio ads that play sporatically in the background. I have limited access to folders on my system, some of them have been locked and it says I don't have administrative rights even though im the only one with an account and who uses the computer. Kaspersky keeps popping up saying there is a rootkit trojan named boot.SST? Anywho, my OTL log is below. Please help I think it may have infected my MBR!

Thanks in advance,

Jamie

OTL logfile created on: 9/18/2012 6:35:16 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 242.91 Gb Free Space | 85.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2012/09/18 18:14:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (SafeList) ==========

MOD - [2012/09/18 18:14:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/03/29 00:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/13 15:18:49 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/05 00:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 21:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/09 15:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 05:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 19:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:57 | 000,000,000 | ---D | M]

[2012/08/16 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/16 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/16 22:08:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 17:51:23 | 000,002,566 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\askcom.xml
[2012/08/16 22:32:01 | 000,002,339 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\Search.xml
[2012/08/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2012/09/12 20:29:25 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2012/09/18 02:16:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/09/14 09:51:48 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/12 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
[2012/09/10 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Webroot
[2012/08/21 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSpeedUp
[2012/08/21 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2012/08/21 18:06:17 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/08/19 15:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/19 15:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/19 15:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/19 15:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/19 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
[2012/08/19 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/19 15:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/16 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\security files data1a
[2012/08/16 22:35:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/08/16 22:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/16 22:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/16 22:08:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\dealcabby
[2012/08/15 20:15:01 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/08/15 15:16:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/15 15:15:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/15 15:10:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/15 15:09:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/15 14:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/14 14:45:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/14 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/14 14:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/14 14:36:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/08/14 14:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 14:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/14 11:57:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2012/08/13 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B414D441-AAE9-181F-98B5-691E76895DF3}
[2012/08/01 12:30:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Chromium
[2012/06/23 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/09/18 18:39:13 | 004,456,448 | --S- | M] () -- C:\Users\Owner\ntuser.dat
[2012/09/18 18:19:51 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 18:19:51 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 18:17:27 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/18 18:17:27 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/18 18:17:27 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/18 18:11:09 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/18 18:11:01 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/09/18 18:10:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/18 18:10:51 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/18 18:10:02 | 001,385,148 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2012/09/18 18:01:02 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/18 17:43:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/14 15:21:14 | 000,010,640 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:43 | 000,077,616 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 13:28:54 | 000,153,053 | ---- | M] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 13:28:54 | 000,107,384 | ---- | M] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/14 12:51:34 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/13 14:47:33 | 005,507,000 | ---- | M] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:29:05 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/12 20:24:17 | 000,233,193 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:27 | 000,007,605 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/27 07:25:39 | 000,369,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/08/16 23:32:17 | 000,524,288 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000002.regtrans-ms
[2012/08/16 23:32:17 | 000,524,288 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000001.regtrans-ms
[2012/08/16 23:32:17 | 000,065,536 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TM.blf
[2012/08/13 17:01:33 | 000,000,064 | ---- | M] () -- C:\ProgramData\-rsXUXuTr5MIHNxr
[2012/08/13 17:01:33 | 000,000,064 | ---- | M] () -- C:\ProgramData\-rsXUXuTr5MIHNx
[2012/08/07 14:39:12 | 000,389,067 | ---- | M] () -- C:\Users\Owner\Desktop\Diane Shinn Resume 8-2-12.pdf
[2012/08/07 14:28:16 | 000,030,720 | ---- | M] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120803 (Word Doc).doc
[2012/08/06 17:51:04 | 000,034,816 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802.doc
[2012/08/02 11:14:56 | 000,034,304 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802+B.doc
[2012/08/02 08:31:39 | 000,034,816 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.2012319+B.doc
[2012/08/02 07:56:12 | 000,030,720 | ---- | M] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120711.doc
[2012/07/17 19:26:17 | 000,000,162 | ---- | M] () -- C:\Users\Owner\Desktop\~$shinn_resume_20120711 (Word Doc).doc
[2012/07/10 15:50:08 | 000,017,353 | ---- | M] () -- C:\Users\Owner\Desktop\Cover Letter Suggestions.docx
[2012/07/06 15:41:47 | 000,022,016 | ---- | M] () -- C:\Users\Owner\Documents\New Microsoft Word Document (7).doc
[2012/07/06 09:27:56 | 000,024,064 | ---- | M] () -- C:\Users\Owner\Desktop\Hardship Letter.doc
[2012/06/26 18:00:56 | 000,022,528 | ---- | M] () -- C:\Users\Owner\Documents\Hardship Letter.doc
[2012/06/26 11:06:30 | 000,097,700 | ---- | M] () -- C:\Users\Owner\Desktop\Shinn Parcel ID.pdf
[2012/06/26 11:04:23 | 000,075,405 | ---- | M] () -- C:\Users\Owner\Desktop\tax bill.pdf
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/14 15:21:13 | 000,010,640 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:40 | 000,077,616 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 12:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:53:56 | 000,153,053 | ---- | C] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 09:53:56 | 000,107,384 | ---- | C] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/13 15:18:49 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/13 14:47:33 | 005,507,000 | ---- | C] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:24:17 | 000,233,193 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:20 | 000,007,605 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/08/16 22:02:49 | 000,524,288 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000002.regtrans-ms
[2012/08/16 22:02:49 | 000,524,288 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000001.regtrans-ms
[2012/08/16 22:02:49 | 000,065,536 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TM.blf
[2012/08/13 17:01:33 | 000,000,064 | ---- | C] () -- C:\ProgramData\-rsXUXuTr5MIHNxr
[2012/08/13 17:01:32 | 000,000,064 | ---- | C] () -- C:\ProgramData\-rsXUXuTr5MIHNx
[2012/08/07 14:39:12 | 000,389,067 | ---- | C] () -- C:\Users\Owner\Desktop\Diane Shinn Resume 8-2-12.pdf
[2012/08/07 14:28:15 | 000,030,720 | ---- | C] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120803 (Word Doc).doc
[2012/08/06 17:51:03 | 000,034,816 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802.doc
[2012/08/02 11:14:55 | 000,034,304 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802+B.doc
[2012/08/02 08:31:38 | 000,034,816 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.2012319+B.doc
[2012/07/23 16:46:28 | 000,030,720 | ---- | C] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120711.doc
[2012/07/17 19:26:17 | 000,000,162 | ---- | C] () -- C:\Users\Owner\Desktop\~$shinn_resume_20120711 (Word Doc).doc
[2012/07/10 15:47:58 | 000,017,353 | ---- | C] () -- C:\Users\Owner\Desktop\Cover Letter Suggestions.docx
[2012/06/26 18:01:12 | 000,024,064 | ---- | C] () -- C:\Users\Owner\Desktop\Hardship Letter.doc
[2012/06/26 18:00:55 | 000,022,528 | ---- | C] () -- C:\Users\Owner\Documents\Hardship Letter.doc
[2012/06/26 11:06:29 | 000,097,700 | ---- | C] () -- C:\Users\Owner\Desktop\Shinn Parcel ID.pdf
[2012/06/26 11:04:19 | 000,075,405 | ---- | C] () -- C:\Users\Owner\Desktop\tax bill.pdf
[2012/01/16 14:18:56 | 000,744,880 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2012/05/27 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylon
[2012/01/16 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Book Place
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2012/05/27 17:38:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PDFlite
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/08/19 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2011/12/29 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2011/12/29 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2012/01/16 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/12/29 17:36:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2012/02/19 14:49:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2009/07/14 01:08:49 | 000,019,658 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 9/18/2012 6:35:16 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 242.91 Gb Free Space | 85.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Google Chrome" = Google Chrome
"I Want This" = I Want This
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDFlite" = PDFlite 0.7
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-53b5a73e-a18e-4f2f-a60d-78a14f952558" = Tales of Lagoona
"WTA-5479a1f9-b991-4f06-b486-cd310fcf2b55" = Plants vs. Zombies - Game of the Year
"WTA-85799a6f-d27d-44c0-91e7-428c8e03d7bd" = Zuma's Revenge
"WTA-9bb4170a-532a-439c-bae0-f9a2f37cc0b0" = Polar Bowler
"WTA-9be06264-919c-4368-8ce8-059de1a2e0e7" = Bejeweled 3
"WTA-a39efde9-7473-4647-9c80-7aca652c2171" = Penguins!
"WTA-aa438969-19fc-476c-bf90-04bc25986570" = RollerCoaster Tycoon 3: Platinum
"WTA-e38b1724-5bc5-40ad-aee1-0d21c872722f" = Letters from Nowhere 2
"WTA-eaa9252e-8cd9-4c35-8967-e719f20cf306" = FATE - The Traitor Soul

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2012 7:23:27 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/22/2012 12:52:11 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/22/2012 4:46:19 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/26/2012 4:16:54 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/26/2012 4:43:22 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/27/2012 7:19:36 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/27/2012 7:26:57 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2012 11:31:04 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2012 7:11:12 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/29/2012 7:27:37 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/12/2012 8:28:58 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.24.138. The computer with the IP address 192.168.24.142
did not allow the name to be claimed by this computer.

Error - 9/12/2012 8:30:52 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2719857).

Error - 9/12/2012 8:30:52 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2735855).

Error - 9/12/2012 8:30:52 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Update Rollup for ActiveX Killbits for Windows 7 for x64-based
Systems (KB2736233).

Error - 9/12/2012 8:30:52 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2741355).

Error - 9/12/2012 8:30:52 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit
Edition.

Error - 9/12/2012 8:30:57 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Windows Malicious Software Removal Tool x64 - September
2012 (KB890830).

Error - 9/12/2012 8:33:15 PM | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{87A0D7B2-EE83-4E8A-A28E-8BC09A91DCDA}
because another computer on the network has the same name. The server could not
start.

Error - 9/12/2012 8:33:15 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 192.168.24.138. The computer with the IP address 192.168.24.142
did not allow the name to be claimed by this computer.

Error - 9/12/2012 8:33:16 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.24.138. The computer with the IP address 192.168.24.142
did not allow the name to be claimed by this computer.

< End of report >

#2
RKinner

Posted 18 September 2012 - 07:42 PM

Malware Expert

Expert
24,459 posts

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
[2012/08/13 17:01:33 | 000,000,064 | ---- | C] () -- C:\ProgramData\-rsXUXuTr5MIHNxr
[2012/08/13 17:01:32 | 000,000,064 | ---- | C] () -- C:\ProgramData\-rsXUXuTr5MIHNx

:files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09182012-some number.log.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron

#3
maverick0987

Posted 19 September 2012 - 11:53 AM

Member

Topic Starter
Member
48 posts

Thanks so much for your help Ron!

After the combo-fix app was run I lost internet access. All of the sudden my wireless connection said little or no connectivity. Apparently it wasn't assigning itself an ip address? So I just used my other laptop in which the wireless connection worked fine and just transferred files and logs back and forth. Here are the corresponding logs!

Thank you again,

-Jamie

OTL: First Run

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
C:\ProgramData\-rsXUXuTr5MIHNxr moved successfully.
C:\ProgramData\-rsXUXuTr5MIHNx moved successfully.
========== FILES ==========
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 73016 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[EMPTYJAVA] > in the current context!

