Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiSpyware Virus 2009 and Koobface?


  • This topic is locked This topic is locked
13 replies to this topic

#1 princessissues

princessissues

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:18 PM

Posted 10 December 2008 - 07:20 PM

For contextual information and discussion of problem plus what's been tried, please read this topic: http://www.bleepingcomputer.com/forums/t/185225/koobface-virus-and-antispyware-2009-virus-issues/ ~ Orange Blossom

Please find my HJThis Log Below:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Darlene Bristow at 2008-12-10 19:15:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 66 GB (61%) free of 108 GB
Total RAM: 1022 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:56 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWs\System32\smss.exe
C:\WINDOWs\system32\winlogon.exe
C:\WINDOWs\system32\services.exe
C:\WINDOWs\system32\lsass.exe
C:\WINDOWs\system32\Ati2evxx.exe
C:\WINDOWs\system32\svchost.exe
C:\WINDOWs\System32\svchost.exe
C:\WINDOWs\System32\WLTRYSVC.EXE
C:\WINDOWs\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWs\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWs\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWs\system32\svchost.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\WINDOWs\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWs\system32\Ati2evxx.exe
C:\WINDOWs\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWs\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWs\system32\rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe
C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\RFA\rfagent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWs\system32\ctfmon.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Darlene Bristow\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Darlene Bristow.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWs\stsystra.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] "C:\WINDOWs\system32\rundll32.exe" CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AppMgrGui] "C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWs\system32\ctfmon.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWs\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWs\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWs\SYSTEM32\ASWLNDLL.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWs\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWs\system32\fxssvc.exe (file missing)
O23 - Service: getPlus Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWs\System32\WLTRYSVC.EXE

--
End of file - 15822 bytes

======Scheduled tasks folder======

C:\WINDOWs\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-06 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-06 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-10 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-05 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-06 2055960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-10 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-22 1392640]
"SigmatelSysTrayApp"=C:\WINDOWs\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-02-20 1191936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2007-09-05 57344]
"MBMon"=C:\WINDOWs\system32\CTMBHA.DLL [2007-11-15 1346893]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"VoiceCenter"=C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2006-02-16 1118208]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-05-02 184320]
"lxcjmon.exe"=C:\Program Files\Lexmark 8300 Series\lxcjmon.exe [2005-09-30 200704]
"EzPrint"=C:\Program Files\Lexmark 8300 Series\ezprint.exe [2006-04-19 94208]
"AppMgrGui"=C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe [2006-09-27 24064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2008-08-18 532808]
"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712]
"rfagent"=C:\Program Files\RFA\rfagent.exe [2005-04-23 330240]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-06 1261336]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall getPlus for Adobe"=C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWs\system32\ctfmon.exe [2008-04-13 15360]
"filehippo.com"=C:\Program Files\filehippo.com\UpdateChecker.exe [2008-10-22 147968]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-26 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Darlene Bristow\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ASWLNDLL]
C:\WINDOWs\system32\ASWLNDLL.dll [2007-05-13 6656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWs\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-01 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWs\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 19:10:29 ----D---- C:\WINDOWs\LastGood
2008-12-10 18:53:43 ----A---- C:\java_ee_sdk-5_01-windows.exe
2008-12-10 18:41:17 ----D---- C:\rsit
2008-12-10 16:35:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-10 16:33:38 ----D---- C:\Program Files\Adobe
2008-12-10 16:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-10 15:43:58 ----HDC---- C:\WINDOWs\$NtUninstallKB955839$
2008-12-10 15:42:02 ----HDC---- C:\WINDOWs\$NtUninstallKB954600$
2008-12-10 15:35:15 ----HDC---- C:\WINDOWs\$NtUninstallKB952069_WM9$
2008-12-10 15:35:06 ----HDC---- C:\WINDOWs\$NtUninstallKB943729$
2008-12-10 15:35:03 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Windows Desktop Search
2008-12-10 15:34:35 ----HDC---- C:\WINDOWs\$NtUninstallKB940157$
2008-12-10 15:33:55 ----HDC---- C:\WINDOWs\$NtUninstallKB915800-v4$
2008-12-10 15:29:58 ----A---- C:\WINDOWs\imsins.BAK
2008-12-10 15:29:44 ----HDC---- C:\WINDOWs\$NtUninstallKB956802$
2008-12-10 15:27:33 ----HD---- C:\WINDOWs\$hf_mig$
2008-12-10 14:24:27 ----D---- C:\Program Files\Secunia
2008-12-10 12:16:19 ----A---- C:\WINDOWs\system32\javaws.exe
2008-12-10 12:16:19 ----A---- C:\WINDOWs\system32\deploytk.dll
2008-12-10 12:16:18 ----A---- C:\WINDOWs\system32\javaw.exe
2008-12-10 12:16:18 ----A---- C:\WINDOWs\system32\java.exe
2008-12-10 11:55:32 ----D---- C:\Program Files\filehippo.com
2008-12-09 17:56:54 ----HD---- C:\WINDOWs\system32\GroupPolicy
2008-12-09 17:37:54 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-09 17:37:43 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-09 17:37:43 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\SUPERAntiSpyware.com
2008-12-09 00:09:25 ----D---- C:\Program Files\XPMedic
2008-12-08 22:38:23 ----A---- C:\WINDOWs\system32\aswBoot.exe
2008-12-08 22:38:20 ----D---- C:\Program Files\Alwil Software
2008-12-07 11:47:45 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\VSRevoGroup
2008-12-06 21:18:09 ----D---- C:\Program Files\Microsoft Easy Assist
2008-12-06 21:17:43 ----D---- C:\Documents and Settings\All Users\Application Data\Applications
2008-12-06 17:59:29 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-06 16:11:51 ----A---- C:\WINDOWs\system32\capicom.dll
2008-12-06 16:11:29 ----D---- C:\Binaries
2008-12-06 16:11:05 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Webroot
2008-12-06 15:19:06 ----A---- C:\WINDOWs\win.ini
2008-12-06 15:08:39 ----HD---- C:\WINDOWs\PIF
2008-12-06 14:46:10 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-12-06 14:45:46 ----D---- C:\Program Files\Security Task Manager
2008-12-06 13:06:57 ----HD---- C:\$AVG8.VAULT$
2008-12-06 00:42:50 ----A---- C:\WINDOWs\system32\avgrsstx.dll
2008-12-06 00:42:25 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\AVGTOOLBAR
2008-12-06 00:42:16 ----D---- C:\Program Files\AVG
2008-12-06 00:42:16 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-06 00:01:58 ----D---- C:\Program Files\Lavasoft
2008-12-06 00:01:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-06 00:00:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-05 22:36:28 ----A---- C:\WINDOWs\SYSTEM.INI
2008-12-05 20:57:41 ----A---- C:\WINDOWs\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-05 20:46:40 ----D---- C:\Program Files\RFA
2008-12-05 20:41:01 ----D---- C:\Program Files\VS Revo Group
2008-12-05 20:35:05 ----A---- C:\WINDOWs\system32\PerfStringBackup.TMP
2008-12-05 20:32:27 ----HDC---- C:\WINDOWs\$NtUninstallKB915865$
2008-12-05 20:01:49 ----D---- C:\WINDOWs\system32\appmgmt
2008-12-05 19:33:05 ----D---- C:\Program Files\Windows Resource Kits
2008-12-05 19:00:27 ----D---- C:\WINDOWs\system32\NtmsData
2008-12-05 19:00:23 ----A---- C:\WINDOWs\SchedLgU.Txt
2008-12-05 02:28:49 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-04 22:15:07 ----D---- C:\Program Files\Common Files\SupportSoft
2008-12-04 20:01:10 ----D---- C:\WINDOWs\system32\vmm32
2008-12-03 15:42:16 ----D---- C:\WINDOWs\system32\351631
2008-11-28 14:23:58 ----D---- C:\Program Files\Common Files\Protexis
2008-11-27 18:58:34 ----A---- C:\WINDOWs\NeroDigital.ini
2008-11-27 18:51:41 ----D---- C:\WINDOWs\system32\IOSUBSYS
2008-11-27 18:30:36 ----A---- C:\WINDOWs\Pex.INI
2008-11-27 18:12:23 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Ulead Systems
2008-11-27 18:03:39 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-11-26 23:02:19 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\ZoomBrowser EX
2008-11-25 19:56:16 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Canon
2008-11-25 19:40:41 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-11-25 19:38:07 ----D---- C:\Program Files\Canon
2008-11-25 19:24:50 ----D---- C:\Program Files\Common Files\Canon
2008-11-23 00:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-11-22 16:05:05 ----N---- C:\WINDOWs\system32\ptpusb.dll
2008-11-22 16:05:04 ----N---- C:\WINDOWs\system32\ptpusd.dll
2008-11-21 22:04:23 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Yahoo!
2008-11-21 22:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-21 22:02:45 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-21 11:26:00 ----N---- C:\WINDOWs\system32\d3dx9_32.dll
2008-11-21 11:25:17 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-11-21 11:17:12 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-21 11:16:53 ----D---- C:\Program Files\Windows Live
2008-11-20 12:44:26 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Malwarebytes
2008-11-20 12:44:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 12:44:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-20 12:35:44 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-11-18 22:46:40 ----D---- C:\Program Files\CCleaner
2008-11-18 21:46:50 ----D---- C:\Program Files\CONEXANT
2008-11-18 21:40:41 ----D---- C:\Program Files\ZoneAlarmSB
2008-11-18 21:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-11-18 21:38:08 ----N---- C:\WINDOWs\system32\SpOrder.dll
2008-11-18 21:35:53 ----D---- C:\WINDOWs\Internet Logs
2008-11-17 20:20:21 ----D---- C:\WINDOWs\Minidump
2008-11-17 19:02:41 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-17 00:22:04 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-17 00:16:16 ----N---- C:\WINDOWs\system32\pxafs.dll
2008-11-16 23:50:53 ----D---- C:\WINDOWs\system32\syncdb
2008-11-16 16:06:14 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Download Manager
2008-11-15 01:44:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2008-12-10 19:15:56 ----D---- C:\WINDOWs\Temp
2008-12-10 19:10:30 ----SD---- C:\WINDOWs\Downloaded Program Files
2008-12-10 19:10:29 ----D---- C:\WINDOWS
2008-12-10 16:35:44 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-12-10 16:35:36 ----SHD---- C:\WINDOWs\Installer
2008-12-10 16:35:19 ----D---- C:\Program Files\Common Files
2008-12-10 16:33:38 ----RD---- C:\Program Files
2008-12-10 16:33:18 ----D---- C:\WINDOWs\system32
2008-12-10 16:32:18 ----D---- C:\Program Files\Google
2008-12-10 16:31:55 ----D---- C:\WINDOWs\system32\CatRoot2
2008-12-10 16:31:53 ----D---- C:\Program Files\NOS
2008-12-10 16:28:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 15:53:02 ----D---- C:\MDT
2008-12-10 15:51:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-10 15:51:33 ----A---- C:\WINDOWs\system32\rpcnetp.exe
2008-12-10 15:51:30 ----A---- C:\WINDOWs\system32\rpcnet.dll
2008-12-10 15:51:02 ----D---- C:\Program Files\Internet Explorer
2008-12-10 15:51:01 ----D---- C:\WINDOWs\system32\en-US
2008-12-10 15:44:06 ----HD---- C:\WINDOWs\inf
2008-12-10 15:43:14 ----RSHD---- C:\WINDOWs\system32\dllcache
2008-12-10 15:42:49 ----D---- C:\WINDOWs\ie7updates
2008-12-10 15:42:23 ----D---- C:\WINDOWs\system32\CatRoot
2008-12-10 15:35:08 ----D---- C:\WINDOWs\system32\wbem
2008-12-10 15:34:52 ----D---- C:\Program Files\Windows Desktop Search
2008-12-10 15:33:33 ----RSD---- C:\WINDOWs\assembly
2008-12-10 15:30:30 ----D---- C:\WINDOWs\WinSxS
2008-12-10 14:24:30 ----D---- C:\WINDOWs\system32\drivers
2008-12-10 12:15:42 ----D---- C:\Program Files\Java
2008-12-10 12:07:04 ----D---- C:\WINDOWs\Debug
2008-12-10 11:48:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-09 19:00:03 ----A---- C:\WINDOWs\system32\rpcnetp.dll
2008-12-09 18:58:37 ----D---- C:\WINDOWs\security
2008-12-09 17:32:56 ----D---- C:\WINDOWs\system32\config
2008-12-08 09:13:51 ----D---- C:\WINDOWs\system32\Macromed
2008-12-07 22:49:38 ----D---- C:\Program Files\Yahoo!
2008-12-07 22:47:31 ----D---- C:\scans
2008-12-07 11:59:02 ----D---- C:\Documents and Settings
2008-12-07 11:58:24 ----SD---- C:\WINDOWs\Tasks
2008-12-06 23:59:33 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-12-06 23:05:31 ----D---- C:\Program Files\Lx_cats
2008-12-06 17:56:20 ----D---- C:\WINDOWs\Media
2008-12-06 16:53:12 ----ASH---- C:\boot.ini
2008-12-06 00:31:12 ----D---- C:\Program Files\Trend Micro
2008-12-05 22:42:31 ----SHD---- C:\System Volume Information
2008-12-05 22:20:10 ----D---- C:\WINDOWs\repair
2008-12-05 22:20:08 ----D---- C:\WINDOWs\Registration
2008-12-05 20:34:21 ----HDC---- C:\WINDOWs\ie7
2008-12-05 20:28:03 ----D---- C:\Program Files\Messenger
2008-12-05 20:06:17 ----D---- C:\WINDOWs\pss
2008-12-05 20:01:51 ----D---- C:\Program Files\Windows NT
2008-12-05 20:01:50 ----D---- C:\WINDOWs\system32\inetsrv
2008-12-05 20:01:50 ----D---- C:\WINDOWs\addins
2008-12-05 20:01:49 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Corel
2008-12-05 20:00:43 ----D---- C:\WINDOWs\Help
2008-12-05 10:39:22 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 10:39:22 ----D---- C:\Program Files\CyberLink
2008-12-05 02:33:58 ----D---- C:\dell
2008-12-05 02:30:45 ----D---- C:\Program Files\Windows Media Player
2008-12-05 02:30:40 ----D---- C:\Program Files\Movie Maker
2008-12-05 02:30:25 ----D---- C:\Program Files\NetMeeting
2008-12-05 02:30:20 ----D---- C:\Program Files\Outlook Express
2008-12-05 02:30:20 ----D---- C:\Program Files\Common Files\System
2008-12-04 22:06:47 ----A---- C:\WINDOWs\system32\PerfStringBackup.INI
2008-12-04 13:23:51 ----D---- C:\Program Files\Corel
2008-12-04 12:51:49 ----SHD---- C:\WINDOWs\CSC
2008-12-04 00:50:44 ----D---- C:\Program Files\Dell
2008-12-04 00:12:50 ----D---- C:\WINDOWs\system32\ias
2008-12-03 23:18:43 ----D---- C:\WINDOWs\Prefetch
2008-12-03 21:57:58 ----D---- C:\WINDOWs\network diagnostic
2008-11-28 18:48:35 ----D---- C:\WINDOWs\system32\spool
2008-11-28 15:17:16 ----D---- C:\Program Files\Common Files\Corel
2008-11-28 14:23:58 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2008-11-27 22:20:11 ----D---- C:\WINDOWs\system32\oobe
2008-11-27 22:20:11 ----D---- C:\WINDOWs\system32\mui
2008-11-27 22:20:11 ----D---- C:\WINDOWs\system32\LogFiles
2008-11-26 13:27:09 ----D---- C:\WINDOWs\Microsoft.NET
2008-11-25 20:57:07 ----D---- C:\Temp
2008-11-23 00:07:01 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Adobe
2008-11-22 12:56:55 ----D---- C:\WINDOWs\system32\DirectX
2008-11-21 22:02:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-21 11:27:14 ----SD---- C:\Documents and Settings\Darlene Bristow\Application Data\Microsoft
2008-11-21 11:24:41 ----DC---- C:\WINDOWs\system32\DRVSTORE
2008-11-17 22:56:37 ----D---- C:\Program Files\Safari
2008-11-17 00:16:26 ----D---- C:\Program Files\Common Files\Adobe
2008-11-17 00:16:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-16 16:44:10 ----RSD---- C:\WINDOWs\Fonts
2008-11-16 16:41:58 ----N---- C:\WINDOWs\system32\pxcpyi64.exe
2008-11-16 16:41:58 ----N---- C:\WINDOWs\system32\pxcpya64.exe
2008-11-16 16:41:57 ----N---- C:\WINDOWs\system32\pxinsi64.exe
2008-11-16 16:41:57 ----N---- C:\WINDOWs\system32\pxinsa64.exe
2008-11-16 16:41:56 ----N---- C:\WINDOWs\system32\PxSFS.DLL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWs\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AFS2K;AFS2k; C:\WINDOWs\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPDRV;APPDRV; C:\WINDOWs\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 APPSTREAM;APPSTREAM; \??\C:\WINDOWS\System32\Drivers\APPSTREAM.SYS []
R1 aswSP;avast! Self Protection; C:\WINDOWs\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWs\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWs\System32\Drivers\avgldx86.sys [2008-12-06 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWs\System32\Drivers\avgmfx86.sys [2008-12-06 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWs\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWs\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWs\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWs\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWs\system32\DRIVERS\tmtdi.sys [2006-11-09 73288]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWs\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ASCTRM;ASCTRM; C:\WINDOWs\system32\drivers\ASCTRM.sys [2008-06-26 8552]
R2 aswFsBlk;aswFsBlk; C:\WINDOWs\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWs\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 drvnddm;drvnddm; C:\WINDOWs\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWs\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 REGHOOK;REGHOOK; \??\C:\WINDOWS\System32\Drivers\REGHOOK.SYS []
R2 tfsnboio;tfsnboio; C:\WINDOWs\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWs\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWs\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWs\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWs\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWs\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWs\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWs\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWs\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R2 tmpreflt;tmpreflt; C:\WINDOWs\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWs\system32\drivers\TmXPFlt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\WINDOWs\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R2 VSPD;VSPD; \??\C:\WINDOWS\System32\Drivers\VSPD.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWs\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWs\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWs\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWs\system32\DRIVERS\bcmwl5.sys [2006-11-22 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWs\system32\DRIVERS\bcm4sbxp.sys [2006-08-25 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWs\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWs\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWs\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWs\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWs\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWs\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWs\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 monfilt;monfilt; C:\WINDOWs\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 NIC1394;1394 Net Driver; C:\WINDOWs\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWs\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 PSI;PSI; C:\WINDOWs\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
R3 rimmptsk;rimmptsk; C:\WINDOWs\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWs\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWs\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWs\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWs\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWs\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWs\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWs\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWs\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWs\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWs\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S1 CorexCardScan500;Corex CardScan 500; C:\WINDOWs\system32\drivers\slcorex.sys [1999-12-03 17448]
S1 IKSysFlt;System Filter Driver; C:\WINDOWs\system32\drivers\iksysflt.sys []
S1 IKSysSec;System Security Driver; C:\WINDOWs\system32\drivers\iksyssec.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWs\system32\drivers\MCSTRM.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel PRO Adapter Driver; C:\WINDOWs\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWs\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 nv;nv; C:\WINDOWs\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWs\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWs\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWs\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWs\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWs\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWs\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWs\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWs\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWs\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWs\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWs\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AppMgrService;AWE 5.1.0 Application Manager; C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe [2006-09-27 1990656]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWs\system32\Ati2evxx.exe [2006-05-23 409600]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWs\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-06-26 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [2007-11-15 44032]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-29 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-09-18 47104]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWs\System32\WLTRYSVC.EXE [2006-11-22 20480]
R2 WSearch;Windows Search; C:\WINDOWs\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 lxcj_device;lxcj_device; C:\WINDOWS\system32\lxcjcoms.exe [2005-10-24 491520]
S2 Fax;Fax; C:\WINDOWs\system32\fxssvc.exe []
S2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe []
S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe []
S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe []
S2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe []
S2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe []
S2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWs\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 getPlus Helper;getPlus Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-07-01 16680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWs\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Please help me ASAP, I use my computer for work and I've lost at least a week now. Thanks for your help. :thumbsup:

Edited by Orange Blossom, 10 December 2008 - 10:15 PM.

Darlene

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:18 PM

Posted 12 December 2008 - 04:49 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 princessissues

princessissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:18 PM

Posted 13 December 2008 - 01:27 PM

First and foremost please let me say a Very BIG "THANK YOU" for helping me with these issues. :thumbsup:

I have run the SDFIX and it has posted the results in the file; however, the BC is not allowing me to post as it says that the results are too much for the reply.
Please advise on how I should get the results to you for reviewing.
Darlene

#4 princessissues

princessissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:18 PM

Posted 13 December 2008 - 03:04 PM

Alright, after having a duh? moment, I have tried adding the file via an "upload." Let me know if you are able to read the results via the upload. :thumbsup:


