Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a nasty trojan!


  • This topic is locked This topic is locked
56 replies to this topic

#1 Mjay22

Mjay22

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 07 January 2009 - 05:28 AM

DDS (Ver_09-01-07.01) - NTFSx86
Run by MM at 4:13:58.12 on Wed 01/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2423 [GMT -6:00]

AV: avast! antivirus 4.8.1282 [VPS 090106-1] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\RefreshLock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MM\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.comcast.net/a/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=localhost:9050
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [RefreshLock] C:\RefreshLock.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ABIT uGuru] c:\program files\abit\abit uguru\uGuru.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [GuruClock] c:\program files\abit\abit uguru\GuruClock.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: ampd.com\www
Trusted Zone: howtodrivers.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll
LSA: Notification Packages = cli

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-2 28544]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2007-6-30 10752]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-13 110160]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2008-11-5 12288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-7 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast4\ashWebSv.exe [2008-11-13 352920]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-7 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-7 35240]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2008-11-5 10752]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-13 20560]
R4 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast4\ashServ.exe [2008-11-13 155160]
R4 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-11-7 144704]
S0 oxas;oxas;c:\windows\system32\drivers\yjaauf.sys --> c:\windows\system32\drivers\yjaauf.sys [?]
S0 pxark;pxark;c:\windows\system32\drivers\pxark.sys --> c:\windows\system32\drivers\pxark.sys [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 Memctl;Memctl;c:\program files\abit\abit uguru\MEMCTL.SYS [2007-6-30 4047]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-7 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-7 40488]
S3 NJXSDNC;NJXSDNC;c:\docume~1\mm\locals~1\temp\njxsdnc.exe --> c:\docume~1\mm\locals~1\temp\NJXSDNC.exe [?]
S3 PORTMON;PORTMON;\??\d:\cars\sysinternal complete suite\sysinternalssuite\sysinternalssuite\portmsys.sys --> d:\cars\sysinternal complete suite\sysinternalssuite\sysinternalssuite\PORTMSYS.SYS [?]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2005-12-11 3567]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\protowall.sys --> c:\windows\system32\drivers\ProtoWall.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-4-19 598856]
S4 CSIScanner;CSIScanner;"c:\program files\prevxcsi\prevxcsi.exe" /service --> c:\program files\prevxcsi\prevxcsi.exe [?]
S4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-7 359248]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-11-7 695624]
S4 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-4-16 689416]
S4 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-4-16 894216]
S4 RVRWPOSM;RVRWPOSM;\??\c:\windows\system32\drivers\rvrwposm.sys --> c:\windows\system32\drivers\RVRWPOSM.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-26 24652]

=============== Created Last 30 ================

2009-01-07 03:57 608 a------- C:\iefiles5.inf
2009-01-07 03:57 103,184 a------- C:\ieinfo5.ocx
2009-01-07 03:53 <DIR> --d----- C:\Comb1Fix
2009-01-06 01:59 56 a--shr-- c:\windows\system32\drivers\5912592D38.sys
2009-01-06 01:58 56 a--shr-- c:\windows\system32\5912592D38.sys
2009-01-05 22:58 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-05 22:33 1,660,821 a------- C:\SmitfraudFix.exe
2009-01-05 19:23 <DIR> --d----- C:\help
2009-01-03 21:58 3,014,656 a------- c:\windows\system32\YKSZDINX
2009-01-03 16:57 <DIR> --d----- c:\windows\ERUNT
2009-01-03 16:51 1,529,241 a------- C:\SDFix.exe
2009-01-03 16:27 2,626 a------- c:\windows\system32\CONFIG.NT
2009-01-03 16:26 2,148 a------- c:\windows\system32\wpa.dbl
2009-01-03 16:24 11,495 a------- c:\windows\system32\Config.MPF
2009-01-03 16:03 <DIR> --d----- C:\_OTScanIt
2009-01-03 04:03 362 a------- c:\windows\Shortcut to WINDOWS.lnk
2009-01-02 23:58 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-01-02 11:43 <DIR> --d----- C:\New Folder (2)
2009-01-01 23:46 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-30 07:20 23,392 a------- c:\windows\system32\nscompat.tlb
2008-12-30 07:20 16,832 a------- c:\windows\system32\amcompat.tlb
2008-12-15 09:52 796 a------- C:\Kso.Lv Team Fortress 2 Server (run STEAM before clicking on this).lnk
2008-12-15 09:52 782 a------- C:\Join KSO.Lv Team Fortress 2 Server 1.lnk

==================== Find3M ====================

2009-01-04 18:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 18:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-25 07:44 196,608 a------- c:\windows\system32\drivers\nStandard.bin.bak
2008-12-12 11:01 3,067,904 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-02 06:05 118,656 a------- c:\windows\system32\drivers\Rtnicxp.sys
2008-11-27 11:47 10,240 a------- c:\windows\system32\RtNicProp32.dll
2008-11-21 15:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 15:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 15:47 129,784 -------- c:\windows\system32\pxafs.dll
2008-11-21 15:47 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-11-21 15:47 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-11-21 15:47 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys
2008-11-21 15:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 15:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 15:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 15:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-11-14 17:47 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-07 06:45 61,224 a------- c:\windows\java\GoToAssistDownloadHelper.exe
2008-11-06 02:41 61,224 a------- c:\documents and settings\mm\GoToAssistDownloadHelper.exe
2008-11-01 04:14 133,632 a------- c:\windows\system32\OLD420.tmp
2008-11-01 04:12 11,776 a------- c:\windows\system32\wshisn.dll
2008-11-01 04:12 11,776 a------- c:\windows\system32\dllcache\wshisn.dll
2008-11-01 04:09 7,680 a------- c:\windows\system32\OLD40D.tmp
2008-11-01 03:58 7,168 a------- c:\windows\system32\wshnetbs.dll
2008-11-01 03:58 7,168 a------- c:\windows\system32\dllcache\wshnetbs.dll
2008-10-31 16:18 24,576 a------- c:\windows\system32\ws2help.dll.tmp
2008-10-24 05:21 455,296 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 19:00 619,520 a------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 19:00 1,499,136 a------- c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 10:34 337,408 a------- c:\windows\system32\dllcache\netapi32.dll
2008-04-15 19:25 905 a------- c:\program files\uninstal.log
2008-04-15 09:09 24,192 a------- c:\documents and settings\mm\usbsermptxp.sys
2008-04-15 09:09 22,768 a------- c:\documents and settings\mm\usbsermpt.sys
2008-08-26 18:44 144 a--sh--- c:\windows\system32\2226305475.dat
2008-04-16 04:44 56 a--shr-- c:\windows\system32\5912592D38.sys
2008-04-16 04:55 616,448 a--shr-- c:\windows\system32\cygwin1.dll
2008-04-16 04:55 45,568 a--shr-- c:\windows\system32\cygz.dll
2008-04-16 04:44 56 a--shr-- c:\windows\system32\drivers\5912592D38.sys

============= FINISH: 4:15:11.54 ===============

BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:07 PM

Posted 07 January 2009 - 06:56 AM

Hello, Mjay22

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


I need some time to look over your log, I will post back soon.

Edited by Jat90, 07 January 2009 - 06:57 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 Mjay22

Mjay22
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 07 January 2009 - 06:26 PM

Hello, Jat

Your help will be greated appreciated. Thank You!

#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:07 PM

Posted 08 January 2009 - 12:42 PM

Hello,

As you have been told, this rootkit has backdoor functionalities, allowing hackers to steal private information and access any financial accounts that you use your pc to access. Even if we clean it, we can't be sure it will be 100% secure afterwards.

AntiVirus Removal

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either avast! or McAfee VirusScan.

P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case eMule and Limewire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus I suggest you uninstall these programs via Add/Remove Programs on the Control Panel.

ViewPoint

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

ComboFix

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. See this topic to find out how to disable your antivirus and firewall (post #1 and #2).
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

ReScan

Please rescan with DDS and post the new logs


In your next reply, please post:
  • ComboFix log
  • DDS logs

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 Mjay22

Mjay22
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 09 January 2009 - 01:56 AM

All programs recommend to be uninstalled have been.

AntiVirus uninstalled: Mcafee
Note about the Mcafee being uninstalled:

While Mcafee was installed, after I became infected, the program wouldn't let me completely
disable it as it did before I had the virus. Since uninstalling Mcafee, the virus files the would keep
on recreating themselves have stopped. Which include:

c:\windows\msacm32.drv
c:\windows\rasqervy.dll
c:\windows\sdfinacs.dll
c:\windows\sdfixwcs.dll
c:\windows\wuasirvy.dll
and various $$__.tmp.exe's

Now Avast doesn't pick up on any behavior changes or file write's for any of those files.