OTL by OldTimer - Version 3.2.9.1 log created on 09192012_023224

ASW - MBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-19 02:38:31
-----------------------------
02:38:31.159 OS Version: Windows x64 6.1.7601 Service Pack 1
02:38:31.159 Number of processors: 4 586 0x2A07
02:38:31.159 ComputerName: OWNER-PC UserName: Owner
02:38:32.953 Initialize success
02:40:02.018 AVAST engine defs: 12091400
02:40:18.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:40:18.929 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 3
02:40:18.944 Disk 0 MBR read successfully
02:40:18.960 Disk 0 MBR scan
02:40:18.960 Disk 0 unknown MBR code
02:40:19.007 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
02:40:19.022 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289747 MB offset 3074048
02:40:19.069 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13997 MB offset 596475904
02:40:19.147 Disk 0 scanning C:\windows\system32\drivers
02:40:35.418 Service scanning
02:41:11.688 Modules scanning
02:41:12.921 AVAST engine scan C:\windows
02:41:15.931 AVAST engine scan C:\windows\system32
02:45:33.862 AVAST engine scan C:\windows\system32\drivers
02:45:51.553 AVAST engine scan C:\Users\Owner
02:49:51.854 AVAST engine scan C:\ProgramData
02:50:27.407 File: C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\temporaryFolder\bases\av\emu\ForDiff\emu-0607g.xml.dif **SUSPICIOUS**
02:52:02.239 Scan finished successfully
02:54:10.799 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\OTL\MBR.dat"
02:54:10.815 The log file has been saved successfully to "C:\Users\Owner\Desktop\OTL\aswMBR.txt"

COMBOFIX

ComboFix 12-09-18.07 - Owner 09/19/2012 2:58:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2518 [GMT -4:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files (x86)\I Want This
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js
C:\Program Files (x86)\I Want This\fb.js
C:\Program Files (x86)\I Want This\I Want This.dll
C:\Program Files (x86)\I Want This\I Want This.exe
C:\Program Files (x86)\I Want This\I Want This.ico
C:\Program Files (x86)\I Want This\I Want This.ini
C:\Program Files (x86)\I Want This\I Want ThisGui.exe
C:\Program Files (x86)\I Want This\jquery.js
C:\Program Files (x86)\I Want This\json.js
C:\Program Files (x86)\I Want This\Uninstall.exe
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\funmoods.css
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\funmoods.xul
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\images\pref.jpg
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\arwDwn.gif
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ae.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\bg.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ch.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\cn.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\cz.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\de.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\eg.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\en.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\es.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\fr.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\gr.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\he.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\il.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\it.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ja.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\jp.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\nl.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\no.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\pl.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\pt.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ro.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ru.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\sa.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\se.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\sv.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\tr.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ua.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\us.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\help_16.gif
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\home.gif
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\logo.png
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\privecy_16_hot.gif
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\tellafriend.gif
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\loader.xul
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\preferences.xul
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\install.rdf
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\META-INF\manifest.mf
C:\Users\Owner\g2mdlhlpx.exe
C:\windows\SysWow64\FlashPlayerInstaller.exe

((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))

2012-09-19 07:04:51 . 2012-09-19 07:04:51 -------- d-----w- C:\Users\Public\AppData\Local\temp
2012-09-19 07:04:51 . 2012-09-19 07:04:51 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-19 06:32:24 . 2012-09-19 06:32:24 -------- d-----w- C:\_OTL
2012-09-18 12:32:17 . 2012-08-28 05:49:10 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75B7D1B2-CAD3-46C9-A7D5-42D7F2D29562}\mpengine.dll
2012-09-14 13:51:59 . 2012-09-19 07:06:16 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-09-14 13:51:59 . 2012-09-14 13:51:59 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-09-14 13:51:48 . 2012-09-14 13:51:48 615728 ----a-w- C:\windows\system32\drivers\klif.sys
2012-09-13 19:18:49 . 2012-09-13 19:18:49 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 19:18:49 . 2012-09-13 19:18:49 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 13:35:13 . 2012-08-22 18:12:40 950128 ----a-w- C:\windows\system32\drivers\ndis.sys
2012-09-13 13:35:12 . 2012-08-22 18:12:50 1913200 ----a-w- C:\windows\system32\drivers\tcpip.sys
2012-09-13 13:35:12 . 2012-08-02 17:58:52 574464 ----a-w- C:\windows\system32\d3d10level9.dll
2012-09-13 13:35:12 . 2012-08-02 16:57:20 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-13 13:35:12 . 2012-07-04 20:26:03 41472 ----a-w- C:\windows\system32\drivers\RNDISMP.sys
2012-09-13 13:35:11 . 2012-08-22 18:12:40 376688 ----a-w- C:\windows\system32\drivers\netio.sys
2012-09-13 13:35:11 . 2012-08-22 18:12:33 288624 ----a-w- C:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 19:58:03 . 2012-09-10 19:58:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\Webroot
2012-08-31 09:45:17 . 2012-05-14 05:26:34 956928 ----a-w- C:\windows\system32\localspl.dll
2012-08-26 20:21:55 . 2012-05-05 08:36:55 503808 ----a-w- C:\windows\system32\srcore.dll
2012-08-26 20:21:55 . 2012-05-05 07:46:52 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-08-26 20:21:37 . 2012-02-11 06:43:47 751104 ----a-w- C:\windows\system32\win32spl.dll
2012-08-26 20:21:37 . 2012-02-11 06:36:02 559104 ----a-w- C:\windows\system32\spoolsv.exe
2012-08-26 20:21:37 . 2012-02-11 06:36:01 67072 ----a-w- C:\windows\splwow64.exe
2012-08-26 20:21:37 . 2012-02-11 05:43:49 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-08-26 20:21:29 . 2012-07-04 22:16:43 73216 ----a-w- C:\windows\system32\netapi32.dll
2012-08-26 20:21:29 . 2012-07-04 22:13:27 59392 ----a-w- C:\windows\system32\browcli.dll
2012-08-26 20:21:29 . 2012-07-04 22:13:27 136704 ----a-w- C:\windows\system32\browser.dll
2012-08-26 20:21:29 . 2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-08-22 20:47:56 . 2012-07-18 18:15:06 3148800 ----a-w- C:\windows\system32\win32k.sys
2012-08-21 22:29:06 . 2012-08-21 23:17:57 -------- d-----w- C:\Program Files (x86)\PC Speed Up
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-13 17:17:13 . 2011-12-30 02:11:10 64462936 ----a-w- C:\windows\system32\MRT.exe
2012-08-14 18:45:25 . 2012-08-14 18:45:25 110080 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 03:15:02 202296]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2011-06-22 22:26:14 3218864 ----a-w- C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaAppPlace]
2010-09-23 18:03:36 552960 ----a-w- C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-07-12 01:16:10 1298816 ----a-w- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 01:50:28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 19:18:49 250568]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 01:50:28 136176]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 02:34:24 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 19:49:08 243712]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 01:16:06 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 04:10:00 138152]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2011-12-30 02:31:18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 01:10:10 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 23:36:48 482384]
S1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys [2011-03-04 17:23:28 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys [2011-03-10 22:36:24 29488]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 19:22:40 822624]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 15:59:30 126392]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 13:30:18 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 21:20:48 2656280]
S3 dc3d;MS Hardware Device Detection Driver (USB);C:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 23:37:10 52584]
S3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 17:51:42 9216]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 00:27:10 22544]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 19:29:08 77424]
S3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 00:34:26 56344]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 03:07:00 38096]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\windows\system32\DRIVERS\point64.sys [2011-08-01 20:59:06 45416]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 09:08:58 1109096]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 13:30:10 764264]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 13:30:18 268648]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 13:30:18 25960]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 13:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 13:30:22 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2012-09-19 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 19:18:49 . 2012-09-13 19:18:49]

2012-09-19 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 01:50:29 . 2011-12-01 01:50:28]

2012-09-19 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 01:50:29 . 2011-12-01 01:50:28]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2011-04-08 01:22:52 167256]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2011-04-08 01:22:40 391000]
"Persistence"="C:\windows\system32\igfxpers.exe" [2011-04-08 01:22:44 418136]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 21:07:22 316032]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22:31:34 24376]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 20:59:06 2417032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-I Want This - C:\Program Files (x86)\I Want This\Uninstall.exe

TDSK

03:20:46.0301 2076 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
03:20:46.0347 2076 WPCSvc - ok
03:20:46.0379 2076 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
03:20:46.0425 2076 WPDBusEnum - ok
03:20:46.0472 2076 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
03:20:46.0566 2076 ws2ifsl - ok
03:20:46.0597 2076 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
03:20:46.0691 2076 wscsvc - ok
03:20:46.0691 2076 WSearch - ok
03:20:46.0800 2076 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
03:20:46.0940 2076 wuauserv - ok
03:20:46.0971 2076 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
03:20:47.0081 2076 WudfPf - ok
03:20:47.0174 2076 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
03:20:47.0299 2076 WUDFRd - ok
03:20:47.0408 2076 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
03:20:47.0517 2076 wudfsvc - ok
03:20:47.0580 2076 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
03:20:47.0673 2076 WwanSvc - ok
03:20:47.0689 2076 ================ Scan global ===============================
03:20:47.0720 2076 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
03:20:47.0751 2076 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
03:20:47.0767 2076 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
03:20:47.0814 2076 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
03:20:47.0861 2076 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
03:20:47.0876 2076 [Global] - ok
03:20:47.0876 2076 ================ Scan MBR ==================================
03:20:47.0892 2076 [ 4661F953F30D48FD76A9DA73C4892179 ] \Device\Harddisk0\DR0
03:20:48.0438 2076 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
03:20:48.0438 2076 \Device\Harddisk0\DR0 - detected TDSS File System (1)
03:20:48.0438 2076 ================ Scan VBR ==================================
03:20:48.0453 2076 [ F35360472A297C6EDD472B5A8FE5D58B ] \Device\Harddisk0\DR0\Partition1
03:20:48.0453 2076 \Device\Harddisk0\DR0\Partition1 - ok
03:20:48.0453 2076 ============================================================
03:20:48.0453 2076 Scan finished
03:20:48.0453 2076 ============================================================
03:20:48.0469 3424 Detected object count: 1
03:20:48.0469 3424 Actual detected object count: 1
03:24:25.0091 3424 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
03:24:25.0107 3424 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
03:24:25.0122 3424 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
03:24:25.0122 3424 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
03:24:25.0122 3424 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
03:24:25.0122 3424 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
03:24:25.0138 3424 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
03:24:25.0138 3424 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
03:24:25.0138 3424 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
03:24:25.0169 3424 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
03:24:25.0216 3424 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
03:24:25.0216 3424 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
03:24:25.0216 3424 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
03:24:25.0216 3424 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
03:24:25.0231 3424 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
03:24:25.0231 3424 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
03:24:25.0231 3424 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
03:24:25.0247 3424 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
03:24:25.0278 3424 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
03:24:25.0325 3424 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
03:24:25.0372 3424 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
03:24:25.0387 3424 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
03:24:25.0419 3424 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
03:24:25.0450 3424 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
03:24:25.0481 3424 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
03:24:25.0497 3424 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
03:24:25.0949 3424 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
03:24:25.0965 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

VEW #1 -

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/09/2012 12:47:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/09/2012 4:45:57 PM
Type: Critical Category: 404
Event: 404 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service has encountered RPC initialization error in "RpcServerUseProtseq:ncacn_ip_tcp". Additional Data: Error Value: 1703.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/09/2012 4:46:00 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Function Discovery Resource Publication service terminated with the following error: %%-2147014874

Log: 'System' Date/Time: 19/09/2012 4:45:59 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed

Log: 'System' Date/Time: 19/09/2012 4:45:54 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 12:44:35 PM on ?9/?19/?2012 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

VEW #2

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/09/2012 12:48:57 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/09/2012 4:47:38 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 19/09/2012 4:45:57 PM
Type: Error Category: 0
Event: 0 Source: Schedule
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/09/2012 4:46:01 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=888}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: OWNER-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 19/09/2012 4:46:00 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=888}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

OTL Run #2

OTL logfile created on: 9/19/2012 12:52:07 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 241.93 Gb Free Space | 85.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 118.48 Mb Total Space | 112.95 Mb Free Space | 95.33% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (SafeList) ==========

MOD - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/03/29 00:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/09/13 15:18:49 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/05 00:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 21:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/09 15:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 05:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 19:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:57 | 000,000,000 | ---D | M]

[2012/08/16 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/16 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 17:51:23 | 000,002,566 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\askcom.xml
[2012/08/16 22:32:01 | 000,002,339 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\Search.xml
[2012/08/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/19 03:06:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2012/09/12 20:29:25 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysNative\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\windows\SysNative\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\windows\SysNative\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysWow64\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\windows\SysWow64\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\windows\SysWow64\rsvpsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: TCrdMain - hkey= - key= - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