SDFix: Version 1.240
Run by Darlene Bristow on Sat 12/13/2008 at 12:52 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 13:01:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-2]
"~AS_Directory"="2\0"
"~AS_MajorVersion"=dword:00000002
"~AS_MinorVersion"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-2\Amyuni Document Converter 2.10]
"~AS_Configuration File"="acpdfui210.dll\0"
"~AS_Data File"="acfpdf.txt\0"
"~AS_Datatype"="\0"
"~AS_Dependent Files"=str(7):"\0"
"~AS_Driver"="acpdf210.dll\0"
"~AS_HardwareID"="\0"
"~AS_Help File"="\0"
"~AS_Manufacturer"="\0"
"~AS_Monitor"="\0"
"~AS_OEM URL"="\0"
"~AS_Previous Names"=str(7):"\0"
"~AS_Provider"="\0"
"~AS_TempDir"=dword:00000000
"~AS_Version"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WebPost\Providers]
"~AS_{2C93FE81-E03A-11cf-832F-00A0C90A43A8}"="\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFS2K]
"~AS_BuildID"="3.1.17.14(981)\0"
"~AS_DisplayName"="AFS2k\0"
"~AS_DriverMainControl"=dword:00000000
"~AS_ErrorControl"=dword:00000001
"~AS_Group"="SCSI CDROM Class\0"
"~AS_Start"=dword:00000001
"~AS_Tag"=dword:00000001
"~AS_Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFS2K\0-0-0]
"~AS_AFS_Enabled"=dword:00000000
"~AS_ProductID"="DVD-ROM DDU1621 \0"
"~AS_ProductRevisionLevel"="S3.5\0"
"~AS_TUR_Blocked"=dword:00000000
"~AS_VendorID"="SONY \0"
"~AS_VendorSpecific"="\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFS2K\Enum]
"~AS_0"="IDE\CdRomSONY_DVD-ROM_DDU1621____________________S3.5____\3031303030303030303030303030303030303130\0"
"~AS_Count"=dword:00000001
"~AS_NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\APPSTREAM\Parameters\Drivers]
"RH_ExcludedKeyList"=str(7):"d\2'rt\xffd8\xffffv\20\36\0'\1\0\1\0MthnDvcI\xffd8\xffffstorage\volume\0\0SC\xffd8\xffffv\n\36\00'\1\0\1\0DieDs\16\xf4e0\16\xeb70\16P\27\xf608\16\xfa48\16\16\27\27x\27 \27\27@\27x\27\27 \27\16H\27X\27\27p\27 \27h\27\27`\27\16\27P\27\27\27 \27p\27\27 \27˜\27\27 \27\27X\27\27\27\27(\27\27ˆ\27H\27\27\27P\27\27\27x\27h\27\27\27\27\27\27˜\27`\27@\27\27\27\27\278\27\27\27˜\27ˆ\27\27p\27\xf308\16\xa590\27 \27`\27X\17\26\xa5d8\27\xa838\27\xa9c0\27\27\27ˆ\27X\270\27p\27h\27\27p\27\xa4a8\27\27\xa4e0\27\xa6b8\27\xa6f0\27\xa728\27\xa890\27\xa8c8\27\xa900\27\xa760\27\xa940\27\xab08\27\xab48\27\27@\27P\27\27\278\27\xa518\27\27\xab78\27€\27P\27ˆ\27\27\27p\27\27\27\378\370 \x1d00 \xec8 \xdf8 ˆ h € \x2278 H 0 0  `   H \0\0\0\0\0\0\0\0\0\0\0\0er\0D\x80\0v\t\xf778 \x360!!\xe168 CasUD\0!\\27x\27 \27\02755D-047F\x2d8\0(\30\xa6f0\27\xa728\27\xffd8\xffffv\t\4 \xea38\26\x28f0'0'''\xffd8\xffffv\t\4n v\x1363\0\0'\0\0\0\0\xffff\xffff\xffff\xffff\1\0'\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0\2\0\0\x500 \0#\0\0\0\x500\22\0\0\0\x500\22\0 \xffd8\xffffv\n\30\0Stream Application Manager engine. Responsible for maintaining connections to servers and managing the cache for streamed applications.\0\30\xffd0\xffffC:\AppStreamCache\0\0\300\30\xffd8\xffffv\20R\0('\1\0\1\31IsaltoPt\xffffC:\Program Files\AppStream\WindowsClient\0\0\xffd8\xffffv\16\6\0\xa890'\1\0\1\30MxlcNme\30\xffd8\xffffv\20\2484('\xffc8\xffff76487-OEM-0011903-00102\0cD \xffffn i*\0\0'\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3320!\0\xffff\xffff\0\0\0\0\22\0\4\0\2\0\v\0MdaetrSW\xfff8\xffff˜'hi\2\0˜\17\0\xffff\xffff\0\0\0\0 \0\xffff5.1.2600.0\0rt\0\xffd0\xffffv\26\4\xffff\xffff\2\0\35L\xffff\xffff\0\0\0\0\n\0\16\0l\0\4\0FL\30\xffe0\xffffv\5\16\0\xa7e0'\1\0\1\30Gop\30\xffe0\xffffv\3\4CE.EXE,PROCESSCREATOR.EXE\0!\x8f0!\xffe0\xffffv\4\4\0 '\xffe0\xffffv\5\4lyaex\30\xffe8\xffffAPPSTREAM\0\xffffn \xe142\x1363\0\0 '\0\0\0\0\xffff\xffff\xffff\xffff\1\0 '\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0Scrt\xffe0\xffffv\b\xa8\0\xa600'\3\0\1\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0`\4\0\0\24\2\0\0\x500\22\0\0\30\17\0\0\x500 \0\x220\0\0\24\2\0\0\x500\v\0\0\30\2\0\0\x500 \0#\0\0\0\x500\22\0\0\0\x500\22\0DI\xffffn :7\0\0\20\1\0\0\0\xaa20'\xffff\xffff\5\0\37\0\xffff\xffff\20\0\0\0\30\0X\0\0\a\0RGOK\xfff0\xffff\xd8184\xd8704\0\25\xff78\xffff"C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe"\0p\xffc0\xffffVSPD\0REGHOOK\0APPSTREAM\0RPCSS\0\0\xffe8\xffffFilter\0\308\30\xff90\xffffn \x1c9a\x10fd,\0\0'\0\0\0\0\xffff\xffff\xffff\xffff\1\0'\0\xffff\xffff\0\0\0\0\36\08\0\4\0\32\0Sgiga\x2d686C6FXM\x3236Sri\xffd8\xffffv\17<\0\xa7a0'\a\0\1\30DpnOSrie\xfff0\xffff64\0 \xa8d8 \xfff0\xffff\x2bf81\xee580ie\xffe0\xffffv\4\4Erroto \0\xffd8\xffffv\tX\0\xa940'\2\0\1\aIaeah\0\1\0 \xffff\??\C:\WINDOWS\System32\Drivers\REGHOOK.SYS\0\1\0\xffd8\xffffv\v\20\0'\1\0\1\0Dslyae\1\0\xffffn \xf2a4\x1363\0\0\xa6b0'\0\0\0\0\xffff\xffff\xffff\xffff\1\0'\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xfff0\xffffl\1\xa9c8'\xe2d0\xe465\xffe0\xffffv\b\xa8\0\xaa50'\3\0\1\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0 \0#\0\0\0\x500\22\0\0\0\x500\22\0xB\xffffn 7\0\0\20\1\0\0\0'\xffff\xffff\5\0\xddd8\37\0\xffff\xffff\20\0\0\0\30\0R\0`\0\4\0VPv\a\xffe0\xffffv\4\4\xffffv\tR\0\xabe8'\2\0\1\0Iaeah\0\x2c00\1\xffff\??\C:\WINDOWS\System32\Drivers\VSPD.SYS\0%\xffd8\xffffv\v\n\0h'\1\0\1'Dslyae\0\0\xfff0\xffffVSPD\0\0\xffffn V\x1363\0\0\xab00'\0\0\0\0\xffff\xffff\xffff\xffff\1\0'\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xfff0\xffffl\1x'\xe2d0\xe465\xffe0\xffffv\b\xa8\0\0\x500\22\0\0\0\x500\22\0\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030\0\xfff0\xffffl\1@'\x2140&\xffe0\xffffv\a\34\0'\1\0\1\0Srie\xffe0\xffffAppMgrService\0\xffe0\xffffv\6\4LegacyDriver\0\xffd8\xffffv\tN\0˜'\1\0\1'CasUDDNE\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0\0\1\0\xfff0\xffffl\1@'\x2140&hi\0\1RSrie\xffe0\xffffv\a$\0 '\1\0\1\0Srie\xffe0\xffffv\a\20\0'\1\0\1\0Srie\xffe8\xffffmdmxsdk\0B \xffffn L\0\0'\0\0\0\0\xffff\xffff\xffff\xffff\6\0) \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030\0\0\xffe8\xffffLmHosts\0\22\xfff8\xffff'\xffe8\xffffLexmark\0#\xffe0\xffffv\6\4\1\0Cas\0\xffe0\xffffv\5\32\0h'\1\0\1#Case\xffe0\xffffLegacyDriver\0v\b\0'\xfff0\xffffl\10'\x2140&\xfff8\xffff'\xffe8\xffffmchInjDrv\0\xffe8\xffffVolSnap\0\0\0\xffe8\xffffaswFsBlk\0R\xffe0\xffffLegacyDriver\0\0\xffe8\xffffaswMon2\0\a\0\xffe0\xffffv\a\30\0\0\1oNxIsac H\xffffn \xeaa4F\0\0 '\0\0\0\0\xffff\xffff\xffff\xffff\6\0€: \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030cT\xffd8\xffffv\v\4\xffe0\xfffflxcj_device\0ao\xffd8\xffffv\v\4\4' \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030X\30\xffe0\xffffv\a\24\0'\1\0\1\30Srie\xffe0\xffffv\6\4ver\0 \20\0AFD\0\0\0\xfff8\xffff'\xffd8\xffffv\tN\0('\1\0\1\37CasUD H \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0 0 \xffd8\xffffv\n\24\0'\1\0\1 DvcDs \xa738 \xffe8\xffffmchInjDrv\0\xffe0\xffff0'P'€''\xffff\1\0\xdb58' \r\xffff\xffff\b\0\0\0\30\0\4\0Y\0\n\0LGC_Ds\0S\xffd8\xffffv\f\4cr\xffe0\xffffv\a\20\0'\1\0\1\16Srie\xfff0\xffffl\1h'\x2140&\xffe0\xffffv\5\32\0 '\1\0\1rCasb\xffd8\xffffv\v\4\xffe8\xffffv\0\2\1\0' \r\xffff\xffff\b\0\0\0\30\0\4\0Z\0\16\0LGC_DXD@\xffd8\xffffv\f\4\5\0\1\0\4\0\2\0\3\0\5\0€}\xfff0\xffffl\1'\x2140&\xffe0\xffffv\5\32\08'\1\0\1\0Cas\0\xffd8\xffffv\tN\0d\1\0\1\0CasUD\0\0\0\xffe0\xffffv\6X\08)\1\0\1uDiem\xfff0\xffffl\1'\xe918H\xfff8\xffff '\xffe0\xffffLegacyDriver\0\0\xffe0\xffffˆ&& &h&&\xffd8\xffffv\tN\0H'\1\0\1\0CasUD\0\0\0\xffe8\xffff\1\5\0\0\xe786O\0\0\xffe0\xffffv\4\4sUD\0\0\0\xffe0\xffff&&˜&\0\1\0~SHl ie\0\xffd8\xffffv\20\4\xffffv\v \0 '\1\0\1'~SBidD '\xffe8\xffffAFS2k\0\0''\xffd8\xffffv\v\4\0\0\xffd8\xffffv\17\16\0P'\1\0\1\2~SDslyae\xffd0\xffffv\25\4\4outeiinee\xffd8\xffffv\17\43.5____\3031303030303030303030303030303030303130\0\0'~SLgig '\xfff0\xffffNo\0\0h'\xffe0\xffffv\b@\0'\1\0\1~SPt\xffffC:\WINDOWS\system32\FTPWPP.DLL\0\0D,\xfff0\xffffFTP\0\0'\xfff0\xffff\xdb284\xdb484^\xffd0\xffffv\24\4\n\00'\1\0\1\4~SPoie\1\0\xffe0\xffffv\b\26\0'\1\0\1'~SPt\xffe0\xfffffpwpp.dll\0\0\0\1\0\xffd8\xffffv\f\4\xffe0\xffffv\bB\0'\1\0\1,~SPt\xffffC:\WINDOWS\system32\POSTWPP.DLL\0\0'\xfff8\xffff\xe578'\xffd8\xffffv\f\4\xffffNo\0\0\0\0\xffe0\xffffv\b@\0ystem\0\0\xffd8\xffffv\f\4\0\0 \0\6\0\0\0\t\0Vri\x2d6e2 al\xffd0\xffffv\26 \0X'\1\0\1\0~SCniuai\x206eFl\0\xffd8\xffffacpdfui210.dll\0\0\0\0\0\0\30\0B\0\2\0&\0{B47\x2d3078\x312d1\x2d30\x33410\x302d00F7F5'\xfff0\xffff1P1p\0\xffd8\xffffv\20\16\0\xdeb8'\a\0\1\0~SLwritr\xffd8\xffffv\r\6\0\xdfe8'\1\0\1\xffd1~SDrcoy\0\xffd8\xffffv\20\4\f~SMnreso\xffd0\xffffv\26 \0'\1\0\1\0~SCniuai\x206eFl\0\xffd8\xffffacpdfui210.dll\0\0ls'\xffd8\xffffv\n\34\0'\1\0\1 ~SDie\08%\xffe0\xffffacpdf210.dll\0\0\xffd8\xffffv\16\b\00'\3\0\1\0~SDieDt\a\xfff0\xffff\0\0\0\0\1\0\xffe8\xffffSONY \0\0\xfff8\xffff@'\xffd0\xffffv\21\b\0'\3\0\1K~SDieVrinv\16\4\xffff\xffff\21\0\xe768'\0\xffff\xffff\0\0\0\0$\0\34\0\0\0\a\0dsPF\xff98\xffffn ˆ\x1363\0\0h\1\0\0\0\xe600'\xffff\xffff\1\0! \r\xffff\xffff\b\0\0\0\30\0\4\0\30\0\24\0LGC_PMREVC€'\xffffn lL\0\0'\0\0\1\0\xffff\xffff \6\0 \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030\0\xffffn \xdbb8\x190d\0\0\x2f08(\0\0\0\0\xffff\xffff\xffff\xffff\6\0\xe5c0' \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030\0\0 \xffffn ˆ\x1363\0\0h\1\0\0\0\xe610'\xffff\xffff\1\0\xe380' \r\xffff\xffff\b\0\0\0\30\0\4\0\31\0\20\0LGC_PSRA\xffd8\xffffv\f\4cheduler Miniport\0erd\xffc8\xffff\26H\32\x21d0\34\x3198\34p \xf2f8\34v\tj\0@(\2\0\1 Iaeahs\0 \xfff0\xffffl\1X'\xe918H \xffffn ˆ\x1363\0\0h\1\0\0\0\x3030\x2483&\xffd0\xffffv\24\4\0\0\36\0\0Š\0\r\0WPewrSc\37\xffe0\xffffv\5$\0\x618*\1\0\1vGop\0\xffe0\xffffv\5\32\0\xe5e0'\1\0\1vCase\xfff0\xffffl\1P'\x2140&\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0\0\0\0\xfff0\xffff.NT\0\x2140& \xffffn \x1363\0\0h\1\0\0\0\xd9d0'\xffff\xffff\1\0\xe620' \r\xffff\xffff\b\0\0\0\30\0\4\0\0\v\0LGC_SD\x2483&\xffd8\xffffv\f\4\0\0\0\xffff\xffff\xffff\xffff\f\0\xd8b8'(\xffff\xffff\0\0\0\0006\0\4\0\0\0\v\0M\x306e\x3030\x3030\x3031019\xffc8\xffff\xe568$x&&&&\xdf60&\xdf90&\xdfc0&h'˜'%&&\xff98\xffffIntel® Core™2 CPU T5500 @ 1.66GHz\0\0\0\xffc0\xffffHSFHWAZL\0HSF_DPV\0winachsf\0\0ee4\xfff0\xffff\17\xf0b\xb00acyDriver\0\0\xfff8\xffff'\xffffn c\x1363\0\0h'\0\0\0\0\xffff\xffff\xffff\xffff\6\0\36\0\xffff\xffff\0\0\0\0000\0$\0\0\0\5\0\x2d30\x2d300\xffd8\xffffv\17\4DVD-ROM DDU1621 \0\0\xffd0\xffffv\30\f\08\35\1\0\1R~SPouteiinee\xffd8\xffffv\17\4\x2510'\0\xffff\xffff\0\0\0\0 \0\0\1\0\4\0EuOE\xffc8\xffffCC7DA275F7EDFF\0P\30\xffc8\xffff@\27h\27p\32`\32 \32\xdac0\32\27\x2580\34H!\x2df8\34\x2e50\34\x2f28\34\xec00\32\b\0('\xffe0\xffff192.168.1.1\0\0 \xffd8\xffff\xdfd0\16'X'p'˜''''\0\0\xffd8\xffffv\n\36\0\xded0'\1\0\1\0DvcDs\0SC\xfff0\xffff\xdb684\xdbb84ip\xffe8\xffffAFS2K\0\0\31\0\1\xffd8\xffffGeneric volume\0\0v\3\xffd8\xffff\xdbe8\16\xddb0\16\xdcf8\16\xdd48\16\xdd70\16\xdee8\16'\xde80'\1\0\xffd8\xffffv\16\4 '\0\0\0\0\xffff\xffff\xffff\xffff\5\0 \0\xffff\xffff\0\0\0\0(\0L\0\3\0&\0{FFE\x2d3077\x312d1\x2d30BC\x302d0\x30410DD4\4\xfff0\xffff2\0\0\0\1\0\xfff8\xffff'hi\xe000'\20\0\xe3b0'\0\xffff\xffff\0\0\0\0,\0 \0\0\0\36\0Ayn oue\x2074Cnet\x2072\x2e32\x3031\0\xffd8\xffffv\r\30\0\xe0b8'\1\0\1\3~SDt ie\0\xffe0\xffffacfpdf.txt\0\0\x2c00\1\xffd8\xffffv\f\4Fls'\xffd8\xffffv\n\34\0\xe158'\1\0\1 ~SDie\08%\xffe0\xffffacpdf210.dll\0\0\xffd8\xffffv\16\b\0\x378\17\3\0\1\0~SDieDt\a\xffe0\xffffv\a\22\0\xe920'\1\0\1)Srie\xffd0\xffffv\21\b\0\xfff0\34\3\0\1K~SDieVrin\xffd8\xffffv\v\4l\1\xe518'\xffd8\xffffv\f\4'\xe240'\xe268'\xe218'\xe2c0'\xe290'\xe320'\xe2e8'\xe388's\n\xffd8\xffffv\f\4\0015IfetoEtO\xffffn \x1363\0\0\xab70M\1\0\0\0\xe310'\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\22\0\0\0\0\0\0\0<\0\a\0Wbot \xffffn \x239ca\x1363\0\0\xe4c0'\0\0\0\0\xffff\xffff\xffff\xffff\1\00'\0\xffff\xffff\0\0\0\0T\0\4\0\0\0\t\0Poies\0\1\0\xffffv*\4n h\x1363\0\0'\0\0\0\0\xffff\xffff\xffff\xffff\1\0'\0\xffff\xffff\0\0\0\0$\0\4\0\0\0\4\0Fl\0\0\xfff0\xffff1h1\0\0 \xffffn \x321aL\0\0`k\1\0\1\0\xeb38'H37-0000F8753ED1}\0\0\0\0\xffff  \x3048 ` \xa598 \xa670 \xe8d0 \xfa58 \xfab0 !\xffc8\xffffh\32˜\32\32ˆ\32 \32h\32\32\xdc40\32\32\xddb8\32'\a\0\1NDcDfutaea\IN\xffc8\xffff(Standard disk drives)\0\0\0\0\xffd0\xffffFile Security Driver\0 \b\0ld\xffc0\xffffCorel Paint Shop Pro Photo X2\0\xffe8\xffffIKSysFlt\0'\xff60\xffffIDE\CdRomSONY_DVD+-RW_DW-Q58A____________________UDS2____\5&2c81f6de&0&0.0.0\0\a\xffd0\xffff\xa868\37 8!\x1ae8"\x560&\xa518&'˜'\37\xffd8\xffffv\f\24\0'\1\0\1SPoieNm\0s\xffffn v\x1363\0\0\xe6b0'\0\0\0\0\xffff\xffff\xffff\xffff\1\0H&\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0\0(\36\0\xffff\xffff\24\0\0\0\30\0\\0\36\0\t\0APTEMlic\xffc8\xffff\27P\27\30@\30 \31\32\30x\34X\32H\34p\35\x1d68!WS\xffd8\xffff255.255.255.0\0\0sv\a\xffd8\xffffv\v \0`(\3\0\1\0Oesz 1(\xffffn \x1041\0\0\x26e8\f\0\0\0\0\xffff\xffff\xffff\xffff\21\0\xa8d8)\0\xffff\xffff\0\0\0\0$\0\34\0\0\0\a\0dsPF\xffffOLYMPUS u10D,S300D,u300D USB Device\0??\b\0??\xffd8\xffffv\tN\0\x2f68(\1\0\0015CasUDc˜'\b\0x\30\xfff0\xffffl\1'\xe918H \xffffn J\x1363\0\0\xeb48'\1\0\0\0\xefe8'\xffff\xffff\5\0\36\0\xffff\xffff\16\0\0\0(\0T\0\0\0\n\0Prmtrnet\xffd0\xffffv\21$\0\xedb0'\1\0\1!Dsiainodr\0FB\xffd0\xffffC:\AppStreamCache\0\0\300\30\xffd8\xffffv\20R\0\xee08'\1\0\1\31IsaltoPt\xffffC:\Program Files\AppStream\WindowsClient\0\0\xffd8\xffffv\16\6\0\xfa78\35\1\0\1\30MxlcNme\30\xffe0\xffffv\a\20\0 \36\1\0\1'Ftot\xffd0\xffffv\24\22\0h\36\1\0\1'Cretitresov\r\xfff0\xffff\x60f\xf09v\22"\0\xef70'\a\0\1\6R_xlddeLsgc\31\xfff0\xffffd\2\xef80'\1\0\xfff0\xffff K J\0\0\xffd8\xffffv\20\2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aspi32\Parameters]
"~AS_ExcludeMiniports"="\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebPost\Providers]
"~AS_PostInfoRequired"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebPost\Providers\{02b5e1d1-8b7c-11d0-ad45-00aa00a219aa}]
"~AS_Logging"="No\0"
"~AS_Path"="C:\WINDOWS\system32\FTPWPP.DLL\0"
"~AS_PostInfoRequired"=dword:00000000
"~AS_Priority"=dword:00000010
"~AS_Provider"="FTP\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebPost\Providers\{2C93FE81-E03A-11cf-832F-00A0C90A43A8}]
"~AS_Path"="fpwpp.dll\0"
"~AS_Provider"="FrontPage Extended Web\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebPost\Providers\{2C93FE81-E03A-11cf-832F-00A0C90A43A8}\PostInfo\File]
"~AS_/postinfo.html"="\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebPost\Providers\{8B14B770-748C-11D0-A309-00C04FD7CFC5}]
"~AS_Path"="C:\WINDOWS\system32\POSTWPP.DLL\0"
"~AS_Priority"=dword:00000030
"~AS_Provider"="HTTP Post\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebPost\Providers\{FFCF1E40-7978-11D0-B1C9-00AA006DCDF4}]
"~AS_FullLogging"="No\0"
"~AS_Path"="C:\WINDOWS\system32\CRSWPP.DLL\0"
"~AS_PostInfoRequired"=dword:00000000
"~AS_Priority"=dword:00000020
"~AS_Provider"="Microsoft Content Replication System\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-2]
"~AS_Directory"="2\0"
"~AS_MajorVersion"=dword:00000002
"~AS_MinorVersion"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-2\Amyuni Document Converter 2.10]
"~AS_Configuration File"="acpdfui210.dll\0"
"~AS_Data File"="acfpdf.txt\0"
"~AS_Datatype"="\0"
"~AS_Dependent Files"=str(7):"\0"
"~AS_Driver"="acpdf210.dll\0"
"~AS_HardwareID"="\0"
"~AS_Help File"="\0"
"~AS_Manufacturer"="\0"
"~AS_Monitor"="\0"
"~AS_OEM URL"="\0"
"~AS_Previous Names"=str(7):"\0"
"~AS_Provider"="\0"
"~AS_TempDir"=dword:00000000
"~AS_Version"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WebPost\Providers]
"~AS_{2C93FE81-E03A-11cf-832F-00A0C90A43A8}"="\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFS2K]
"~AS_BuildID"="3.1.17.14(981)\0"
"~AS_DisplayName"="AFS2k\0"
"~AS_DriverMainControl"=dword:00000000
"~AS_ErrorControl"=dword:00000001
"~AS_Group"="SCSI CDROM Class\0"
"~AS_Start"=dword:00000001
"~AS_Tag"=dword:00000001
"~AS_Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFS2K\0-0-0]
"~AS_AFS_Enabled"=dword:00000000
"~AS_ProductID"="DVD-ROM DDU1621 \0"
"~AS_ProductRevisionLevel"="S3.5\0"
"~AS_TUR_Blocked"=dword:00000000
"~AS_VendorID"="SONY \0"
"~AS_VendorSpecific"="\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFS2K\Enum]
"~AS_0"="IDE\CdRomSONY_DVD-ROM_DDU1621____________________S3.5____\3031303030303030303030303030303030303130\0"
"~AS_Count"=dword:00000001
"~AS_NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APPSTREAM\Parameters\Drivers]