ComboFix log:

ComboFix 09-01-08.03 - MM 2009-01-09 0:02:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2536 [GMT -6:00]
Running from: c:\documents and settings\MM\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090108-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-07 03:57 . 2002-08-29 07:14 103,184 --a------ C:\ieinfo5.ocx
2009-01-07 03:57 . 2002-08-29 07:14 608 --a------ C:\iefiles5.inf
2009-01-07 03:53 . 2009-01-07 03:54 <DIR> d-------- C:\Comb1Fix
2009-01-06 01:59 . 2008-04-16 04:44 56 -rahs---- c:\windows\system32\drivers\5912592D38.sys
2009-01-06 01:58 . 2008-04-16 04:44 56 -rahs---- c:\windows\system32\5912592D38.sys
2009-01-06 00:20 . 2009-01-06 00:20 <DIR> d-------- c:\documents and settings\Administrator.XUP\Application Data\Malwarebytes
2009-01-05 22:58 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-05 22:33 . 2009-01-05 22:33 1,660,821 --a------ C:\SmitfraudFix.exe
2009-01-05 19:23 . 2009-01-06 20:54 <DIR> d-------- C:\help
2009-01-03 21:58 . 2009-01-03 21:58 3,014,656 --a------ c:\windows\system32\YKSZDINX
2009-01-03 16:57 . 2009-01-03 16:58 <DIR> d-------- c:\windows\ERUNT
2009-01-03 16:51 . 2009-01-03 17:57 1,529,241 --a------ C:\SDFix.exe
2009-01-03 16:27 . 2009-01-09 00:09 2,626 --a------ c:\windows\system32\CONFIG.NT
2009-01-03 16:26 . 2009-01-09 00:08 2,206 --a------ c:\windows\system32\wpa.dbl
2009-01-03 16:03 . 2009-01-03 16:03 <DIR> d-------- C:\_OTScanIt
2009-01-03 04:03 . 2009-01-03 04:03 362 --a------ c:\windows\Shortcut to WINDOWS.lnk
2009-01-02 23:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-02 11:43 . 2009-01-02 11:43 <DIR> d-------- C:\New Folder (2)
2009-01-01 23:46 . 2009-01-06 00:40 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-30 07:20 . 2009-01-07 03:13 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-30 07:20 . 2009-01-07 03:13 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-15 09:52 . 2008-11-15 04:15 796 --a------ C:\Kso.Lv Team Fortress 2 Server (run STEAM before clicking on this).lnk
2008-12-15 09:52 . 2008-10-12 05:42 782 --a------ C:\Join KSO.Lv Team Fortress 2 Server 1.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 05:59 --------- d-----w c:\program files\Viewpoint
2009-01-09 05:49 --------- d-----w c:\program files\eMule
2009-01-09 05:47 --------- d-----w c:\program files\LimeWire
2009-01-09 04:43 --------- d-----w c:\program files\PeerGuardian2
2009-01-07 02:57 --------- d-----w c:\program files\Remove-it
2009-01-07 01:50 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-07 01:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-06 07:19 --------- d-----w c:\program files\AOL 9.1
2009-01-06 02:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-05 00:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 00:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 09:11 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avg8
2009-01-03 05:57 --------- d-----w c:\program files\Panda Security
2009-01-02 05:46 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-02 04:19 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-01-02 04:19 --------- d-----w c:\program files\SpywareBlaster
2008-12-31 12:33 --------- d-----w c:\program files\Steam
2008-12-31 02:05 --------- d-----w c:\documents and settings\MM\Application Data\Tor
2008-12-31 01:33 --------- d-----w c:\documents and settings\MM\Application Data\Vidalia
2008-12-28 04:37 --------- d-----w c:\program files\CCleaner
2008-12-25 13:44 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin.bak
2008-12-24 11:12 --------- d-----w c:\program files\DivX
2008-12-12 17:01 3,067,904 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 08:39 --------- d-----w c:\documents and settings\MM\Application Data\uTorrent
2008-12-02 12:05 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2008-11-27 17:47 10,240 ----a-w c:\windows\system32\RtNicProp32.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-20 06:34 --------- d-----w c:\documents and settings\MM\Application Data\R-Wipe&Clean
2008-11-15 05:47 --------- d-----w c:\documents and settings\MM\Application Data\AOL
2008-11-15 05:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 05:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2008-11-14 23:47 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-14 05:29 --------- d-----w c:\program files\SIW
2008-11-14 03:48 --------- d-----w c:\documents and settings\Administrator.XUP\Application Data\Ahead
2008-11-13 22:13 --------- d-----w c:\documents and settings\MM\Application Data\Lavasoft
2008-11-13 21:49 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-11-13 12:09 --------- d-----w c:\program files\Azureus
2008-11-13 04:59 --------- d-----w c:\program files\Lavasoft
2008-11-07 12:45 61,224 ----a-w c:\windows\java\GoToAssistDownloadHelper.exe
2008-11-06 08:41 61,224 ----a-w c:\documents and settings\MM\GoToAssistDownloadHelper.exe
2008-11-01 10:14 133,632 ----a-w c:\windows\system32\OLD420.tmp
2008-11-01 10:12 11,776 ----a-w c:\windows\system32\wshisn.dll
2008-11-01 10:12 11,776 ----a-w c:\windows\system32\dllcache\wshisn.dll
2008-11-01 10:09 7,680 ----a-w c:\windows\system32\OLD40D.tmp
2008-11-01 09:58 7,168 ----a-w c:\windows\system32\wshnetbs.dll
2008-11-01 09:58 7,168 ----a-w c:\windows\system32\dllcache\wshnetbs.dll
2008-10-31 22:18 24,576 ----a-w c:\windows\system32\ws2help.dll.tmp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-04-16 04:58 2,402,550 ----a-w c:\windows\inf\SET50.tmp
2008-04-16 04:58 2,402,550 ----a-w c:\windows\inf\SET4F.tmp
2008-04-16 04:58 2,402,550 ----a-w c:\windows\inf\SET36E.tmp
2008-04-16 01:25 905 ----a-w c:\program files\uninstal.log
2008-04-15 15:09 24,192 ----a-w c:\documents and settings\MM\usbsermptxp.sys
2008-04-15 15:09 22,768 ----a-w c:\documents and settings\MM\usbsermpt.sys
2008-12-14 09:31 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-14 09:31 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2004-05-07 19:31 348,160 ----a-w c:\program files\mozilla firefox\components\MSVCR71.DLL
2008-12-14 09:31 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-11-07 16:58 139,264 ----a-w c:\program files\mozilla firefox\components\SABFF15.DLL
2008-12-14 09:31 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-14 09:31 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-27 00:44 144 --sha-w c:\windows\system32\2226305475.dat
2008-04-16 10:44 56 --sha-r c:\windows\system32\5912592D38.sys
2008-04-16 10:55 616,448 --sha-r c:\windows\system32\cygwin1.dll
2008-04-16 10:55 45,568 --sha-r c:\windows\system32\cygz.dll
2008-04-16 10:44 56 --sha-r c:\windows\system32\drivers\5912592D38.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-04-15 1103480]
"RefreshLock"="C:\RefreshLock.exe" [2008-04-15 193536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-07-09 1150976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru"="c:\program files\ABIT\ABIT uGuru\uGuru.exe" [2004-09-13 1695827]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"GuruClock"="c:\program files\ABIT\ABIT uGuru\GuruClock.exe" [2008-04-15 4489302]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-14 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 c:\windows\SOUNDMAN.EXE]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2008-04-16 c:\windows\system32\HdAShCut.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 c:\windows\ALCWZRD.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\MM\Start Menu\Programs\Startup\
Shortcut to ashDisp.exe.lnk - d:\program files\Alwil Software\Avast4\ashDisp.exe [2008-11-13 81000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"wave1"= c_947281.nls
"midi1"= c_947281.nls
"mixer1"= c_947281.nls
"aux1"= c_947281.nls
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"mixer2"= c_947281.nls
"wave2"= c_947281.nls
"midi2"= c_947281.nls
"aux2"= c_947281.nls
"63947312"= 36443932353832352d313234342d343642432d384346332d453742304636454132423033
"63947301"= c97c3334e24ebf86977c35297807162f054d5ac778328a329468bda56359819f3d8bc375b782c808aad6e7f2c00c135683f43168a361684156d46d02ebe26f4e0849ab27da5b8c5255dc286bf1c70559e388c86436d0d9f5a66254c590a154749487c3f38c9bed2386ca586a12d5bc068806b0d5d4dcb2e6835e57a5e68df08a11cf14213675cfeb3b207ce57b492f58b6f0f7bcca757ff8ad6b652aa2281d195ed837047ad16e45781389a67cd608769f5d5692462fc826cd6324c0a8f5993549a065d8cb4bf7d9f03746be126076b9240a700886311d15dd0338f83e723ce6172f8b10305b3014a4713a8bd62841eb03f7fd3635754cf123dbd5027411b0b750e7046831cfcc40f7a6dd7e2a118a69ff0b00b69e62e2334f195d8ae927546e1c8d81c6de4e7b1275936a975193e3ab2e9f99b09458feb2cfe671773908692e5ce83c05318d0de33ae0a1bd8197ede7c140718a2d8e1161f172fe59e9cc72874d3f6e6e4648e1ad48e985bb81595cdcf969932b0d58453f909da0b48fe0bccc692c9257fdd3e454708437d14ee4360b280f5f7a75c4733da15cf4486f5e1a5429a0173f5f582a25b2b4957b2e4fcffb0a