SafeBootMin:64bit: AppMgmt - C:\windows\SysNative\appmgmts.dll File not found
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\windows\SysNative\appmgmts.dll File not found
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WRkrn - Driver
SafeBootNet:64bit: WRSVC - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WRkrn - Driver
SafeBootNet: WRSVC - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{DDC88C71-D52A-4CBE-9387-CC2A96B5C129} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 12:44:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/19 03:24:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/19 03:06:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/19 02:56:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/19 02:56:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/19 02:56:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/19 02:50:02 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:54 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:37:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:37:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\OTL
[2012/09/19 02:32:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/18 02:16:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/09/14 09:51:48 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/13 15:18:49 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/09/13 15:18:49 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/13 15:18:26 | 009,575,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Owner\Desktop\install_flash_player_ax.exe
[2012/09/13 09:35:12 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/09/13 09:35:12 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10level9.dll
[2012/09/13 09:35:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
[2012/09/13 09:35:11 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/09/13 09:35:11 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/12 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
[2012/09/10 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Webroot
[2012/08/31 05:45:17 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012/08/26 16:22:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/26 16:22:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/26 16:22:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/26 16:22:25 | 002,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll
[2012/08/26 16:22:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/26 16:22:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/26 16:22:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/26 16:22:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/26 16:22:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/26 16:22:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/26 16:22:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/26 16:22:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/26 16:22:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9.dll
[2012/08/26 16:22:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/26 16:22:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/26 16:21:55 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/26 16:21:37 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/26 16:21:37 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/26 16:21:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/26 16:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/26 16:21:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/26 16:21:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/21 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSpeedUp
[2012/08/21 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2012/08/21 18:06:17 | 000,000,000 | ---D | C] -- C:\windows\pss
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/19 12:53:25 | 004,456,448 | --S- | M] () -- C:\Users\Owner\ntuser.dat
[2012/09/19 12:53:16 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/19 12:53:16 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/19 12:53:16 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/19 12:53:12 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 12:53:12 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 12:45:57 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/09/19 12:45:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/19 12:45:47 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 12:45:10 | 001,392,511 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2012/09/19 03:06:39 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2012/09/19 03:06:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/09/19 02:50:02 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:55 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:43:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 02:37:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:36:06 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 02:36:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 15:21:14 | 000,010,640 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:43 | 000,077,616 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 13:28:54 | 000,153,053 | ---- | M] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 13:28:54 | 000,107,384 | ---- | M] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/14 12:51:34 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/13 15:18:49 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/09/13 15:18:49 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/13 15:18:26 | 009,575,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Owner\Desktop\install_flash_player_ax.exe
[2012/09/13 14:47:33 | 005,507,000 | ---- | M] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:29:05 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/12 20:24:17 | 000,233,193 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:27 | 000,007,605 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/27 07:25:39 | 000,369,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/22 14:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/08/22 14:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/19 02:56:48 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/19 02:56:48 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/19 02:56:48 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/19 02:56:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/19 02:56:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/14 15:21:13 | 000,010,640 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:40 | 000,077,616 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 12:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:53:56 | 000,153,053 | ---- | C] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 09:53:56 | 000,107,384 | ---- | C] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/13 15:18:49 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/13 14:47:33 | 005,507,000 | ---- | C] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:24:17 | 000,233,193 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:20 | 000,007,605 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/01/16 14:18:56 | 000,744,880 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========

< DRIVES >

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/08/21 19:05:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe
[2012/02/28 20:30:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2012/05/27 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylon
[2012/01/16 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Book Place
[2011/12/29 21:37:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities
[2012/08/21 19:05:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2012/08/14 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Media Center Programs
[2012/09/17 16:15:44 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2012/08/21 19:05:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2012/05/27 17:38:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PDFlite
[2012/02/28 20:30:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Real
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/08/19 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2011/12/29 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2011/12/29 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2012/01/16 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2012/09/10 15:58:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Webroot
[2011/12/29 17:36:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2012/02/19 14:49:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 23:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010/11/20 23:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010/11/20 23:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010/11/20 23:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010/11/20 23:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 23:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/30 22:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/30 22:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/30 22:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/10/30 22:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/10/30 22:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/10/30 22:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

OTL EXTRAS

OTL Extras logfile created on: 9/19/2012 12:52:07 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 241.93 Gb Free Space | 85.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 118.48 Mb Total Space | 112.95 Mb Free Space | 95.33% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Google Chrome" = Google Chrome
"I Want This" = I Want This
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDFlite" = PDFlite 0.7
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-53b5a73e-a18e-4f2f-a60d-78a14f952558" = Tales of Lagoona
"WTA-5479a1f9-b991-4f06-b486-cd310fcf2b55" = Plants vs. Zombies - Game of the Year
"WTA-85799a6f-d27d-44c0-91e7-428c8e03d7bd" = Zuma's Revenge
"WTA-9bb4170a-532a-439c-bae0-f9a2f37cc0b0" = Polar Bowler
"WTA-9be06264-919c-4368-8ce8-059de1a2e0e7" = Bejeweled 3
"WTA-a39efde9-7473-4647-9c80-7aca652c2171" = Penguins!
"WTA-aa438969-19fc-476c-bf90-04bc25986570" = RollerCoaster Tycoon 3: Platinum
"WTA-e38b1724-5bc5-40ad-aee1-0d21c872722f" = Letters from Nowhere 2
"WTA-eaa9252e-8cd9-4c35-8967-e719f20cf306" = FATE - The Traitor Soul

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2012 12:45:57 PM | Computer Name = Owner-PC | Source = Schedule | ID = 0
Description =

Error - 9/19/2012 12:47:38 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/19/2012 12:45:54 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:44:35 PM on ?9/?19/?2012 was unexpected.

Error - 9/19/2012 12:45:59 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
following error: %%13876

Error - 9/19/2012 12:46:00 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147014874

Error - 9/19/2012 12:48:06 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 9/19/2012 12:48:13 PM | Computer Name = Owner-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 9/19/2012 12:48:13 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 9/19/2012 12:48:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%0

Error - 9/19/2012 12:48:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%0

< End of report >

FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 19-09-2012 at 13:12:38
Running from "E:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-13 09:35] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Wow, that's a lot. If I was supposed to just upload them as attachments then I apologize.

#4
RKinner

Posted 19 September 2012 - 02:06 PM

Malware Expert

Expert
24,459 posts

Actually I do not like the logs attached so you did it right.

Sorry you lost the internet. Not sure why. The Combofix log looks a little unfinished so it may have hung on you. Can you run Combofix again? It should reboot on its own when it finishes.

TDSSKiller found TDSS and said it removed it. Let's run it one more time with all options checked just to make sure that it was able to remove everything.

Your last OTL log shows some problems with winsock so let's see if we can fix them. That might be why your Internet is not working:

Copy the next 3 lines:

reg delete HKLM\SOFTWARE\MICROSOFT\RPC\INTERNET
netsh winsock reset catalog
netsh int ipv4 reset %userprofile%\Desktop\reset4.log

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter.

Reboot when done.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

I think it should reboot when it finishes. IF not, please reboot.

Run OTL, Quickscan and post the log.

Run Farbar's again and post the log.

Run Vew again for System and post the log.

#5
maverick0987

Posted 19 September 2012 - 03:29 PM

Member

Topic Starter
Member
48 posts

Thanks again for your assistance. TDS Killer says it found TDSS File System Physical Drive: \device\harddisk0\DR0 , suspicious medium risk. Should I skip? Copy to Quarantine, or Delete? Last time I chose copy to quarantine b/c I was afraid to delete it.

Thanks,

-J

#6
RKinner

Posted 19 September 2012 - 03:48 PM

Malware Expert

Expert
24,459 posts

delete

#7
maverick0987

Posted 20 September 2012 - 07:29 AM

Member

Topic Starter
Member
48 posts

Thank you!

The TDSSKILLER was able to remove the problem...haven't seen any symptoms after that. Internet still isn't working. I ran ipconfig and there is no DNS-address being assigned. Tried the command /renew and it said something about winsock not supported. I'll have to try it again when I get home to give you specifics.

-Jamie

Combo Fix:

ComboFix 12-09-18.07 - Owner 09/19/2012 17:06:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2381 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\I Want This\appAPIinternalWrapper.js
c:\program files (x86)\I Want This\fb.js
c:\program files (x86)\I Want This\I Want This.dll
c:\program files (x86)\I Want This\I Want This.exe
c:\program files (x86)\I Want This\I Want This.ico
c:\program files (x86)\I Want This\I Want This.ini
c:\program files (x86)\I Want This\I Want ThisGui.exe
c:\program files (x86)\I Want This\jquery.js
c:\program files (x86)\I Want This\json.js
c:\program files (x86)\I Want This\Uninstall.exe
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\funmoods.css
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\funmoods.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\images\pref.jpg
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\arwDwn.gif
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ae.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\bg.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ch.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\cn.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\cz.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\de.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\eg.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\en.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\es.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\fr.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\gr.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\he.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\il.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\it.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ja.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\jp.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\nl.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\no.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\pl.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\pt.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ro.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ru.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\sa.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\se.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\sv.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\tr.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\ua.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\flgs\us.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\help_16.gif
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\home.gif
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\logo.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]nmoods.com\content\imgs\privecy_16_hot.gif
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\imgs\tellafriend.gif
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\loader.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\content\preferences.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\install.rdf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]\META-INF\manifest.mf
c:\users\Owner\g2mdlhlpx.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 21:12 . 2012-09-19 21:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-19 21:12 . 2012-09-19 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 07:24 . 2012-09-19 07:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-19 06:32 . 2012-09-19 06:32 -------- d-----w- C:\_OTL
2012-09-18 12:32 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75B7D1B2-CAD3-46C9-A7D5-42D7F2D29562}\mpengine.dll
2012-09-14 13:51 . 2012-09-19 16:46 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-14 13:51 . 2012-09-14 13:51 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-09-14 13:51 . 2012-09-14 13:51 615728 ----a-w- c:\windows\system32\drivers\klif.sys
2012-09-13 19:18 . 2012-09-13 19:18 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 19:18 . 2012-09-13 19:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 13:35 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 13:35 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 13:35 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 13:35 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-13 13:35 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 13:35 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 13:35 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 19:58 . 2012-09-10 19:58 -------- d-----w- c:\users\Owner\AppData\Roaming\Webroot
2012-08-31 09:45 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-26 20:21 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-26 20:21 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-26 20:21 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-26 20:21 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-26 20:21 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-26 20:21 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-26 20:21 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-26 20:21 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-26 20:21 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-26 20:21 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-22 20:47 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-21 22:29 . 2012-08-21 23:17 -------- d-----w- c:\program files (x86)\PC Speed Up
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 17:17 . 2011-12-30 02:11 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 18:45 . 2012-08-14 18:45 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
.
.
((((((((((((((((((((((((((((( [email protected]_07.06.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-19 07:07 37910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-19 16:47 36790 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-30 01:37 . 2012-09-19 16:47 7364 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3840733803-2238611531-1111940232-1000_UserData.bin
- 2012-09-19 07:06 . 2012-09-19 07:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-19 07:14 . 2012-09-19 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-19 07:14 . 2012-09-19 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-19 07:06 . 2012-09-19 07:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-30 02:53 . 2012-09-19 21:04 201074 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-09-19 06:38 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-19 21:09 624856 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-19 06:38 106942 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-19 21:09 106942 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2011-06-22 22:26 3218864 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaAppPlace]
2010-09-23 18:03 552960 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-07-12 01:16 1298816 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 250568]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-30 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 19:18]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 01:50]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 01:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-19 17:16:26
ComboFix-quarantined-files.txt 2012-09-19 21:16
ComboFix2.txt 2012-08-16 00:14
.
Pre-Run: 260,182,093,824 bytes free
Post-Run: 259,510,206,464 bytes free
.
- - End Of File - - 28A1ECCDFCE4CA0AC7D88C5634E165A7

OTL:

OTL logfile created on: 9/20/2012 1:22:38 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 9.00% Memory free
8.00 Gb Paging File | 4.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 241.76 Gb Free Space | 85.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 118.48 Mb Total Space | 112.98 Mb Free Space | 95.35% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (SafeList) ==========

MOD - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/03/29 00:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/13 15:18:49 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/05 00:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 21:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/09 15:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 05:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 19:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:57 | 000,000,000 | ---D | M]