"RH_ExcludedKeyList"=str(7):"d\2\xef80'\1\0\xfff0\xffff K J\0\0\xffd8\xffffv\20\2\1\0\24\17\0\0\4\0\0\0\n\0Prmtr\0\0\0\xffffn \xf62e\0\0 W\0\0\0\0\xffff\xffff\xffff\xffff\20\0ˆ(\0\xffff\xffff\0\0\0\0\36\0 \0\2\0\b\0Dvc\x322e\xffd8\xffffl\3xW’\xa5d4\x1bb8'“\xa5d4\xf130'”\xa5d4\xaa78 ˜ \b\0\x2cc8(\xffe0\xffffv\4\4\xffffp(\xffffn \xe945\0\0(<\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\0\0\0\0\0\0\0\0\5\0\a\0SfAp \xffffn K\xe945\0\0 \21\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xf400\26\xee28M\xffff\xffff\0\0\0\0 \0@\0o\0\r\0NSrieakt\xffffTransfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.\0Of\xffff\x308\x802\x301\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff90\xffff"C:\Program Files\Windows Media Player\WMPNetwk.exe"\0 \xffffWindows Media Player Network Sharing Service\0\27\xffe0\xffff192.168.1.1\0\0(\xffc8\xffffupnphost\0http\0HTTPFilter\0\0\xffe0\xffffv\ad\08(\1\0\1\0Ucls\xff10\xffff\\?\STORAGE#Volume#1&30a96598&0&Signature41AB2316Offset2F10C00Length1A757FF000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\0\xff68\xffffDEVENV.EXE,DWWIN.EXE,DRWTSN32.EXE,EXEFORSERVICE.EXE,PROCESSCREATOR.EXE\0!\x8f0!\xffd8\xffffv\16\4\xde384\xe0204\x247c \xffffREGEDIT.EXE,REGEDT32.EXE,APPMGRSERVICE.EXE\0!\x2040!\xffd0\xffffv\21\26\0P(\1\0\1'R_urnVrin\0\0\0\xffe0\xffff5, 1, 0, 82\0X'\xfff8\xffff(\xffe0\xffffv\5N\0P*\1\0\1\0CSD\0\xffc0\xffff\27\27˜\27\27\31\32\34\34\x2c78\34@\34\34˜\34˜\34\34e4\xffc8\xffffv\e\4\0\0\a\0RGOK\xffd8\xffffv\16\b\0\x2ae8(\3\0\1SDieDtDts\xffd8\xffffl\3\xa850%6\x2a5a\xbd0(\xe01d\x32a0c\xe34f&p'\xfff0\xffffl\1(\x2140&\xffffn \xf2a4\x1363\0\0'\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x2c8(\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xfff0\xffffl\1\xff98'\xe2d0\xe465hi\0(\0\0\0\x500\22\0xB\xffffn \xa4b2!\0\0((\0\0\0\0\xffff\xffff\xffff\xffff\6\0& \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030rt\xfff0\xffffl\1\x17e8(\b\0\x2ae8(\xfff0\xffff\xe0b84\xe0d84p\0\xffd0\xffffv\23\26\0'\1\0\1\0VP_urnVrin'\xffd0\xffff\xef40'\xef90'\xefb8' ( (\x1080(('ˆ'P(2\x312d\xffd8\xffffv\20\2mdWindow File\0\30\30\xffd8\xffffv\20\4'\0\0\0\0\xffff\xffff\xffff\xffff\1\0'\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0Scrt\xffff%SystemRoot%\System32\spmsg.dll\0000\0\xffe0\xffffv\5"\0\xfd8(\1\0\1\0Gop&\xfff0\xffffl\1\xf0d0'\xea98\b\0\x2f08(\xfff0\xffff1 1\xea98\xffffn \x1363\0\0`k\1\0\0\08(\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\24\0\0\0\0\0\0\0"\0\6\0Ap\x3233N\xffd8\xffffv\20\2\xffff\xffff\1\0\xf1d8'\0\xffff\xffff\0\0\0\0$\0\4\0\0\0\4\0Fl\0\0\xffd0\xffffv\22\4\0&\0{B47\x2d3078\x312d1\x2d30\x33410\x302d00F7F5'\xffe0\xffffv\bB\0H(\1\0\1,~SPt\xffffC:\WINDOWS\system32\POSTWPP.DLL\0\0'\xffd8\xffffv\f\4l\4H(\x19c8(:\x5b0(\xe119(((\xff88\xffffn h\x1363\0\0\x17e8(\0\0\0\0\xffff\xffff\xffff\xffff\5\0 \37\0\xffff\xffff\0\0\0\0(\0L\0\3\0&\0{FFE\x2d3077\x312d1\x2d30BC\x302d0\x30410DD4\4\xffd8\xffffv\17\b\0\36\1\0\1\0~SFlLgig\xffe0\xffffv\b@\0\x7e8(\1\0\1\0~SPt\xffffC:\WINDOWS\system32\CRSWPP.DLL\0\0 B\xffd0\xffffv\24\4\4\0\1'Erroto(\xff98\xffffn \xb588\x2829\0\0ˆ\17\1\0\0\0\xff88'\xffff\xffff\1\0˜' \r\xffff\xffff\b\0\0\0\30\0\4\0Q\0\23\0LGC_PDSRIE\0\0\xfff0\xffffAFS2k\0\xffd8\xffffv\r\2\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0fig\xffe0\xffffv\6\4nr\xf16c'€'\b\0H(\xffe0\xffffv\3\4\1\0\34\0LXAKUBMS_TRG\x325f\x3030 \31\xffe0\xffffv\5\32\0(\1\0\1)CasD\xfff0\xffffl\1(\xe834\x8bb\b\0\0&\xff90\xffffn \xf61a\0\0\r\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfdd8'\0\xffff\xffff\0\0\0\0\f\0\1\0\1\0\34\0LXAKUBMS_TRG\x325f\x3030 \31\xffd8\xffffl\3\x2920'6\x2a5a\xc78(\xe01d\x338\r\xe34fh \xa4c0 \xffe0\xffffv\6\1\0g\0\a\0Wbot\xfff0\xffffl\1\x1b08(Š\b\0\x3277k\xff90\xffffMicrosoft UAA Bus Driver for High Definition Audio\0\0\0\0\0\36\0 \0\2\0\b\0Dvc\x322e\xffe0\xffffv\b\16\0\xee8(\1\0\1-MkNm\xffe8\xffffLexmark7-0\xffd8\xffffv\t \0\xf28(\1\0\1}Mdlae\0v\n\xffd8\xffffUSB Mass Storage\0T\xffd8\xffffv\v\4Microsoft\0\xffe0\xffffv\b@\0\x1900(\1\0\1~SPt\xffd8\xffffSCSI CDROM Class\0chicrcoiiain X \xffd0\xffffv\26V\0('\1\0\1 R_nokdrcsLs!\xfff0\xffff\xe1b04\xe1d04\0\0\xfe38\xffffCreates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.\0\xff68\xffff"C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"\0\xffd0\xffffv\22\32\0\xfac8'\a\0\1\0DcDfutaea\0\0\0\xffc8\xffff\27\27P\30ˆ\27\31 \32\32\31\32\31\320\32 \32\xffd8\xffffv\f\4753ED1}\0015\0\0\0\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0\0\0\0\xffff\27x\27P\27\27P\30\30(\30\30\27 \318\31h\31X\31\31p\31\x968!\0\0\xffe0\xffffv\a\36\0'\1\0\1.BidD\xfff0\xffff1H1n\0\xffffn vP\0\0'\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff \r\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof\xffffn \xefd0P\0\0X'\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff \r\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof\xffe0\xffff\xa800%€'('@((iF\xffd8\xffff\x9fef\t`\r\0\0\0\0\x9fef\t`\r\6\0\2\0C0\xff90\xffffn 0\0\0 k\1\0\0\0\x2af8(\xffff\xffff\a\0`\36\x2b88(\xffff\xffff\0\0\0\0\32\0f\0\0\0\36\0Boebn D ovre\x3220\x312e0\27\xffd0\xffffv\21\4\0\24\17\0\0\0\t\0Poies`1\0c\xffffC:\WINDOWS\system32\FTPWPP.DLL\0\0D,\xffd0\xffffv\24\4\36\0\xffff\xffff\20\0\0\0\30\0000\0\1\0&\0\x327bC3E\x2d31\x30453\x312d1\x2d66\x33382\x302d009A38\0\xffe0\xffffv\b\26\0\x1a60(\1\0\1'~SPt\xffe0\xfffffpwpp.dll\0\0\0\1\0\xffd8\xffffv\f\4\xffffFrontPage Extended Web\0\0\1\0\xffffn \xd7e8\x1363\0\0\x19c8(\1\0\0\0\x5a0(\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\b\0\0\0\0\0\0\0\0\0\b\0PsIf\xfff0\xffff11\0\0\xffff\36!&`&'' !\xa5c8!8'(!!ˆ&€'\xe3f8'\x16f8(`(\xe570\16\xfe18\xffffEnables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.\0\0\xffffn \x2a37\x1cc3\0\0`'\0\0\0\0\xffff\xffff\xffff\xffff\1\0H \xd908!\xffff\xffff\0\0\0\0\20\0\xbc\0\0\0\b\0Scrt\xffd8\xffffv\v \0(\3\0\0013Oesz 2\0\23\b\0 e\xffc0\xffffl\5'™@c;R\xaa70%6!\xa45‹c0\xd7aa\xffff\xffff\xffff\xffff\0\0\0\0\xffffBackground Intelligent Transfer Service\0C:\xffe0\xffffLegacyDriver\0\0\xffc8\xffffv\e\4ation Management\0\0\x1df8(\xffd0\xffffh\31\30\34P\32\35 \35\32\xa878!\35\xa758&re\xffe8\xffffVolume\0\16\16hi\x2000(iversal Plug and Play\0\30\xff40\xffff\1\xa4\0\xb0\0\24\0000\0\2\34\1\0\24\17\0\0\xffff7-1-2001\0\0\xff98\xffffRAPIRpc Thread-26DF4D23-B02A-48E8-AB2356AC5CEE426\0\xffffn r'\0\0c\0\0\0\0\xffff\xffff\xffff\xffff3\0@(\0\xffff\xffff\0\0\0\0\26\0 \0\1\0\5\0Fr\x1d73X\xffffDetects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.\0\0\0\0\xfdd8\xffff%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16\0\0\0\0P\xffffBonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.\0\0n \xffd0\xffffSystem Filter Driver\0\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0004\0B7\xffe0\xffff\xe1a0'H(\x2620*@(\x2518*\x2dd8*\xaa18&\xfff0\xffff\32\0f\0\0\0\36\0Boebn D ovre\x3220\x312e0\27\xff00\xffffs\27H(\20\3\0\0\1\xb0\0\0\0\0\24\0\2\x9c\6\0\xdfd5\xfa8d\0\xa00\24?\17\0\0\x300\0\0\x501\0\0\x500\25\0\xf391›\x21c8\xdfd5\xfa8d\0\x501\0\0\x500\25\0\xf391›\x21c8\xdfd5\xfa8d\0\xffe0\xffffv\4\4\xffffv\3\4\x2d28(\xffd8\xffffv\v\4CC055D-047F-11D1-A537-0000F8753ED1}\0niF\xffc8\xffffh\27(\27˜\27 \30\31ˆ\31 \32ion.\0\0\xffffSaves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.\0e\xff88\xffffThis service provides Protexis licensing functionalty.\0A6%\xffd8\xffffv\n*\08)\1\0\1\0DvcDs\0\0\0\xffffn ˜\xf503\0\0ˆ'\0\0\0\0\xffff\xffff\xffff\xffff\1\0p&\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xffffProvides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search.\0\0 ?\xfff0\xffff<,\0,@\1\xffd8\xffff\b\x2d70\r\0\0\0\0\b\x2d70\r\t\0\2\0\27\xffe0\xffffv\6 \0(\3\0\1(AS (\xffd8\xffffp\17€\26\0\0\0\0p\17€\26.\0\2\0\2\xffe0\xffffv\2 \0h(\3\0\1(B((\xffd8\xffff\xebe8\3\5\0\0\0\0\xebe8\3\0052\0\2\0H(\xffe0\xffffv\2 \0(\3\0\1(B(˜(\xffd8\xffff\2\xebe8\3\0\0\0\0\2\xebe8\0033\0\2\0@(\xffd8\xffff\a\t\0\0\0\0\a\t\a\0\2\0et\xfff8\xffff(\xffd8\xffff\x1bc0\vp\17\0\0\0\0\x1bc0\vp\17/\0\2\0X\0\xffd8\xffff\xdbb8\a\x1bc0\v\0\0\0\0\xdbb8\a\x1bc0\v0\0\2\0m-\xffd8\xffff\5\xdbb8\a\0\0\0\0\5\xdbb8\a1\0\2\0h.\xffd8\xffff\xa6a0\4\6\0\0\0\0\xa6a0\4\6\r\0\2\00\30\xfff8\xffff(\xffd8\xffff\xda20\n\17\0\0\0\0\xda20\n\17\v\0\2\0 \30 \xffff{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\0\0\0\xffd0\xffffv\23n\0)\1\0\1\37LctoIfrain\37\xffd8\xffff\6\b\0\0\0\0\6\b\b\0\2\0pd\xfff8\xffffh(\xfff0\xffff8101\0\0\xff70\xffffProvides performance library information from WMI HiPerf providers.\0\0\0 \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0024\0\0\0\xff80\xffffGlobal\_RAPI_EVENT_NAME-E57DBE5E-FF65-4FF3-8FB6A63528E72387\0\30\xffe0\xffffv\6 \08(\3\0\1\31Ac \31\xffd8\xffff\6@\t\0\0\0\0\6@\t\16\0\2\0 \xffe8\xffffv\0 \0p,\1\0\0\0\xfff0\xffff\xe5904\xe5b04\0\24\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0\0\0\0\xffc0\xffffv!\4\0\0\xffff\xffff\xffff\xffff3\0h(\0\xffff\xffff\0\0\0\0\26\0 \0\1\0\5\0Fr\x1d73\xffd8\xffffv\t \0(\3\0\1\xffffU et\xff72\xffff\xffff\xffff\xffd8\xffff\\3h\4\0\0\0\0\\3h\4\1\0\2\0v\6\xffe0\xffffv\b \0`(\3\0\1lU ea\xffd8\xffff\\3\5\0\0\0\0\\3\5\2\0\2\0\1(\xfff8\xffff((\xfff0\xffff\xe5d04\xe5f04\0\0\xff98\xffffRAPIRpc Main-2A1B95EC-7215-4FEE-BCC7DA275F7EDFF\0P\30\xffe0\xffffv\5\4\xffffv\5$\0\xf5d0)\1\0\1(Gope\xffd8\xffffv\nB\0)\1\0\1pDvcDs\0 *\xffffn j\xe3a3 \0\0ˆ(\0\0\0\0\xffff\xffff\xffff\xffff\6\0@( \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030\27\xffd8\xffffv\tN\0h(\1\0\1\27CasUD\27\27\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0\30p\30\xffd8\xffffv\nH\0(\1\0\1\30DvcDs\30P\30\xffffUniversal Plug and Play Device Host\0H\30\xffe0\xffffv\a \0X(\3\0\1(Ac 3\xffd8\xffff\\3h\4\0\0\0\0\\3h\4\23\0\2\0H(\xffe0\xffffv\a \0 (\3\0\1(Ac 2\xffd8\xffff\\3h\4\0\0\0\0\\3h\4\22\0\2\0\30\xffc8\xffff\x3200 x \xa4e0&&\xf128!\x1b78"&&(\xfe40' \xe928 \37hi\xffffv\23F\0p)\1\0\1DLctoIfraini2\xfff0\xffff\xeac04\xeae04\xe545?\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0up\0\xffd8\xffff8 &\xf6d0&\xa7c0%h'(''ˆ%h%\xffd8\xffffv\v.\0\xab70)\1\0\1\30Dslyae@\30\xffc0\xffffDownload or scan your photos\0\0\xffd8\xffffv\n\b\0H(\3\0\1!DieDt!€!\xffe0\xffffv\a\20\0(\e\1\0\1.Srie\xfff8\xffff( \xffffn \xda60\x1dbe\0\0x(\1\0\0\0@(\xffff\xffff\0\0\xffff\xffffH(\xffff\xffff\30\0\0\0\0\0\0\0\0\0\17\0Dre\x2065Bitw \xffffn \x58e\x1cc7\0\0h\1\0\0\08(\xffff\xffff\1\0' \r\xffff\xffff\b\0\0\0\30\0\4\0\0\17\0LGC_PPOT\xffffn j\xe3a3 \0\0h(\0\0\0\0\xffff\xffff\xffff\xffff\6\0\xa8e8! \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030\27\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0\30p\30\xffd0\xffff@\34\xf348\34h\36\xf868\36\x2108\37\37P\37 \xfe58!h&8)\xfff0\xffffBELIZE\xffd8\xffffv\n\0p)\a\0\1\0HrwrIo\0\0\xffffRemote Access Auto Connection Driver\0\0\xfff0\xffffBENIN\1\xffd8\xffffv\nl\0)\a\0\1\0HrwrI\0\xea60\0\xfff0\xffffl\1((\x2140&\xfff0\xffffl\1h(\xe2d0\xe465\xffe0\xffffv\5N\0`*\1\0\1\0CSD\0\xffd8\xffffs\6\t\0\0\0\0s\6\t%\0\2\0 (\xffe0\xffffv\3 \0(\3\0\1(R3H(\xffd8\xffff\xa6a0\4s\6\0\0\0\0\xa6a0\4s\6&\0\2\0(\xffe0\xffffv\3 \0`(\3\0\1(R4@(\xffd8\xffff\tG\r\0\0\0\0\tG\r$\0\2\0\30\xffd8\xffff:\3\xa6a0\4\0\0\0\0:\3\xa6a0\4'\0\2\0 (\xffe0\xffffv\4 \0(\3\0\1(S\x3041H(\xffd8\xffff`\r†\23\0\0\0\0`\r†\23(\0\2\0(\xffe0\xffffv\4 \0(\3\0\1(SA@(\xffd8\xffff\t`\r\0\0\0\0\t`\r)\0\2\0(\xffe0\xffffv\4 \08(\3\0\1(S\x3241 (\xffd8\xffff\xdd00\6\t\0\0\0\0\xdd00\6\t*\0\2\0˜(\xffe0\xffffv\4 \0€(\3\0\1(S\x3341(\xffd8\xffff\xe1e1\4\xdd00\6\0\0\0\0\xe1e1\4\xdd00\6+\0\2\0p(\xffe0\xffffv\4 \0(\3\0\1(SAˆ(\xffd8\xffff\3\xe1e1\4\0\0\0\0\3\xe1e1\4,\0\2\0(\xffffn \xefc2\x1dbd\0\0\x2b18(\1\0\0\0 (\xffff\xffff\0\0\xffff\xffffH(\xffff\xffff\f\0\0\0\0\0\0\0\0\0\5\0Lcs(\xff98\xffffs(\20\x2b88(*\0L\0\1\24\0000\0\0\0\0\0\x501\0\0\x500\25\0\xf391›\x21c8\xdfd5\xfa8d\0\x501\0\0\x500\25\0\xf391›\x21c8\xdfd5\xfa8d\0(\xffd8\xffff\v0\20\0\0\0\0\v0\20\21\0\2\0 \27\xffe8\xffffMicrosoft\0\xffe0\xffffv\6 \0p(\3\0\1(Ac (\xffffn \xee29\0\0 (\0\0\0\0\xffff\xffff\xffff\xffff\6\0! \r\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030iu\xffd8\xffff\3\xa6a0\4\0\0\0\0\3\xa6a0\4\f\0\2\0\30\xffe8\xffffavg8wd\0\0\0\0\xffffn \xda60\x1dbe\0\0(\2\0\0\0\37\xffff\xffff\0\0\xffff\xffffH(\xffff\xffff,\0\0\0\0\0\0\0\0\0\6\0DCC\27\xffffn \xefc2\x1dbd\0\0(\1\0\0\0`(\xffff\xffff\0\0\xffff\xffffH(\xffff\xffff\20\0\0\0\0\0\0\0\1\0\b\0DCM~\xffe0\xffffv\a\4-\0\2\0&\b\0( \xffffn \x29fb\x1cc3\0\0\20\1\0\0\0x(\xffff\xffff\n\0(\0\xffff"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aspi32\Parameters]
"~AS_ExcludeMiniports"="\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebPost\Providers]
"~AS_PostInfoRequired"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebPost\Providers\{02b5e1d1-8b7c-11d0-ad45-00aa00a219aa}]
"~AS_Logging"="No\0"
"~AS_Path"="C:\WINDOWS\system32\FTPWPP.DLL\0"
"~AS_PostInfoRequired"=dword:00000000
"~AS_Priority"=dword:00000010
"~AS_Provider"="FTP\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebPost\Providers\{2C93FE81-E03A-11cf-832F-00A0C90A43A8}]
"~AS_Path"="fpwpp.dll\0"
"~AS_Provider"="FrontPage Extended Web\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebPost\Providers\{2C93FE81-E03A-11cf-832F-00A0C90A43A8}\PostInfo\File]
"~AS_/postinfo.html"="\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebPost\Providers\{8B14B770-748C-11D0-A309-00C04FD7CFC5}]
"~AS_Path"="C:\WINDOWS\system32\POSTWPP.DLL\0"
"~AS_Priority"=dword:00000030
"~AS_Provider"="HTTP Post\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebPost\Providers\{FFCF1E40-7978-11D0-B1C9-00AA006DCDF4}]
"~AS_FullLogging"="No\0"
"~AS_Path"="C:\WINDOWS\system32\CRSWPP.DLL\0"
"~AS_PostInfoRequired"=dword:00000000
"~AS_Priority"=dword:00000020
"~AS_Provider"="Microsoft Content Replication System\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Print\Environments\Windows NT x86\Drivers\Version-2]
"~AS_Directory"="2\0"
"~AS_MajorVersion"=dword:00000002
"~AS_MinorVersion"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Print\Environments\Windows NT x86\Drivers\Version-2\Amyuni Document Converter 2.10]
"~AS_Configuration File"="acpdfui210.dll\0"
"~AS_Data File"="acfpdf.txt\0"
"~AS_Datatype"="\0"
"~AS_Dependent Files"=str(7):"\0"
"~AS_Driver"="acpdf210.dll\0"
"~AS_HardwareID"="\0"
"~AS_Help File"="\0"
"~AS_Manufacturer"="\0"
"~AS_Monitor"="\0"
"~AS_OEM URL"="\0"
"~AS_Previous Names"=str(7):"\0"
"~AS_Provider"="\0"
"~AS_TempDir"=dword:00000000
"~AS_Version"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\WebPost\Providers]
"~AS_{2C93FE81-E03A-11cf-832F-00A0C90A43A8}"="\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AFS2K]
"~AS_BuildID"="3.1.17.14(981)\0"
"~AS_DisplayName"="AFS2k\0"
"~AS_DriverMainControl"=dword:00000000
"~AS_ErrorControl"=dword:00000001
"~AS_Group"="SCSI CDROM Class\0"
"~AS_Start"=dword:00000001
"~AS_Tag"=dword:00000001
"~AS_Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AFS2K\0-0-0]
"~AS_AFS_Enabled"=dword:00000000
"~AS_ProductID"="DVD-ROM DDU1621 \0"
"~AS_ProductRevisionLevel"="S3.5\0"
"~AS_TUR_Blocked"=dword:00000000
"~AS_VendorID"="SONY \0"
"~AS_VendorSpecific"="\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AFS2K\Enum]
"~AS_0"="IDE\CdRomSONY_DVD-ROM_DDU1621____________________S3.5____\3031303030303030303030303030303030303130\0"
"~AS_Count"=dword:00000001
"~AS_NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\APPSTREAM\Parameters\Drivers]
"RH_ExcludedKeyList"=str(7):"d\2\34l\0\xfff0\xffff v v6\x3087\xffd8\xffffv\20\2e\0\30\30\xffe8\xffffl\2P\34\xea98\xd888\34\xe2d0\xe465\xffd8\xffffv\20\45, 1, 0, 82Y\L\xffd0\xffffv\26V\0(\34\1\0\1 R_nokdrcsLs! \xffffREGEDIT.EXE,REGEDT32.EXE,APPMGRSERVICE.EXE\0!\x2040!\xffd8\xffffv\16\4R_urnVrin\0\0\0\xffd0\xffffv\23\26\0\xd838\34\1\0\1\0VP_urnVrin'\xffe0\xffff5, 1, 0, 82\0X'\xffd0\xffff\34\34@\34p\34\34\34\34ˆ\34\xd7d8\34\xd808\34u0\xffffn \xe142\x1363\0\0\xef08\34\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd7d0\34\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0L\0\0\xe330\37\1\0\0\0\xdbb8\34\xffff\xffff\n\0h{\0\xffff\xffff\22\0\0\0\36\0:\0\35\0\a\0Ap34\xffe0\xffffv\5\4v\t:\0@\34\2\0\1sIaeahrro\xffe8\xffffASCTRM\0\0\0\0\xffe0\xffffLocalSystem\0am\xffd8\xffffv\v2\0<\1\0\1\0Dsrpin\0\0\xffe0\xffffv\4\4\xffffv\5\4\xffe8\xffffASCTRM\0\0ie\xffe0\xffffv\4\4\0000\0\2\34\1\0\24\17\0\0\0\xffff\xffff\26\0\0\0\30\0J\0\36\0\3\0ac\0\0\xffd8\xffffv\f\4\xea98\xfff8\xffff\34\xffe0\xffffv\4\4\34\1\0\1-Dslyae\xf2f0- \xffffn \x220eD\xe945\0\0\xdda0\34\1\0\0\0h\35\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\32\0\0\0\0\0\0\0\0\0\n\0Prmtr\0\0\0\xfff8\xffff\34hi\xe000\34Mobile Device Support\bin\AppleMobileDeviceService.exe"\0\4\xfff8\xffff\xe890\34\xfff0\xffff\xe790\34\xe808\34\xe5c0\34\xfff0\xffffhdc\0\0\0\xffe0\xffffv\4\4\2\0\1 Iaeah\08%\b\0`\34\xffe0\xffffv\b\xa8\0\xe3b8\34\3\0\1\4Scrt\xffe0\xffffv\5\4\1\0\1&Dslyae(&\xffd0\xffffApple Mobile Device\0\xffe8\xffffTcpip\0\0\0\0\0\xffd8\xffffv\v.\0\xe128\34\1\0\1Dslyae4„\xffd8\xffffv\f\4m\0\0\0\xfff0\xffffatapi\0\xffffn F6\0\0\x2f80\35\0\0\0\0\xffff\xffff\xffff\xffff\1\0\34\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0 \0\x220\0\0\24\2\0\0\x500\v\0\0\30\2\0\0\x500 \0#\0\0\0\x500\22\0\0\0\x500\22\0&\xffffn \x321aL\0\0\xe330\37\2\0\0\0\xe980\34\xffff\xffff\a\0\x1800\35\0\xffff\xffff\26\0\0\0\30\0\x9a\0\32\0\a\0Apgt\xffe0\xffffLocalSystem\0\0\0\xffe0\xffffv\5\n\0\xeb88\34\1\0\1pGope\xff60\xffffProvides software installation services such as Assign, Publish, and Remove.\0\0\xffd8\xffffv\t\\0{\2\0\1\0Iaeah\0\0\0\xffe8\xffffAPPSTREAM\0\xffd8\xffffv\f\4Tp\0\0\xffe8\xfffffilter\0\0'\xffd8\xffffv\v2\0\xed68\34\1\0\1SDslyae\0S\b\0ro\xfff8\xffff\xebf8\34\xfff0\xffffl\1\xee00\34\xe2d0\xe465 \xffff%SystemRoot%\system32\svchost.exe -k netsvcs\0\0\xffe0\xffffv\4\4\4\0\1\0Sat\0\b\0x\30 \xffffn \x220eD\xe945\0\0\xe468\34\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xe0e8\34\0\xffff\xffff\0\0\0\0,\0F\0\0\0\n\0Prmtr\0\0\0\xffd8\xffffv\nF\0\xe7b8\34\2\0\1\0Sriel\0\0\0\xffff%SystemRoot%\System32\appmgmts.dll\0\0\0\0\xffd0\xffffv\26\4\0\0 \xffffn \x321aL\0\0\xe330\37\1\0\0\0\xe678\34\xffff\xffff\t\0x"\0\xffff\xffff\20\0\0\0\36\0 \0\e\0\r\0ApgSri\x2665 \xfff0\xffffhdc\0\0\0\xffe0\xffffv\5\4\xffd8\xffffv\r\4ication Manager\0\xffd8\xffffv\17<\0 \35\a\0\1\30DpnOSrie\xfff0\xffffNDIS\0003\xffd8\xffffv\r\2tream\WindowsClient\bin\AppMgrService.exe"\0p\xffd8\xffffv\v<\0\xeb20\34\1\0\1\30Dslyae˜\30\xffe0\xffffv\4\41394 ARP Client Protocol\0b\xffd8\xffffv\tD\0|\2\0\1?IaeahOCU\xffd8\xffffv\168\0\x1060<\1\0\1>Rlaeeso>\xfff0\xffffdmio\0\0\xffffn v\x1363\0\0\xe998\34\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe670\34\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0\a\0\xea28\34\0\xffff\xffff\24\0\0\0\30\0\\0\34\0\t\0APTEMlic\xffe0\xffffv\5\16\0\xda98\34\1\0\1vGopn\xfff8\xffff\xdb50\34\xffe8\xffffSystem\0\22\24\xfff0\xffffAFD\0\0\0\xffd8\xffffv\v\24\0\xe5c8\34\1\0\1 Dslyaex\30\xffe0\xffffv\4\4p\hi\xf000\34\xffffIntel® 82801G (ICH7 Family) PCI Express Root Port - 27D0\0\0\0\0\xffe0\xffffv\a\20\0\30\1\0\1\0Srie\xffd8\xffffv\f\4v\a\f\0\25\1\0\0014Srie\xffd0\xffffLogical Disk Manager\0\0\xffe0\xffffv\5\4UBSYS_01BD1028\0PCI\VEN_8086&DEV_27CA&CC_0C0300\0PCI\VEN_8086&DEV_27CA&CC_0C03\0\0\xffd8\xffffv\17\16\0\x9fc8\35\a\0\1\0DpnOSrie\xffffPCI\VEN_8086&DEV_27CB&SUBSYS_01BD1028&REV_01\0PCI\VEN_8086&DEV_27CB&SUBSYS_01BD1028\0PCI\VEN_8086&DEV_27CB&CC_0C0300\0PCI\VEN_8086&DEV_27CB&CC_0C03\0\0P\xffffPCI\VEN_8086&CC_060400\0PCI\VEN_8086&CC_0604\0PCI\VEN_8086\0PCI\CC_060400\0PCI\CC_0604\0\0\b\0\xffe0\xffffv\a$\0\35\1\0\1\0Srie \xffff{36FC9E60-C465-11CF-8056-444553540000}\0012\0\0\0\xffd8\xffffv\nV\0p\36\a\0\1lHrwrI\0l\0\xffe0\xffffv\4\427C9\0PCI\VEN_8086&CC_0C0300\0PCI\VEN_8086&CC_0C03\0PCI\VEN_8086\0PCI\CC_0C0300\0PCI\CC_0C03\0\0\0\0\0\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0002™\xf66b\xffe0\xffffLegacyDriver\0\0\xffe8\xffffusbhub\0\0\0\0\xffe0\xffffv\5\n\0\31\1\0\1\0Gop\0\xffd8\xffffv\n\36\0\xfe00\34\1\0\1\0DvcDs\0\0\0\xffe0\xffffv\5\b\0\30\1\0\1\0Cas\0\xffd8\xffffv\f\4N_8086&CC_0C03\0PCI\VEN_8086\0PCI\CC_0C0300\0PCI\CC_0C03\0\0\0\0\0\xffe8\xffffusbccgp\0 !