"63947331"= 36c08e969b78dd676c231b06f9a6348d0f12bb5347a58f14f8d10aea01f06de858c9ff5b48e526de8dd40cec156aa5721b947ab8da19c02e4c4fd237a230c7d40e3236f46dfac3ca45747e0659a6a0b32bb64a52814991748fd03453b1b3c15beb3711ffd05d516a94645cbfb350da520c38a799d9561ea5a285c21bdf19dd84928f9bef3aeeb0f1b2206f8ee5aab6fc291daebbd812dd666160fb063834f949fa908a04d5dd8fd76b386b89cc241bf4c929c549c35e275b4c8d61d7fd48d39bf8fde7e7a96a3cee0cf0f6056d40a52531ce1a7479a77b2e6b17c3772b6e9eba7dc28c8a7ae53fae7d502c35ec0ac80d1481e84f74be728873ed1e95f5c9d3f059d7c322bdd4f4ff7c96ba616cb6e3b385eec0da8c66589e6d66597e19c7ee8c910d051a1594b64648ca2bb56cb464a3135c3990c477c0d01bc255ec446ed95db87f45d2c517c1288815c37be37da8d05fc14da43ba58aaaba505671dd96817fd64cee49527bba843a8d501ff47dea0735bc7f290db10e9a0063684c5ad927630184c62026a28a220c1f1944c62de101abd30306b26f1f9a8ec34c58af75cb45a8c2736ab3f3a902d469b0d3f2475b79d0260ceb194c1e9ff7dba174e3499f66eec793bacbc3a052f502de8cd5317cef0f9202931ebbf5e1d41cf940189cf8e28e4c0243787b5aa592a5c4fc0274c754a8fab4d92cbe85aa1319432976f01b44da221cef3f1adc4e5257fd4277ba4aa3f13b5eaec3e1acf3e036567b51a85a41b0e6fad02fb86d9406abd5bef3d27170fcf36a9ee383658e4570b1af8f58073f3cd6c1c283562b134d81202173b486de97c0a40aa3a9771a4103be88d994c90f8c28b9b1eb6e1f46f02432867e033909866b62505636a3138f67a2fba88c7c07ac559cee40143233faa88ef5644186c853cb143c7db0f08014b23a738b6d2674711414ae9c2f7bbb3d75a9fe318a659761479650a0cfca42a3af9f0709d3f79a976d228214bb5a3ab102405570ff43abfe5292947e6e4b4790684eb794966bc821669d53100f6441888e22e6e660b45cf5db5766de2a9c6937cbc50048d457644f685a9698f156da4d13b7cb9569781397f2c2f95fe50e28752d573552768731de69d4087155ded3f4d3ae2d9e97e6207540ca6af41949822a63c3f151cec286581eaf097e47b7c7bf27c4648b24e207a66ca482834deb95cb6e5cd9a1c39e7126fcc92b51753f84bb4332e7415f53129381fb9ea7b6d4e0168dd0569c7cc6dcee04591bdd7ee7253e1cfb8e33220341d81650c7574fe4583f13c69daa7774bf2456dff0f8d7ff144c84c69001f07201a1524472e8f32682932a3aced83dda6a2fe3a84580453410f21589d42236810b33ac36fc558b93c7fce1efed98e0efb0b6af772eeef457e1795e10e52e77b27292d1a5dda89373592fdc990b70c708287c49bae247b1f14f1adfe014b4bd91f9ac33c2bb17b873bdfbf9d8d5077bfb4aaa90f477e905823b1da1e4abbc697bc0efd51c96c5751ea79e8ed22f6a24a8d038e5a1e2ea8a2e34c6c01d9620968a41ce78daddf3ac87ba708b2000d294220a2e397897cce03ec625b6ab604c92fd3ce3ed8998f3f8c1bb79e7644acee6277a8517890d68a4da50d30df5893e42f018fed0400ba493ccc5c01e8bbb676cb2aae538f5fe731b95563d676665221d6496504aef3937dd4a005dddce899b05811cca2cd571170f0942d2e37f5ca58e1075de8150cc743bbf394e336d4e5b4499f6c982ff943e985d23faccecf6d185498e7ab798bf82e62147de10d4096bce5fd6ec0139745462fe068c6f7d3a74e086e990ae9a8691e18be3f85865fda7a21a8385752305820e589f9947a83900a405671674c46988653b38ee71311bf6ff4036301358f0c23ff931e500e8a160da15b06cb3f5349cab2f7e873a8aeb00d2ad8321d9f9740d04dcc28b5fca86706063bb2ab4ba28c5c097197c3ffd451e8f2880a397cbaa6af508c07da94eca5d2c285c0dd605aa105ee095419d20170ba64dbf594b6228c61c5789225eee631c477edd21e7246f0ee1a4b9e1299553aeb816480076c74e1c71dd63e98e8d8546988578c0b960fea18402d19405c16a92174284d03ecd71a0ecedaeb99871f13a9a535c554b39091dfbdbeaf2deddcb57cd186339c3130cb333aef0953862bebf13cf6a5e35b1ae487cd3c8eb56402c34fce090b9cae08e667d210dcf43e8c6f409358243560ec537b81bed47b02a7202e79984f79f544693b2794c6b013a1234c0fd7cfdae3efe584e2052138a34cf2fa6cba36ba793e75c6e6f9d545ed9f855cdae626200f7f7a8a528296445390c861f77ad012f49d55498666afb9f2ff6c51c9cbe70c4e60831e11e036ddf9bac302006008f8d93fcd5f0ec6df3d2dcd7df39bafd589f7095a39cb1cbca8f14e5fd0fcdba341b76062eeb9ea0c070482935dc700736b9bc5f82136e3077ed395b256748d4299511c722a7c1dc2e9be97d25c7cda62de8fd7ef0b12846b773e4d66d78da0fff9cb326ab8c89d5f86ad0f495386e96bc34bf9e8d067183ff1e72fbe7a72b85d2836ef7ffb0c1ce65c66b72f39ea01453696130833480774a12e60fe3bc98dcb42575b5203bd3d3afffced7c92362b182a9e63ecd0bf189ac2679c96ba1a8619879081cab495d5a832e212e7a753f706450f059b87466379686158cafae23d5a015e9fa9a1270f53432eef3944db2e05e5213df0837256fc8fa059b1e4ab53b013318c2645b9211f6f668ca43337b836d37884fb64cdb477d91db59ad45c43e7e36973cbde97e7690b8e79b94f0c223b08fe0818db393f7eda5f38eb6d7b8c51c4d0662440ec2f5da0a6534912529372476facb56d31f69e2fcd40bcb7fba8914223d3adb8de73b002da32398732f1242b7a14c43430590a06f10df1c37b292df41d9e6438cc41c5e0cdfb5a56094f7c83b4339b69ec1814907e73646415f5c67bff3233e4bf38425917d2f7b6176ff494ec3d71b326cb6041d6b8ef0d04f7eb7b87661e21d41b6c62e8b73216e4364834bb78d63af7c6da297fafabc722d99f194fdd7744e3c76fbad7ef1075faa5d7609f7d4df1268da93a51f7c8dd6ca8f5872c48ca7590ac76bf7dfe5518b8b83f30255f9e97c5d4d49d985c0ab5e47c937336bd0fbd9f83a1b6c2f024a56730d550c68c3e9bf93c80ce653fbb943204c542446122af8448a6020689e801f310c6d7747456256e47144d9daeba6e789f0443ddb76522b924b141cbbacb0c670376fbb6ef7fdd31269d30414e674cd9499169bebd370860e61c6fbbd7822468de2f5671ef4cd706a5f8090acbec663b835b0d860e812e03bade3997195a8d9e7c5518df4aaa28c1d4d3af9400c7716b828d5926893f4772399413ea550431f98ac31d762c07aeee8b272602b99ab92561f2dc15fd425de603aae627084d446991f6f15855e2e140b74c401fdce88010d14b58fe25fd2aa801303016ed6f7630772f8b96c37a35c03fdb5e2c94f70889c1f4237f21a4847c6cc71e18723ec6a4b1927681742779485b5a63b7096fe90b7f12d778f3b32264588b480ca6edcae8e272c743fd887f7478968535d38f297488d30434253e738adba09628bec8c5d7ee1ef7391fd634a38dcb2e86f32600a2ce413981a14faf604a1fde9f24f5cd62c2cf3a7742c096081a59088584bf2a712e1eb6000dd5182701436ce2b2d8d7dce607485b54ce7e30ec36a22956f3bc7863a2dbaeaddc1abb6ba38234c9a764ca91ef7d156e4f9ff7d27c98fdf7490570e1a450e0aef30018ed6f9f1d7766f932a982c6450c3679cd27b651c1dc63e68469d27752300a1a07114cc41b2bef7e0f7a99acb70833caa15c5f3abaeddc03dd9159ee92e0c2384bf2727e3d6e7e4d4639026f651bd84dcaf89f25f16af47a68c0e346ff84c11d736c1e1616f70948ec04598df307d332c2d7908314b95606b040e98758046ba5e419a69587f3241ef76c1a1ec1ae2f64468ef3820af806aed89db1f5236bccc1ad114141d42de3d55e11be87f321d49e1531f47fd628660790ad7b4f3d2f4be70664fe3ff4bc95ec95a59a8c3a9f237256a33eba9eb8cc2d71a89aa6f4bd4d36eeeefc5a809f43f3442125bfa3ed1550cf94a98effdd291b814dc6e31d1e4b6bc6cfe2e665afc652e71126b91a2442d6d0395f46a666636902da394080c4e3ab6bac4d24a1ef4b625aa1858e62e51366949c8402b3fe56c77b3af9128ab13ca93097699446f3dbc4230ad07275e9fd8200d551d23899816d8b0758879ebc5efd9043a09eabeccb313793b4ac33bed467b9cabf6aed12d8ddf1ae1da431ad34581ed2ed5fba6b655d31bb9327cd5d65d640096333446491e27fc3678fefd486d4743477c39adfba665761b00a304f1286466787b8e54f4280656d5185d793f8d0384b4c28d439b3afb5703ebd69acaeb38dd2b1e2047e86b88327a27a751ac71a039c4f5db568fa47f7285c7e375a07d532b9563151c7c6af531d60fb2cef071d3fbb1af2ee040278a33c9ba267afca2329608e9621705597c2d28f5f915e6a2e5f8a676c72354f228f1037f488bcd8d30bcde87881bf1d70a70740133b1a21aec0fcf247f0619d8b23973471cb7dbffc079acb0b7d40448eea9327c5ef602280c99ca28cf567cb44ad6d4561984f11c34f5999f20db10df2b41a73f7c08a085f1eb43b874f3063049e12f08a1d023072eff0818b8552ae0da3bd446e838fd3632046029870e86330ed0c1d0bb79e918728a334c8347a0f6b3184c7272c1c361c5d72f8de676c6645324e0e60108b6772f31a5778e02bccf9661b652781f38fcb836159be019de103c52e9ec1ec8f67e0dcc5ca43723cff150b4a4251e1847094a24daa0a5034823bf9f25ad14fe824a4a3bbd4f34137518bdb3e752352a757320be5f33f73f064ce9cbec11b3e80ec957059b52f805753abb6f379a8e3e624cbe9146ef60b5a3939ff077b988edbece86e08c03943ba6c858db622a6de4a070628d723f3433d246ea755bd3e697688dcb204c607b4e6522b77b3892b6d9ec25af3deb765a7f7a8751e46490e724eeeb6658e566e54d5c9d28b26799258c91a85f8b21bb99bd716d03681d148e00de00c91a342e946e46e62e64fb2fa8fa6108e0a4e07145ccac5221581dc85844a1eb6af51f3ec20a4ecfbeeabd13b0b0cc50476fff934ae7ffa1a3f1f9f1d5c7122aa6f873fbfb259444afc76431304cecaaf527242d6a58e6b7e2ddc647f68aa883dd381956d94def07120999018f49b9f9c1a70f7c6935501a35526bea36e68a9fbf80733da01b5418293b1c79db060896eb231a012cd01bc751ec378d7e815d57199dcc990980e2a999b82cb0b783fdf6b40895d7537369a8ddfd1b6ad7026c5f4a2808a06ba3abb8301e3386a30457d7370c0c21ed224c7a06855432908e172988499164113493447e2e7bf9c80b641d8b69d5826d5aa04d909a981b3f493883b3e3cd3dbdbb10529af064c246f099319f9ec8900cac330cdd6481d338ffeba094877669d269b76b5700ee71abbee78905b4887cc06d3b8b8b963c6dcecdb9275442f54e6daa823d785509338bfc56f4d2634c93af66cb10e7c228fa24634e816c80985f2f574a97bb7362dbf16df96bc7ab00fac4c5d4f8cb22ecebedced28c2d3f4ebed92bbd20291bdb35fe164bef96fd6a79f1f8e13eacbb8272ac6a1410a71c5e32ca888c74219c10d58c3da5c89f25457f7f8991ffe6561f3f79d80935e8a7bdf99addd81025ead6489d80ac884715e26618c53ce304c7d41f8cdb07dedb98ab13928f37acf370f727c9aa83a46eda2c74bd4033b47fed5c26dfdaed0fa42436dae59cc765e5de1477d05ffade6469df47a1fd6705cf7eb9985df708a32aef09b1841d46c3d545f298eea534a99454956f0a5c77b3eb2fcab5c6d192981b6ee3b63e8ef576a6cf4aa1c12a0d4410aaed2124665af2c536c7ffb02433bc7c8ac347b0e3ac6aa374b919c216b4072b3f5ea0456ee9dce5675e88e048add6e4dd584af0d3c90e87e82d1fff84cefc87dc806fcd127357360461b3813662355de24c45c36d01498fbebf7dc7c0bd2d061ef0f280c4d92e3503ebf57632c2d9f9378826bd9364a61845cd9fe9573f0f5dcf5abdc59121971e1277ef4f6db1e7638f673e086d36f565e9f7ba21506892baa362bba850a8b80ebcc01398810b03750c24bd6d6a128e40d6958bb29aa08689a5da46037853fd40c01cbc2bbdaeba47042e057c814623fc56aa5e49ee8830fea786e857bec2b14007c0116a828638fd047b796f3feddfd172b9bfe80a8149fae5961aab1d2114189f14248a6314a8cc5e801c517361e25db600c46136e561755b00feecc44ec95ed69786cedec99bcaf91f2b7f9696da94732d380d591d842f0b9aa1c4f1dbd9e3693401a53922f5b466c2f0a07d7f580bc302283538ce0fd24412931f2c63b5b8607dc22d46e82b32eef45b7f68896c11277f2e8bb4b1133a6bdfdbf1bb3ba5b8f1408500f2674a4db11a13503ce938845ae8c9a7083e3adb93f8d138e30a34fd11f2fe60022f11b1059543fbc0cb1f90d8458c2568492814f56c813647b22e2a71a146254ed7a67a345dc833ae101d26491eba9b143197938408efc3ad166c6373ac7cffa6a06cfe24649e7bd47f456ddd98fd2aa3b0e51ff44e4a0c6dc98cb975d7b51ebff0b7c0aa764de5041d7e8e28b7413d0b34a992cb7aab9d525a7772c98c1c0fc9fd6667ed599c71326ab352ff55e68ec6ec881f7913e0b5e1ef12b8c6eed51ff26c07777bcece97f72b1c16650f92abce308810cd0be2f5e4b0e722f1962e98ab7c9f89ead920a580ab516f14f77ca9dd337f74ca2a8d88e27b3beca7b52773b621fe1434c2d96e874078515b42d4dd33392ef483cd654ec0aa328a6e369efa6a58766665868de419a535a6f37532a8ffce23eed4e413582c86db3