[2012/08/16 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/16 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 17:51:23 | 000,002,566 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\askcom.xml
[2012/08/16 22:32:01 | 000,002,339 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\Search.xml
[2012/08/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/19 03:06:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2012/09/12 20:29:25 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysNative\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\windows\SysNative\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\windows\SysNative\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysWow64\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\windows\SysWow64\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\windows\SysWow64\rsvpsp.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2012/09/19 17:32:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/19 17:16:33 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/19 12:44:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/19 03:24:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/19 02:56:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/19 02:56:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/19 02:50:02 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:54 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:37:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:37:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\OTL
[2012/09/19 02:32:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/18 02:16:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/09/14 09:51:48 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/12 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
[2012/09/10 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Webroot
[2012/08/21 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSpeedUp
[2012/08/21 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2012/08/21 18:06:17 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/08/19 15:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/19 15:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/19 15:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/19 15:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/19 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
[2012/08/19 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/19 15:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/16 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\security files data1a
[2012/08/16 22:35:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/08/16 22:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/16 22:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/16 22:08:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\dealcabby
[2012/08/15 15:16:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/15 15:10:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/15 15:09:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/15 14:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/14 14:45:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/14 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/14 14:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/14 14:36:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/08/14 14:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 14:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/14 11:57:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2012/08/13 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B414D441-AAE9-181F-98B5-691E76895DF3}
[2012/08/01 12:30:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Chromium
[2012/06/23 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/09/20 01:29:21 | 004,456,448 | --S- | M] () -- C:\Users\Owner\ntuser.dat
[2012/09/20 01:21:08 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/20 01:21:08 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/20 01:21:08 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/20 01:21:06 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 01:21:06 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 01:17:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/19 18:18:37 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/09/19 18:18:23 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 18:17:52 | 001,392,609 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2012/09/19 17:12:48 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2012/09/19 03:06:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/09/19 02:50:02 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:55 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:43:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 02:37:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:36:06 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 02:36:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 15:21:14 | 000,010,640 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:43 | 000,077,616 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 13:28:54 | 000,153,053 | ---- | M] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 13:28:54 | 000,107,384 | ---- | M] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/14 12:51:34 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/13 14:47:33 | 005,507,000 | ---- | M] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:29:05 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/12 20:24:17 | 000,233,193 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:27 | 000,007,605 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/27 07:25:39 | 000,369,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/08/16 23:32:17 | 000,524,288 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000002.regtrans-ms
[2012/08/16 23:32:17 | 000,524,288 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000001.regtrans-ms
[2012/08/16 23:32:17 | 000,065,536 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TM.blf
[2012/08/07 14:39:12 | 000,389,067 | ---- | M] () -- C:\Users\Owner\Desktop\Diane Shinn Resume 8-2-12.pdf
[2012/08/07 14:28:16 | 000,030,720 | ---- | M] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120803 (Word Doc).doc
[2012/08/06 17:51:04 | 000,034,816 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802.doc
[2012/08/02 11:14:56 | 000,034,304 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802+B.doc
[2012/08/02 08:31:39 | 000,034,816 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.2012319+B.doc
[2012/08/02 07:56:12 | 000,030,720 | ---- | M] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120711.doc
[2012/07/17 19:26:17 | 000,000,162 | ---- | M] () -- C:\Users\Owner\Desktop\~$shinn_resume_20120711 (Word Doc).doc
[2012/07/10 15:50:08 | 000,017,353 | ---- | M] () -- C:\Users\Owner\Desktop\Cover Letter Suggestions.docx
[2012/07/06 15:41:47 | 000,022,016 | ---- | M] () -- C:\Users\Owner\Documents\New Microsoft Word Document (7).doc
[2012/07/06 09:27:56 | 000,024,064 | ---- | M] () -- C:\Users\Owner\Desktop\Hardship Letter.doc
[2012/06/26 18:00:56 | 000,022,528 | ---- | M] () -- C:\Users\Owner\Documents\Hardship Letter.doc
[2012/06/26 11:06:30 | 000,097,700 | ---- | M] () -- C:\Users\Owner\Desktop\Shinn Parcel ID.pdf
[2012/06/26 11:04:23 | 000,075,405 | ---- | M] () -- C:\Users\Owner\Desktop\tax bill.pdf
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/19 02:56:48 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/19 02:56:48 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/19 02:56:48 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/19 02:56:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/19 02:56:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/14 15:21:13 | 000,010,640 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:40 | 000,077,616 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 12:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:53:56 | 000,153,053 | ---- | C] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 09:53:56 | 000,107,384 | ---- | C] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/13 15:18:49 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/13 14:47:33 | 005,507,000 | ---- | C] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:24:17 | 000,233,193 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:20 | 000,007,605 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/08/16 22:02:49 | 000,524,288 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000002.regtrans-ms
[2012/08/16 22:02:49 | 000,524,288 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000001.regtrans-ms
[2012/08/16 22:02:49 | 000,065,536 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TM.blf
[2012/08/07 14:39:12 | 000,389,067 | ---- | C] () -- C:\Users\Owner\Desktop\Diane Shinn Resume 8-2-12.pdf
[2012/08/07 14:28:15 | 000,030,720 | ---- | C] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120803 (Word Doc).doc
[2012/08/06 17:51:03 | 000,034,816 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802.doc
[2012/08/02 11:14:55 | 000,034,304 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802+B.doc
[2012/08/02 08:31:38 | 000,034,816 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.2012319+B.doc
[2012/07/23 16:46:28 | 000,030,720 | ---- | C] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120711.doc
[2012/07/17 19:26:17 | 000,000,162 | ---- | C] () -- C:\Users\Owner\Desktop\~$shinn_resume_20120711 (Word Doc).doc
[2012/07/10 15:47:58 | 000,017,353 | ---- | C] () -- C:\Users\Owner\Desktop\Cover Letter Suggestions.docx
[2012/06/26 18:01:12 | 000,024,064 | ---- | C] () -- C:\Users\Owner\Desktop\Hardship Letter.doc
[2012/06/26 18:00:55 | 000,022,528 | ---- | C] () -- C:\Users\Owner\Documents\Hardship Letter.doc
[2012/06/26 11:06:29 | 000,097,700 | ---- | C] () -- C:\Users\Owner\Desktop\Shinn Parcel ID.pdf
[2012/06/26 11:04:19 | 000,075,405 | ---- | C] () -- C:\Users\Owner\Desktop\tax bill.pdf
[2012/01/16 14:18:56 | 000,744,880 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2012/05/27 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylon
[2012/01/16 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Book Place
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2012/05/27 17:38:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PDFlite
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/08/19 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2011/12/29 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2011/12/29 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2012/01/16 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/12/29 17:36:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2012/02/19 14:49:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2012/09/19 18:18:37 | 000,022,860 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 20-09-2012 at 01:33:56
Running from "E:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-13 09:35] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

VEW:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/09/2012 1:36:38 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/09/2012 10:18:37 PM
Type: Critical Category: 404
Event: 404 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service has encountered RPC initialization error in "RpcServerUseProtseq:ncacn_ip_tcp". Additional Data: Error Value: 1703.

Log: 'System' Date/Time: 19/09/2012 9:44:56 PM
Type: Critical Category: 404
Event: 404 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service has encountered RPC initialization error in "RpcServerUseProtseq:ncacn_ip_tcp". Additional Data: Error Value: 1703.

Log: 'System' Date/Time: 19/09/2012 9:32:50 PM
Type: Critical Category: 404
Event: 404 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service has encountered RPC initialization error in "RpcServerUseProtseq:ncacn_ip_tcp". Additional Data: Error Value: 1703.

Log: 'System' Date/Time: 19/09/2012 9:16:27 PM
Type: Critical Category: 404
Event: 404 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service has encountered RPC initialization error in "RpcServerUseProtseq:ncacn_ip_tcp". Additional Data: Error Value: 1703.

Log: 'System' Date/Time: 19/09/2012 4:45:57 PM
Type: Critical Category: 404
Event: 404 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service has encountered RPC initialization error in "RpcServerUseProtseq:ncacn_ip_tcp". Additional Data: Error Value: 1703.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/09/2012 5:37:01 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:37:00 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:37:00 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:37:00 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:37:00 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:37:00 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:37:00 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:59 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:59 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:59 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:59 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:59 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:58 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:58 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:58 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:58 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:58 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:57 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:57 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

Log: 'System' Date/Time: 20/09/2012 5:36:57 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/09/2012 10:17:59 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 19/09/2012 9:44:21 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 19/09/2012 9:32:16 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

#8
RKinner

Posted 20 September 2012 - 08:52 AM

Malware Expert

Expert
24,459 posts

The first time we ran OTL we had this in the winsock section:

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

Now we are getting this:

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysNative\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\windows\SysNative\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\windows\SysNative\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysWow64\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\windows\SysWow64\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\windows\SysWow64\rsvpsp.dll File not found

nwprovau.dll is an old protocol that is not used any more. It is often missing and never seems to hurt anything.

rsvpsp.dll is still important tho I am not exactly sure what it does so I expect it being missing is the problem. The odd thing is that Combofix did not touch it. Seems more likely that TDSSKiller might have removed something tho.

When you ran sfc /scannow did it complain that it could not fix everything?

Let's see if we can find another.

Copy the text in the code box:

/md5start
rsvpsp.dll
nwprovau.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.

Also let me look at your winsock2 entries in the registry:

Copy the next 3 lines:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters > %userprofile%\Desktop\winsock2.txt
net start >> %userprofile%\Desktop\winsock2.txt
ipconfig /all %userprofile%\Desktop\winsock2.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter. This should create a file winsock2.txt on your desktop. Please Attach it to your next post.

#9
maverick0987

Posted 20 September 2012 - 09:32 AM

Member

Topic Starter
Member
48 posts

Ron,

"Windows Rsc Protection did not find any integrity violations." I have also checked to make sure all the necessary services were enabled and started. Thanks again! Should I reinstall the wireless driver?

OTL:

OTL logfile created on: 20/09/2012 11:02:40 AM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 22.00% Memory free
8.00 Gb Paging File | 1.00 Gb Available in Paging File | 18.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 241.24 Gb Free Space | 85.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 118.48 Mb Total Space | 70.19 Mb Free Space | 59.24% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (SafeList) ==========

MOD - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/03/29 00:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/13 15:18:49 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/05 00:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 21:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/09 15:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 05:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 19:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:57 | 000,000,000 | ---D | M]

[2012/08/16 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/16 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 17:51:23 | 000,002,566 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\askcom.xml
[2012/08/16 22:32:01 | 000,002,339 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\Search.xml
[2012/08/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/19 03:06:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2012/09/12 20:29:25 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysNative\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\windows\SysNative\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\windows\SysNative\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysWow64\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\windows\SysWow64\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\windows\SysWow64\rsvpsp.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 09:11:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/20 09:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2012/09/20 09:05:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/09/20 01:36:09 | 000,061,440 | ---- | C] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2012/09/19 17:32:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/19 17:16:33 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/19 12:44:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/19 03:24:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/19 02:56:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/19 02:56:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/19 02:50:02 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:54 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:37:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:37:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\OTL
[2012/09/19 02:32:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/18 02:16:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/09/14 09:51:48 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/13 15:18:49 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/09/13 15:18:49 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/13 15:18:26 | 009,575,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Owner\Desktop\install_flash_player_ax.exe
[2012/09/13 09:35:12 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/09/13 09:35:12 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10level9.dll
[2012/09/13 09:35:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
[2012/09/13 09:35:11 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/09/13 09:35:11 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/12 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
[2012/09/10 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Webroot
[2012/08/31 05:45:17 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012/08/26 16:22:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/26 16:22:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/26 16:22:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/26 16:22:25 | 002,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll
[2012/08/26 16:22:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/26 16:22:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/26 16:22:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/26 16:22:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/26 16:22:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/26 16:22:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/26 16:22:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/26 16:22:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/26 16:22:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9.dll
[2012/08/26 16:22:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/26 16:22:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/26 16:21:55 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/26 16:21:37 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/26 16:21:37 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/26 16:21:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/26 16:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/26 16:21:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/26 16:21:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/21 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSpeedUp
[2012/08/21 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2012/08/21 18:06:17 | 000,000,000 | ---D | C] -- C:\windows\pss
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/20 11:06:39 | 004,456,448 | --S- | M] () -- C:\Users\Owner\ntuser.dat
[2012/09/20 11:05:19 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 11:05:19 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 11:04:29 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/20 11:04:29 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/20 11:04:29 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/20 10:36:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/20 09:19:23 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/09/20 01:58:47 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 01:52:32 | 002,856,174 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2012/09/19 17:12:48 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2012/09/19 11:08:14 | 000,061,440 | ---- | M] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2012/09/19 03:06:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/09/19 02:50:02 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:55 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:43:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 02:37:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:36:06 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 02:36:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 15:21:14 | 000,010,640 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:43 | 000,077,616 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 13:28:54 | 000,153,053 | ---- | M] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 13:28:54 | 000,107,384 | ---- | M] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/14 12:51:34 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/13 15:18:49 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/09/13 15:18:49 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/13 15:18:26 | 009,575,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Owner\Desktop\install_flash_player_ax.exe
[2012/09/13 14:47:33 | 005,507,000 | ---- | M] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:29:05 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/12 20:24:17 | 000,233,193 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:27 | 000,007,605 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/27 07:25:39 | 000,369,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/22 14:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/08/22 14:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/19 02:56:48 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/19 02:56:48 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/19 02:56:48 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/19 02:56:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/19 02:56:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/14 15:21:13 | 000,010,640 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:40 | 000,077,616 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 12:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:53:56 | 000,153,053 | ---- | C] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 09:53:56 | 000,107,384 | ---- | C] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/13 15:18:49 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/13 14:47:33 | 005,507,000 | ---- | C] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:24:17 | 000,233,193 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:20 | 000,007,605 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/01/16 14:18:56 | 000,744,880 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

WINSOCK2.txt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters
NameSpace_Callout REG_EXPAND_SZ %SystemRoot%\System32\fwpuclnt.dll
WinSock_Registry_Version REG_SZ 2.0
AutodialDLL REG_SZ rasadhlp.dll
Current_NameSpace_Catalog REG_SZ NameSpace_Catalog5
Current_Protocol_Catalog REG_SZ Protocol_Catalog9

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
These Windows services are started:

Application Information
Application Virtualization Client
Application Virtualization Service Agent
Background Intelligent Transfer Service
Base Filtering Engine
Client Virtualization Handler
CNG Key Isolation
COM+ Event System
Common Client Job Manager Service
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Distributed Link Tracking Client
DNS Client
Extensible Authentication Protocol
Group Policy Client
Human Interface Device Access
Intel® Management and Security Application Local Management Service
Intel® Management and Security Application User Notification Service
IP Helper
IPsec Policy Agent
Kaspersky Anti-Virus Service
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Plug and Play
Power
Print Spooler
Program Compatibility Assistant Service
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Superfetch
System Event Notification Service
TCP/IP NetBIOS Helper
Themes
TOSHIBA Optical Disc Drive Service
TOSHIBA Power Saver
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Defender
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Live ID Sign-in Assistant
Windows Management Instrumentation
Windows Modules Installer
Windows Search
Windows Update
WLAN AutoConfig
Workstation

The command completed successfully.