\xffe0\xffffv\4\4\0\xffe0\xffffv\5\16\0\x2ea0\34\1\0\1\0Cas\0\xffd8\xffffv\n\36\0\35\a\0\0015HrwrI\0\x2608\23\xffd8\xffffv\v&\0\xeb58\35\1\0\1\3Dslyae\0\0\xffffPCI\VEN_8086&DEV_27CC&SUBSYS_01BD1028&REV_01\0PCI\VEN_8086&DEV_27CC&SUBSYS_01BD1028\0PCI\VEN_8086&DEV_27CC&CC_0C0320\0PCI\VEN_8086&DEV_27CC&CC_0C03\0\0\xffd8\xffffVolume Manager\0\0\0\0\xffd8\xffffv\th\0\x2650\37\2\0\1\0Iaeahce \xffd8\xffffv\f\46E97D-E325-11CE-BFC1-08002BE10318}\0006\0C:\xffd8\xffffv\n \0\35\a\0\1\0HrwrIMli\xffe0\xffff˜\32\xddd8\32\xe78\35\x32a0\35€ ` s\0\xffe8\xffffusbccgp\0S\0\xffe8\xffffRpcSs\0\0\0\0\0\xffe0\xffffv\5\f\0H\30\1\0\1\0Cas\0\xffe0\xffffv\4\4\0\xfff0\xffff(\37h'\xdab0\36\xfff0\xffffl\1L\xe918H\xfff0\xffff\0\0\0\0RNhi\0\35Fas$\0\xffd8\xffffv\n\xa0\0@\36\a\0\1\0HrwrI\0\0\0\xff90\xffffMicrosoft UAA Bus Driver for High Definition Audio\0\0\1\0Mg\0\0\xffe0\xffffv\5\b\0\31\1\0\1\0Cas\0\xffd8\xffffv\n\xac\0\36\a\0\1\0HrwrI\0\0\0\xffffPCI\VEN_8086&DEV_27CC&REV_01\0PCI\VEN_8086&DEV_27CC\0PCI\VEN_8086&CC_0C0320\0PCI\VEN_8086&CC_0C03\0PCI\VEN_8086\0PCI\CC_0C0320\0PCI\CC_0C03\0\0\0\0\0p\xffffPCI\VEN_8086&DEV_27D0&SUBSYS_00000000&REV_01\0PCI\VEN_8086&DEV_27D0&SUBSYS_00000000\0PCI\VEN_8086&DEV_27D0&REV_01\0PCI\VEN_8086&DEV_27D0\0PCI\VEN_8086&DEV_27D0&CC_060400\0PCI\VEN_8086&DEV_27D0&CC_0604\0\0\0\xffe0\xffffv\6\4\xffffv\f\4\0\xffe0\xffffv\6\4\xffffv\5\16\0\32\1\0\1\0Gop\0\xffe0\xffffv\5\4\4\0\1\0Tp\0\0\xffd8\xffffv\v\4\0h\35\1\0\1CSrie\xffd8\xffffv\f\4CasUD\0\0\0\xffd8\xffffV1394\NIC1394\0\0ern\xffe0\xffffv\4\4v\n\34\0\35\a\0\1\0HrwrI\0\0\0\xffe0\xffffv\5\f\0\30\1\0\1BCasB\xffd8\xffffv\20\4v\a\20\0\x2920\34\1\0\1lSrie\xffe8\xffffNIC1394\0006E\xffe8\xffffParVdm\0\0\0\0\xffd8\xffffv\n \027CA\0PCI\VEN_8086&CC_0C0300\0PCI\VEN_8086&CC_0C03\0PCI\VEN_8086\0PCI\CC_0C0300\0PCI\CC_0C03\0\0\0\0\0\xffe0\xffffv\6\4SI_SVC_2\0\xffe0\xffffp\34\xe00\35ˆ\35\35 \xe4f0 s\0\xffe0\xffffLegacyDriver\0y\xffd8\xffffv\v\4\4\xffffMRxDAV\0\0\22hi\37\1\0\0\0`\35\xffff\xffff\a\0h\35\0\xffff\xffff\26\0\0\0\30\0R\0\17\0\a\0ac8x\xffd8\xffffv\f\4\xffffv\3\4\35\1\0\0014Dslyae\a \xffffn \x220eD\xe945\0\0 \35\1\0\0\0\x1390\35\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\32\0\0\0\0\0\0\0\0\0\n\0Prmtr\0\0\0 \xffffn \x220eD\xe945\0\0\35\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xa80\35\0\xffff\xffff\0\0\0\0\2\0\4\0\0\0\f\0Ppnefc\0\0\xffe0\xffffv\1\4\0\4\0\1\0Tp\0\0\xfff0\xffff\x18f8\35\x1920\35H\35\xfff0\xffffAFD\0\0\0\xff98\xffff%SystemRoot%\system32\svchost.exe -k LocalService\0\xffd8\xffffv\r\2\xffffALG\0\0m\xffd8\xffffv\f\4v\v\0\35\1\0\1\0Dsrpin\0\0\xffd8\xffffv\td\0X\35\2\0\1\0Iaeah\0\0\0\xffd8\xffffv\v\20\0\35\1\0\1\0Dslyae\0\0\xffd8\xffffv\17&\0 <\a\0\1\0DpnOSrie\xffe0\xffff\35\35\x1b58\35\x1c38\35\x1ce8\35\x1d50\35\x1d78\35\xffe8\xffffAlerter\0\0\0\xff20\xffffProvides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.\0\0\0\0\xffff\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS\098\xffe0\xffff\xe218\34\xe2b0\34\xe5e0\34\xe300\34\xe328\34\x1cb0\35\xe608\34\xffc0\xffffVSPD\0REGHOOK\0APPSTREAM\0RPCSS\0\0\b\0\x2260!\xffd8\xffffv\n\x86\0\xee08*\1\0\1\0DvcDs\0\0\0\b\0\x1c90\35 \xffffn \x220eD\xe945\0\0 \35\0\0\0\0\xffff\xffff\xffff\xffff\2\08\35\0\xffff\xffff\0\0\0\0\24\0B\0\0\0\n\0Prmtr\0\0\0\xffd8\xffffv\n\2\a\0\1\0Aetae\0\0\0\xffd8\xffffv\nB\0\x1948\35\2\0\1\0Sriel\0\0\0\xffff%SystemRoot%\system32\alrsvc.dll\0\0\xffffn \x220eD\xe945\0\0 \35\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xb58\35N\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0\37\1\0\0\0\35\xffff\xffff\a\0\35\0\xffff\xffff\22\0\0\0\30\0\0\21\0\3\0AG\0\0\xfff0\xffffBeep\0\0\xffd8\xffffv\f\4\30\0€\35\1\0\1\30OjcNm!\x2260!\xfff0\xffff}}v\4\4v\n4\0{\1\0\1\0OjcNm\0\0\0\xffd8\xffffv\v\22\0\34\1\0\1-Dslyae1D\b\0001D\xffe8\xffffintelppm\0\0 \xffffn \x220eD\xe945\0\0\xdf98\34\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x2ff8\35\0\xffff\xffff\0\0\0\0\2\0\4\0\0\0\f\0Ppnefc\0\0\xffe0\xffffv\1\4\4\0\1\0005\0\0\0\xfff0\xffffl\1\x1de8\35\xffd8\xffffv\f\4\xffffv\b\xa8\08\35\3\0\1\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0\0\0\xe330\37\0\0\0\0\xffff\xffff\xffff\xffff\a\0\x21b0\35\0\xffff\xffff\b\0\0\0\30\0P\0\26\0\6\0Aid\0\xffd8\xffffv\f\4\0Sat\0\xffe0\xffffv\3\4\35\x2068\35\x20b8\35\x20d8\35\350\35\x21d0\35\xffd8\xffffv\v\16\0\x1c78\35\1\0\0014Dslyae\c\xffffn \x220eD\xe945\0\0\xe330\37\1\0\0\0\x2100\35\xffff\xffff\a\0\x23c8\35\0\xffff\xffff\22\0\0\0\30\0T\0\27\0\b\0ai14\xffe0\xffffv\4\4\xffe0\xffffv\5\4.sys\0\xffd8\xffffv\v&\0\x2398\35\1\0\1Dslyae \xffd0\xffffALI AGP Bus Filter\0000…\xffe0\xffff\x2250\35\x2270\35\x2290\35\x22b8\35\x22f0\35\x2370\35\x23e8\35\xffe0\xffffv\5\26\0\x2408\35\1\0\1†Gop†\xffe0\xffffPnP Filter\0000L\xa9a9\xffffn \x220eD\xe945\0\0\x21f8\35\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x20f8\35N\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xffe0\xffffv\b\xa8\0\x24a0\35\3\0\1\x2420ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0\17\0\0\x500 \0\x220\0\0\24\2\0\0\x500\v\0\0\30\2\0\0\x500 \0#\0\0\0\x500\22\0\0\0\x500\22\0\0\0\xffffn \x220eD\xe945\0\0\xe330\37\2\0\0\0\x29a0\35\xffff\xffff\a\0\x2728\35\xe678M\xffff\xffff\26\0\0\0\30\0P\0\30\0\6\0adg\0\xffe0\xffffv\4\4system32\DRIVERS\amdagp.sys\0A5\xffd8\xffffv\v4\0\x26f0\35\1\0\1\0Dslyae\0\0\xffc8\xffffAMD AGP Bus Filter Driver\0\xffe0\xffff\x25a8\35\x25c8\35\x25e8\35\x2610\35\x2648\35\x26c8\35\x2748\35\xffe0\xffffv\5\26\0\x2768\35\1\0\1\0Gop\0\xffe0\xffffPnP Filter\0\0\0\0 \xffffn \x220eD\xe945\0\0\x2550\35\0\0\0\0\xffff\xffff\xffff\xffff\3\0\x2828\35\xe678M\xffff\xffff\0\0\0\0\20\0\b\0\0\0\n\0Prmtr\0\0\0\xffe0\xffffv\b\b\0\x22d8\35\3\0\1c\x3031D\x30302\xffe0\xffffv\b\b\0\x2630\35\3\0\1\0\x3031202\xfff0\xffff\x27e8\35\x2808\35\x2838\35\xffe0\xffffv\b\b\0\x2858\35\3\0\1\0\x3335\x33338\x3232\xfff0\xffff\0\20\xf88e\xa583\0\0\xfff0\xffffl\1\x2bb8\35\xea98\xffffn \x220eD\xe945\0\0\x2550\35\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x22e8\35N\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0Scrt\xffe0\xffffv\b\xa8\0\x28f0\35\3\0\1\0ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0\0\0\x500\22\0\0\0\xffe8\xffffl\2\x2788\35\xea98\x2878\35\xe2d0\xe465\xffffn \x220eD\xe945\0\0\xe330\37\1\0\0\0\x2868\35\xffff\xffff\a\0\x2b70\35\0\xffff\xffff\26\0\0\0\30\0P\0\31\0\6\0asn\0\xffd8\xffffv\f\4\34\0\x2a58\35\1\0\1\0Gop\0\xffe0\xffffSCSI miniport\0\xffe0\xffffv\5\4system32\DRIVERS\amsint.sys\0\x2140&\xffe0\xffff\x2a10\35\x2a38\35\x2a78\35\x2a98\35\x2ad0\35\x2af0\35\x2b90\35\xffd8\xffffv\v\16\0\x2ab8\35\1\0\0014Dslyae\q \xffffn \x220eD\xe945\0\0\x29b8\35\1\0\0\0\x2c98\35\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\32\0\0\0\0\0\0\0\0\0\n\0Prmtr\0\0\0 \xffffn \x220eD\xe945\0\0\x2bb8\35\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x2640\35\0\xffff\xffff\0\0\0\0\2\0\4\0\0\0\f\0Ppnefc\0\0\xffe0\xffffv\1\4\0\0\xe330\37\1\0\0\0\x2d48\35\xffff\xffff\5\0\x1cd0\35\0\xffff\xffff\22\0\0\0\30\0P\0\32\0\6\0APRo\xffe0\xffffv\4\4\0\1-Erroto1D\xffe8\xffffFltMgr\0\0\x2140&\xffd8\xffffv\17\16\0\xe298\34\a\0\1DpnOSrie\xffe8\xffffaswRdr\0;\xe088;\xfff0\xffffcdfs\0\f\xfff0\xffffBase\0}\xffe0\xffffv\4\4;\xffffn š\0\0\x2ca8\35\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x2d20\35\xd908!\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xffe0\xffffv\b\xa8\0\x2ed0\35\3\0\18ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24\17\0\0\0\0\30\17\0\0\x500 \0\x220\0\0\24\2\0\0\x500\v\0\0\30\2\0\0\x500 \0#\0\0\0\x500\22\0\0\0\x500\22\0\1}\xff98\xffffn \x321aL\0\0\xe330\37\1\0\0\0\x2fe8\35\xffff\xffff\n\0X{\0\xffff\xffff\20\0\0\0\36\0\0\e\0\23\0Ap\x2065Mbl eiev\4\xfff0\xffffl\1\xe360\34\xe2d0\xe465\xfff8\xffffH\35hi\x3000\35"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Aspi32\Parameters]
"~AS_ExcludeMiniports"="\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WebPost\Providers]
"~AS_PostInfoRequired"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WebPost\Providers\{02b5e1d1-8b7c-11d0-ad45-00aa00a219aa}]
"~AS_Logging"="No\0"
"~AS_Path"="C:\WINDOWS\system32\FTPWPP.DLL\0"
"~AS_PostInfoRequired"=dword:00000000
"~AS_Priority"=dword:00000010
"~AS_Provider"="FTP\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WebPost\Providers\{2C93FE81-E03A-11cf-832F-00A0C90A43A8}]
"~AS_Path"="fpwpp.dll\0"
"~AS_Provider"="FrontPage Extended Web\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WebPost\Providers\{2C93FE81-E03A-11cf-832F-00A0C90A43A8}\PostInfo\File]
"~AS_/postinfo.html"="\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WebPost\Providers\{8B14B770-748C-11D0-A309-00C04FD7CFC5}]
"~AS_Path"="C:\WINDOWS\system32\POSTWPP.DLL\0"
"~AS_Priority"=dword:00000030
"~AS_Provider"="HTTP Post\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WebPost\Providers\{FFCF1E40-7978-11D0-B1C9-00AA006DCDF4}]
"~AS_FullLogging"="No\0"
"~AS_Path"="C:\WINDOWS\system32\CRSWPP.DLL\0"
"~AS_PostInfoRequired"=dword:00000000
"~AS_Priority"=dword:00000020
"~AS_Provider"="Microsoft Content Replication System\0"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"~AS_"="\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\adbook.exe]
"~AS_"="C:\Program Files\Common Files\Broderbund\UMM\adbook.exe\0"
"~AS_Path"="C:\Program Files\Common Files\Broderbund\UMM\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\calcreat.exe]
"~AS_"="C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\calcreat.exe\0"
"~AS_Path"="C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crdmind.exe]
"~AS_"="C:\Program Files\Common Files\Broderbund\UMM\crdmind.exe\0"
"~AS_Path"="C:\Program Files\Common Files\Broderbund\UMM\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PMW.exe]
"~AS_"="C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\PMW.exe\0"
"~AS_Path"="C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"~AS_Common AppData"="C:\Documents and Settings\All Users\Application Data"
"~AS_Common Documents"="C:\Documents and Settings\All Users\Documents"
"~AS_Common Desktop"="C:\Documents and Settings\All Users\Desktop"
"~AS_CommonPictures"="C:\Documents and Settings\All Users\Documents\My Pictures"
"~AS_CommonMusic"="C:\Documents and Settings\All Users\Documents\My Music"
"~AS_CommonVideo"="C:\Documents and Settings\All Users\Documents\My Videos"
"~AS_Common Start Menu"="C:\Documents and Settings\All Users\Start Menu"
"~AS_Common Programs"="C:\Documents and Settings\All Users\Start Menu\Programs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"~AS_C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop 22\"="\0"
"~AS_C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop 22\Documents\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Core Fonts\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Animals\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Effects\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\Blues\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\Classical\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\Contemporary\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\Guitar\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\Jazz\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\Latin\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\Misc\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Music\Rock\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Nature\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\Objects\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Sounds\People\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\Media\Video\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\SharedAppFiles\"="\0"
"~AS_C:\Program Files\Common Files\Broderbund\UMM\"="\0"
"~AS_C:\Program Files\Common Files\InstallShield\Driver\"="1\0"
"~AS_C:\Program Files\Common Files\InstallShield\Driver\8\"="1\0"
"~AS_C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\"="1\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\Announcements\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\Birthday\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\Christmas\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\Congratulations\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\Easter\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\Invitations\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\Romance\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\Thanksgiving\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\ThankYou\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\AG\ValentinesDay\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Collections\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Components\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Content\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Adding Fun Photo Elements\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Adding Sound or Video to a Card Project\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Adjusting Brightness & Focus\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Adjusting Colors\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Arranging Objects Using Layers\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Creating a Collage\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Creating a Photo Album\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\creating greeting card from QSL\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\creating greeting card from scratch\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Creative Cropping\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Custom Paper Wizard\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Designing Professional Layouts\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Finish Project Wizard\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Fixing Red Eye & Pet Eye\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Formatting Text\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Getting Started\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Hot Shots Viewer\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Importing Graphics\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Importing Projects\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Palm\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Tips for Scanning\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Touring the Design Desk\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Address Book\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Animated Greetings\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Area Effects\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Art and Design Elements\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Artistic Stamps\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Brush Effects\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Color Sets\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Color to Create Mood\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Custom Graphics\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Drawing Tools\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Drop Shadows\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Guides\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Panel Effects\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Personal Info\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Photo Effects\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Photo Workshop\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Quick Fix Effects\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using Text Effects\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using the Art Gallery\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using the Card Converter\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using the Color Wheel\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Using the Repair Tool\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Working with Grouped Objects\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Dswmedia\Working with Headlines\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Ereg\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\JournalShapes\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\PDFDriver\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\SHARED\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Sounds\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Support\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Architecture\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Babies\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Blank\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Events\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Floral\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Fruit\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Animals\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Architecture\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Babies\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Birds\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Floral\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Flowers\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Food\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Fruit\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\JapanesePrints\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Landscapes 2\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Landscapes\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\SPORTS\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Underwater Life\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Water Sports\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\Wildlife Babies\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Image Sets\WorldLandmarks\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Japanese\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Landscape\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\Sports\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Template\World Landmarks\"="\0"
"~AS_C:\AppStreamCache\FltRoot\2636804348\PROGRAM FILES\The Print Shop 22\Viewer\"="\0"
"~AS_C:\WINDOWS\Installer\{E34351A4-4B10-4DFF-96BC-84C642D9C625}\"="\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CA9EDDDDA7E24724E8E8D350DF6237AE]
"~AS_4A15343E01B4FFD469CB486C249D6C52"="\0"