d9e2db74f5633cb9cde7cceeb857c54644996f814c1a47e475de5ddb725b01db5dbe935007034fb087608f4ea782a9d6d0b97a3ec8e1b9bb87d6d6c9c00e701d7d831f923203127c3abf16414bca00fa06e9ccbb6b8e565ccf9afe43474b10b5cca86ebe3a5865b8b3cc652cc78b6d759ae93f14e0315d4e267d5b124a4e4a8530b35370682b94408d2cdce94d140c3fb8a1360aec255d933fc479cd1e5b208ce72778299da6e7496c576f15616a3be11951f8882bcd052a15c2f3763be188e89504045babec38b75d9fdeb63a2343aef7792c8a5c7f1601cb58d1d41818b8d678ee359cd466e30386bef640b87c4ae7158a3b2956be3b780bb6978752382bea6ee85367f51f3ba4729abba5d1aa8ba02df704cfed81a21bb7fd11e3aa9bc66733cff7f328327ca07ce67d847dd5be9c035ae34b58a5c969b684dc10e35df4d1f5ce49ae98485d096566e8bc486a485b8b60be33ca17e5e9e1d24b5c30b44a7561c61fc4fae5b9ffc972fa996eb417a52429890176aef2731e6c12b40467943d8cb39080125e337ddc6f3ff64d4c4f026d368990a8de775f34dedb7a312bdf0926ca9ce8c5bcc991a4446389d591fb01ef5d4f85aa41def5d41b8d236e08a071c781d63dcf39936ed744b41c479246b0c1ecc8bc19cd32909823ed9dbe7594f5551e1b6a0c9929132e92e8222850ce7965ae56f7262a8361ad83e3f058c1bbc858c4a2909fb0d52ff57f9f7d3695c7c82fb54f13344802fff7b140bb82a6950b31a94705b3fdeaaa541a90d463fd40d605ef041851c57439560b807e5c875b1cb45fad15d271144a39fabbf0dbad02a1927f96f6e771ef4193544663ab86e007ca8d1c8172fd6c4554eb6e2d93d06285455dcf9fe3865146681e9ff50af8ca43a3c42cdfc8ea67ea97325029414f6d412c5a14616c4d659a247c904dedfe5ef553692bce72cb78a89733311b5b634071dcc3a4ff753509ada3f83cd29be60461e698ae4f17913e33177486f2fa436df6f35a76c21dda4da8af7e6c45a211aae7e81b8b404f3a7fea161c7b12b7685367e8bef299d32e462b5da8064e1918783c83d3c25238b8f69426afe852af0b324c41e69c15b48946ad5d88c3b324765e9f13feeceab158e18a45e169a2dbd134edaf7e16a1ce4fa07cdbeb05bf27ddf94ae93dba8ffa887f8ef08fb102960914e2acc0f747b8c34aab7783b73d6bb5581ffe859f09e8f2a53abe58fa4d939ea94a0618b576468f3025da86ef328b2b751580facb4e5adf01d15c2f4b5dd2b8461d4740bc469fa9961c0a73456d17aca45b91f20f3af110091b7fe3d88cbfafc8d84c3182faab61514390f0e2b9a9d5bd40cc448cd13f78af88969d7783f60c15740b99c2259d3490b568ba89b283626871c90d4ada65eb88b446c172cb1b60c377a412304f08d81f9d58ebdf243f91752b4bc2a55977a6d936ec45e0bd606cc00d039b2430194a4e0d08a6ad6481f28e31c0230438c7d3718004fbd3de92fd6332335700413af726c652413c127846c6701479ebccaf4f9f341828a69bb311453cd6e405727d1b791bab5a0177fa92b03b22524b5093547fdb49c60b36cfb3afea37f341463518c768529b4a820993198f69345acc8ec1e0892bd72364b06a166bb3a18c05d969b62d5901d268cb94fa3936178610483214b8d6bdf8593506595f2afc495f961449b3176c8ed3145b8f9eac702205edd639abb50a354ed74e9792538d8a0caffb1106e879f80982a37858ceb87ff86764d2a620366b456a773b7217610b255fc07e75dde81ed362587502b7d9fd4edef4b48779f595fc9f9e93284fb7c33add3697ea9d610b532d075954b139fd8c0ddf22806c2429efeed5fe5c4446163eac8095879972590edffbc0832191241dafd8ae28c83debeb99c3e9addfcf6abf75e5976a95f47323240bef35d14acc482dc4b724d572c570c510d76edad4c557d60e84b2d872e4d1f8b0f7dbac7207d1642ae1b2ec9c4bb850b0d1160597ab224a79d20dc08b1b294271d73c34f40446c5073a37540994cd51bd21d4f39533fbc719a5d29b70c9f2a56a69a35ec3e3cd483e321d91d669263128cb694bc63abbe686dfe92e9bfaf7ecb96d83235e4ed84afd767f889662e64191914055a642aa131d44234a1d66aba6f1432ca6ec17daaa40884e82ed04d8b83de0156442eda5a2b9b2791aafe95719373f91798af59467edd6befb8fe433ccd43ed3494c3dd50d8ea3ef9535909cb0453bb11764f75ab80a75852390d21996aa4e86a5b183b3db0212c9e8649987aca40a81cfe048193f2a70546f65869df21f1aec41cde2cd72ea9ada1b3adbd2f4ae31e62ec1aa73d7dd03ccc10d46c6e9a82c2afe3c1e129502b05259c550e632ceddf4cb93aac73c276507e8d4cf8530c5f6b6c015847faf5e43dccc4e356cc81291080d33cd50cebb273528ed12ec2778f5f78b25c0cd70d57510bdd1618a96295418d902a9fd8d3f12c51abf75e930c3a99ddc39d7456c72c60bf2285582d546d8cba8adc43588e8f18a8e1fad3a77246352b489154afb93dc5626708241b7e34f721272a24c0970b1732d216281aa66470b99b69ff5a912481cc190e59a173ed20631bc760d79e99a5b3a350d4fa7b6e1034c5a332488a535fffda8976e56d6b29fc4a60c18f72d99149b393cbbd9fb837ede77fd3381d7007f5438f521e1c8404ea362097696f4c98fba6e3ccd510cdeae52969732c6d5276622f66abfd481484d5f32b00a9a4c2abd2ac7af686766a90277ddbfba621d0b3b39ef9f2d8eb10c64a2ae135915c149b7eaf94f42d1cb92d0c3282ae9645fb1062a02b036e64169f8f2096ae836d3569f0b2f93b96c36a2f7646b3e43c8dbbc627bd9da85026260e7ffa1257b45a292273360be877ac12e2709548cad8c67661356429065e57459ee6f05f694e8634cddac26c17a912ed698b7c174da83c44d226aa1653b9f726979eb3ab789d618309b4208faa7b6dbbe7cc6b2dff076aad4c069a47dcc3d3702f3fd5b0bf70465b2843c5a2549c7f24498dcf231712b2ae89c1458d78b2e091e833f39dd48881fd4b55da0caf6fbdd50902a0b31e8054ecf94d7feb51dd7c2ed8c582ee3e367e92725c5f2f143130c314e94b6540378d4e11167bd329d79cfa2aedf49f2c60906b4c93aef80b4cbbfb99f5a25792bc2936e8064749b604a8e76588fe95afba0f43f7736726ec5df04989d6d5eca098ed969b9c750567380559b1fa22a6dcc12a7650fa9b68a9864cb470e5ee4a237af3b56060e8fd542bf75c05b95cb314c6692a20144540e8e3605c599068e6ee0478f51c60c921ec208135ef9344929a4cb210753dad3e328e22010dfbc3274ade80e5d4e9fa97a237634427fabfa376e30ecbb4fa638ce252fb2869ecd6262b9c21a275a647eaca5ef1a00673e3502f366c02f22b32910c25de62c06dec416909cd69a1a36a83976d7b4146c01871d673b5bafb3f6f0a848fc1054d4fab25dc99574dfbd5d6d88d52b22d34dcb30bb7ecb7569297d76a8861cbb97e85eb7bb07a8e8367ecb6c30fa653fb7d9f819feed94ff23ba14725a8310d7e541f5996bdb114bc971019c4ef8f3f3e567b8dcf0238e092cc5cc9fd11aa9931071734c50f2f3b79a37f1e185d56a6051ef64377c1dc36d245850f1d621cc4260158f74fabfa01a35d34f71f452979e3e22519190922ca735fc43c074187028f79c8d35516ab6a4342d6706358149bae44f14bddd93c24feab1a5419ae53a5f2f2ad6c6094cd21e1e0c0dcacd4ec049a28f8eedc7997cb17de694e3d108b6ff22bab4d6f2c026c5ce2df73310328cb77f0fb42a6d452075ce613ba2cfcf6a58b87e50c4eed351f5d842d3f7e117459ba7f815069f743d4c67572620ec9e49ed244d8c239dcb8553d4de503c5c001a3f89a80f2a6edd3c249245c8d8066d27d7e83943e6f89dfce1758f695875840cc25e4565bcbc25e0202cf9b232e327d7c7d544577f66664fe7af6fc7b1590b9a65d2d96d07ad9e647f7c9762d558cc2d2f743ea4834b833889c6e3e4b0b89a057e65e6d26f856777cd24862578fdd66757e55c41594a73bb19396f1c62aa1ff89f9738f5282c4605a902e860d19ac0423730e617ed0ebe3329f116818eb2e2182ec4b45830627228e05ab347b249568cef6ffd12e1dbf634f62a86c1cb0980dc3fe6c05bfda949ccdcb9453af53f00cf590c87233e2f1836363a61b5e4c0ef1d146a921c1547e5a53025c42ef78676d17c31d67cc761bf64182724bcd731962eedd80809a623e4c86bf93d0348b3eb8b9c21f00db04c0b7f6fa2d394e1b37c73fa820960a0a1be4676da3865813b32b81178746ec5f428bd0dd20a1be44d36c41c907c486799b61092fab6eea5948ffb70da78f821df099660834ad74f39253212a55d5cc55ae5a3b26576afa2abfc919915edac165c0d506ee2507980c4b2ef1cee2ad0911f6119a3e79b8cb95eecd64c58d2af2f263b0a128ce7ccef2fda3cdadb5aefa320e1575e2536c50ae04b00f9b46d733b9079e21911fc1b64823c57336d56e9f4e6736938365e9577612f3cd689aea72782999f114ffbcd19fe164ecdf51513239af5e4fe3248a54a232352d2e954bebd91b14c36ac53c41eb742f458bcaa27b5d98e4786c26d11ad7078f9e541a47b9acdf53592aafd5da253f038ec30bb5f098b957568887ced541430b0bbfb001d7a48a0df938e96df9e25360b0fe9efadad85c9ee705bc83a39a22dfda31dec023479f60fdf3c4852eac62e41ccfce1bfab673f83e32f666e125557f24ed07b85fd7c84a8fc1db034793fdb56bf59251e97cb5ebfa153de1bcac974887b34b4b2bf00cfb0f06dab3c3546c3e104890746b731ef0ae3245eb458dd8dfddbf027db62bd999b4baad6f76d140b18b8a89007b2996d3dbff82bf7793f56b35761f2075c5a766cb09aa924cff733a7e05124a36e70b1ca1194a8e7605965f2b00d8c73a1a6072c06e5387f433baa1fe08a63d9891fd27a25334f48260ec0480d8e388cfe743c1e40e44506ecd4a29b99ce311c554d2dee3f11e6ca7f8ca4d7d48eaac0c7a3c497cf3041b95063e61d00f261e85aeeade0d94516bb342b3ccc69949a4a5195f0156125f894ceda57d78b1d04798ee9c8a237f581ffc763d32b91a9c33d731d86a6b351a64103162173d01da3e426c67b6b3228ecbc1fdc5f7d6225d5759477e60d3bb4ba3ad1c6f300087e0717882bf8cd933b9e286e83e66630bf44120125574c5f9c4e980ee3b94f3f056812e17358fe9a510a0b665cc19915627e41e2a647e23267294ab9667665f000a6839f1b972dfc7455b16294fdf3ad2baa20c57508b30ae465627447ccccf1565341419e13d2e21b27ce9d7113a3f1e7497bb74ac6690d546e8a4d676d97533fac604c67a0d6f90591aee77eafdd3cb2921554384524113c7bf1a1ed66e82f94885392e0a660ffcde4e41517c3ebc52af5a15c94ac9f4176a0a5362efced3445cabe66db8f7102a81e3cab0b6b729f30636cd64518494cb10fc1b647a0882f91cda0b14c44441ed8d4972783d251c7cdbf129eaa5074dfea6d867f2325eb6522f96d590f615375c2d62c2d700a35e3ebba6c5d05bb846f8a932f9b120f17cd2d18ef60bdb7b5b25ad44204ba1c13c3b0ceee8fb78a70e68bd9cde0b6cb4662f6b2d6d1907ac92adf34fa298f18b1db93855db5a57bebf087ed690b6b1141d9695cb541870b79bedf52088c84ea327e74af17494c1a4c344f2ed57b8a8f1893b72be8b20f7d0a4b6035c408287920946db93a4a98a5ae2289969619a081653c24292e8b9766ec4044ee17d02695217e15fae8d516861d3236b0290b51172a0a411a2e6f73e812c085645bb0ab144692dd3a883d3f0f72cce7f902d40b57cca602a8837392301a87eb1edcc718d935c3bd7c86ceacb0b735a48bcc3278676230107030fc4daa742ade31efd9b379849c71cb5dc41319c1f148cb52288f0c4d7af66e2c7f4f8190f0b82c5c8e38c1727050a3eb1856322f88f1a1b83e68811cba861cd1fe51bf53bac0b89f796acc002b156f9e4ce579976b58e7f0776d20b8e6b9586f1c7ac1d49ad013423c5123be1a0abd84b802d907ab0e75a5598de561ac9177b2fb89e3048adef57e04ccb2934c936f584999d78e7360448e349d828470ae12c727b32195ee3b7ff9d75361624f301db914355d1737cd8a47b6201920e2d767bc87b92fea2fb96eb2329a5d8a605ddb305744727b3edb298a6881e03773e2fa21eb1d8e711028e4afb99a0e11f06dbd5affe9c5fb2443664f524058e29b4d451526ff59bcced28ce161b9b14e2ecda37e9a7b3a325b09a906d60a6d8deaf5078b701cf90420d5d8e0a5183c19c045c2a13ed2e376dff224179d3eaf5127edb946531ed0ebdda93baaab714d3a18744c11ef11c12b26e53f909c087e208897b026b8e86a2f6845c727f042d763816a5c3066bf749ed485d2be213e1be94fe207724fa11c2413d2af0ec30ca5254e654684ff10241e3f66f5aba415dde0e20931271928f36d3e3ac7c4b81939275ca676d6b55a54b82b6744adc01bad9e58f8