#10
maverick0987

Posted 20 September 2012 - 09:35 AM

Member

Topic Starter
Member
48 posts

BTW,

I remember now, on the "netsh winsock reset catalog" command the response was "Access is Denied"

Just an afterthought

#11
RKinner

Posted 20 September 2012 - 10:25 AM

Malware Expert

Expert
24,459 posts

Apparently neither of the files is present on your PC.

I messed up the reg query and left off "/s" so it didn't show me what I wanted. Let's try it again and I will let it export the whole key so I will get all of it and can make changes.

I suppose you are retyping it so we will make it a bit easier:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

reg  export  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2  \junk.txt
ipconfig  /all  >>  \junk.txt
netsh  winsock  show  catalog  >>  \junk.txt

(I use two spaces where 1 space is needed so you will be able to see where the space goes.)

Attach the file c:\junk.txt

The denied error with the winsock command explains why it didn't change. Hopefully you did it in an elevated command prompt (like the above).

If you type

regedit

in the Command Window it should bring up the registry editor. Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\

Then right click on Winsock2 and select Permissions. Click on Administrators then look below. Full Control and Read should be checked under Allow. Are they? Cancel the Permissions box. Under Winsock2 should be a Parameters key. Right click on it and check the Permissions as above.

#12
maverick0987

Posted 20 September 2012 - 10:50 AM

Member

Topic Starter
Member
48 posts

Ron,

I updated the permissions. Neither of the boxes under administrator for "allow" were selected so I checked both of the boxes.

Thanks so much for sticking with me!

REG:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters]
"NameSpace_Callout"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,66,00,77,00,70,00,75,00,63,00,6c,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\AppId_Catalog]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\AppId_Catalog\05F30F1B-20668A9F]
"AppFullPath"="C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2012\\avp.exe"
"AppArgs"="-r"
"PermittedLspCategories"=dword:80000004

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\AppId_Catalog\06EBDCB1]
"AppFullPath"="C:\\Windows\\system32\\wininit.exe"
"PermittedLspCategories"=dword:80000040

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k NetworkService"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalServiceNetworkRestricted"
"PermittedLspCategories"=dword:80000040

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalServiceAndNoImpersonation"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0]
"AppFullPath"="C:\\Windows\\system32\\svchost.exe"
"AppArgs"="-k LocalService"
"PermittedLspCategories"=dword:80000044

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\\Windows\\system32\\lsass.exe"
"PermittedLspCategories"=dword:80000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000004
"Serial_Access_Num"=dword:00000005
"Num_Catalog_Entries64"=dword:00000008

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Tcpip"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="NLA-navneområde (Network Location Awareness)"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\\System32\\nwprovau.dll"
"DisplayString"="NWLink IPX/SPX/NetBIOS Compatible Transport Protocol"
"ProviderId"=hex:f0,aa,2d,e0,9f,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:00000001
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007]
"LibraryPath"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WLIDNSP.DLL"
"DisplayString"="WindowsLive NSP"
"ProviderId"=hex:e9,dd,77,41,28,60,9e,47,b7,b7,03,59,1a,63,ff,3a
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008]
"LibraryPath"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WLIDNSP.DLL"
"DisplayString"="WindowsLive Local NSP"
"ProviderId"=hex:2c,2a,9f,22,18,5f,06,4a,8f,89,3a,37,21,70,62,4d
"SupportedNameSpace"=dword:00000013
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="%SystemRoot%\\system32\\NLAapi.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007]
"LibraryPath"="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDNSP.DLL"
"DisplayString"="WindowsLive NSP"
"ProviderId"=hex:e9,dd,77,41,28,60,9e,47,b7,b7,03,59,1a,63,ff,3a
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008]
"LibraryPath"="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDNSP.DLL"
"DisplayString"="WindowsLive Local NSP"
"ProviderId"=hex:2c,2a,9f,22,18,5f,06,4a,8f,89,3a,37,21,70,62,4d
"SupportedNameSpace"=dword:00000013
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9]
"Next_Catalog_Entry_ID"=dword:00000406
"Num_Catalog_Entries"=dword:0000001d
"Serial_Access_Num"=dword:00000007
"Num_Catalog_Entries64"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fc,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,77,00,6c,00,6e,00,6b,00,4e,00,62,00,5d,00,20,00,53,00,45,\
00,51,00,50,00,41,00,43,00,4b,00,45,00,54,00,20,00,34,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fc,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,77,00,6c,00,6e,00,6b,00,4e,00,62,00,5d,00,20,00,44,00,41,\
00,54,00,41,00,47,00,52,00,41,00,4d,00,20,00,34,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fb,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,36,00,32,00,33,00,32,00,36,00,33,00,43,00,41,00,2d,00,\
34,00,34,00,36,00,43,00,2d,00,34,00,45,00,43,00,43,00,2d,00,42,00,31,00,37,\
00,33,00,2d,00,39,00,37,00,37,00,36,00,44,00,31,00,34,00,44,00,34,00,42,00,\
32,00,45,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,\
00,54,00,20,00,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fb,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,36,00,32,00,33,00,32,00,36,00,33,00,43,00,41,00,2d,00,\
34,00,34,00,36,00,43,00,2d,00,34,00,45,00,43,00,43,00,2d,00,42,00,31,00,37,\
00,33,00,2d,00,39,00,37,00,37,00,36,00,44,00,31,00,34,00,44,00,34,00,42,00,\
32,00,45,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,\
00,20,00,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fa,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,46,00,35,00,32,00,45,00,42,00,34,00,44,00,36,00,2d,00,\
36,00,41,00,38,00,38,00,2d,00,34,00,32,00,39,00,32,00,2d,00,38,00,42,00,43,\
00,41,00,2d,00,38,00,45,00,39,00,43,00,36,00,45,00,39,00,37,00,31,00,45,00,\
43,00,41,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,\
00,54,00,20,00,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f1,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fa,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,46,00,35,00,32,00,45,00,42,00,34,00,44,00,36,00,2d,00,\
36,00,41,00,38,00,38,00,2d,00,34,00,32,00,39,00,32,00,2d,00,38,00,42,00,43,\
00,41,00,2d,00,38,00,45,00,39,00,43,00,36,00,45,00,39,00,37,00,31,00,45,00,\
43,00,41,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,\
00,20,00,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,f9,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,31,00,41,00,41,00,35,00,45,00,46,00,32,00,36,00,2d,00,\
33,00,38,00,33,00,32,00,2d,00,34,00,39,00,33,00,41,00,2d,00,41,00,41,00,36,\
00,32,00,2d,00,45,00,33,00,36,00,30,00,34,00,36,00,41,00,37,00,38,00,32,00,\
32,00,44,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,\
00,54,00,20,00,37,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f3,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,f9,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,31,00,41,00,41,00,35,00,45,00,46,00,32,00,36,00,2d,00,\
33,00,38,00,33,00,32,00,2d,00,34,00,39,00,33,00,41,00,2d,00,41,00,41,00,36,\
00,32,00,2d,00,45,00,33,00,36,00,30,00,34,00,36,00,41,00,37,00,38,00,32,00,\
32,00,44,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,\
00,20,00,37,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f4,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,46,00,35,00,32,00,45,00,42,00,34,00,44,00,36,00,2d,00,36,00,\
41,00,38,00,38,00,2d,00,34,00,32,00,39,00,32,00,2d,00,38,00,42,00,43,00,41,\
00,2d,00,38,00,45,00,39,00,43,00,36,00,45,00,39,00,37,00,31,00,45,00,43,00,\
41,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f5,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,46,00,35,00,32,00,45,00,42,00,34,00,44,00,36,00,2d,00,36,00,\
41,00,38,00,38,00,2d,00,34,00,32,00,39,00,32,00,2d,00,38,00,42,00,43,00,41,\
00,2d,00,38,00,45,00,39,00,43,00,36,00,45,00,39,00,37,00,31,00,45,00,43,00,\
41,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f6,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,36,00,32,00,33,00,32,00,36,00,33,00,43,00,41,00,2d,00,34,00,\
34,00,36,00,43,00,2d,00,34,00,45,00,43,00,43,00,2d,00,42,00,31,00,37,00,33,\
00,2d,00,39,00,37,00,37,00,36,00,44,00,31,00,34,00,44,00,34,00,42,00,32,00,\
45,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f7,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,36,00,32,00,33,00,32,00,36,00,33,00,43,00,41,00,2d,00,34,00,\
34,00,36,00,43,00,2d,00,34,00,45,00,43,00,43,00,2d,00,42,00,31,00,37,00,33,\
00,2d,00,39,00,37,00,37,00,36,00,44,00,31,00,34,00,44,00,34,00,42,00,32,00,\
45,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,44,00,42,00,34,00,39,00,33,00,34,00,43,00,46,00,2d,00,38,00,\
43,00,37,00,44,00,2d,00,34,00,38,00,41,00,32,00,2d,00,42,00,34,00,30,00,36,\
00,2d,00,44,00,39,00,34,00,42,00,34,00,43,00,36,00,37,00,35,00,36,00,35,00,\
42,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,44,00,42,00,34,00,39,00,33,00,34,00,43,00,46,00,2d,00,38,00,\
43,00,37,00,44,00,2d,00,34,00,38,00,41,00,32,00,2d,00,42,00,34,00,30,00,36,\
00,2d,00,44,00,39,00,34,00,42,00,34,00,43,00,36,00,37,00,35,00,36,00,35,00,\
42,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fa,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,37,00,31,00,32,00,33,00,32,00,32,00,32,00,2d,00,43,00,\
39,00,31,00,36,00,2d,00,34,00,32,00,45,00,45,00,2d,00,39,00,42,00,31,00,37,\
00,2d,00,36,00,44,00,44,00,32,00,44,00,30,00,41,00,41,00,42,00,36,00,46,00,\
32,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,37,00,31,00,32,00,33,00,32,00,32,00,32,00,2d,00,43,00,\
39,00,31,00,36,00,2d,00,34,00,32,00,45,00,45,00,2d,00,39,00,42,00,31,00,37,\
00,2d,00,36,00,44,00,44,00,32,00,44,00,30,00,41,00,41,00,42,00,36,00,46,00,\
32,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,40,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,fc,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,02,00,00,00,e8,03,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
40,02,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,69,00,70,00,78,00,20,00,5b,00,49,00,50,00,58,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,1e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,03,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,05,00,00,00,e8,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
ff,ff,ff,ff,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,1e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,01,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,01,00,00,00,e8,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,5d,00,20,00,\
5b,00,50,00,73,00,65,00,75,00,64,00,6f,00,20,00,53,00,74,00,72,00,65,00,61,\
00,6d,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,3e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,03,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,05,00,00,00,e9,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
ff,ff,ff,ff,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,20,00,49,00,\
49,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,3e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,01,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,\
48,a1,92,00,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,\
00,0e,00,00,00,01,00,00,00,e9,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,\
00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,20,00,49,00,\
49,00,5d,00,20,00,5b,00,50,00,73,00,65,00,75,00,64,00,6f,00,20,00,53,00,74,\
00,72,00,65,00,61,00,6d,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,01,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,76,00,36,00,\
5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,02,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,76,00,36,00,\
5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,c0,b0,ea,f9,d4,26,d0,11,bb,bf,00,aa,00,\
6c,34,e4,03,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,17,00,00,00,1c,00,00,\
00,1c,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
f7,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,76,00,36,00,\
5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,04,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,55,00,44,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,18,44,19,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,98,\
13,19,00,ee,cf,90,7c,b8,77,13,00,78,01,15,00,61,f6,90,7c,a0,13,19,00,ce,dd,\
90,7c,10,44,19,00,08,00,00,00,78,01,15,00,bb,04,00,00,a8,1a,19,00,78,01,15,\
00,40,13,19,00,48,13,19,00,90,78,13,00,78,01,15,00,90,78,13,00,81,09,91,7c,\
08,06,15,00,5d,00,91,7c,00,00,00,00,d8,f9,18,00,00,00,00,00,00,00,00,00,3c,\
05,00,00,f8,77,13,00,00,00,00,00,b8,00,91,7c,e8,f9,18,00,c4,78,13,00,41,00,\
91,7c,68,08,15,00,5d,00,91,7c,00,00,15,00,78,ad,18,00,00,00,00,00,e8,78,13,\
00,78,01,15,00,e8,78,13,00,81,09,91,7c,08,06,15,00,5d,00,91,7c,00,00,00,00,\
2d,ff,90,7c,00,00,00,00,00,00,00,00,68,f6,90,7c,78,ad,18,00,78,01,15,00,5b,\
d7,dd,77,80,ad,18,00,00,00,00,00,e6,f9,18,00,48,05,00,00,18,44,19,00,00,00,\
00,00,10,44,19,00,00,00,00,00,00,00,00,00,48,05,00,00,c0,78,13,00,38,d8,dd,\
77,48,05,00,00,9c,78,13,00,78,01,15,00,18,4c,00,00,4a,d8,dd,77,48,13,19,00,\
e6,f9,18,00,27,00,00,00,1a,00,1c,00,6c,5d,a6,71,00,00,00,00,90,78,13,00,08,\
78,13,00,00,00,15,00,78,17,df,77,50,d8,dd,77,ff,ff,ff,ff,00,00,00,00,00,00,\
00,00,48,05,01,01,83,09,00,00,2c,78,13,00,fa,cf,90,7c,b0,ff,13,00,20,e9,90,\
7c,60,00,91,7c,ff,ff,ff,ff,5d,00,91,7c,91,30,a7,71,00,00,15,00,00,00,00,00,\
80,ad,18,00,00,00,00,00,cc,05,e0,66,b0,30,a7,71,94,7b,13,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,6c,73,5c,56,53,6f,63,6b,20,\
53,44,4b,5c,62,69,6e,5c,77,69,6e,33,32,5c,76,73,6f,63,6b,6c,69,62,2e,64,6c,\
6c,00,34,00,34,00,41,00,33,00,33,00,00,00,02,00,44,00,46,00,0c,00,0c,00,9d,\
01,0d,02,30,51,30,2c,06,0a,2b,06,01,04,01,3f,37,02,01,19,a2,1e,3f,1c,00,3c,\
00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,\
3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,04,d0,5b,5f,c9,76,44,35,06,\
a2,1d,5c,3f,6f,3f,59,60,14,4a,33,3c,46,c9,81,71,0c,00,18,00,3f,01,0c,02,30,\
52,1e,4c,00,7b,00,44,00,45,00,33,00,35,00,31,00,41,00,34,00,32,00,2d,00,38,\
00,45,00,35,00,39,00,2d,00,31,00,31,00,44,00,30,00,2d,00,38,00,43,00,34,00,\
37,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,05,04,00,00,01,00,00,00,f8,74,18,00,98,f9,18,00,48,13,19,00,80,ad,\
18,00,e6,f9,18,00,44,05,00,00,00,00,00,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,54,00,43,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,00,00,15,00,22,02,91,7c,03,00,00,00,18,07,15,\
00,00,00,15,00,00,ad,18,00,bc,79,13,00,22,02,91,7c,00,7c,13,00,20,e9,90,7c,\
28,02,91,7c,ff,ff,ff,ff,22,02,91,7c,9b,01,91,7c,db,01,91,7c,61,ac,80,7c,34,\
7b,13,00,6e,d9,90,7c,74,7a,13,00,30,7a,13,00,5c,f6,90,7c,61,f6,90,7c,74,7a,\
13,00,6e,d9,90,7c,34,7b,13,00,0c,7a,13,00,7a,d9,90,7c,b0,ff,13,00,20,e9,90,\
7c,68,f6,90,7c,ff,ff,ff,ff,61,f6,90,7c,eb,6f,dd,77,00,00,00,00,00,00,00,00,\
d0,9b,18,00,f6,6f,dd,77,58,7b,13,00,54,05,00,00,50,7b,13,00,48,7b,13,00,54,\
05,00,00,d0,9b,18,00,74,7a,13,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,01,00,00,00,24,00,00,00,50,00,72,00,6f,00,74,00,6f,00,63,\
00,6f,00,6c,00,5f,00,43,00,61,00,74,00,61,00,6c,00,6f,00,67,00,39,00,00,00,\
d4,7a,13,00,5c,f6,90,7c,61,f6,90,7c,00,00,00,00,54,7b,13,00,2d,f6,90,7c,b0,\
7a,13,00,b4,7a,13,00,1c,7b,13,00,20,e9,90,7c,68,f6,90,7c,ff,ff,ff,ff,61,f6,\
90,7c,4e,6a,dd,77,87,6a,dd,77,2c,4d,df,66,60,05,00,00,06,00,00,00,18,00,00,\
00,60,05,00,00,54,7b,13,00,40,00,00,00,00,00,00,00,00,00,00,00,25,9a,00,00,\
40,7b,13,00,8b,70,dd,77,54,05,00,00,34,7b,13,00,58,7b,13,00,d0,9b,18,00,50,\
7b,13,00,48,7b,13,00,08,00,00,00,00,00,00,00,ff,6f,dd,77,30,00,32,00,54,4d,\
df,66,00,00,00,00,78,7b,13,00,6e,dc,df,66,24,00,00,00,54,4d,df,66,24,00,00,\
00,70,7b,13,00,01,00,00,00,74,7b,13,00,00,00,00,00,cc,05,e0,66,00,00,00,00,\
d0,9b,18,00,01,00,00,00,16,d6,00,00,a8,7b,13,00,44,dd,df,66