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119210000000000000000F01FEC\Usage]
"~AS_OUTLOOKFiles"=dword:393103d8
"~AS_WORDFiles"=dword:395b019b
"~AS_PPTFiles"=dword:393d00ee

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\40862B64B96555346987D0FDA6CDBFF0\Usage]
"~AS_F_Program_Executables"=dword:39480034

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A15343E01B4FFD469CB486C249D6C52\Features]
"~AS_ACDPhotoEditor"="I9Cc1r=Fq9t}91RQLF!d}vpfx3JqM?)^K*kot-Jf77^3e}GlAA0AbtRR'm8Em*=?wpq`KAMkofJS$sF=Nd_O&iTmJ=?fl8wK,ScL!ERRHnnf)@w6e8uJHS[p+JPg(a~Ok93eba1yts?X\0"
"~AS_AnimatedGreetings"="VRoL5Dq'Y@!tSY5TRWCx)qRMFkzxaAB?'mO]V_mcJPKDWs}C[83t@t*3yn)'u?p]Ek=5a88x5Z,xeoVPAUCTrgFVs@l=wMJ@86JTai*~o7([T9dBtu$,uso39Jt@F-V1[@Cdqdf7vWt^ihY9NNrjI@SA]OGMt=_]ZRb@rS78g@=e{_lx*.*HUnyh3asq_8+OyGct]WgugsA8eN%oH?WRFMe4@n95\0"
"~AS_ArtDisc1"="?f%)7ZI?MAt~{vq=S[{d\2Content\0"
"~AS_ArtDisc2"="Lqk$wiF^R=1rI@LwYG]I\2Content\0"
"~AS_CalendarCreator"="kI^S2.UXB?PmhTU6Cps@^b0Mnx[%HA$nkV3C=EFGDh6FOoaYe=4!'i+e,m`+iB3DI$L2DAt-h4X7eafMETmUZM_,z@HCr+5V]_12,p}]+bA@c=UQi]od@vj@PLMXgWxW.ACxa3j3PT%&MY}UxcLus?[)@tP@R??Ch8D3Wp*lK9~a37L+s'`MhqNRl@QhP?*koypUY@Kyrwub2kkOs9M^CFc~!.=Vmu7]UzAr5Ax0mm,4=H,Zyz4'$E^c+?Y1P'WH~tmk^dU1]=hXP9j_n0EZRm89s.w4`gnp.=xQe^faVa3kxU?1S2nKa@4~5RmX]8jBt&KaLH)x0A}2*H6*viMV82OUc4a$n@QXaOwuL38zr&5Yni29=?Hk5f,,Id5179&yEiW9_@AGP4rCC&T@H?wT=.]8R@7Kmlt$M9^4%z-N*$sI+@=Hi~8297Px@RCQC~EG[8=4q7Z{zybm,24HOKXoj8~vme!{=$N[mtz`^_7a89^~v!GI7ke6Zr5g2]_G%9yP~-1-)O'ew1SlxZ9N+9@f-Cm{?3ZmSp9Ez1yWSAfMEZ3jE8,vP{ggVGNtK?xy60aUg=F7JObI^e4ld9Q.`_+JmmZE$%_Z?=,YdArIlaxbI6x%pID$Nj,oX8Ek_Q^b]i2.S0mxCFEEg8Q?4*qx*7ECUauv*yW`5=,Fip5bzS=I\0"
"~AS_CDBurning"="Nf-WR2!-09__7RG]P1]L,lKbC*$,X@=Ceg?'a-pjJ%a.DEa8$@AeK[rPPRb?bkMw7nU6B@cV.~jI{y`WlB55sWgBf=35[[[1H6xD^KFk$$tHo9^`RnBuWo3d}MmUaDsa`?a+EJIK+IXBQ[VgX^o}+A`WW%hraGEaW8`i.x0%m8VHPgrYeq^t&S$VTLOwN@i]1[U7$)pf4Xp))~&~1=-*@qNt{cQ0L2q%ZWiB1AK)jNd9FvTioCbpxAnQ@?t'lg'D+8ucU.z3yjUiC@[2jVqV8NI6nST$tBt?^=uotyQv`_Lg\0"
"~AS_Content"="\0"
"~AS_DeluxeFonts"="d\3\xffe0\xff10\xffd8\xffffv\f<\08\1\0\1\0~SAtic\0\0\xffc0\xffff?f%)7ZI?MAt~{vq=S[{d\2Content\0\0\xffd8\xffffv\f<\0 \1\0\1\0~SAti\x3263\0\0\xffc0\xffffLqk$wiF^R=1rI@LwYG]I\2Content\0\0\xfff0\xffff \xfff0\xffffX\0\0hi\0\0\0\0\xffd0\xffffv\23T\0P\1\0\1\0~SClnaCetr\0\0\xfaa8\xffffkI^S2.UXB?PmhTU6Cps@^b0Mnx[%HA$nkV3C=EFGDh6FOoaYe=4!'i+e,m`+iB3DI$L2DAt-h4X7eafMETmUZM_,z@HCr+5V]_12,p}]+bA@c=UQi]od@vj@PLMXgWxW.ACxa3j3PT%&MY}UxcLus?[)@tP@R??Ch8D3Wp*lK9~a37L+s'`MhqNRl@QhP?*koypUY@Kyrwub2kkOs9M^CFc~!.=Vmu7]UzAr5Ax0mm,4=H,Zyz4'$E^c+?Y1P'WH~tmk^dU1]=hXP9j_n0EZRm89s.w4`gnp.=xQe^faVa3kxU?1S2nKa@4~5RmX]8jBt&KaLH)x0A}2*H6*viMV82OUc4a$n@QXaOwuL38zr&5Yni29=?Hk5f,,Id5179&yEiW9_@AGP4rCC&T@H?wT=.]8R@7Kmlt$M9^4%z-N*$sI+@=Hi~8297Px@RCQC~EG[8=4q7Z{zybm,24HOKXoj8~vme!{=$N[mtz`^_7a89^~v!GI7ke6Zr5g2]_G%9yP~-1-)O'ew1SlxZ9N+9@f-Cm{?3ZmSp9Ez1yWSAfMEZ3jE8,vP{ggVGNtK?xy60aUg=F7JObI^e4ld9Q.`_+JmmZE$%_Z?=,YdArIlaxbI6x%pID$Nj,oX8Ek_Q^b]i2.S0mxCFEEg8Q?4*qx*7ECUauv*yW`5=,Fip5bzS=I\0\0\xffd8\xffffv\r\\0\1\0\1\0~SCBrig\0 \xffffNf-WR2!-09__7RG]P1]L,lKbC*$,X@=Ceg?'a-pjJ%a.DEa8$@AeK[rPPRb?bkMw7nU6B@cV.~jI{y`WlB55sWgBf=35[[[1H6xD^KFk$$tHo9^`RnBuWo3d}MmUaDsa`?a+EJIK+IXBQ[VgX^o}+A`WW%hraGEaW8`i.x0%m8VHPgrYeq^t&S$VTLOwN@i]1[U7$)pf4Xp))~&~1=-*@qNt{cQ0L2q%ZWiB1AK)jNd9FvTioCbpxAnQ@?t'lg'D+8ucU.z3yjUiC@[2jVqV8NI6nST$tBt?^=uotyQv`_Lg\0\0\xffe0\xffffv\b\4\0\1~SMi_otn\xffd8\xffffv\t\4L=5[FiMSm6pv4Edie7att?!~cgQP8UIW*Bz+ye{7[Aq+w`b8s0[o00)$*im%eAW=IF`,1ydD1~X%sG,Z$=t.DmJ^zs0%ItG2?VGGN@F1pL]`*Eb_@PhsKM+OKAdPN^M`uT3@4oD]b},aN=oI8.t?ohH4nM9(RLKoEAea--v_$zq0\2Typical\0\0\xffd8\xffffv\rl\0\xce8\1\0\1~SPFrv\x872\b\0\x8a0\xff98\xffffvT[?W5Opg?-EoDh[$LTPuayYa}.cJ=~hRq[Xr`]5\2Typical\0\0\xffd8\xffffv\16<\0\xc70\1\0\1\0~SMiApP\0\xffc0\xffffqJ-V9WckS@X0[3[jJr'N\2Typical\0\0\xffd8\xffffv\r\x70c\0 \1\0\1~STtra\x873\xfff0\xffff`\x818\xfc8ܐ\xffff^P+FmCIL4Acm1KGADigWPy6*h4{4L9EsxJV&IOUL_05JRzmc=A^6=Yi'W$rf1,VWLzBy2Aw[d4b6@VZpzNa1ALj8U9*GL}3WZ6Inm59G4f@Z4=AHB&%Vcv49XpK%cGg&0?6go=7oI[C&w-l4pm{hW@'}Xu-ys9Oh46J$=rnOb@'^h~[sN,MQ\0\0\xffd8\xffffv\17<\0\xe80\1\0\1\0~SPormic\xffc0\xffffKDScd=9Hy==rMPm_,Gpn\2Content\0\0\xffd0\xffffv\23d\00\a\0\1~S~e\x327e\x33366038\x8a0\xfff0\xffff@\xb78ݰ\xffd8\xffffv\vœ\0\xf020\1\0\1\0~STpcl\0\0\xffff\xfbb8\xff10\xff78 \x5a8\x850\x878\x8c8\x8f0\x8a0Hܰ\xe58ܰ\f\4DRmhm')}3W^c9U]Qdf8GEP=W,lok?XkHX?`~.V~u{'KnAbgh7SkXbNs^`Ff3'2vd6{PnY@BS`K0Sr+]xMp4N&vR=7ivr]mGvs7eyXXOII??PC{^6eSj7U}}a0V'D2aWKQr5B(-Hig71r+9FyGm.bg?Ku+-qpkcOgtRzX}*@h%&MqG2Y)C99~~,-wVwbbcdI7~F`t.TMvgUHZhgfqIlnOf)m%?p(?Pv-gBYvTab9&9xm]Z]~aQWlfKH(ZH4?0PtEfmun,~tvJ.}eghPCu&b`M)KJnx7bQVDsnw=E)Ss**GdS7d(3[~qF++famTDJDd+Dv-c,XDfG7BQGTn6JUv[xyaxc-t&Oxs@gy4HL}ME4z&r{2Ba6=}CRdK(x~+[Td~3pXW-)L5ff'x-m4BpPuUX1!?XzZIGTA!.Uw]9=pJfJ8P0S'j-,o,v-tIjN4{G$6iUk(cMLd@*Cvap36E[(0.YqbfA.Q?HtJf0Bz~,0=s7INqhAqmpTm',TA2H=.Ek'^iL}15F}-Q7'}ChW52Wv+b%piv2{4yK}m'9QMmW,tGh+vYWG*58`(.'GYGb5p=LH3}QQ7835n^?ve%IwmNakEj[JiR2r),Bpkfa*_?)1MjevET5ohjmmag+*4hv3IuFrLj,vq+%)*ru_culh8s[UI@{5pV@W0]m!ZQ,lg,SH{m-'wFpk$yHr*af?Sx[xuFi}~Px]L7NpAZuM=(q`k[,M@wq1rqOqdtb,Z[AP@i`Ci6vv2m7*X^e)y)1a%5y5whY?PtF8=s%%U)KSr._WV%_et![?+LY,McpVkle'X~AN?{'eyePPR~ts'w~tm-o&s0MiF=H,tlsBHI[]2,FBCAvQHii$?Ze%aBC7fNOrHfx67S*Y^y$aBFF4R^rBD5K9fRMI@sRnvGeYU'G%AojI}fycl)92Q-5ZwpGL69ScdJlRB&.&~^Erx}A7^NyyjJ1Qtz=-oQ]ajNeU!-*ysr*5.&lYN^WpW~NTL!in?pi@?=g[k^X[']2qQ1uoshsoIPPS2alReXBWTg9geP1J%^@zV4{*c4NTG`BK$hn}6l`6zEPD=&uW,q=^'G)F%(Q^$f{+YemiJ%s2AQ*zBVE%zE5n_RO~OFjncgCQ*Vza~_VA$7{IxdPa)`2q1v2RY7xS,^lC[Jk,N)-jRsAe,NosH=q9~g^y4[3u.CT[am8)?KH.7[9FpO]lH&_usR$'x-^5i'qWk4t'`8?7j7[]h7B1H%2C$3S79!)GnMc82{dF8AVr0hWI8EKcfAw*$@a$jv%{uxbq?=T[q@]~-}b`pI}6]~zcwg!Ygf$TjBxue&-!q}(d]bIMT$5D5}y}i6Quo'n=MUXwhe$&fWLzI%l`D!@YeIa7-{o$TUg0V,=YDN1jUt~ZiNgg^BvB*XOA(-1aOLnQPk1xi!7MrSKw?DgEcP0cazvm4%DF9gMY9Lr7S(X?p6,4-IpRA9]mi]f{*ES+c&AQFHS73Az(nN]MWz0szkn(GBaq&1kE*YEuqf,v?51ED$GisTa&T9vF`cm@fM&3S8(Ec`J^yw'jq]E?zEY3$FYQSDy!{o!y_rX@v&n9^5fBIhmrcTe.3HC$jSBp,=1XQr@GeIPhhA4^@z)dOj?ss-vrz5Z)P*wuC$Xlw4F]CBhg,9Y,*G,()Yo-@yIH~Lt'-Z.6y5Ey6fdaHDy$ZU}BXN4F43xkN6cW+4r-4b1&)2BEk!6T@RN47LB14R)Bb&xA41yZuFv!3!'=a,.H0X(c!80=68)=]uoP{ISH.?o}!L[De'!]l5cZwGwG~rx9*6NEarSk0E@5(]=lVB_TwKV@~KG`^J-MZkmODFvkv!9xpf9r9x1`I(=P*m.H4yr6IO-Kl`yZT^C0NfXLNGPZW9w@TMi@b0`mC1(,+wE5DBYjVYSeH,KgY2S`OC`n!_=3sHynlvqZDgc3'0CSJ(&M),$[Wh9.f%?em6XnlGrS2FONQ.grl-YYuP7VTd`T^sJ(Zx?B]O}LdnLQEfd}*4m_VR?XXB,ioa[Cib?~efFVh{OjSuX@SAs{LBgq.Hd!DAo*q.X80ub~^w?WrdV+}VdL4wP]JoSI@)HdQ8`WM!RDb~A}h_O~qA0bQSN1&P,TstqX'EO__)I-AQdV-jVf12,=-3zB-(1?!%{E1zdNt&P]djesPD)S,zr?,WaNKq+A^5syc4*kx47RKc^?X7z4Y,5-Q1'A3nuy@{IWG)ltl^p'^bZjA}.j+R7X?hLEdr5{p3Fru1Q%*KQ)'Fg`uMg+q8owwIV?5aoItSPsWaM=d1sI=az&-sBjFTXfPyhFFTI2_d]wLPSaNFB,x4f9Md%oAvR,xoTPKpW~^rTrTqxBCf$*d8{&7L(nkABg!yo26xi+hc-TaTLzwT-`~6r6j$(!$^`vW@-h8?3H[]FJ81pU}U5?$Z@z=KGjKA.~%P1?.n@6n[aQ)@T1*A1WFx0bR=~!w9&),d&q+Nc-=HSH8]%HJA`ug3&T(k+cRvbBgnS3oA4liBISj'uREc=FK}-,^q}DQ%J0$nwbSSR$sv?Z?N8oT{@(FKqGgU1HTEXK=M2a@9A01R9N_hg&tk07$YXfGG1gntAs~}efR=*y7s`tzNovG9xVFJ)5Z^^xmhvyfUap]Sb5}1k,B!TdA]pZz2lXjcVLb5d.L`si9lyD.bpDO+*Zp)ykH0`$9Z319?,(r`F7%sczHm1'=UtZxbalLBy'+zMQ=9U)@Esz'9Bj4KURh1=!j?^JtjU9%=&=yA&[yw07+aL6uzmI@hM0zCs!_`?CDc}I!JX@fl'4^it~jlFsi``r60{+'GUkG0]bUcRyG0[2y%`Z=}ki,(zz[{F.}l4m&61QGT@7QFFA5aM`]mhN}S7s_McF*xRP9Iw9`QVNcZ8a`[+[ZNayTwcu0_u'8u?x4hOaTI@[QMLQX=ZT0Xi}*@14.u58g,T!tz_5~$da=OUMr8ZR_^]vu@W9BT~]Wrd=FRx(itk+Nw}f=3cFQxRyA]s1K'b9Q}!?Mx_hDiZOZ3[}_}VD95EZO3}rV8LXDu7&'P(i!w'5s$0xM6eVkg@WUmfln*u5hx6P&s!.eq9@@aPGOZmc7LeIQZge+r(Jb_$Cw.WbVdOD$,&d7PJ_sF'4JvPMAHcYJU+oT57na1NH5djHEoSpff@m5y?uu4T7Hq?z,]!RuHvO,[k`+D3TA.'Wf+Fb$3s+R1godM?Y(4@&n.lOf9oLP6of`UXci0itnzvZTJHv`CzZK(!+q&kG5=S=lymxU'Nfs5]v,9}E}CV*yXUZTpM*-t^qjA?`P5f'0SD2pF'.kZsWuT7phZ9L7~k^+[%p)ELr-LK,iT9NN}i.opnv%aP(*CEmPDIsid)(DwPm4FAdnl.g}~^inF(S7H,gfyu3B}p7n&MdSRmD+{&*7jlRe6VLW5zh%b5H0Np1{98LN{GYM+.idKzXJFJSxl$8wRsJ!gMO4TvIwKU.Z?v%CGtZ,snA=d*A)&pVKrK-BH^Q^cmn5Topq7dYm~!oTngt]4{iR'i!].{on6i]q$,4?XIuqsM5iQzDoSb-})J5Z!,Xj,@hPDm5((WRVV%dCUml.ZEJQdWnI+1KQ9M-7[G]RD^y51MI[B%5v{n`5IF$*sk4r?Y[myG@`8d(rw^-C5@$b8D8N_&x1L-y^81kw&!2kkTN%T9y7s7jVPjPS3MhZBFH?M3pWS5$4qvI3]QtAc7Tq0NkM9.go',yLryo&XM?po2B%Mhe{41*[1Y(@aGFUXLeMv$[0N``E!^JA[yP+$,^j+Wwn3_2Ty]w38X6},6zI079T].(?xLjo.ZO^FLBpv+D{3~jKVSW&bMkGNh`CI?'[-Gm[4!R'JM)LzFUeP{Ai6&%YrA*0+Bclrf^iJ5MV1bjYNb070LnMg+yvTcWMsrhKBNHV?womINd=b.)2&ZEoz*}VSF-pW1uDh}up?.@F8WED(*d!}xKvOzzn,9Ax(MEIJ^'Bz6^MR}fVLgovVQt!r*M(f1YrL6h?U~!v,NQQaAQF`WB}=3yRt0*KsY@!(5tgH0'b%989Z6eMps4CJtYC!NBf4Gbx,9Rht(Ln?~`{k,@VP4md6)v27_C%x_aj%!m4}v[XD}BFv~g~zjiRhcg%@Mqt53'EKYO^gU11bd4=l%X7*_gC7aE4=3u9G@BgGHzFq@j3fNCtB}ES'D@Zo10y.S2&'-r0YX*S2h_]~x3P`4}q,5h9@'krN1X3_%$M4$0s3inl*loEA2xY44cLGxmtyL('+mYjS5UDhh=Um'qezi%ukrmePS0VlTtrTkNt&KG12lkCg?Sxp5h4UxXIC){XomSS^H_Saa44C*9&Ae'AsX^xfX_uhk?ryxchg}!--@wH$]HH%1M~g{eqVkC`Wc+r4g_Dt6Xuw*-eFbaQ?yBOufYt7FIEKp+T.V%*XecF7mv)h(]Z*db@O}pGxf)bl6}[-f+q$)405O@HQ90~IIA?_vm}HEc(DG(d3ik%SS.]XCN]v9*8h](E,Tw?-!nm[DI$yriX+5acX&)h[jr^TQKPgx300,~(Y@_I~9`^o%XvC+~+d`KDI,4TcD-e3]8HG)Pz]U9qALAF+RY]u?4M'0EMl=X(rx&FBRo9Xrt^wv`]krhA)FUMx!_f7ZS[r%^h*Ny%Ede*0)`AN6Y,CAlvuu{Hn*p5''IK?Jcc@!I'p6(D=-AbyP@7&xFja$q4o142L@A-p]7ZBq]lnp`mTiJNH=8XQN3LYsv{vK)XE2QH3&ote%VBFa6@2lkK=w'sm_cGZRhzAY%t^'?i12O`8m3V~-4H)=WtzON+i3SlODGg`d,-AIO,OH)5&ajtp,NV?3~S6GlTH+bg.yP3?]t!'hOz%%y^1?,w.h,jGc}sX7YZ?-tg*{M'C0yF*nR8V`t6yX6kg.sAabl(-1mCANwznccS(1e?OM%2O23k!m$Hm-?Jm@kVhzhD`xa)yiw@D_kQkiO$,._A?kdp1RPDIVQU,y{G6hcd-`K`yWq3JH%N!s{xU.B$m'JvXF6*d)y}K,?Z,qASY2{Zn^GS$_e4AUofCtrR3@L0.2gWJx)AbWe.HmWxxijQDo!QQBwljM0hSzhleJ5.lnIDbBAfvb'w=FL9Mz?&J*Vws]qUiZL3@]GvS7k?7`8Q9sO3s+fp0uS%1.t]gl7(pEnbn0Jp_RgqL-(HZ4@jU0hE=HLAeE9j(etd9sz-Nz]q5Uz9K2DM5c$+B5P?d,sE5LWn~PkBV(G'8O(dPycBuG&{nSjV!=]_]-!E49wE*_M6SEvs3}41cGZJo}M[}RJKk-+!F2Eshy2bbm^PlBXdE$0BR?$f.y!QHByv=b64U5t7q$@0NHOdlTc7I@V+^[,SSH2$X]S[DA[LA!sSADX$yU8bGOV&*UkHS,WWDhzTDyoK79CN^'P'2Jf3Fgug8TEF_uZ2irbuj('H,210'^1K}imtdtjb.N&j{V%(cpmPx&O6Ds`{2B}T~0kib+%i[S+=W@rhMM_&kcw(6n.P~'Y7jraC-NFuOSA7[J]k)[VsU$3Pm3OZ$XQIl'4'{KB7=fV*lvbgzrN&reg^x!C]gp&)c^gVlmEz%nT'$Fd,VRR^]1pymCOWfBYAu%ZtssOm76.OqRZD()xH6MNqv@&p2i83S84_3RB!jU0Vs0Hb(EzB^lPCA2M0(5s&bVHvrpOWv1}ZoSi}+6m$?S!Nqht^9@2&We'Hx`l8HJM*`n'bJ_2D_ml3I^flD4sUq.+fAMA(0=b'iE^tKFI}z{3HZChaDf}@V41OrY]H7K@Hc_HqYH~)xvf]'9h%mUv6c(L`36}wCSlf0b^rA+`_'={R_*M99y1f2JD-f`h%}8=$6wfSGko]M5F6oak_aQI~cc{!+,VZuwW.nAFd~g*='4&g51(A5PF3-[L4`q'@.gJ^9Z*yxN]'q(g6Ymj[ZqlSX'-]&Y%bi?]88-CE0$gQdmyuBtmnrx&*q%@G0K}TjJa'qn$Yny!4M}4O!RW!`RXXu'j$3xMFsad2&,bxP?%c(+D-bC0RQCNZIkYH!sv1-^2.$m$g~Om,e`+w.p4)zyeRhzLsy.WnoKDF[T,U?9sKuF5w1+KyaOHho.l0Gfbiqj%U}fqpgWhon=uyWL)uWNel%Hr8!mh=iwf%jDI_r,1PmowQ]@LDK)=[gLuw`=,fVs.=?tW@?!q1)6L8f1krs+?4{-~,N(9vVcP9S$'e%RlAw3w$rEaDo`DX4_ahoO2t.(-y&*zXfEQ`-88U,+@rUd!+w%-wurvBq4}3[broWYQc?PxjRhW!$@s$_*}T([Vw=Jrm8PfDS3oxS^pn.)fM.yC4Se',]X&wj8anr(l2a^&mdPtx._NI23[^zA9cBsq(Lk@?q5vo!_Iy7a5ktf?{s@08*1U%2aZO'wG?]Q~}r9_Fnlg785Ed8WvSf!u-v2J=7Mk=7.5bMEYsV-{aYsBzBDK_6Y!R@_q8sDJHt4a*rVjrnG?6!HjkVo7Z}aDX-}j5vV+(pfz@5HRCJ6nmnalV1@7xd]M&jj}!foD?q)Hj0,Bf_6Fa`^+sN_UDejoYr9l+nCSt*VkW)y&VIGzr6@Fg(XW^zXjRdREm-HiwX-`$l1o8$vTXLHuRZNvNGbrW^KJu+_V-=O$$-+P9KTCj*pDKrKr0YUhb*Vgb)`pWS1M?3YU=nEuA0^zCaHV=iuqiDr9GT'rJ*!sg?F!9hB9P2JPBA!)yc*ulZMu=99N9!npM'LtS%Z8.J6@GyJ1vbf0Altk[95t(E-=KDOC)@Sb$zfP5R13?2Nc2_[VP(dV0ViHb$Kg`@F${$(')Zm=IB~Md0REN=]b3n7Ubx)1tqT1mgury{vo&Jn0E.Gcoe0tpZMFc^''w*Gg[S@vu0yAYZqA$0lh^B`$45{kume76}4=$-k01*UGX](@T(z'1?MkN(@ip`U)!Hi8QWND`Dq`XKSnE7Cii.7e_'F'Yha1n&%ar18J1ZjI_~q3?b%4[)^?yPu`0d.Pm3x]8-4$t)am7y$wizm6K?pIN1CqlAy@..QrAV+}qW$z0D7oq%-3*{1uJ@rWvU&Dn@vc.tq8bKaO*0LlM@(QtYn?uBI)IR=.v%xarnkth.}ju+BW7N0^uW'=3mLO2u)6[VdTe(Z}B0rh~lK)9uFq`T3N^!2Ts.q@Xn).dA6@n4PCU2LBL.wWD^]BU-w]GDw,v=jUVq!3$8Kjrxu03pvornbU75DAh(]u6UkI&w&F}f0KJs8ToyZ@oeB+%MvmyQ2R]h^K%[t7PHtCNzq}.7]Ik31s0d1,W6EH2Uz3_o32]]@hqi}DM=WoKo=YDZbrF^&.r4d8CD.Oe5jkt4a3Se]C&O6A?$FmxMTbyF{@9R7u*FRIWk}(0DNK4{^pWroduT)wiv7^%UN5.uGR{9vBkr7B16^)(il(Mcayag^aw)_fcVOjgbVXCjFO1vPuE1Up[%OPV!QFnAjykpv=)IC?7zApMV!'7kxo[md0km=n.l%H%HB6*-0v%_wLj?8[7ZTkoxjhFmqf]8Sb&zNm1JP?9laW'c88P_HqzevvoXMBzWdvR-y_._HswsC4VWpwMa{_MZ?cW{x9ZAdxa1ytF2-~{Ku!%N-[x%~?x._fQYZ$QN]L_AHQLjWnQH(LFs4_q^o(z'L=7}a7w'~B^jN@@273h[=i6DoU+$!@(!tZ=jYdGMgUC!J6P.n,r[%~+mcj&ER]HFxV.xD]WnIl$uWfjLsHsJ)qYysP=71]=4Mvndh12wJFGXblkJv^)v?UKOC9=U=qCWfFJ{pC9+ej7jNx'UyP!MMfiQ+aX4$K^-oLBE2Y+TT]uIdeT[_g~3Sms+x_$@wFD~5A1EfeWA'VA0pr9'Wb9.z*!PU~aORvG}%ixVT!dFW^M.bvc_aKvuoPz-8-DmQbdH6EC9{jEiD+w]+u=3$yaa5u@$zmo.ym{,h0mT`Hh)gKQ^'{WNjpZ?$dtDXkmC2j-CA$jU.f[9(Ps,i@,p+lhC.RuMujF}V8!}K47@(wpIEUS+nF}PuxZCfy@5,aRB`^nMMss{LV&4vK+^A3AAu%snz%dk&Czq1Q0u443ewQK${JUr!himgc5Xu1W7kb3Jg62EIl)J%3%Ty'r13%WK2{K!rbH[=F]Qc@hXnQhCyW?-.gDp04C^QQAdL2`UbS9Av23fY&Zehr`U'HvD*]a`]GP5k\0\0hio7,A[S+h]U3^baB?cpImg*L{kDS9Y[d40vO{Ob+A-m)W$uY(H]b@'D`=]PhM!DJC.Q[~RXem{1+(%AHQc6CL8fPY'5,s}Hu`whWCYeDMc=@.2?BZoyh[ZPfD5@nk}S(lmi&]$ys0BhYynF@.c6X.pE1[(]D$OK@QrCx@9C7s[&f]p*!M,19J@wY?'@`)iuPzHmxt1)4,NMv`r`q]5pJ02=YlF)J&8o2CYjqg?N88EA56kQ8pwMHik4-Hn5?akhd2Y11i6)FU8Tr=vs]zc,`Ex,NnNawMOhoMK2Vfz4Y}UVE6I^~9m*n+g*olkjl]5!tYq)8~&jmyQ8k]UaQfD.Vo]Fui5ijD9vobXQnDzDx!Z_v?zm9d3T8`~t+(n^.p'Z(2SV`2Jh(qn]e[*WcG{se~8a_l(2_`q.7RyG,H-9-XE45=ASQt3p2A?$lKB63FG{4CX34$2~ALBHpiSu4m62MKvYLG!pLL,iQRL(I=loX7~bW_MlwJF4`W8X^y(Db]c0uL$l^}D^@~0Aw^.l%riEEb,C+}rsQV10jz'Ug-LqU,X5rP[IR0f$g8D(l]*MXEQ3k&'6?BBiGvaOc=Sv8I6*fiH1*kYw*3}5`k?VLD-^AMg^aEq0zQiUVloZVJ67vDrgBgg*XRWpfJbOZNeh@C[x$AZd]O{1+rAn`oi9PJ3VOwfGWcoXPUEFS]E-az@(0wS?bL&*7~N-Fl.gH&p2[qZze0C_!4!NJ=YHmx2o3!luLgZ++sBRsAW]xfyU{81'fxnc8)T6yXz{WlVoJF4^.=3Cyvs)E.vXl'RzsR%^fQw,dg{d=WCr~RVPn85tDf(Mz$E)6(w4TZ?Dj+v3N3,Ng*NpvDY=KRqO5,0B=}GZs?=wxQhz)2FPcqA$S(YFLN0__wJ^FKT0SS&&,M~rJQmdnSY}DbzSWU-Yax&K!aa_tGwfHUD@[UMdWQ5V?VpJ)D-4!!IddOqB3gTN5r=KporfRJ%hkp*+ArTEdB%Elb9(WUtGh[L%RQkl+).TU!QYHmj.lQ_^=MQhk)D*WDh{3,t%ff=-go3c6[2}Y^8O1]GyyBNeC5K_i'+-HUfc)YH]y{OBR7ZJmE}hZzdm3XUSn&HBJhuz_jtIMXj+2=5xPbZLCU+[69qy{23e(mLFB$UO)EKj9ftYsx4AqQeA8y]et=pNOFu1ggL-BZs@[}1QxhXwk_H3.bn2mLKX!AcPqMg+2%.PzMLd=YK8Jzb..,lsV5@Q~5ZSyMOhNTx2BtNGBEC^[BQdlyl.WF,E!{YxHldop`$`.cAd*k%&,ivEzpw5Tr[`G]W&2=cxI5%P5Eg9Rf?z}MaRc~Gwwm,G831MMi6Na5f!bO0(c!awWL%mwm2TA{A^hAlp@,+*xmzI8N6cG9YX2Zz2_g!!PayzI2.G()55-)k7z!DhE__rY6j}quB*LZ!g[ksu@Y{uJfq9T,1yGoVF0}4Q'-WQ_eN3mQBiJdAwTTM[6VdzPT}_U&rm%Ve5lBgqg7S7k.8TyD]3GBc0i9M7[dWiJ*XSsIP[O$u66qFn8r!SQhH9!^j379hI,xhjAxjNHRhR0^z({QQ^A].M2QY(JPNqaNL&CRHOs0x)_LrU[6q*SFv`ZD]qN.hBMN=hOaD-gEa0j]v.w{?MsuXTjTdzG!m'[`*OTfR=DNrtGNKTLV(6,cE&6?ly9UuyADmUD@!*2!P8a*Mn-UK[@WVEd.1%r1&D^}3&GYcDbr57=woF&SZ5$880^D@FT[{sOdbl-,M6K4r(nFxubXx8_0eq60?