667cd2b048d283827cb221e8d413c7834ce0827626218210b3e78b51896cb1cd1adb54f0cfe82d6054f8ae282e83c7fe9fad7cd4725ed49f67b4fcc697939d3055ad4a3f4ecfd81e9af2d794f8657ba37c01cd72fef5effe9019c2fbc560efff36b8214d5c8e2d4fae91a8c35baf41e5230268aa8d2f76082ad3e9b5305491df9343176d3eaa6a75a78e45e193577666b0997aeea2d63fc92bbdc39e44ef49562de16e5e0a1640e183de52588cd0f72d73d2758174e769b7878e7dbd204a36c54aac972b211511fe2781a50a7b337d5f9cf52d2bd4941bc45d153d9ee162e59ab11538d516c74e144a0fa30d0275a984a19076c0a1d4debec46574a57456a06b51648e4b8131d0cfeb7a8dcf7d90efcfaa4cb2eacdb55dc583d151751e3bfc18ee420592d78a9fe24e350d1a1815c235d8180b3f9082dd38a225bc5e70471382b6f2775cf310c96bd67cafb99d8521df5c6c90f868e255f7d1815a65686e0b8262cb5c121f26b08e952e015b9976a1a41fbe9c1801ac6a362db171b0a74b01e01512286f05581aef00759c0db9a1e9f1d768c8b827edf00c5937969f720fc5f0ac141353209aeb09d1812e0ac5ce66199f6167dd2cc682f1ef8740b8bf56323ab6a15080f5494e81d0928a88c362c38c4f7057c5b651dcf0d29893cb8f2f63d3a0fc745e67210ed98f7935804087da8f538a87ec0c7cb20f7f5553e76df258c37867db0a59518f6a048b40bc8af32604d6f2ad416aaefc9fa694c45919875c012bf29515932987c7e51b9eb082a4e3c14a0789e5553af04aa2ef19033f4de0c3f5919ee59dae37bcb72380c65df6a0555fb82b69616936d593dff1682ac1b9415ab52d7561344184290e5c8afb82267abebb8cf7f85e1acb95248be051b3a55d84d4c21197fa67de36a7055ce19e1b0e14257158ec8c773cd852288bc48c2fa8e8d01be5d10a34babca481355d3abf5a3befefc79748e3f5d16bdd9d6002716cfcfcf86f2fcbcc3d928d09abe5f1805922a912cfadbdbd94657280922e8822c5146b8185d3c7f0ea6e5e0fccfb5c182bf40ee0c497e462602f119abfde73a8ead74ca68503fe730bf2dcd70983572b2b590f75f25ec5e06bab01f6f97752f0eb987ad0bdeb7351a1bb8100a0dae321d6c6a05a4b0089220a97e0b00fa051254c9b3cb90d3030381b909218ced13729586116fe1d0eebd56d8ffaff2cbbb719577d8e7734819939b3532b449bb3ce46bb5aefa178bb0ee2a34fff6a6d4535121a0a1d1c2205bc54f16b6e2c2dd57122e77c95e0e143cdc6e3969df4479d587fb84d58d4fabe5a2df7489349c124bda893cb30f0c32bc3d131ba7f665d5a4d7e0207d6c2d5fa333cdf3bc1612cb896eb1da96b3ba0e768ee18267ace61138484e62f575b2b2101c7140f6c4b3f2792ab9ba6910c5caa534ee206676a33ff9aca1606b709e613a2de6ed8b07d8ce0b906baaffb95989d36ec6356cbb652739032c479989b2e753a66e5c05fa36f3b25e53803d05414cd5f051cb4f8ec65a692c441d61773c7489eaf1a4bd203690211bd629b2ad2b6d98130cb1b431a396de1939b945206635c91918ab45e1053f1d37c8e4dd79115d84f5c632a56d00bb5136d0ff80b40c3986393b47a51d46dbc7545e785cc2ab3edc6c4cb5c9094bae1a8a04617b4540140a2adbca90ee838d11b1053e7400ff29c9cc3801c045bbc2f97123ce49e4cf65cf3f2cbbc938b13a550a74de864cc41c476f109c58fad764f8b808bcc9767c20b992704667c2177abb671735d094ff36ba3cf7fd35a3ff3695b71ea93b114249c3d2f74f22fdb33849fcb2e0f874688f09b9a7af5651e87f954f98d1b34140b2082b0daa72eba554998686df57886e1e2736127ae0cce570762cc895b382dd330cb9794eb673d167d90749124aea93771caa00051947f0b301a47d1489a874d533ed407774fb86d8def55a07cf313440898adaa9eba2e30059f31bb65aabea347f17fe28d76630fad4ce9640d5af7fe3097163e4e12ebbf299d6e167c923636d8af782f5f20b7e4db1dccdd35a5eea094701af6c69fa940e45c0e647e4f4ff5dfa66e1268f449aed393ee961fd9666e35d6f6684f8287664588fe4d89d20c2b9955d8e7b75f63ebd9cbbaf1b634cc29dccd1a087aa077102afc50ef803440beee153998092e138243ece435b957da48e6ebc45ece33584c192f3fcb4960ab854a48cb4f348305f95c9bac66d3331c853859a26f4b9179172f5865f066aa9ab2e48578cdc1f3d4f7a400fe76a9956a7b817604267e400830d97daebfc03aa89604970162635b528f4d667ed8f37d208c9326d7d313d546eb962703d8d1a19d7ac2a643b8e553e816ee4a9e98206acca31ff7ee6b5ee5e9a7348e376373014678957b8e74db1ec4ad0028577deb06ad637030e277ff192f520c315036437cb3563c3d4de189efd9390ff0ec55733f712752b8bdf645da9ece614674d7fc982b4f76570fd467dfd19bfe80d2df6ff85b34350054e20d3be1f421c97b8864faa393e7d62b32003be8fddbc677646f0685d35988c4dd1d39b09c18dc299fa14428fce60434f1fdbcf7067d25abe0c933637b7031e82d823bd71d3872ac64c481e40fe282d4ec35eea23361530bd8a26c10dc1fb3d9470c2cdeb90c6679991bee72dc2bbeaaa9fdf96ea456017d26c9b46a9f1f127b517869a9116b33e9203889dcd83d044cd6bc4b48f3540dad4c3dc2b134c798825350d42fc3190ddf8d8e5bc509e53d3ab2c565c785700eea141a84a34f2756aacb13cd3a567fd45d7fc5304c1f85e30c66b074b7b37b46f1c72008cb07012f9addfae8ba90ffec6942ac70f4ea1960b2e2f0ce6a4b6bd123dcf23a96ef97b60af0e48664c29d4bac1d11e9a3dfc9662de341d5c16e1f961ed8fc78009847c15d86cfc28113bf6ce78695d0961c0073ae4946c4207bf27d642e9bb2e0419cfefacbf74769c3654b5f75cdd63020bcbe4ae4f2f6e32a3063ccae39468ad9e8d3e03987b0a7c615bc71274df42ab48c6514ebc4bd87642b17cece33cdd4495934af4628fe09fea9ba78e96fb321eb26fc5cf176ea4aff564fa35bca15bce17ac401e7d1bbc86456777fb7488786ae25204d8408c4b39b4a9243121b4c6fa228eff178de80d09d55baa77a903a07cd838543bf76bbbf3c0428576a3af2245c860aeef3400462e80af532ee19ff9ff1c58d0e51e73a15591005f9b85dda564679d2626f0ce9d6bac1bbe89532eec050be86c9230efc93f557f705a0f730074da782f5872e2a583c37b31625ac7c822f0b3df2d14d4cc252b36edb96cd02cff5cb57cc260df943726ad799a73e28ac762b45ec21d96cd8db8d738e0735535170c7f7119bdfc6498459379ac4460fe540799557ce4d169df9a7bc124c2ced64c6c5c707ab8f84c78831a6d589f3569a0ad4cd511b696923262346e20c6dfa531e9444a6fda6ccc2b11bc043fa427dcea78c65287a125ff4da9f5f21dfb016ea7165fdc2c45626bee373631300d010a
"63947311"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc3dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd1f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67ad38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932f5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315e9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc3879197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6938ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e9b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc82dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e629789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff718f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f69d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb9e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb37fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832ce558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5b7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd3802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba3210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0ee5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7faadcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574ce997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f8984a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225ea7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f549c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f17d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5ded36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9f1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780dff9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc747dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1bc2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d1b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b389f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57fe13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8f31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e7582101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08f3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2c1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77efc19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c4736573658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b062263fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0fb0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e8227929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a2287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c48cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6cc3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2cbd92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c95702d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1dc02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e611b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9d74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a88a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b7c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5cf539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc246cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332aa7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851aea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e519105878459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c807d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2dc23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d4782f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce66342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db195111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe8d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96cbbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db5410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f85d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f013546601a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccdae545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a691c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a4cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0bd2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a21d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd81db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a72ce5f514188ff