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64]

਍楗摮睯⁳偉䌠湯楦畧慲楴湯਍਍†䠠獯⁴慎敭⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠㨠传湷牥倭ൃ †牐浩牡⁹湄⁳畓晦硩†›਍†丠摯⁥祔数⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠㨠唠歮潮湷਍†䤠⁐潒瑵湩⁧湅扡敬⹤⸠⸠⸠⸠⸠⸠⸠㨠丠൯ †䥗华倠潲祸䔠慮汢摥›潎਍਍楗敲敬獳䰠乁愠慤瑰牥圠物汥獥⁳敎睴牯⁫潃湮捥楴湯㈠ഺഊ †敍楤⁡瑓瑡⁥›敍楤⁡楤捳湯敮瑣摥਍†䌠湯敮瑣潩⵮灳捥晩捩䐠华匠晵楦⁸⸠㨠ഠ †敄捳楲瑰潩⁮›楍牣獯景⁴楖瑲慵⁬楗楆䴠湩灩牯⁴摁灡整൲ †桐獹捩污䄠摤敲獳›ぅ䌭ⵁ㐹㤭ⵃ〰㔭ൄ †䡄偃䔠慮汢摥›教൳ †畁潴潣普杩牵瑡潩⁮湅扡敬⁤›教൳ഊ䔊桴牥敮⁴摡灡整⁲潌慣⁬牁慥䌠湯敮瑣潩㩮਍਍†䴠摥慩匠慴整⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠㨠䴠摥慩搠獩潣湮捥整൤ †潃湮捥楴湯猭数楣楦⁣乄⁓畓晦硩†›㄰〱⸸敧步氮捯污਍†䐠獥牣灩楴湯⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠㨠䄠桴牥獯䄠㡒㔱⼲ㄸ㠵倠䥃䔭䘠獡⁴瑅敨湲瑥䌠湯牴汯敬⁲丨䥄⁓⸶〲ഩ †桐獹捩污䄠摤敲獳›〰㈭ⴶ䌶䔭ⴸ䐵㐭വ †䡄偃䔠慮汢摥›教൳ †畁潴潣普杩牵瑡潩⁮湅扡敬⁤›教൳ഊ圊物汥獥⁳䅌⁎摡灡整⁲楗敲敬獳丠瑥潷歲䌠湯敮瑣潩㩮਍਍†䴠摥慩匠慴整⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠㨠䴠摥慩搠獩潣湮捥整൤ †潃湮捥楴湯猭数楣楦⁣乄⁓畓晦硩†›਍†䐠獥牣灩楴湯⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠㨠删慥瑬步删䱔ㄸ㠸䕃圠物汥獥⁳䅌⁎〸⸲ㄱ⁮䍐ⵉ⁅䥎ൃ †桐獹捩污䄠摤敲獳›ぅ䌭ⵁ㐹㤭ⵃ〰㔭ൄ †䡄偃䔠慮汢摥›教൳ †畁潴潣普杩牵瑡潩⁮湅扡敬⁤›教൳ഊ吊湵敮⁬摡灡整⁲獩瑡灡笮䌸㍅㤹䔶㔭㕁ⵁ㈴䉃䈭䍅ⴱ䈵䅂䘶䘹㑄ㄸ㩽਍਍†䴠摥慩匠慴整⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠㨠䴠摥慩搠獩潣湮捥整൤ †潃湮捥楴湯猭数楣楦⁣乄⁓畓晦硩†›਍†䐠獥牣灩楴湯⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠⸠㨠䴠捩潲潳瑦䤠䅓䅔⁐摁灡整൲ †桐獹捩污䄠摤敲獳›〰〭ⴰ〰〭ⴰ〰〭ⴰ〰䔭ര †䡄偃䔠慮汢摥›潎਍†䄠瑵捯湯楦畧慲楴湯䔠慮汢摥⸠⸠⸠⸠㨠夠獥਍਍畔湮汥愠慤瑰牥椠慳慴⹰㡻䄷䐰䈷ⴲ䕅㌸㐭㡅ⵁ㉁䔸㠭䍂㤰㥁䐱䑃絁ഺഊ †敍楤⁡瑓瑡⁥›敍楤⁡楤捳湯敮瑣摥਍†䌠湯敮瑣潩⵮灳捥晩捩䐠华匠晵楦⁸⸠㨠ഠ †敄捳楲瑰潩⁮›楍牣獯景⁴卉呁偁䄠慤瑰牥⌠ല †桐獹捩污䄠摤敲獳›〰〭ⴰ〰〭ⴰ〰〭ⴰ〰䔭ര †䡄偃䔠慮汢摥›潎਍†䄠瑵捯湯楦畧慲楴湯䔠慮汢摥⸠⸠⸠⸠㨠夠獥਍਍畔湮汥愠慤瑰牥吠牥摥⁯畔湮汥湩⁧獐略潤䤭瑮牥慦散ഺഊ †敍楤⁡瑓瑡⁥›敍楤⁡楤捳湯敮瑣摥਍†䌠湯敮瑣潩⵮灳捥晩捩䐠华匠晵楦⁸⸠㨠ഠ †敄捳楲瑰潩⁮›敔敲潤吠湵敮楬杮倠敳摵ⵯ湉整晲捡൥ †桐獹捩污䄠摤敲獳›〰〭ⴰ〰〭ⴰ〰〭ⴰ〰䔭ര †䡄偃䔠慮汢摥›潎਍†䄠瑵捯湯楦畧慲楴湯䔠慮汢摥⸠⸠⸠⸠㨠夠獥਍਍畔湮汥愠慤瑰牥椠慳慴⹰㄰〱⸸敧步氮捯污ഺഊ †敍楤⁡瑓瑡⁥›敍楤⁡楤捳湯敮瑣摥਍†䌠湯敮瑣潩⵮灳捥晩捩䐠华匠晵楦⁸⸠㨠ഠ †敄捳楲瑰潩⁮›楍牣獯景⁴卉呁偁䄠慤瑰牥⌠ള †桐獹捩污䄠摤敲獳›〰〭ⴰ〰〭ⴰ〰〭ⴰ〰䔭ര †䡄偃䔠慮汢摥›潎਍†䄠瑵捯湯楦畧慲楴湯䔠慮汢摥⸠⸠⸠⸠㨠夠獥਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄捔楰⁰呛偃䤯嵐਍牐癯摩牥䤠㩄††††††††††††䕻〷ㅆ䅁ⴰ䉁䈸ㄭ䌱ⵆ䌸㍁〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ〰റ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††ല䴊硡䄠摤敲獳䰠湥瑧㩨††††††††ㄠശ䴊湩䄠摤敲獳䰠湥瑧㩨††††††††ㄠശ匊捯敫⁴祔数›†††††††††††ㄠ਍牐瑯捯汯›†††††††††††††ശ匊牥楶散䘠慬獧›††††††††††〠㉸〰㘶਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆吠灣灩嬠䑕⽐偉൝倊潲楶敤⁲䑉›†††††††††††笠㝅䘰䄱ぁ䄭㡂ⵂㄱ䙃㠭䅃ⴳ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㈰਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††㈠਍慍⁸摁牤獥⁳敌杮桴›††††††††㘱਍楍⁮摁牤獥⁳敌杮桴›††††††††㘱਍潓正瑥吠灹㩥††††††††††††ല倊潲潴潣㩬†††††††††††††ㄠഷ匊牥楶散䘠慬獧›††††††††††〠㉸㘰㤰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆吠灣灩嬠䅒⽗偉൝倊潲楶敤⁲䑉›†††††††††††笠㝅䘰䄱ぁ䄭㡂ⵂㄱ䙃㠭䅃ⴳ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㌰਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††㈠਍慍⁸摁牤獥⁳敌杮桴›††††††††㘱਍楍⁮摁牤獥⁳敌杮桴›††††††††㘱਍潓正瑥吠灹㩥††††††††††††ള倊潲潴潣㩬†††††††††††††〠਍敓癲捩⁥汆条㩳†††††††††††砰〲〶ഹ倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜汷歮扎⁝䕓偑䍁䕋⁔ഴ倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㐰਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㔠਍牐瑯捯汯›†††††††††††††㐭਍敓癲捩⁥汆条㩳†††††††††††砰〲〰൥倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜汷歮扎⁝䅄䅔則䵁㐠਍牐癯摩牥䤠㩄††††††††††††㡻㕄ㅆ㌸ⴰ㉃㌷ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ〰വ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㜱਍慍⁸摁牤獥⁳敌杮桴›††††††††〲਍楍⁮摁牤獥⁳敌杮桴›††††††††〲਍潓正瑥吠灹㩥††††††††††††ല倊潲潴潣㩬†††††††††††††ⴠഴ匊牥楶散䘠慬獧›††††††††††〠㉸㈰㤰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆丠瑥䥂协嬠䑜癥捩履敎䉴彔捔楰㙰筟㈶㈳㌶䅃㐭㘴ⵃ䔴䍃䈭㜱ⴳ㜹㘷ㅄ䐴䈴䔲嵽匠充䅐䭃呅㔠਍牐癯摩牥䤠㩄††††††††††††㡻㕄ㅆ㌸ⴰ㉃㌷ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ〰ശ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㜱਍慍⁸摁牤獥⁳敌杮桴›††††††††〲਍楍⁮摁牤獥⁳敌杮桴›††††††††〲਍潓正瑥吠灹㩥††††††††††††വ倊潲潴潣㩬†††††††††††††ⴠവ匊牥楶散䘠慬獧›††††††††††〠㉸〰攰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆丠瑥䥂协嬠䑜癥捩履敎䉴彔捔楰㙰筟㈶㈳㌶䅃㐭㘴ⵃ䔴䍃䈭㜱ⴳ㜹㘷ㅄ䐴䈴䔲嵽䐠呁䝁䅒⁍വ倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㜰਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㈠਍牐瑯捯汯›†††††††††††††㔭਍敓癲捩⁥汆条㩳†††††††††††砰〲〲ഹ倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜瑥呂呟灣灩弶䙻㈵䉅䐴ⴶ䄶㠸㐭㤲ⴲ䈸䅃㠭㥅㙃㥅ㄷ䍅絁⁝䕓偑䍁䕋⁔ശ倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㠰਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㔠਍牐瑯捯汯›†††††††††††††㘭਍敓癲捩⁥汆条㩳†††††††††††砰〲〰൥倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜瑥呂呟灣灩弶䙻㈵䉅䐴ⴶ䄶㠸㐭㤲ⴲ䈸䅃㠭㥅㙃㥅ㄷ䍅絁⁝䅄䅔則䵁㘠਍牐癯摩牥䤠㩄††††††††††††㡻㕄ㅆ㌸ⴰ㉃㌷ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ〰ഹ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㜱਍慍⁸摁牤獥⁳敌杮桴›††††††††〲਍楍⁮摁牤獥⁳敌杮桴›††††††††〲਍潓正瑥吠灹㩥††††††††††††ല倊潲潴潣㩬†††††††††††††ⴠശ匊牥楶散䘠慬獧›††††††††††〠㉸㈰㤰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆丠瑥䥂协嬠䑜癥捩履敎䉴彔捔楰㙰筟䄱㕁䙅㘲㌭㌸ⴲ㤴䄳䄭㙁ⴲ㍅〶㘴㝁㈸䐲嵽匠充䅐䭃呅㜠਍牐癯摩牥䤠㩄††††††††††††㡻㕄ㅆ㌸ⴰ㉃㌷ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㄰ര嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㜱਍慍⁸摁牤獥⁳敌杮桴›††††††††〲਍楍⁮摁牤獥⁳敌杮桴›††††††††〲਍潓正瑥吠灹㩥††††††††††††വ倊潲潴潣㩬†††††††††††††ⴠഷ匊牥楶散䘠慬獧›††††††††††〠㉸〰攰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆丠瑥䥂协嬠䑜癥捩履敎䉴彔捔楰㙰筟䄱㕁䙅㘲㌭㌸ⴲ㤴䄳䄭㙁ⴲ㍅〶㘴㝁㈸䐲嵽䐠呁䝁䅒⁍ഷ倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱ㄱ਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㈠਍牐瑯捯汯›†††††††††††††㜭਍敓癲捩⁥汆条㩳†††††