+z4Sm471sURFcB8JFRK4,*gubw}*{pOo)V+jG'RMn,D2PyN'{Xcsm'COlLhE$*'f.bi!]&^3D4Hq=TYa=+r6%4iB2dQvP5pAmyfbBNfksFz&X7NeYM@2T(,`uJD9Ldwx,{vu@~luT1.rWP=ij!Hc@lqy^EUlE9M,qe}(F9IubwY}[Cfz,x9[@+*Q~&jNCjWgOs(tesnw3qQOE6_x29NqWs=c-r%TNb'(G1`E&oP^6^]Qc'$f7Y6[N^2[FrDh06tH}G,w,=pwp_0=zQ(DpLkGT&~?I[')r0v?BM(?pG?N*)(?c~!pG?kXk3Ed,3IJ7O1?D+`P*8Zmt^t$KmkQp+6JIEr9t!pMm&oN=RXGTot[(9ASmYa+ioLyK4}05M,JyHU[+iR6BHxffjZOS)K1OXCMv+_2Uz&lN*d3U1TvDn~W[4Orf[!Nz5x%6(3bd=[srRATas%xUU?$nfF27MVut`sWD7HNzU.tV$[DKB}u&KJ}'w5(GU0T_3)+_k!S=1aF4Cb@lode))G}3D)rEjB5PT6BXAf61px4Z`-`=`ZEIPYFv0-RNJfStmdq3672FKZYq-z[=W(9ban'.4CPM1pRAoir$GT,jNf!Br0T7nIqKLQ@NNt6sa]g3!Xf6X.)$OV5,IV(%br.cVus1SSMh&qE$UnGAB.3$ZuHhm%7[.usNd7wy8Y8QTdPb6B+48nU7FXK,a{4]F7190['q.ukYgXJBJdn!B.-[ZM*4gzvvZ2oa[5Svn}Vsed1}c0Jo+)iQtfz.NJyylc7)K'U2N79=i{l1nivCk&6OTunc1^.n(el*ra@1{R68]U*Qu._-_4_+r[i1]M9uFW=@]HwpD4A-8VyrojqJ1Bj&)A@crG'A%SExeTP%5TLtZg1B5R@6(s)b$K.QG(jHcxoQVj(hAcHaoh~wt@2]gv@T0jfc])q~WjS.nk*iJ+s)8$?I4u49EXIL8^mZ-}o11Z$jDebJ}=)Z%~n`o40U&Zz5hlwrk_a',&?p2f8SBrc}QgXnKk'In$i+oUIwLG,7^u'cn4aT&]QiBSidP_rGMGVHG6t'rwbJYriuWj-XP`&8h.EDQ)FX(1ymWZt%k]l?AjrXpwnT0(R?@%t'1bf'N'erIka}^?czAWR5erqXrC8U7_'%0S??nveqdDj(gLa@%mAq$kc2`hHCxf3`}L}EIO&etA-,Smj8s&nYet8WNgNs5`@$,Tpu,lAlJk1Idz51-T}iHjH$Vca{(-C^@gGnL9}J_PdFCth4mW7EC_BL(C25q!cf9JLQ$N9LTDIc{s1C+PW}?U8rSj0O_7W,dITKm5mfi5UyuNWid9MZ@[%lN9v3MZ`Rt_WPj1@EiYgJQ9z,.7R]EiI`(V6E?za$Br_GnL]D^vTWl3xjbI?)2X))c[hECWIc^[?=,-5XB=0k+]iZ&'=?.p60*nxVp`nYA{AyO1WE9+%)`M&64R&Tkrq[Xt4OoR,=e8YLx[zkW,pntAeoYk9}5i[p5'KG@f]*JYbTu&t7H,'=fr)EYFVeGopX4eJtC3=MU`cT@1@Xrb`Gn)RzEUZ&L,nb1dV`=Ynl$(Gm@~x^~h9c&A[z+K.b`9LuPs*o68{]*~Pp3&MM!k4Wz?_oLS3K]bc'h!qf4LggJf@)DK!N6N76!cJSBn)2@obaPT,eI^&J3t}Y+cz7hUv+CpkCd(EFIe9+).h'!=lNO{UjnMinMvN0?*G})l9nB$kYlWL6v+dOdz-HEM`DM`1!jdYNjGC,],l(cS(P[DQt8*-OG6[&]-K!D$tO*=`24$*7NnLYtyf?~'tou)6_pgYM%6^OyfvRG0@.TwKi'{HZ6b-QK'0$4uLmr'kjQgo+N.8qIVBH'H4f[C9%Y+sr}49.zT.wUJ-N7'zp39r7%b*90UMrY!dwao.R4Q?Li`O~5o7pVaS!XC4POCgtZDp*ECJFb8`a=DXPoYuD]Z'1c96WfC4h~cJ)eHi!qO[v,RBJ&,Lo0ts*VYAIp(tg)do62-@WlB1.%Bc`)9%]9jP$E=BXy}k)%urO2s%H]H'Hto9Ob,l%pn-TZQDnhz'aP`S`Rx_7nv!L*prBvculJIFx{5iGZ46r}Iu6[GmuGrAux6K9tHJ!=6mdDmisO@_.5s2[?9N63r4-[iA@&sAl}VbA$!cw(omnYQ2{yh]o?M3Ro]Uj4IJ,xnM@Mq2'`8-)tx~b+F?m%)PVrLTU@y7Bjv+yrjk!gb@Ap1+$m,Iu-jNp.WD!w!ms)u1kOPNXvI3mx*Lu7JCl$QAp*?f-Fw8_8HlDK`))g'5d`1z`JNbT*[+4F,pfBZIZM.(Sqatr*k3`JmjGFd=Kr'f[N8mP8I@QC?7S0d)S*KE^ZMA}C6$2DBYnQRhK@g7d%@m]$)T8nx`S{YM?(-.oI8~q[8Or}PFq2y*BJ)TJiNt7N38lFwOny.'!JP_=k5c9n$Wz$vBm%x5KoED23c$F?fELjD,unDs^c,zw9`$&.4V~]~,*BL$`t%xF`](l-nvG@45Z]2B9cK4kI{Lf5W0T}^)J91'j+Nxez_1c~srOS`1Ea?IV_DY3Qr+p3vMBR$LlJCICWs!^1!T$[A@0'i@=1AyiyJ4)@PWgeTTwj?DX7I3(R7F'3c~s-na!+wB,J[+*48yYwo3(0.P)Yw,KPoIlm!XJrbk4CPe{N?lh_@'@`b8jT7pu$E(F$3Z't^uUkseGzmb`os*9je[eNL.NpC0'?t4(tEzY*b!XD49D)}RLNaOZF'SeCugCS`(avB2$4au3@g?BlIL.l,,!g$c-K+0Xx(!6Jx8`rg5tq(c53WUWewuthTV`yem2y09x*GCn+v9dVYyWFpx(!aNP,SqiM!6TENkHK2BL?`8gKnI2Y!,5XOA(n^FGkm%`Mpb65EAd8Mtx]_(mb]S}F$MS5LXnLr-W*H~41_~hUw+N(ewB,D4z=tNp$abZW^Yp.Dju]^'pXX5Aj29Y`?h`RL&Ju%63`r4%p$YN=2+)*)=TT5!}XqRE9s+2TA'']LepOIV@PRh-a2RqBIeUn9(*x!hV@'iS}Q7d$PZkFmh+q73!7e}AH[^ql~EBCG.k~?JOP-*$4YOu).tc.nWgEICvtQLqQ'RN%)YAKP^*n}lG'.d1LD5,MBSK]aSnGH@aYIw4I&eEZb7l7poX%$nPiu_jI,yqvp?qI$Mw?=BI(90Y8cxNLurrtor+vc)]au&@QeI$.*oXFiIr*~FPw+)jf[kw62G~UK*U0'k9L8AKW9q{dX.9Wq}j!`RKJTe%`.siY)p$WQYrn*G[R`qt'.N=P9Pyg6-{H&Wf$uTct%72pku49mv3PQB94g{5'8CQeSmYl_M.a64`yzxY+.5WxG+rasNOmzXu3PT!-V,{jNGZ`O{0{4mZE.2.vovL1=Pj=.w!r~q3q$z7FSGdy?!$%3@A-ohiI+9{sV^M`[*LuP&P-66+D2H.{.MCW[ca='iWA)gmCSMA94TUE)+8V4NkC&7%3cEIp2rN,L-A*ZGm(NE5O45OcDbOsyh=K$}FZXKh}BZ)-~Nq=(xy_=,7(4yVQ8XPM]^?b]FP.{MN$50k_z54=EyNJYow`+9k$x)uL!Fu4?PXXU=K$4}k2,s}?r*-U9*g*}e!$dIUAlawEH1eIHWRJ8j)RE-PuL8J2bj5.owl7-$BhTmUWrW{=Y1(Q@tHhO^(jb590[hbuv_*siHxikiDU8odH+823dK3hg!npKN(LA9=WW'BgB`-HTZ)6&qeSqfNz&HFljLgaDwU92*3txB!f-]al=~pvi``CyJ^'fen9f1jDEzSU(6,J'0L[]k@lGB')K~UHXdQJKl_N0Cmdg$xb@wEx_Kulgn).)x8%_vp]A7bVZ0_T'x[`j2}4i3Alm%!@'+WSYzE2e+C=r3?5~[4k](-YNACqGQ?.k-CdNb'8,Ah2k*Sy_gW-9QTAp*C$q?=Q=vvCuj8[Iz,cOXV*?)G$@*0%2(EX,8[0cvPAFP}i=eAcrA(qQYg1!q+=]2tH`)DmhADm~xFT+zH&%vq&U2.VCdD3HzJ1++(mPg.*n{TgqI&Fwu`YRy8A@w.wYgWbh)g.1@e%XIZmZ@9BGMpO0Q0(RWo~L)IY+(x+I2Rm7aSsRx53vs-.O@o8v!$Ia-j+56=sOID=X9`?MV~nY&0gk7RH+=w&vFAxt)wpe6os(+w(+`?wps}vo,[f05&{KOd5O.6~rv&4%0Udd0)?J6Kz4oxfrh2f4gHmThh9UQp-7N',CbOgbdSTYm~_krg7&j,[wa!lj!-IhtX6ToTRhoJr%oY!1iNI3s=H^IX*.lb,hRRKg0^^'&P_lE,Telux[g^_D]&mxs05bwu`uNXlO@]B]fDO0@RFEG*HROqsjlVrs$G{z'?mP2u6l*p_T8wG`wE7mGyVxjmG6'v*$cFU.evxx1t''br.kPbSGmR=S)Pd+D2]jzTk+o42=P]hYEQLq=%sqhj6]}v]&0{W1VKsypWPi_zgf`&odziqziRJdL1^P_w_y=c4wBza5jo}BLJ.]$@Y{0D2^dY89WUXlDCwL5cb@{u&Hmj&pBt5b)bp(k3hGhY5vJRunQC6'7Qb1'QjgkBp+[7&o5e6h.x7Fku+3Qf~(qT270p6UcU}N4w6E&nJAnOXn~AE3Z9^lfV]faVj]5{G=*FJ_VTg{l(aV)s92TKU})G=72d7@]UVR1lVAXkGyTqs(C0~kVA!QbdMx$?Uj=z=lsyKYenbR[4YCm)YysAh4OigL54pcmW{B=?KYW&)UrT]I5'h!KAD4wg`'(J?dPJXXueLS27U*B^v)Bp63c1^_h,9%vT=rqqdrNKKB%y{yPZQRZtOjg-LpjftjaoJKB_l64ti}^S$.ShS+iQ6}KU{j7T`PqFyPFYcO^YcGS]wWI$yxV&hne&suS=7,$t[~P`ZLm$ETlI]T?.q3+szsZp6TNJ))D6Q7Ny0UUgI29%T^TlNry@8Q.AjNuJw[1?q[5dH@n*a9,8~A$fxqoW[nhdoskDX&z[?@Cp?TK$`h~*0?cOh!JRZ6l,JG2'8C0nEfY^)RHuICef$.BoclFxb*D!yxRgjG@}O*U!AO&W2`UkHC}GA0P&Qsip74W6T+?rlegcm6tiE.M%EnSgxN&5pCz[!OPLtc]qHo8=&QT0anqu]DXwo0y4aO!@s98NTb$,hjeG9)l%A)L}0r@U3uIF=Du=5s[Z}LJfIM)2gDgmy=pr=H$qKnYp6SdoR?zpy,c@b'G2*i71C9}Fe4?SfcqVy0)Nw4oK=Qbbi]5R=lGl6@(5nB_84ZyqxA}om`5redV7WT{(Hb)IDeUw=FabwR!oLfeT!)r'9TtKDN%A4XPw%??OvD%@%%qA?foW!+GsSmLcOGx(P5%z3$)vMY7X5G6_!-5kaz!]BH=}vpXPk5]k!B$r-wt=YgLhGChLYhghi-O9*$!2srWB%6tR-_iV3n'm.fIY.z].~E?V26`F%{ImZ,KJr,H]@&!UFMP8n6Wn8@WZ%nhwH3=.x]giud(x+Na^*jqlz-k(a[*3ZxErJLf3i?U3gp7HL4$V$zoAzvsA.PsVdcY'B1oW[PK[9l9+cuHR`14YccGT.wU-efJNQVHw?~,LcyVhKREDXqvBx=smy-`Ov)`Q!`eQ$XP]T%j&.6N+io`{x~HWy22tX6_x4`u13%YtP(uC1UY_O!ktL7B@~hnGx!zD(bN`RzS11[oh[hfAG5uX*)X7+$W$R`%Gw7!dfU[T0FE[m+&WG8DAKF6s3WuRpO~1?mM5sz'By1G?e0guqXx0`-2o@+lvMR+8zD4XRn]C=uAJe'TGIJ~FFf3^^6@J8&e]&VKZ]@gCj&Y-7+3RjulfIM+9t=n8]V_HM86fuOKVYXeIG*C^`m@ChKdYP-1h.Momo(q5&r~20e+F_DondgpF0cTg`64L-1?C5tpCV_xXy6PBnXJ{Zo`YT7&Hxe}@XL~!d+z89IMX!XAge6P(Ms+G)Rk}'*3F5C+D$(%M,Bx40E}&Zu58F+lD@rBTBXdq!}J@i.e_yn!Sca_lE1,1E*,wbd.FmO&ViBaEjHhTp~ko%lJ0KG*(GT0Ly]yOotP2mo~_da!60e*^!mCZqe8WFtfzjd*M0eVXZnHWX(pBK2Fpaw-Ha}+DRZH~_dci(o-q8wA^_f`Njzk1+3,}_mMO+36g[8*gzlEGispXtd}-O(X4{wxuV(1k3Jq?wGSa)%r'dD=MkT(d*_y9,[dXc.E`sUE's[%i+~Mt`0tF3@yu&fnTzcp!NXj)89fR-az52R''D_t?=oNU.Bw-4}$nWM$=l4(mB2E^ZkfDJYau[[nHA}xeCg5&{q]`5ZUF62ib?CK0yt`0eD5J0O6=oZl6.SF~2O4]8ES0FiLyOg7t_v`K&Ut_}`fDd}Z!w~6^_FPaT)+$PS{a8NT$4TBBW{}}Gsw5+]_^K]tM2.z-2f*L4O!r+1fs(_FS?b5c+.hZS.9I~v`[ios.=2c\0\0hiCI67v3Qns_8&MP'5Lor4^T2HRqu8{]qu.*C'M,%1-r5g9QL6{59BAFNOlb_T19)2$9+*.XQ*%]qi{YprrAC{.Way1-K['gM[OFayCk&nNJG4nyyotRl(7lftTF+dEvCJ}&nx?.6D,1]8m$gEr@OJuNr'w1ii4+N,q=2kgww?^X5?h3QUUTGTGpzkF`Il%*XDl~ghqQ(wh*4DCrdvv2D@t4y,AbX,^X'FmOOYh'kPn?02z?n!MKmL{Vy(5Mm$Om`h-=_YOSVTrTN=]5K`XZbAyEh02wFU]cCA]7tQhTA~7yh8wol'21)d*mVzJwhtCp?f5AVa1}b,dq.qp@1iPJ$8R*U(eh6olEfRI{A5p6X6Ox-tkCuBf@bt=CP,w@65sGH]kGuYw0HZ)6dUICp!`xie1Q5ghrz^.hV1aLV6wk`yi9n22!_~iweNeHMOb596SUul7dIa`vp0kH)r7lbpvxk_B[*s[leYt-%8k93OF{vJqWg$zHA],xhNjtqw}7bdsd&EsHIY4N7&*5Q'W.2X7(51ht[db3UAZl13oE}V?uZxuX^?2[l`mh]nkDb?F8GTZqaawW8[zWLs,+,9*nG.r}{eJnMtTCM{omqh+oTQ.f{c.weJZAn}kC!uzTn5DhN0mECSF}1%&)$G-y1xa3X6H5KvUGn4i=SjWFBoARcTa@KDXY'%b&]bY+L,czczs+I5N)nsgPA,]JK@,DvJTc_X8sx.eMEZ94Fo6eu=]%&,e0MW?QTCazsUZN'o^)ZGW8EoZmx5h`Kzcr-!H_UH[&yGWlGP3W2vJq*!Z!7fSpjd2mUv'inylU3ed=P-)OeLZq{eCEqJhfl3vM`D(gdQrccP}{[oQBgzQ_LZ4[x$.`pIxJzxj,Qe$hl}l7vK5Ms(xogPs+=b2gPr$edYIP%V%KG}K_l$C*j}}CxWt$mWu^DmFVbKAfr3RDOTTBNDYgG!qfiM,]zG`[eHijU`2r~?27t$5jJU[S*-Z1CegplFVqZdsl28AV$WIvQv3M=T7~wc],%-s2i&Lu0ssP7392HDnzfKd%9.t*Wx[xN)a5~xwb[(DRs'rvT%[^@}Po{,5*@'1&I`6~b4taNukQQx@jBgFn6uW8WElF_WpE,Ko$tXO-JGB(-$5LIhu(W*@$)vk')OvtslLQFM8EWT59oKUeES.~VRm+W83BNfTj=lB5a_shrc_R`lzV8e)F1lH%zMXT+*SIN%Mn`,cx_I&gLEQq?J8Tn.Rcwr-rq{^N7Sg{u0IA]h!Z^OA^}+onUyA4wF6T~ruDrJ%y&~'Q4k2]]&{*u?BN.iGKg.G_C!*%OnkvQbH.'K2VSnhQA(X[HS'tV]L6kmF)wgrtIW5h=&+rTv)6c(3V.$0PzZ86+T()xh.PyrIIhR}!*DC(L=rlxK+,759q-JNHI)hYOO',2GdYCk.cUrh=hXZGvuLgHPQ61_6iOMqWjI~a`G{jI!M9Pqx-pcSUbt=C'{~OfU%n$rQ,F6GEG]&oiI'Q5Mu9GD0&LQO[)^v=w4n$-Qx)DyDP`L[C89]6tH&sm@Dqv](h&G+RWxlElH=`P9%UPOF.KIXM&f!u7]f"
"~AS_Fonts"="\0"
"~AS_LeadTools"="OHHX5U9y69PAW?%J=j}oU5I3EJ1*9@]%C_PK+yHWJ&S=E}m)_='@`*Ib!sSJH4]TIWo=}9]M]!hRFS,NHo.9=-OY@ASQn5n?,O]M7[r^w1V9%AX_M&omse3nW?[m3gBe?9lj_s)zW4fzR{Cag}`EL=5[FiMSm6pv4Edie7att?!~cgQP8UIW*Bz+ye{7[Aq+w`b8s0[o00)$*im%eAW=IF`,1ydD1~X%sG,Z$=t.DmJ^zs0%ItG2?VGGN@F1pL]`*Eb_@PhsKM+OKAdPN^M`uT3@4oD]b},aN=oI8.t?ohH4nM9(RLKoEAea--v_$zq0\2Typical\0"
"~AS_Main_Content"="vT[?W5Opg?-EoDh[$LTPuayYa}.cJ=~hRq[Xr`]5\2Typical\0"
"~AS_MainApp_PM"="qJ-V9WckS@X0[3[jJr'N\2Typical\0"
"~AS_PDFDriver"="^P+FmCIL4Acm1KGADigWPy6*h4{4L9EsxJV&IOUL_05JRzmc=A^6=Yi'W$rf1,VWLzBy2Aw[d4b6@VZpzNa1ALj8U9*GL}3WZ6Inm59G4f@Z4=AHB&%Vcv49XpK%cGg&0?6go=7oI[C&w-l4pm{hW@'}Xu-ys9Oh46J$=rnOb@'^h~[sN,MQ\0"
"~AS_ProgramDisc"="KDScd=9Hy==rMPm_,Gpn\2Content\0"
"~AS_Tutorials"="xVtQY1YCk@4m1pvr5j&g0oXVo=Ld4=oq+E5t=(?p+{h[Ot9l^8Ii2IWB&Whi%c$eu319=@_OYOJ.iec,'bZXFpQuw?&QH+T5,zfe8.t?rUwc%9n%ke+(cMyD?(,?(xY*m?G25P4e,n23UOyp[Zlq[9M^6+ZNDkv)(s6wNyE9i?T3Dw-S4F}dv*@Zgo.Q8A}LoZo7Z~zkN}.*Hhn9SArp*)21cq*^=(%dgJs=3=Kq4h@v}t=QxV!7*n^(=9N7)W,Fp.P8t}GYL75yk@h3xX0y%_MFCywJh}Z(B=Fqk[aLS0'Xa%4[YulL~8?vUs+xO4gGqW,NIjD2U={Zp67S}wja?946xYFO]=A.ma'cGR&TC(!3au[gy8^}g}sP3wc%2mr=(IAZ0?bm?-%*&j}ohU9J2,GTm9h0uD^cwTyL08V-W1k__A+cs+rEcxiT]IAVKT9st@Bt$_ryOa'Ufj{dwV24!9P1zO4J1[sT'f!iEKJ.~@+fRl!@v&S7yF?0q_nfNAYz(7IT32*3NqO@Aagd$A9{f]@POuxt-QkGqVib_@J=4+ymg$g&l6c2l6)Te?ERWKCl{`dB&@z!Ey8n8=2,$Bo%hEspOq3-UOL?bA!%eMvUsRR=`1E^&ZQRo?~G!ltj6v+8)QzjP9JWK=),Wov@}7Ck*dJt@^.N_=LRGXc%G^srq+EHwq`t}@]IM6M2.=*BW5_URHJCB9EO'qETRdhZD6gY7h9`^@i62xKieed3K+0%'dSPS=}hEx$@!V]B,I+K&u)rj=7NqpNyZkL792}eZ0m%{?NyKJkZH@F)%8WW24raSA)VyO6]*hM.YGpWk2kz.=Ek]'ypII^QwX14S@Z2H=)ajJcf]PB'}maFN_dWAAd])Na.nZ%)037B)P2V_?L7ul,*cxV)\0"
"~AS_Typical"="WFq%Wj.ZX@*3%85[.=~?J{1V3W,4^AZ7rfAPJXXc,]c%tMU&b?[MV6y%i(LH(e^iF^]IW?-vcd%_?Yr_6(=+w$L,U9fKBGv^WC0*ux^7%&!DMA8!'xoc}a{SjTBTp]l!L?GwXuMv*F_GAvhV*%Wl&9(-Jg[l?pG)6y!CH23Ht8{q*+lL~~-x+r]LlaVkdAqtL(ncyt4?[Qq_lf6K_?K$[XeI9_A$Dr5W4zjZZ?{ZPie2Y%4@LA@EC'~d.@sPBN7O9MOSH[_2vFis49TCH%h)D$ba*8!SS'P&YAs~?0)?b8?uiEYxglzJ,=qd2g)m.e`wqOJkg+,Ur?5g%V81&'PfAcza-I0BN@MH.!e*GMj4Dp,[(9W80APwWWMR-leDlD0c0W,kh9b{g59C`Vr!GISRLhv))=U}1EX^sIk(n0jdzfl`CADw)(^DVo)Qr5hLfPOk??n0A3Ip*Wa-SsKf(RDGj?M2+wq+khr[_4443&)ic=gM0ipQ1aKBz}bMEJmcB?Gtkm-tj&a]ylM{4h,S0=]GxsB15-Llg'+,nLHTf=&Qb%JNbX70+%+3I&}=S9@OB6RFDNujJQ3KA9r12AW7m]j'?f8EZ$M-BKr5v@RmS3bLip1u}RLMS*0yF9DQ9br6&QOX{@ZK=fS~R=r`2=2rb58+N_'CeBTQs8&h}]]w9'grv3ogY@]}1@PRPvb6[ASztR.m!RG~~?1WDx^yknwWX{xdH?LIa94C6yrwEGSq)1_!Zt1@=9v&V]O2=4?Q2)F9%JB&SAd`0BGqEHn)5,*b@(aJl?W7KdaE@2M!v`VyUbU]Y@_c+(xd4&`N{j9kv_H3a8&pQ~iuR6mCXjwatBHVl=l_?@sy2fMnn&V6J@{[s=VsMOTi(5%_gSws![EH*@DjSKt@fvx13X$%H-XcW9BOmYp$TsDK1IEz2TF{x?AWF*aTu5Hw~$7XWkQPw8amM%*h}R`2AelQ5GG]o8{k(rx.{+@3R*4.kldoG@haO!s]{8(S%6t}c1~,YAS=f2Zrd$2XY~l'@UV7E9~Mgbo-EAy46%Nf,9@Re?0RuMe2z^eg]e$'13n3g9b!_0K0XTTD}oa0z=3VcA+9u~?Z7t&sVQ_.aTLM297PIame6Oybp%YegyzJ+?u=@1P9X%++q(K.huXC2=&[Y.W`E!7q+of-DvQpl=Kv~4A+[1L@wmFg-$0_==?]1UkrBe~ob(cTJT%A+9T*[6)hAksHf^5A!`gmDA_,~h0COCI4f1LcOVn^x@=5`J7^`S$V@xTpPgf$4@AGCPN=3a?'+~{70!9ea?YaShLm^5U@,fk$af,BXAf1rgTjbIq(T-)EG%0`f=3R}xOan0D%f{20,K7sq8l!k.TU%uX13?=Q_'f''=-X%{sJJHnUA&yThbd=o@x?)Gu-9T[Mx}g]cAL{n8by`dw'O!*2]'r!%3mx(?jcG.Bs$o+Q!}A,^j(=y9srD%jS=&r[Qb2`k8],j=jqa_p$$_-X~?MRP9S6)9uTL5Oq47J`oDT7=lhMN9b.00wb-BB7M*olwE&,N9R*-=hWwzlm4yEn-4B^O?$+(LWrN2lR8goGJ5T*WAl$_GK6Q&+IZ?bmgqns.@]a_NuA~.2kV=9teD'sWA)w9KJjw?QBWdHl68KCP?pE5,.L$c&G*2j~EPI}q@9?co,5363{F3+RTnr4e@JaWvsMSuOOq!V$*jV1Y?7)_4{rdm}=Wir{]a`(a8}N?fs88+$r!^fWGn]$V?pf+k,pM)'j]ZRM0I}rP@qT`&Vi~5SITEzhhd=sd8NhHB[^SjIKTz,xq^jh2=N]^~$s^xH8~DCJ'$=qn97b%_=vhcp[tN%_gSK'N=`aBE7UVAkKXKr^q0{-49t5pvW7p4X`YHD,6yqz_@eqprXF?L$jwsLcz8pca@lDDLMK~i-iJCe4NYEX(?85tu]LSE?12&R,m-q@K?pack5DsH'hnBxGg+?ra9TQ&k4+x.WX$fVo-D%WTAa80PU9XKd$gQxzaqU^g@NZ`?oD&mFK1)c02{gU09EyH4BD85K7U?0j(VN-`=`Ogl9gY,W8J}}Jq^AU4=O[6nxkEF*nb=&Ot4=mt=NHGa4^g6r5^SOVv10Np8Aq^*iyy}ad_E6l,+ooW9R93WCB5l3l}rlLmPZ3q8bV~A0UQj?p,-IUycUeX8CH?}EDb'm,%!zm1p%BTA+}VjSVEnN.ymCxAAez$=y2^Odd,YeHVUN,^^[7m8YFj2]1E+2yI9Cc1r=Fq9t}91RQLF!df(zpVN)jW=70%oT$Oj+x)z}'T2K?^9VYf5L]2M-?v%^~Vt0nRA(eC`2RrAM7qZY%rJbmx?Ta=c)UdERqD(uw[RS(U?@hy)sxjFn7W7&vP(s5V?!CAJ.c=!ncsX~bN4e3(=@?GCRnt'_tAxMH51}Wl@b$}*!btIS=_17O`x$xQ?Usqs,AeA,vGiew%ZG@c?7QHZ9B$i5OF4'Guw%pN9^0wy&XU7{N.]*=VNy}d9Wd%BbR_^pB67k)4s6tf(JR`qF-Q9q.dbKx-lbmf(Gn,L[[Q~CN'jY0(z7qf(fVbqFgkW_BhY,w=mgsf(YJ*L[lj+'(M5KDYSUnf(HA*L[xeX)ysg*%wp-Mf9C]V)W@of_Ly(s6?*7En9n]4'Vl[1wG=i0Mi$3at9Q?`7-*7LM5t=r[2{w4y@*VE+o+K5i6kn-I$7A`Q?$Q1qJUR{}_JNlwm[en^@Z6y?TlGpZXt[Yele2Pl=B'=zAoE,AeM*P}7*tr^8DIO.kgloPUvEHuJc=In@sTni180xM1e-xYXdD7g@nwLWBA9tGs*~aOgaAws=H7SdEn$^bMT[D(ZXMyn@&hdjTQlqTE5([R.bwU&9c6F=WmSi0)[9(0n!TQZA^1jQdnj[BSOvuxywgi&@@P,*P_oW1,gS8]C2RGt?k-Il@7}M~[FCDvfHd)7AK7DM'o('U!.@B9{k~il?%}M(,OT~O?L&Qt6Xj6JAfYY}i)1V'55h?)x-[r]8Y}Jne]iF4m_]dj7y8AVDWx23awG3E'+7d?3g(Svy?VXB]2d\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A15343E01B4FFD469CB486C249D6C52\InstallProperties]
"~AS_AuthorizedCDFPrefix"="\0"
"~AS_Comments"="\0"
"~AS_Contact"="Customer Support Department\0"
"~AS_DisplayName"="The Print Shop 22\0"
"~AS_DisplayVersion"="22.00.0000\0"
"~AS_EstimatedSize"=dword:0045bac7
"~AS_HelpLink"=str(2):"http://support.broderbund.com/\0"
"~AS_HelpTelephone"="1-319-247-3325\0"
"~AS_InstallDate"="20070227\0"
"~AS_InstallLocation"="\0"
"~AS_InstallSource"="E:\PrintShop Deluxe v22\Setup\\0"
"~AS_Language"=dword:00000409
"~AS_LocalPackage"="C:\WINDOWS\Installer\1979b2.msi\0"
"~AS_ModifyPath"=str(2):"MsiExec.exe /I{E34351A4-4B10-4DFF-96BC-84C642D9C625}\0"
"~AS_ProductID"="none\0"
"~AS_Publisher"="Broderbund Software\0"
"~AS_Readme"="\0"
"~AS_RegCompany"="test\0"
"~AS_RegOwner"="test\0"
"~AS_Size"="\0"
"~AS_UninstallString"=str(2):"MsiExec.exe /I{E34351A4-4B10-4DFF-96BC-84C642D9C625}\0"
"~AS_URLInfoAbout"="http://www.broderbund.com\0"
"~AS_URLUpdateInfo"="http://support.broderbund.com/downloads.asp\0"
"~AS_Version"=dword:16000000
"~AS_VersionMajor"=dword:00000016
"~AS_VersionMinor"=dword:00000000
"~AS_WindowsInstaller"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A15343E01B4FFD469CB486C249D6C52\Patches]
"~AS_AllPatches"="\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040311900063D11C8EF10054038389C\Usage]
"~AS_WORDFiles"=dword:395b01b0
"~AS_HandWritingFiles"=dword:39640b9a
"~AS_MSOfficeDocumentImaging"=dword:394d0038