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^ .lnk]
backup=c:\windows\pss\ .lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^MRU-Blaster Silent Clean.lnk]
backup=c:\windows\pss\MRU-Blaster Silent Clean.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
--a------ 2005-12-14 02:14 208896 c:\program files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-06-02 23:35 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-09-01 11:59 3563232 c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-04-15 15:09 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 11:16 42032 c:\program files\Common Files\AOL\1226041669\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2008-04-15 17:39 1055792 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iNetFormFiller]
--a------ 2008-04-15 15:52 1732096 c:\program files\iNetFormFiller Freeware\iNetFormFiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 15:24 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2008-01-04 16:33 684118 c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-04-15 14:09 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite RiskMonitor]
--a------ 2007-11-22 09:53 1777296 c:\program files\CyberScrub Privacy Suite\CSRiskMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-28 01:06 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-04-15 19:04 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2008-04-15 17:40 1626160 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-27 23:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2008-04-15 19:25 11891712 c:\program files\Vidalia\vidalia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SABSVC"=2 (0x2)
"InCDsrv"=2 (0x2)
"RSVP"=3 (0x3)
"PD91Engine"=3 (0x3)
"PD91Agent"=3 (0x3)
"gusvc"=3 (0x3)
"bgsvcgen"=2 (0x2)
"AOL ACS"=2 (0x2)
"McShield"=2 (0x2)
"McODS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\snipsnipe\\counter-strike\\hl.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1226041669\\ee\\aolsoftware.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\WS_FTP Pro\\ftp95pro.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-02 28544]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2007-06-30 10752]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-13 111184]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-07-19 6656]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2008-11-05 12288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2008-11-05 10752]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-13 20560]
S0 oxas;oxas;c:\windows\system32\drivers\yjaauf.sys --> c:\windows\system32\drivers\yjaauf.sys [?]
S0 pxark;pxark;c:\windows\system32\drivers\pxark.sys --> c:\windows\system32\drivers\pxark.sys [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 Memctl;Memctl;c:\program files\ABIT\ABIT uGuru\MEMCTL.SYS [2007-06-30 4047]
S3 NJXSDNC;NJXSDNC;c:\docume~1\MM\LOCALS~1\Temp\NJXSDNC.exe --> c:\docume~1\MM\LOCALS~1\Temp\NJXSDNC.exe [?]
S3 PORTMON;PORTMON;\??\d:\cars\Sysinternal Complete Suite\SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS --> d:\cars\Sysinternal Complete Suite\SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS [?]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2005-12-11 3567]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-04-19 598856]
S4 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service --> c:\program files\PrevxCSI\prevxcsi.exe [?]
S4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-04-16 689416]
S4 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-04-16 894216]
S4 RVRWPOSM;RVRWPOSM;\??\c:\windows\system32\drivers\RVRWPOSM.sys --> c:\windows\system32\drivers\RVRWPOSM.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDrec
*Deregistered* - Winflash