††††††砰〲〲ഹ倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜瑥呂呟灣灩筟㕆䔲㑂㙄㘭㡁ⴸ㈴㈹㠭䍂ⵁ䔸䌹䔶㜹䔱䅃嵽匠充䅐䭃呅〠਍牐癯摩牥䤠㩄††††††††††††㡻㕄ㅆ㌸ⴰ㉃㌷ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㄰ല嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㜱਍慍⁸摁牤獥⁳敌杮桴›††††††††〲਍楍⁮摁牤獥⁳敌杮桴›††††††††〲਍潓正瑥吠灹㩥††††††††††††വ倊潲潴潣㩬†††††††††††††ⴠㄲ㜴㠴㘳㠴਍敓癲捩⁥汆条㩳†††††††††††砰〲〰൥倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜瑥呂呟灣灩筟㕆䔲㑂㙄㘭㡁ⴸ㈴㈹㠭䍂ⵁ䔸䌹䔶㜹䔱䅃嵽䐠呁䝁䅒⁍ര倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㌱਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㈠਍牐瑯捯汯›†††††††††††††㈭㐱㐷㌸㐶സ匊牥楶散䘠慬獧›††††††††††〠㉸㈰㤰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆丠瑥䥂协嬠䑜癥捩履敎䉴彔捔楰彰㙻㌲㘲䌳ⵁ㐴䌶㐭䍅ⵃㅂ㌷㤭㜷䐶㐱㑄㉂絅⁝䕓偑䍁䕋⁔റ倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㐱਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㔠਍牐瑯捯汯›†††††††††††††ㄭ਍敓癲捩⁥汆条㩳†††††††††††砰〲〰൥倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜瑥呂呟灣灩筟㈶㈳㌶䅃㐭㘴ⵃ䔴䍃䈭㜱ⴳ㜹㘷ㅄ䐴䈴䔲嵽䐠呁䝁䅒⁍റ倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㔱਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㈠਍牐瑯捯汯›†††††††††††††ㄭ਍敓癲捩⁥汆条㩳†††††††††††砰〲〲ഹ倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜瑥呂呟灣灩筟䉄㤴㐳䙃㠭㝃ⵄ㠴㉁䈭〴ⴶ㥄䈴䌴㜶㘵䈵嵽匠充䅐䭃呅㈠਍牐癯摩牥䤠㩄††††††††††††㡻㕄ㅆ㌸ⴰ㉃㌷ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㄰ശ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㜱਍慍⁸摁牤獥⁳敌杮桴›††††††††〲਍楍⁮摁牤獥⁳敌杮桴›††††††††〲਍潓正瑥吠灹㩥††††††††††††വ倊潲潴潣㩬†††††††††††††ⴠല匊牥楶散䘠慬獧›††††††††††〠㉸〰攰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆丠瑥䥂协嬠䑜癥捩履敎䉴彔捔楰彰䑻㑂㌹䌴ⵆ䌸䐷㐭䄸ⴲ㑂㘰䐭㐹㑂㙃㔷㔶終⁝䅄䅔則䵁㈠਍牐癯摩牥䤠㩄††††††††††††㡻㕄ㅆ㌸ⴰ㉃㌷ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㄰ഷ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㜱਍慍⁸摁牤獥⁳敌杮桴›††††††††〲਍楍⁮摁牤獥⁳敌杮桴›††††††††〲਍潓正瑥吠灹㩥††††††††††††ല倊潲潴潣㩬†††††††††††††ⴠല匊牥楶散䘠慬獧›††††††††††〠㉸㈰㤰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆丠瑥䥂协嬠䑜癥捩履敎䉴彔捔楰彰䕻ㄷ㌲㈲ⴲ㥃㘱㐭䔲ⵅ䈹㜱㘭䑄䐲䄰䉁䘶紲⁝䕓偑䍁䕋⁔ള倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㠱਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㔠਍牐瑯捯汯›†††††††††††††㌭਍敓癲捩⁥汆条㩳†††††††††††砰〲〰൥倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄敎䉴佉⁓屛敄楶散乜瑥呂呟灣灩筟㝅㈱㈳㈲䌭ㄹⴶ㈴䕅㤭ㅂⴷ䐶㉄い䅁㙂㉆嵽䐠呁䝁䅒⁍ള倊潲楶敤⁲䑉›†††††††††††笠䐸䘵㠱〳䌭㜲ⴳㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㤱਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††ㄠഷ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠ര䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠ര匊捯敫⁴祔数›†††††††††††㈠਍牐瑯捯汯›†††††††††††††㌭਍敓癲捩⁥汆条㩳†††††††††††砰〲〲ഹ倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄睮湬楫硰嬠偉嵘਍牐癯摩牥䤠㩄††††††††††††ㅻ〱㠵㐲ⴰ䕂㜴ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㈰ര嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††ശ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††ㄠശ䴊湩䄠摤敲獳䰠湥瑧㩨††††††††ㄠഴ匊捯敫⁴祔数›†††††††††††㈠਍牐瑯捯汯›†††††††††††††〱〰਍敓癲捩⁥汆条㩳†††††††††††砰〲〶ഹ倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄睮湬獫硰嬠偓嵘਍牐癯摩牥䤠㩄††††††††††††ㅻ〱㠵㐲ⴱ䕂㜴ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㈰റ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††ശ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††ㄠശ䴊湩䄠摤敲獳䰠湥瑧㩨††††††††ㄠഴ匊捯敫⁴祔数›†††††††††††㔠਍牐瑯捯汯›†††††††††††††㈱㘵਍敓癲捩⁥汆条㩳†††††††††††砰〲㄰൥倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄睮湬獫硰嬠偓嵘嬠獐略潤匠牴慥嵭਍牐癯摩牥䤠㩄††††††††††††ㅻ〱㠵㐲ⴱ䕂㜴ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㈰ല嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††ശ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††ㄠശ䴊湩䄠摤敲獳䰠湥瑧㩨††††††††ㄠഴ匊捯敫⁴祔数›†††††††††††ㄠ਍牐瑯捯汯›†††††††††††††㈱㘵਍敓癲捩⁥汆条㩳†††††††††††砰〲㄰൥倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄睮湬獫硰嬠偓⁘䥉൝倊潲楶敤⁲䑉›†††††††††††笠ㄱ㔰㈸ㄴ䈭㑅ⴷㄱ䙃㤭䌵ⴸ〰〸䘵㠴ㅁ㈹ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㌲਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††㘠਍慍⁸摁牤獥⁳敌杮桴›††††††††㘱਍楍⁮摁牤獥⁳敌杮桴›††††††††㐱਍潓正瑥吠灹㩥††††††††††††വ倊潲潴潣㩬†††††††††††††ㄠ㔲ഷ匊牥楶散䘠慬獧›††††††††††〠㉸〰攳਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆渠汷歮灳⁸卛塐䤠嵉嬠獐略潤匠牴慥嵭਍牐癯摩牥䤠㩄††††††††††††ㅻ〱㠵㐲ⴱ䕂㜴ㄭ䌱ⵆ㔹㡃〭㠰㔰㑆䄸㤱紲਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㈰ഴ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††ശ䴊硡䄠摤敲獳䰠湥瑧㩨††††††††ㄠശ䴊湩䄠摤敲獳䰠湥瑧㩨††††††††ㄠഴ匊捯敫⁴祔数›†††††††††††ㄠ਍牐瑯捯汯›†††††††††††††㈱㜵਍敓癲捩⁥汆条㩳†††††††††††砰〲㌰൥倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄捔楰⁰呛偃䤯癐崶਍牐癯摩牥䤠㩄††††††††††††䙻䔹䉁䌰ⴰ㘲㑄ㄭ䐱ⴰ䉂䙂〭䄰ぁ㘰㍃䔴紴਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㈰വ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㌲਍慍⁸摁牤獥⁳敌杮桴›††††††††㠲਍楍⁮摁牤獥⁳敌杮桴›††††††††㠲਍潓正瑥吠灹㩥††††††††††††റ倊潲潴潣㩬†††††††††††††㘠਍敓癲捩⁥汆条㩳†††††††††††砰〲㘰ശ倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍楗獮捯⁫慃慴潬⁧牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍湅牴⁹祔数›††††††††††††慂敳匠牥楶散倠潲楶敤⁲㌨⤲਍敄捳楲瑰潩㩮††††††††††††卍䙁⁄捔楰⁰啛偄䤯癐崶਍牐癯摩牥䤠㩄††††††††††††䙻䔹䉁䌰ⴰ㘲㑄ㄭ䐱ⴰ䉂䙂〭䄰ぁ㘰㍃䔴紴਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獭獷捯⹫汤൬䌊瑡污杯䔠瑮祲䤠㩄†††††††††ㄠ㈰ശ嘊牥楳湯›†††††††††††††㈠਍摁牤獥⁳慆業祬›††††††††††㌲਍慍⁸摁牤獥⁳敌杮桴›††††††††㠲਍楍⁮摁牤獥⁳敌杮桴›††††††††㠲਍潓正瑥吠灹㩥††††††††††††ല倊潲潴潣㩬†††††††††††††ㄠഷ匊牥