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C6B56403F35B1A94E9AB3A1F78DA05E2\Usage]
"~AS_SoleFeature"=dword:39480798

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebPost]
"~AS_DisplayName"="Microsoft Web Publishing Wizard 1.52\0"
"~AS_QuietUninstallString"="RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall,5\0"
"~AS_RequiresIESysFile"="4.70.0.1155\0"
"~AS_UninstallString"="RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall\0"
"~AS_NoModify"=dword:00000001
"~AS_NoRemove"=dword:00000001
"~AS_NoRepair"=dword:00000001
"~AS_Comments"="This is a streamed application. In case where necessary, you should remove it through the AppStream Application Manager. Please see your administrator for further details."
"~AS_AppStreamPackage"="90039E9DD7204E2ABD792F703F44D7FC"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E34351A4-4B10-4DFF-96BC-84C642D9C625}]
"~AS_AuthorizedCDFPrefix"="\0"
"~AS_Comments"="This is a streamed application. In case where necessary, you should remove it through the AppStream Application Manager. Please see your administrator for further details."
"~AS_Contact"="Customer Support Department\0"
"~AS_DisplayName"="The Print Shop 22\0"
"~AS_DisplayVersion"="22.00.0000\0"
"~AS_EstimatedSize"=dword:0045bac7
"~AS_HelpLink"=str(2):"http://support.broderbund.com/\0"
"~AS_HelpTelephone"="1-319-247-3325\0"
"~AS_InstallDate"="20070227\0"
"~AS_InstallLocation"="\0"
"~AS_InstallSource"="E:\PrintShop Deluxe v22\Setup\\0"
"~AS_Language"=dword:00000409
"~AS_ModifyPath"=str(2):"MsiExec.exe /I{E34351A4-4B10-4DFF-96BC-84C642D9C625}\0"
"~AS_Publisher"="Broderbund Software\0"
"~AS_Readme"="\0"
"~AS_Size"="\0"
"~AS_UninstallString"=str(2):"MsiExec.exe /I{E34351A4-4B10-4DFF-96BC-84C642D9C625}\0"
"~AS_URLInfoAbout"="http://www.broderbund.com\0"
"~AS_URLUpdateInfo"="http://support.broderbund.com/downloads.asp\0"
"~AS_Version"=dword:16000000
"~AS_VersionMajor"=dword:00000016
"~AS_VersionMinor"=dword:00000000
"~AS_WindowsInstaller"=dword:00000001
"~AS_NoModify"=dword:00000001
"~AS_NoRemove"=dword:00000001
"~AS_NoRepair"=dword:00000001
"~AS_AppStreamPackage"="90039E9DD7204E2ABD792F703F44D7FC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Broderbund PDF Converter 2.10d]
"~AS_Attributes"=dword:00000002
"~AS_ChangeID"=dword:002909ec
"~AS_Datatype"="RAW\0"
"~AS_Default Priority"=dword:00000000
"~AS_Description"="\0"
"~AS_dnsTimeout"=dword:00003a98
"~AS_DsKeyUpdate"=dword:00000003
"~AS_Location"="\0"
"~AS_Name"="Broderbund PDF Converter 2.10d\0"
"~AS_ObjectGUID"="\0"
"~AS_Parameters"="\0"
"~AS_Port"="LPT1:\0"
"~AS_Print Processor"="WinPrint\0"
"~AS_Printer Driver"="Amyuni Document Converter 2.10\0"
"~AS_Priority"=dword:00000001
"~AS_Separator File"="\0"
"~AS_Share Name"="\0"
"~AS_SpoolDirectory"="\0"
"~AS_StartTime"=dword:00000000
"~AS_Status"=dword:00000080
"~AS_txTimeout"=dword:0000afc8
"~AS_UntilTime"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Broderbund PDF Converter 2.10d\DsDriver]
"~AS_driverVersion"=dword:00000401
"~AS_printBinNames"=str(7):"Default bin\0Manual feed\0Bin 1\0Bin 2\0"
"~AS_printMaxResolutionSupported"=dword:000004b0
"~AS_printMaxXExtent"=dword:00007fff
"~AS_printMaxYExtent"=dword:00007fff
"~AS_printMediaSupported"=str(7):"Letter\0Letter Small\0Tabloid\0Ledger\0Legal\0Statement\0Executive\0A3\0A4\0A4 Small\0A5\0B4 (JIS)\0B5 (JIS)\0Folio\0Quarto\00010x14\00011x17\0Note\0Envelope #9\0Envelope #10\0Envelope #11\0Envelope #12\0Envelope #14\0C size sheet\0D size sheet\0E size sheet\0Envelope DL\0Envelope C5\0Envelope C3\0Envelope C4\0Envelope C6\0Envelope C65\0Envelope B4\0Envelope B5\0Envelope B6\0Envelope\0Envelope Monarch\0006 3/4 Envelope\0US Std Fanfold\0German Std Fanfold\0German Legal Fanfold\0B4 (ISO)\0Japanese Postcard\09x11\00010x11\00015x11\0Envelope Invite\0A1 841 x 594 mm\0A0 1189 x 841 mm\0Letter Extra\0Legal Extra\0Tabloid Extra\0A4 Extra\0Letter Transverse\0A4 Transverse\0Letter Extra Transverse\0Super A\0Super B\0Letter Plus\0A4 Plus\0A5 Transverse\0B5 (JIS) Transverse\0A3 Extra\0A5 Extra\0B5 (ISO) Extra\0A2\0A3 Transverse\0A3 Extra Transverse\0Japanese Double Postcard\0A6\0Japanese Envelope Kaku #2\0Japanese Envelope Kaku #3\0Japanese Envelope Chou #3\0Japanese Envelope Chou #4\0Letter Rotated\0A3 Rotated\0A4 Rotated\0A5 Rotated\0B4 (JIS) Rotated\0B5 (JIS) Rotated\0Japanese Postcard Rotated\0Double Japan Postcard Rotated\0A6 Rotated\0Japan Envelope Kaku #2 Rotated\0Japan Envelope Kaku #3 Rotated\0Japan Envelope Chou #3 Rotated\0Japan Envelope Chou #4 Rotated\0B6 (JIS)\0B6 (JIS) Rotated\00012x11\0Japan Envelope You #4\0Japan Envelope You #4 Rotated\0PRC 16K\0PRC 32K\0PRC 32K(Big)\0PRC Envelope #1\0PRC Envelope #2\0PRC Envelope #3\0PRC Envelope #4\0PRC Envelope #5\0PRC Envelope #6\0PRC Envelope #7\0PRC Envelope #8\0PRC Envelope #9\0PRC Envelope #10\0PRC 16K Rotated\0PRC 32K Rotated\0PRC 32K(Big) Rotated\0PRC Envelope #1 Rotated\0PRC Envelope #2 Rotated\0PRC Envelope #3 Rotated\0PRC Envelope #4 Rotated\0PRC Envelope #5 Rotated\0PRC Envelope #6 Rotated\0PRC Envelope #7 Rotated\0PRC Envelope #8 Rotated\0PRC Envelope #9 Rotated\0Custom\0"
"~AS_printMinXExtent"=dword:00000000
"~AS_printMinYExtent"=dword:00000000
"~AS_printOrientationsSupported"=str(7):"PORTRAIT\0LANDSCAPE\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Broderbund PDF Converter 2.10d\DsSpooler]
"~AS_description"=""
"~AS_driverName"="Amyuni Document Converter 2.10\0"
"~AS_flags"=dword:00000000
"~AS_location"=""
"~AS_portName"=str(7):"LPT1:\0"
"~AS_printEndTime"=dword:00000000
"~AS_printerName"="Broderbund PDF Converter 2.10d\0"
"~AS_printSeparatorFile"=""
"~AS_printShareName"=""
"~AS_printSpooling"="PrintDirect\0"
"~AS_printStartTime"=dword:00000000
"~AS_priority"=dword:00000001
"~AS_serverName"="FIVEBRISTOWS\0"
"~AS_shortServerName"="FIVEBRISTOWS\0"
"~AS_uNCName"="\\FIVEBRISTOWS\Broderbund PDF Converter 2.10d\0"
"~AS_versionNumber"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Broderbund PDF Converter 2.10d\PrinterDriverData]
"~AS_Code"="Riverdeep\0"
"~AS_License"="07EFCDAB01000100E2A965382DDEC46FF42B11E66B9EA267EE8107CD9CE94DB84A20BA05E02609064013FA14619C57397EB9A2167F3BAEECE7C5D2825D96BDDD4884924EAAD18D5FCDC4FAA9AF8F85EE47A4D66F6DD425A1BE\0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
"~AS_"=str(2):"%SystemRoot%\System32\shell32.dll,32"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"~AS_Local AppData"="C:\Documents and Settings\Darlene Bristow\Local Settings\Application Data"
"~AS_AppData"="C:\Documents and Settings\Darlene Bristow\Application Data"
"~AS_Cache"="C:\Documents and Settings\Darlene Bristow\Local Settings\Temporary Internet Files"
"~AS_Cookies"="C:\Documents and Settings\Darlene Bristow\Cookies"
"~AS_History"="C:\Documents and Settings\Darlene Bristow\Local Settings\History"
"~AS_Personal"="C:\Documents and Settings\Darlene Bristow\My Documents"
"~AS_My Pictures"="C:\Documents and Settings\Darlene Bristow\My Documents\My Pictures"
"~AS_Recent"="C:\Documents and Settings\Darlene Bristow\Recent"
"~AS_Desktop"="C:\Documents and Settings\Darlene Bristow\Desktop"
"~AS_Favorites"="C:\Documents and Settings\Darlene Bristow\Favorites"
"~AS_My Music"="C:\Documents and Settings\Darlene Bristow\My Documents\My Music"
"~AS_My Video"="C:\Documents and Settings\Darlene Bristow\My Documents\My Videos"
"~AS_SendTo"="C:\Documents and Settings\Darlene Bristow\SendTo"
"~AS_CD Burning"="C:\Documents and Settings\Darlene Bristow\Local Settings\Application Data\Microsoft\CD Burning"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Disabled:avgupd.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Fri 28 Nov 2008 88 ..SHR --- "C:\Documents and Settings\All Users\Application Data\C0EBA3B735.sys"
Thu 4 Dec 2008 2,828 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys"
Thu 27 Nov 2008 7,829,056 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Thu 26 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 26 Jun 2008 4,348 A..H. --- "C:\Documents and Settings\Darlene Bristow\Application Data\Real\rhapsody\wmlicbackup\drmv1key.bak"
Thu 26 Jun 2008 20 A..H. --- "C:\Documents and Settings\Darlene Bristow\Application Data\Real\rhapsody\wmlicbackup\drmv1lic.bak"
Thu 26 Jun 2008 312 A..H. --- "C:\Documents and Settings\Darlene Bristow\Application Data\Real\rhapsody\wmlicbackup\drmv2key.bak"
Thu 26 Jun 2008 1,536 A..H. --- "C:\Documents and Settings\Darlene Bristow\Application Data\Real\rhapsody\wmlicbackup\drmv2lic.bak"
Thu 26 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 26 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Thu 26 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Thu 26 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Thu 26 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Thu 26 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"

Finished!

Attached Files


Edited by Buckeye_Sam, 13 December 2008 - 07:16 PM.

Darlene

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:18 PM

Posted 13 December 2008 - 07:34 PM

That log is not usually that long, but I was able to get it posted for you by removing the unnecessary part that was making it so large.

I do see one file that I'd like to have you check out.
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:



    C:\Documents and Settings\All Users\Application Data\C0EBA3B735.sys


  • Click on the submit button
  • Please post the results in your next reply.



Aside from that I'm not seeing much that would indicate the presence of malware. But I do see some issues that may be causing your some problems. You are running two antivirus programs, AVG and Avast. Beyond the fact that having both of these programs running at the same time puts a serious strain your computer, if they both detect something at the same time they will conflict with each other and that will cause more serious issues. Please uninstall one of these programs.