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\ElMatador_Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53cf6044-688f-11da-bdde-00038a000015}]
\Shell\AutoRun\command - H:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb8e0a9e-689b-11da-bddf-00038a000015}]
\Shell\AutoRun\command - i:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - i:\directx\dxsetup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 17:08]

2008-11-05 c:\windows\Tasks\ZDAutoClean.job
- c:\progra~1\LSOFTT~1\ACTIVE~1.NET\ZDAutoClean.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.comcast.net/a/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=localhost:9050
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
Trusted Zone: www.ampd.com
Trusted Zone: www.howtodrivers.com
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
Trusted Zone: download.windowsupdate.microsoft.com
Trusted Zone: update.microsoft.com

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 00:08:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\c_947281.nls 125952 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1965331169-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8D8055E-9CDE-42AE-5D9A-10F12044FECA}*NULL*]
"iakcbchijjeopllgch"=hex:6a,61,67,66,6c,64,66,68,64,68,6a,62,66,6e,6e,65,6d,69,\
63,70,00,22
"haadhpfhopnaifhk"=hex:6a,61,67,66,6c,64,66,68,64,68,6a,62,66,6e,6e,65,6d,69,\
63,70,00,22
"iagdljocpmiiglmpkj"=hex:63,61,6d,66,64,6a,00,00

[HKEY_USERS\S-1-5-21-1078081533-1965331169-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:11,88,c0,d2,22,aa,b5,d2,57,25,fc,49,63,0f,9d,77,23,d2,04,00,9c,37,1a,\
00,0b,aa,a5,01,fb,68,3b,d9,ee,24,0a,d8,65,23,de,30,d1,3d,66,f7,be,22,2f,e9,\
b6,42,da,34,fe,08,75,e1,ba,6a,06,48,5e,18,a5,5d,94,9c,79,5c,91,09,47,14,64,\
3c,af,f6,49,5a,30,db,84,8a,69,95,6b,34,ba,db,b8,6d,ba,4f,78,e2,1d,df,39,88,\
46,bc,a1,56,6a,55,df,db,0e,0b,bc,c7,15,ce,f4,78,c8,64,49,4d,49,c6,bc,fa,c2,\
df,50,93,96,3f,16,43,c9,1d,fa,21,44,b0,65,29,f0,a3,27,88,8d,4a,fc,ea,28,34,\
ce,eb,05,90,0c,fc,7b,b5,32,8f,40,c5,01,f5,7a,f3,32,70,82,a2,e0,1a,cd,df,95,\
f2,de,fd,79,eb,35,98,d3,b0,ec,60,b8,8f,9c,a4,4f,77,b6,5b,6a,ea,eb,9c,b4,ca,\
a7,5a,d5,fe,57,dd,b7,ad,bf,e4,2e,49,75,48,d4,20,74,ce,e6,e6,2f,54,1f,63,b3,\
b3,8b,9a,37,29,6a,cf,15,b3,76,62,1f,2c,81,e0,ab,38,6d,a1,4e,e8,e4,37,19,dc,\
d3,21,2e,53,ec,2d,33,45,c2,70,af,4c,28,0a,00,08,f1,94,93,41,73,f9,b6,96,03,\
21,65,d7,76,72,3b,bb,4a,69,e1,57,0f,83,f3,a2,ea,51,e1,9e,63,dc,09,aa,14,41,\
56,57,67,42,a5,0d,cf,ed,03,9b,5d,1d,e8,15,78,f6,f4,b0,fc,ff,18,e7,a7,1e,f4,\
cb,9d,ad,e8,43,20,79,be,a2,14,4f,b8,06,77,83,30,99,5e,0e,5d,f2,03,2f,c2,43,\
38,e3,ee,fd,f2,1c,c2,b1,58,40,72,d5,74,f4,75,62,68,02,9d,86,96,68,35,b4,38,\
ab,e1,ce,c6,de,a0,fc,b9,b7,47,eb,82,c4,e7,5c,88,36,5d,dc,ef,9d,7a,9f,30,57,\
14,99,f6,27,e7,33,e2,9e,2e,60,30,93,84,56,22,4e,59,ff,17,83,f0,17,5e,50,83,\
58,1c,5b,2e,58,07,ce,9d,c9,ba,a5,ea,92,8a,bd,4d,f9,15,10,45,09
"??"=hex:9c,1e,d3,38,f0,bf,5b,9d,0c,cc,53,9e,8b,05,c6,2a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\UAService7.exe
.
**************************************************************************
.
Completion time: 2009-01-09 0:14:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-09 06:14:25
ComboFix2.txt 2009-01-07 09:39:46