楶散䘠慬獧›††††††††††〠㉸㘰㤰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††䴠䅓䑆吠灣灩嬠䅒⽗偉㙶൝倊潲楶敤⁲䑉›†††††††††††笠㥆䅅あぃ㈭䐶ⴴㄱい䈭䉂ⵆ〰䅁〰䌶㐳㑅ൽ倊潲楶敤⁲慐桴›††††††††††┠祓瑳浥潒瑯尥祳瑳浥㈳浜睳潳正搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㜲਍敖獲潩㩮††††††††††††††ല䄊摤敲獳䘠浡汩㩹††††††††††㈠ള䴊硡䄠摤敲獳䰠湥瑧㩨††††††††㈠സ䴊湩䄠摤敲獳䰠湥瑧㩨††††††††㈠സ匊捯敫⁴祔数›†††††††††††㌠਍牐瑯捯汯›†††††††††††††ര匊牥楶散䘠慬獧›††††††††††〠㉸㘰㤰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††删噓⁐䑕⁐敓癲捩⁥牐癯摩牥਍牐癯摩牥䤠㩄††††††††††††㥻㙄䄰䔹ⴰ㌳䄷ㄭ䐱ⴰ䑂㠸〭〰䌰㠰䔲㤶絁਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獲灶灳搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㠲਍敖獲潩㩮††††††††††††††ശ䄊摤敲獳䘠浡汩㩹††††††††††㈠਍慍⁸摁牤獥⁳敌杮桴›††††††††㘱਍楍⁮摁牤獥⁳敌杮桴›††††††††㘱਍潓正瑥吠灹㩥††††††††††††ല倊潲潴潣㩬†††††††††††††ㄠഷ匊牥楶散䘠慬獧›††††††††††〠㉸㘲㤰਍牐瑯捯汯䌠慨湩䰠湥瑧㩨†††††††റഊ圊湩潳正䌠瑡污杯倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䔊瑮祲吠灹㩥††††††††††††䈠獡⁥敓癲捩⁥牐癯摩牥⠠㈳ഩ䐊獥牣灩楴湯›†††††††††††删噓⁐䍔⁐敓癲捩⁥牐癯摩牥਍牐癯摩牥䤠㩄††††††††††††㥻㙄䄰䔹ⴰ㌳䄷ㄭ䐱ⴰ䑂㠸〭〰䌰㠰䔲㤶絁਍牐癯摩牥倠瑡㩨†††††††††††匥獹整剭潯╴獜獹整㍭尲獲灶灳搮汬਍慃慴潬⁧湅牴⁹䑉›†††††††††〱㤲਍敖獲潩㩮††††††††††††††ശ䄊摤敲獳䘠浡汩㩹††††††††††㈠਍慍⁸摁牤獥⁳敌杮桴›††††††††㘱਍楍⁮摁牤獥⁳敌杮桴›††††††††㘱਍潓正瑥吠灹㩥††††††††††††റ倊潲潴潣㩬†††††††††††††㘠਍敓癲捩⁥汆条㩳†††††††††††砰㈲㘰ശ倊潲潴潣⁬桃楡⁮敌杮桴›††††††ㄠ਍਍慎敭匠慰散倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††丠瑥潷歲䰠捯瑡潩⁮睁牡湥獥⁳敌慧祣⠠䱎癁⤱丠浡獥慰散਍牐癯摩牥䤠㩄††††††††††††㙻㐶㈲㌴ⵁ䈳㡁㐭䅁ⴶ䅂㕁㈭ぅ䑂ㄷ䑆㡄紳਍慎敭匠慰散›††††††††††††㔱਍捁楴敶›††††††††††††††റ嘊牥楳湯›†††††††††††††〠਍਍਍慎敭匠慰散倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††䔠洭楡⁬慎業杮匠楨⁭牐癯摩牥਍牐癯摩牥䤠㩄††††††††††††㥻㐶䍁䅂ⴲ㉂䍂㐭䔰ⵂ䌸䄶䄭䐶㑂㄰ㄶ䅃絅਍慎敭匠慰散›††††††††††††㜳਍捁楴敶›††††††††††††††റ嘊牥楳湯›†††††††††††††〠਍਍਍慎敭匠慰散倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††倠剎⁐汃畯⁤慎敭灳捡⁥牐癯摩牥਍牐癯摩牥䤠㩄††††††††††††ほ䘳㡅䌹ⵅ㘷䐶㐭㜹ⴶ㥂ㅃ䈭㥂䍂㈴㝃㑂組਍慎敭匠慰散›††††††††††††㤳਍捁楴敶›††††††††††††††റ嘊牥楳湯›†††††††††††††〠਍਍਍慎敭匠慰散倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††倠剎⁐慎敭丠浡獥慰散倠潲楶敤൲倊潲楶敤⁲䑉›†††††††††††笠㌰䕆㤸䑃㜭㘶ⵄ㤴㘷䈭䌹ⴱ䉂䈹㑃䌲䈷䐴ൽ上浡⁥灓捡㩥††††††††††††㌠സ䄊瑣癩㩥††††††††††††††ㄠ਍敖獲潩㩮††††††††††††††രഊഊ上浡⁥灓捡⁥牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍敄捳楲瑰潩㩮††††††††††††捔楰൰倊潲楶敤⁲䑉›†††††††††††笠㈲㔰䐹〴㜭㥅ⵅㄱ䙃䄭㕅ⵁ〰䅁〰㝁ㄱ䈲ൽ上浡⁥灓捡㩥††††††††††††ㄠല䄊瑣癩㩥††††††††††††††ㄠ਍敖獲潩㩮††††††††††††††രഊഊ上浡⁥灓捡⁥牐癯摩牥䔠瑮祲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍敄捳楲瑰潩㩮††††††††††††呎卄਍牐癯摩牥䤠㩄††††††††††††㍻㉂㌶䔷ⵅ㕅〸ㄭ䌱ⵆ㕁㔵〭䌰㐰䑆䐸䄴絃਍慎敭匠慰散›††††††††††††㈳਍捁楴敶›††††††††††††††റ嘊牥楳湯›†††††††††††††〠਍਍਍慎敭匠慰散倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††圠湩潤獷楌敶丠偓਍牐癯摩牥䤠㩄††††††††††††㑻㜱䐷䕄ⴹ〶㠲㐭㤷ⵅ㝂㝂〭㔳ㄹ㙁䘳㍆絁਍慎敭匠慰散›††††††††††††㈱਍捁楴敶›††††††††††††††റ嘊牥楳湯›†††††††††††††ㄠ਍਍਍慎敭匠慰散倠潲楶敤⁲湅牴൹ⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††圠湩潤獷楌敶䰠捯污丠偓਍牐癯摩牥䤠㩄††††††††††††㉻㤲㉆㉁ⵃ䘵㠱㐭ぁⴶ䘸㤸㌭㍁㈷㜱㘰㐲組਍慎敭匠慰散›††††††††††††㤱਍捁楴敶›††††††††††††††റ嘊牥楳湯›†††††††††††††ㄠ਍਍਍慎敭匠慰散倠潲楶敤⁲湅牴⁹㌨⤲਍ⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍敄捳楲瑰潩㩮††††††††††††捔楰൰倊潲楶敤⁲䑉›†††††††††††笠㈲㔰䐹〴㜭㥅ⵅㄱ䙃䄭㕅ⵁ〰䅁〰㝁ㄱ䈲ൽ上浡⁥灓捡㩥††††††††††††ㄠല䄊瑣癩㩥††††††††††††††ㄠ਍敖獲潩㩮††††††††††††††രഊഊ上浡⁥灓捡⁥牐癯摩牥䔠瑮祲⠠㈳ഩⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††丠䑔൓倊潲楶敤⁲䑉›†††††††††††笠䈳㘲㜳䕅䔭㠵ⴰㄱ䙃䄭㔵ⴵ〰ぃ䘴㡄㑄䍁ൽ上浡⁥灓捡㩥††††††††††††㌠ല䄊瑣癩㩥††††††††††††††ㄠ਍敖獲潩㩮††††††††††††††രഊഊ上浡⁥灓捡⁥牐癯摩牥䔠瑮祲⠠㈳ഩⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††丠䅌渭癡敮浯虲敤⠠敎睴牯⁫潌慣楴湯䄠慷敲敮獳ഩ倊潲楶敤⁲䑉›†††††††††††笠㘶㈴㐲䄳㌭䅂ⴸ䄴㙁䈭䅁ⴵ䔲䈰㝄䘱䑄㌸ൽ上浡⁥灓捡㩥††††††††††††ㄠവ䄊瑣癩㩥††††††††††††††ㄠ਍敖獲潩㩮††††††††††††††രഊഊ上浡⁥灓捡⁥牐癯摩牥䔠瑮祲⠠㈳ഩⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭഭ䐊獥牣灩楴湯›†††††††††††丠䱗湩⁫偉⽘偓⽘敎䉴佉⁓潃灭瑡扩敬吠慲獮潰瑲倠潲潴潣൬倊潲楶敤⁲䑉›†††††††††††笠ぅ䐲䅁う㜭㥅ⵆㄱ䙃䄭㕅ⵁ〰䅁〰㝁ㄱ䈲ൽ上浡⁥灓捡㩥††††††††††††ㄠ਍捁楴敶›††††††††††††††റ嘊牥楳湯›†††††††††††††ㄠ਍਍਍

#13
RKinner

Posted 20 September 2012 - 11:26 AM

Malware Expert

Expert
24,459 posts

Something strange happened that time. Could you attach the file?

Try running the

netsh winsock reset catalog

again now that you have fixed the permissions. Make sure you:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

netsh winsock reset catalog

Do you still get an error? If not, reboot and run OTL, Quickscan and post the log.

#14
maverick0987

Posted 20 September 2012 - 11:35 AM

Member

Topic Starter
Member
48 posts

I'm leaving work for home...will post momentarily.

The 3 registry commands you gave me:

I typed them all in as individual commands

The 1st one responded with "Operation Completed Successfully"

The other 2 just paused for a moment and then gave me the command prompt with no response. What might that mean. Will re-attempt in a moment.

-J

#15
RKinner

Posted 20 September 2012 - 11:44 AM

Malware Expert

Expert
24,459 posts

The three commands probably worked. It's just that there should not be Chinese in the registry so either the file got garbled while moving to the other PC or there is something major wrong in the registry. Just attach the original file C:\junk.txt rather than opening and copy and pasting.

I'm hoping that now that you have fixed the permission problem that the command netsh winsock reset catalog will work and will fix the issue so make sure you try it and reboot before rerunning the three commands.