Next I see signs of Trendmicro firewall and SpywareDoctor that look like they were improperly removed. Can you verify for me that these programs are no longer installed? Then we can remove the remnant services for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 princessissues

princessissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:18 PM

Posted 13 December 2008 - 07:47 PM

Here is the Malware Scan you asked for me to run:
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Trend Micro was suppose to be removed, but for some reason it is not all gone. I have uninstalled the AVAST as you requested. When AVAST would run, it would list well over a dozen files/folders that it did not check. That always puzzled me, but I wasn't sure where to look or what to do at that point. Would you mind just checking my HIJack this log after this has been done?

Also, on my Revo Uninstaller there are about a dozen programs that I am just baffled by and when I copy them and just run a search on them via google, they all come back as problems. However, I am not able to uninstall them via the Revo Uninstaller. Hmmm?

Edited by princessissues, 13 December 2008 - 07:49 PM.

Darlene

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:18 PM

Posted 14 December 2008 - 10:24 AM

What programs are showing up that you can't remove?

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :services
    PcCtlCom
    sdAuxService
    sdCoreService
    Tmntsrv
    TmPfw
    tmproxy
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 princessissues

princessissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:18 PM

Posted 14 December 2008 - 12:05 PM

Here are the results of the Move It program that was run:
========== SERVICES/DRIVERS ==========
Service PcCtlCom stopped successfully.
Service PcCtlCom deleted successfully.
Service sdAuxService stopped successfully.
Service sdAuxService deleted successfully.
Service sdCoreService stopped successfully.
Service sdCoreService deleted successfully.
Service Tmntsrv stopped successfully.
Service Tmntsrv deleted successfully.
Service TmPfw stopped successfully.
Service TmPfw deleted successfully.
Service tmproxy stopped successfully.
Service tmproxy deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\clclean.0001.dir.0002\~df394b.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\clclean.0001.dir.0002\~efe2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\clclean.0001 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\Perflib_Perfdata_cbc.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\Perflib_Perfdata_fc0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\~DFBE2E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\~DFBEC8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWs\temp\Perflib_Perfdata_1f0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWs\temp\Perflib_Perfdata_49c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_112500

Files moved on Reboot...
File C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\clclean.0001.dir.0002\~df394b.tmp not found!
File C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\clclean.0001.dir.0002\~efe2.tmp not found!
C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\clclean.0001 moved successfully.
File C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\Perflib_Perfdata_cbc.dat not found!
File C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\Perflib_Perfdata_fc0.dat not found!
File C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\~DFBE2E.tmp not found!
File C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\~DFBEC8.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWs\temp\Perflib_Perfdata_1f0.dat not found!
File C:\WINDOWs\temp\Perflib_Perfdata_49c.dat not found!

Here are the results of the RSIT Program
Logfile of random's system information tool 1.04 (written by random/random)
Run by Darlene Bristow at 2008-12-14 11:34:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 74 GB (69%) free of 108 GB
Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:40 AM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWs\System32\smss.exe
C:\WINDOWs\system32\winlogon.exe
C:\WINDOWs\system32\services.exe
C:\WINDOWs\system32\lsass.exe
C:\WINDOWs\system32\Ati2evxx.exe
C:\WINDOWs\system32\svchost.exe
C:\WINDOWs\System32\svchost.exe
C:\WINDOWs\System32\WLTRYSVC.EXE
C:\WINDOWs\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWs\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWs\system32\svchost.exe
C:\WINDOWs\system32\SearchIndexer.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWs\system32\Ati2evxx.exe
C:\WINDOWs\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWs\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWs\system32\rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\RFA\rfagent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWs\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Darlene Bristow\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Darlene Bristow.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWs\stsystra.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] "C:\WINDOWs\system32\rundll32.exe" CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AppMgrGui] "C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWs\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWs\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWs\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWs\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWs\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWs\SYSTEM32\ASWLNDLL.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWs\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWs\System32\WLTRYSVC.EXE

--
End of file - 13515 bytes

======Scheduled tasks folder======

C:\WINDOWs\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-06 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-06 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-10 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-05 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-06 2055960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-10 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-22 1392640]
"SigmatelSysTrayApp"=C:\WINDOWs\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-02-20 1191936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2007-09-05 57344]
"MBMon"=C:\WINDOWs\system32\CTMBHA.DLL [2007-11-15 1346893]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"VoiceCenter"=C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2006-02-16 1118208]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-05-02 184320]
"lxcjmon.exe"=C:\Program Files\Lexmark 8300 Series\lxcjmon.exe [2005-09-30 200704]
"EzPrint"=C:\Program Files\Lexmark 8300 Series\ezprint.exe [2006-04-19 94208]
"AppMgrGui"=C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe [2006-09-27 24064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2008-08-18 532808]
"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712]
"rfagent"=C:\Program Files\RFA\rfagent.exe [2005-04-23 330240]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-06 1261336]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-26 68856]
"ctfmon.exe"=C:\WINDOWs\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Darlene Bristow\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ASWLNDLL]
C:\WINDOWs\system32\ASWLNDLL.dll [2007-05-13 6656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWs\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-01 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWs\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-14 11:25:00 ----D---- C:\_OTMoveIt
2008-12-13 15:04:28 ----A---- C:\report.txt
2008-12-13 12:48:17 ----D---- C:\WINDOWs\ERUNT
2008-12-13 12:19:56 ----D---- C:\SDFix
2008-12-11 19:40:04 ----A---- C:\WINDOWs\system32\tmp.txt
2008-12-11 19:38:45 ----A---- C:\rapport.txt
2008-12-11 19:38:00 ----A---- C:\WINDOWs\system32\Agent.OMZ.Fix.exe
2008-12-11 19:37:59 ----A---- C:\WINDOWs\system32\o4Patch.exe
2008-12-11 19:37:58 ----A---- C:\WINDOWs\system32\IEDFix.C.exe
2008-12-11 19:37:57 ----A---- C:\WINDOWs\system32\404Fix.exe
2008-12-11 19:37:56 ----A---- C:\WINDOWs\system32\VACFix.exe
2008-12-11 19:37:53 ----A---- C:\WINDOWs\system32\IEDFix.exe
2008-12-11 19:37:52 ----A---- C:\WINDOWs\system32\WS2Fix.exe
2008-12-11 19:37:50 ----A---- C:\WINDOWs\system32\VCCLSID.exe
2008-12-11 19:37:47 ----A---- C:\WINDOWs\system32\swxcacls.exe
2008-12-11 19:37:47 ----A---- C:\WINDOWs\system32\dumphive.exe
2008-12-11 19:37:45 ----A---- C:\WINDOWs\system32\SrchSTS.exe
2008-12-11 19:37:44 ----A---- C:\WINDOWs\system32\swsc.exe
2008-12-11 19:37:41 ----A---- C:\WINDOWs\system32\swreg.exe
2008-12-11 19:37:40 ----A---- C:\WINDOWs\system32\Process.exe
2008-12-11 18:15:55 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\GlarySoft
2008-12-11 17:54:29 ----D---- C:\Program Files\Absolute Uninstaller
2008-12-10 23:28:51 ----A---- C:\WINDOWs\sfbm.INI
2008-12-10 22:29:44 ----A---- C:\WINDOWs\ntbtlog.txt
2008-12-10 18:53:43 ----A---- C:\java_ee_sdk-5_01-windows.exe
2008-12-10 18:41:17 ----D---- C:\rsit
2008-12-10 16:35:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-10 16:33:38 ----D---- C:\Program Files\Adobe
2008-12-10 16:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-10 15:43:58 ----HDC---- C:\WINDOWs\$NtUninstallKB955839$
2008-12-10 15:42:02 ----HDC---- C:\WINDOWs\$NtUninstallKB954600$
2008-12-10 15:35:15 ----HDC---- C:\WINDOWs\$NtUninstallKB952069_WM9$
2008-12-10 15:35:06 ----HDC---- C:\WINDOWs\$NtUninstallKB943729$
2008-12-10 15:35:03 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Windows Desktop Search
2008-12-10 15:34:35 ----HDC---- C:\WINDOWs\$NtUninstallKB940157$
2008-12-10 15:33:55 ----HDC---- C:\WINDOWs\$NtUninstallKB915800-v4$
2008-12-10 15:29:58 ----A---- C:\WINDOWs\imsins.BAK
2008-12-10 15:29:44 ----HDC---- C:\WINDOWs\$NtUninstallKB956802$
2008-12-10 15:27:33 ----HD---- C:\WINDOWs\$hf_mig$
2008-12-10 14:24:27 ----D---- C:\Program Files\Secunia
2008-12-10 12:16:19 ----A---- C:\WINDOWs\system32\javaws.exe
2008-12-10 12:16:19 ----A---- C:\WINDOWs\system32\deploytk.dll
2008-12-10 12:16:18 ----A---- C:\WINDOWs\system32\javaw.exe
2008-12-10 12:16:18 ----A---- C:\WINDOWs\system32\java.exe
2008-12-10 11:55:32 ----D---- C:\Program Files\filehippo.com
2008-12-09 17:56:54 ----HD---- C:\WINDOWs\system32\GroupPolicy
2008-12-09 17:37:54 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-09 17:37:43 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-09 17:37:43 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\SUPERAntiSpyware.com
2008-12-08 22:38:20 ----D---- C:\Program Files\Alwil Software
2008-12-07 11:47:45 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\VSRevoGroup
2008-12-06 21:18:09 ----D---- C:\Program Files\Microsoft Easy Assist
2008-12-06 21:17:43 ----D---- C:\Documents and Settings\All Users\Application Data\Applications
2008-12-06 17:59:29 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-06 16:11:51 ----A---- C:\WINDOWs\system32\capicom.dll
2008-12-06 16:11:29 ----D---- C:\Binaries
2008-12-06 16:11:05 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Webroot
2008-12-06 15:19:06 ----A---- C:\WINDOWs\win.ini
2008-12-06 15:08:39 ----HD---- C:\WINDOWs\PIF
2008-12-06 14:46:10 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-12-06 14:45:46 ----D---- C:\Program Files\Security Task Manager
2008-12-06 13:06:57 ----HD---- C:\$AVG8.VAULT$
2008-12-06 00:42:50 ----A---- C:\WINDOWs\system32\avgrsstx.dll
2008-12-06 00:42:25 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\AVGTOOLBAR
2008-12-06 00:42:16 ----D---- C:\Program Files\AVG
2008-12-06 00:42:16 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-06 00:01:58 ----D---- C:\Program Files\Lavasoft
2008-12-06 00:01:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-06 00:00:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-05 22:36:28 ----A---- C:\WINDOWs\SYSTEM.INI
2008-12-05 20:57:41 ----A---- C:\WINDOWs\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-05 20:46:40 ----D---- C:\Program Files\RFA
2008-12-05 20:41:01 ----D---- C:\Program Files\VS Revo Group
2008-12-05 20:32:27 ----HDC---- C:\WINDOWs\$NtUninstallKB915865$
2008-12-05 20:01:49 ----D---- C:\WINDOWs\system32\appmgmt
2008-12-05 19:33:05 ----D---- C:\Program Files\Windows Resource Kits
2008-12-05 19:00:27 ----D---- C:\WINDOWs\system32\NtmsData
2008-12-05 19:00:23 ----A---- C:\WINDOWs\SchedLgU.Txt
2008-12-05 02:28:49 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-04 22:15:07 ----D---- C:\Program Files\Common Files\SupportSoft
2008-12-04 20:01:10 ----D---- C:\WINDOWs\system32\vmm32
2008-12-03 15:42:16 ----D---- C:\WINDOWs\system32\351631
2008-11-28 14:23:58 ----D---- C:\Program Files\Common Files\Protexis
2008-11-27 18:58:34 ----A---- C:\WINDOWs\NeroDigital.ini
2008-11-27 18:51:41 ----D---- C:\WINDOWs\system32\IOSUBSYS
2008-11-27 18:30:36 ----A---- C:\WINDOWs\Pex.INI
2008-11-27 18:12:23 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Ulead Systems
2008-11-27 18:03:39 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-11-26 23:02:19 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\ZoomBrowser EX
2008-11-25 19:56:16 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Canon
2008-11-25 19:40:41 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-11-25 19:38:07 ----D---- C:\Program Files\Canon
2008-11-25 19:24:50 ----D---- C:\Program Files\Common Files\Canon
2008-11-23 00:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-11-22 16:05:05 ----N---- C:\WINDOWs\system32\ptpusb.dll
2008-11-22 16:05:04 ----N---- C:\WINDOWs\system32\ptpusd.dll
2008-11-21 22:04:23 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Yahoo!
2008-11-21 22:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-21 22:02:45 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-21 11:26:00 ----N---- C:\WINDOWs\system32\d3dx9_32.dll
2008-11-21 11:25:17 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-11-21 11:17:12 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-21 11:16:53 ----D---- C:\Program Files\Windows Live
2008-11-20 12:44:26 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Malwarebytes
2008-11-20 12:44:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 12:44:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-20 12:35:44 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-11-18 22:46:40 ----D---- C:\Program Files\CCleaner
2008-11-18 21:46:50 ----D---- C:\Program Files\CONEXANT
2008-11-18 21:40:41 ----D---- C:\Program Files\ZoneAlarmSB
2008-11-18 21:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-11-18 21:38:08 ----N---- C:\WINDOWs\system32\SpOrder.dll
2008-11-18 21:35:53 ----D---- C:\WINDOWs\Internet Logs
2008-11-17 20:20:21 ----D---- C:\WINDOWs\Minidump
2008-11-17 19:02:41 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-17 00:22:04 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-17 00:16:16 ----N---- C:\WINDOWs\system32\pxafs.dll
2008-11-16 23:50:53 ----D---- C:\WINDOWs\system32\syncdb
2008-11-16 16:06:14 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Download Manager
2008-11-15 01:44:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2008-12-14 11:34:40 ----D---- C:\WINDOWs\Temp
2008-12-14 11:34:34 ----D---- C:\WINDOWs\Prefetch
2008-12-14 11:29:07 ----D---- C:\WINDOWS
2008-12-14 11:28:42 ----D---- C:\MDT
2008-12-14 11:26:59 ----A---- C:\WINDOWs\system32\rpcnetp.exe
2008-12-14 11:26:57 ----A---- C:\WINDOWs\system32\rpcnet.dll
2008-12-13 19:54:08 ----RD---- C:\Program Files
2008-12-13 19:43:44 ----D---- C:\WINDOWs\system32
2008-12-13 19:43:29 ----D---- C:\WINDOWs\system32\drivers
2008-12-13 12:58:02 ----A---- C:\WINDOWs\system32\rpcnetp.dll
2008-12-13 12:51:20 ----RSHD---- C:\WINDOWs\system32\dllcache
2008-12-13 12:11:54 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-11 16:53:26 ----D---- C:\WINDOWs\Microsoft.NET
2008-12-11 16:53:25 ----RSD---- C:\WINDOWs\assembly
2008-12-11 16:46:13 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-11 16:46:12 ----D---- C:\Program Files\Common Files
2008-12-10 23:46:45 ----D---- C:\WINDOWs\Debug
2008-12-10 23:26:25 ----D---- C:\Program Files\Creative
2008-12-10 23:21:08 ----SHD---- C:\System Volume Information
2008-12-10 23:21:08 ----D---- C:\WINDOWs\system32\Restore
2008-12-10 22:28:54 ----D---- C:\WINDOWs\system32\CatRoot2
2008-12-10 21:38:44 ----SD---- C:\Documents and Settings\Darlene Bristow\Application Data\Microsoft
2008-12-10 21:34:24 ----D---- C:\WINDOWs\Registration
2008-12-10 20:23:44 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-12-10 20:23:43 ----SD---- C:\WINDOWs\Downloaded Program Files
2008-12-10 20:23:43 ----D---- C:\Program Files\NOS
2008-12-10 16:35:36 ----SHD---- C:\WINDOWs\Installer
2008-12-10 16:32:18 ----D---- C:\Program Files\Google
2008-12-10 16:28:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 15:51:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-10 15:51:02 ----D---- C:\Program Files\Internet Explorer
2008-12-10 15:51:01 ----D---- C:\WINDOWs\system32\en-US
2008-12-10 15:44:06 ----HD---- C:\WINDOWs\inf
2008-12-10 15:42:49 ----D---- C:\WINDOWs\ie7updates
2008-12-10 15:42:23 ----D---- C:\WINDOWs\system32\CatRoot
2008-12-10 15:35:08 ----D---- C:\WINDOWs\system32\wbem
2008-12-10 15:34:52 ----D---- C:\Program Files\Windows Desktop Search
2008-12-10 15:30:30 ----D---- C:\WINDOWs\WinSxS
2008-12-10 12:15:42 ----D---- C:\Program Files\Java
2008-12-09 18:58:37 ----D---- C:\WINDOWs\security
2008-12-09 18:24:37 ----A---- C:\WINDOWs\system32\MRT.exe
2008-12-09 17:32:56 ----D---- C:\WINDOWs\system32\config
2008-12-08 09:13:51 ----D---- C:\WINDOWs\system32\Macromed
2008-12-07 22:49:38 ----D---- C:\Program Files\Yahoo!
2008-12-07 22:47:31 ----D---- C:\scans
2008-12-07 11:59:02 ----D---- C:\Documents and Settings
2008-12-07 11:58:24 ----SD---- C:\WINDOWs\Tasks
2008-12-06 23:59:33 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-12-06 23:05:31 ----D---- C:\Program Files\Lx_cats
2008-12-06 17:56:20 ----D---- C:\WINDOWs\Media
2008-12-06 16:53:12 ----ASH---- C:\boot.ini
2008-12-06 00:31:12 ----D---- C:\Program Files\Trend Micro
2008-12-05 22:20:10 ----D---- C:\WINDOWs\repair
2008-12-05 20:34:21 ----HDC---- C:\WINDOWs\ie7
2008-12-05 20:28:03 ----D---- C:\Program Files\Messenger
2008-12-05 20:06:17 ----D---- C:\WINDOWs\pss
2008-12-05 20:01:51 ----D---- C:\Program Files\Windows NT
2008-12-05 20:01:50 ----D---- C:\WINDOWs\system32\inetsrv
2008-12-05 20:01:50 ----D---- C:\WINDOWs\addins
2008-12-05 20:01:49 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Corel
2008-12-05 20:00:43 ----D---- C:\WINDOWs\Help
2008-12-05 10:39:22 ----D---- C:\Program Files\CyberLink
2008-12-05 02:33:58 ----D---- C:\dell
2008-12-05 02:30:45 ----D---- C:\Program Files\Windows Media Player
2008-12-05 02:30:40 ----D---- C:\Program Files\Movie Maker
2008-12-05 02:30:25 ----D---- C:\Program Files\NetMeeting
2008-12-05 02:30:20 ----D---- C:\Program Files\Outlook Express
2008-12-05 02:30:20 ----D---- C:\Program Files\Common Files\System
2008-12-04 22:06:47 ----A---- C:\WINDOWs\system32\PerfStringBackup.INI
2008-12-04 13:23:51 ----D---- C:\Program Files\Corel
2008-12-04 12:51:49 ----SHD---- C:\WINDOWs\CSC
2008-12-04 00:50:44 ----D---- C:\Program Files\Dell
2008-12-04 00:12:50 ----D---- C:\WINDOWs\system32\ias
2008-12-03 21:57:58 ----D---- C:\WINDOWs\network diagnostic
2008-11-28 18:48:35 ----D---- C:\WINDOWs\system32\spool
2008-11-28 15:17:16 ----D---- C:\Program Files\Common Files\Corel
2008-11-28 14:23:58 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2008-11-27 22:20:11 ----D---- C:\WINDOWs\system32\oobe
2008-11-27 22:20:11 ----D---- C:\WINDOWs\system32\mui
2008-11-27 22:20:11 ----D---- C:\WINDOWs\system32\LogFiles
2008-11-25 20:57:07 ----D---- C:\Temp
2008-11-23 00:07:01 ----D---- C:\Documents and Settings\Darlene Bristow\Application Data\Adobe
2008-11-22 12:56:55 ----D---- C:\WINDOWs\system32\DirectX
2008-11-21 22:02:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-21 11:24:41 ----DC---- C:\WINDOWs\system32\DRVSTORE
2008-11-17 22:56:37 ----D---- C:\Program Files\Safari
2008-11-17 00:16:26 ----D---- C:\Program Files\Common Files\Adobe
2008-11-17 00:16:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-16 16:44:10 ----RSD---- C:\WINDOWs\Fonts
2008-11-16 16:41:58 ----N---- C:\WINDOWs\system32\pxcpyi64.exe
2008-11-16 16:41:58 ----N---- C:\WINDOWs\system32\pxcpya64.exe
2008-11-16 16:41:57 ----N---- C:\WINDOWs\system32\pxinsi64.exe
2008-11-16 16:41:57 ----N---- C:\WINDOWs\system32\pxinsa64.exe
2008-11-16 16:41:56 ----N---- C:\WINDOWs\system32\PxSFS.DLL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWs\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPDRV;APPDRV; C:\WINDOWs\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 APPSTREAM;APPSTREAM; \??\C:\WINDOWS\System32\Drivers\APPSTREAM.SYS []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWs\System32\Drivers\avgldx86.sys [2008-12-06 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWs\System32\Drivers\avgmfx86.sys [2008-12-06 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWs\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWs\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWs\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWs\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWs\system32\DRIVERS\tmtdi.sys [2006-11-09 73288]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWs\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ASCTRM;ASCTRM; C:\WINDOWs\system32\drivers\ASCTRM.sys [2008-06-26 8552]
R2 drvnddm;drvnddm; C:\WINDOWs\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWs\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 REGHOOK;REGHOOK; \??\C:\WINDOWS\System32\Drivers\REGHOOK.SYS []
R2 tfsnboio;tfsnboio; C:\WINDOWs\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWs\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWs\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWs\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWs\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWs\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWs\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWs\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWs\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R2 tmpreflt;tmpreflt; C:\WINDOWs\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWs\system32\drivers\TmXPFlt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\WINDOWs\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R2 VSPD;VSPD; \??\C:\WINDOWS\System32\Drivers\VSPD.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWs\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWs\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWs\system32\DRIVERS\bcmwl5.sys [2006-11-22 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWs\system32\DRIVERS\bcm4sbxp.sys [2006-08-25 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWs\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWs\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWs\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWs\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWs\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWs\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWs\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 monfilt;monfilt; C:\WINDOWs\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 NIC1394;1394 Net Driver; C:\WINDOWs\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWs\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 PSI;PSI; C:\WINDOWs\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
R3 rimmptsk;rimmptsk; C:\WINDOWs\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWs\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWs\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWs\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWs\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWs\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWs\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWs\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWs\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWs\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWs\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S1 CorexCardScan500;Corex CardScan 500; C:\WINDOWs\system32\drivers\slcorex.sys [1999-12-03 17448]
S1 IKSysFlt;System Filter Driver; C:\WINDOWs\system32\drivers\iksysflt.sys []
S1 IKSysSec;System Security Driver; C:\WINDOWs\system32\drivers\iksyssec.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWs\system32\drivers\MCSTRM.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWs\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWs\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 nv;nv; C:\WINDOWs\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWs\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWs\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWs\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWs\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWs\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWs\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWs\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWs\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWs\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWs\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWs\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWs\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AppMgrService;AWE 5.1.0 Application Manager; C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe [2006-09-27 1990656]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWs\system32\Ati2evxx.exe [2006-05-23 409600]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-06-26 72704]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-29 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-09-18 47104]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWs\System32\WLTRYSVC.EXE [2006-11-22 20480]
R2 WSearch;Windows Search; C:\WINDOWs\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 lxcj_device;lxcj_device; C:\WINDOWS\system32\lxcjcoms.exe [2005-10-24 491520]
S2 Fax;Fax; c:\WINDOWS\ServicePackFiles\i386\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWs\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWs\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-07-01 16680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWs\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Darlene

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:18 PM

Posted 15 December 2008 - 09:50 AM

Looks pretty good to me. What issues are you still having?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 princessissues

princessissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:18 PM

Posted 15 December 2008 - 10:15 AM

I guess I'm o.k.
What did you see if anything from the start of my HIJack log?
Just wondering.
My browser will still not let me download Mozilla Firefox (weird things like that).
:thumbsup:
Darlene

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:18 PM

Posted 15 December 2008 - 10:40 AM

Your hijackthis log is clean.

What happens with IE when you go to this page to download Firefox?
http://www.mozilla.com/en-US/products/down...&lang=en-US
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 princessissues

princessissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:18 PM

Posted 15 December 2008 - 11:08 AM

Well, it actually let me download it this time. Yipppeee. Usually just freezes up and shuts IE down and diconnects.
Darlene

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:18 PM

Posted 15 December 2008 - 02:46 PM

Alright! :thumbsup:

Here are some final steps for you.

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:18 PM

Posted 29 December 2008 - 09:58 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users