Pre-Run: 564,379,648 bytes free
Post-Run: 564,715,520 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=4,5,6,7,8,9
395 --- E O F --- 2009-01-07 03:07:29

--------------------------------------------------------------------------------------------------------

DDS Logs:

DDS (Ver_09-01-07.01) - NTFSx86
Run by MM at 0:37:17.73 on Fri 01/09/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2521 [GMT -6:00]

AV: avast! antivirus 4.8.1296 [VPS 090108-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\RefreshLock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\MM\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.comcast.net/a/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=localhost:9050
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [RefreshLock] C:\RefreshLock.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ABIT uGuru] c:\program files\abit\abit uguru\uGuru.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [GuruClock] c:\program files\abit\abit uguru\GuruClock.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\mm\startm~1\programs\startup\shortc~1.lnk - d:\program files\alwil software\avast4\ashDisp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: ampd.com\www
Trusted Zone: howtodrivers.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll
LSA: Notification Packages = cli

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-2 28544]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2007-6-30 10752]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-13 111184]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2008-11-5 12288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast4\ashWebSv.exe [2008-11-13 352920]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2008-11-5 10752]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-13 20560]
R4 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast4\ashServ.exe [2008-11-13 155160]
S0 oxas;oxas;c:\windows\system32\drivers\yjaauf.sys --> c:\windows\system32\drivers\yjaauf.sys [?]
S0 pxark;pxark;c:\windows\system32\drivers\pxark.sys --> c:\windows\system32\drivers\pxark.sys [?]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 Memctl;Memctl;c:\program files\abit\abit uguru\MEMCTL.SYS [2007-6-30 4047]
S3 NJXSDNC;NJXSDNC;c:\docume~1\mm\locals~1\temp\njxsdnc.exe --> c:\docume~1\mm\locals~1\temp\NJXSDNC.exe [?]
S3 PORTMON;PORTMON;\??\d:\cars\sysinternal complete suite\sysinternalssuite\sysinternalssuite\portmsys.sys --> d:\cars\sysinternal complete suite\sysinternalssuite\sysinternalssuite\PORTMSYS.SYS [?]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2005-12-11 3567]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\protowall.sys --> c:\windows\system32\drivers\ProtoWall.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-4-19 598856]
S4 CSIScanner;CSIScanner;"c:\program files\prevxcsi\prevxcsi.exe" /service --> c:\program files\prevxcsi\prevxcsi.exe [?]
S4 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-4-16 689416]
S4 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-4-16 894216]
S4 RVRWPOSM;RVRWPOSM;\??\c:\windows\system32\drivers\rvrwposm.sys --> c:\windows\system32\drivers\RVRWPOSM.sys [?]

=============== Created Last 30 ================

2009-01-09 00:02 161,792 a------- c:\windows\SWREG.exe
2009-01-09 00:02 98,816 a------- c:\windows\sed.exe
2009-01-07 03:57 608 a------- C:\iefiles5.inf
2009-01-07 03:57 103,184 a------- C:\ieinfo5.ocx
2009-01-07 03:53 <DIR> --d----- C:\Comb1Fix
2009-01-06 01:59 56 a--shr-- c:\windows\system32\drivers\5912592D38.sys
2009-01-06 01:58 56 a--shr-- c:\windows\system32\5912592D38.sys
2009-01-05 22:58 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-05 22:33 1,660,821 a------- C:\SmitfraudFix.exe
2009-01-05 19:23 <DIR> --d----- C:\help
2009-01-03 21:58 3,014,656 a------- c:\windows\system32\YKSZDINX
2009-01-03 16:57 <DIR> --d----- c:\windows\ERUNT
2009-01-03 16:51 1,529,241 a------- C:\SDFix.exe
2009-01-03 16:27 2,626 a------- c:\windows\system32\CONFIG.NT
2009-01-03 16:26 2,206 a------- c:\windows\system32\wpa.dbl
2009-01-03 16:03 <DIR> --d----- C:\_OTScanIt
2009-01-03 04:03 362 a------- c:\windows\Shortcut to WINDOWS.lnk
2009-01-02 23:58 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-01-02 11:43 <DIR> --d----- C:\New Folder (2)
2009-01-01 23:46 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-30 07:20 23,392 a------- c:\windows\system32\nscompat.tlb
2008-12-30 07:20 16,832 a------- c:\windows\system32\amcompat.tlb
2008-12-15 09:52 796 a------- C:\Kso.Lv Team Fortress 2 Server (run STEAM before clicking on this).lnk
2008-12-15 09:52 782 a------- C:\Join KSO.Lv Team Fortress 2 Server 1.lnk

==================== Find3M ====================

2009-01-04 18:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 18:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-25 07:44 196,608 a------- c:\windows\system32\drivers\nStandard.bin.bak
2008-12-12 11:01 3,067,904 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-02 06:05 118,656 a------- c:\windows\system32\drivers\Rtnicxp.sys
2008-11-27 11:47 10,240 a------- c:\windows\system32\RtNicProp32.dll
2008-11-21 15:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 15:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 15:47 129,784 -------- c:\windows\system32\pxafs.dll
2008-11-21 15:47 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-11-21 15:47 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-11-21 15:47 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys
2008-11-21 15:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 15:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 15:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 15:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-11-14 17:47 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-07 06:45 61,224 a------- c:\windows\java\GoToAssistDownloadHelper.exe
2008-11-06 02:41 61,224 a------- c:\documents and settings\mm\GoToAssistDownloadHelper.exe
2008-11-01 04:14 133,632 a------- c:\windows\system32\OLD420.tmp
2008-11-01 04:12 11,776 a------- c:\windows\system32\wshisn.dll
2008-11-01 04:12 11,776 a------- c:\windows\system32\dllcache\wshisn.dll
2008-11-01 04:09 7,680 a------- c:\windows\system32\OLD40D.tmp
2008-11-01 03:58 7,168 a------- c:\windows\system32\wshnetbs.dll
2008-11-01 03:58 7,168 a------- c:\windows\system32\dllcache\wshnetbs.dll
2008-10-31 16:18 24,576 a------- c:\windows\system32\ws2help.dll.tmp
2008-10-24 05:21 455,296 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 19:00 619,520 a------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 19:00 1,499,136 a------- c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 10:34 337,408 a------- c:\windows\system32\dllcache\netapi32.dll
2008-04-15 19:25 905 a------- c:\program files\uninstal.log
2008-04-15 09:09 24,192 a------- c:\documents and settings\mm\usbsermptxp.sys
2008-04-15 09:09 22,768 a------- c:\documents and settings\mm\usbsermpt.sys
2008-08-26 18:44 144 a--sh--- c:\windows\system32\2226305475.dat
2008-04-16 04:44 56 a--shr-- c:\windows\system32\5912592D38.sys
2008-04-16 04:55 616,448 a--shr-- c:\windows\system32\cygwin1.dll
2008-04-16 04:55 45,568 a--shr-- c:\windows\system32\cygz.dll
2008-04-16 04:44 56 a--shr-- c:\windows\system32\drivers\5912592D38.sys

============= FINISH: 0:37:50.43 ===============

Edited by Mjay22, 09 January 2009 - 02:01 AM.


#6 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:07 PM

Posted 09 January 2009 - 04:31 AM

Glad to see some issues have been cleared with removing one of your antivirus :thumbsup:

However this appears to be the second run of ComboFix, could you post the first log please (ComboFix.txt) :)
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#7 Mjay22

Mjay22
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 09 January 2009 - 05:29 AM

This is the first run since I ran it after posting on here.

ComboFix previous log:

ComboFix 09-01-05.04 - Administrator 2009-01-07 3:22:42.1 - NTFSx86 MINIMAL
Running from: C:\Comb1Fix.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 01:59 . 2008-04-16 04:44 56 -rahs---- c:\windows\system32\drivers\5912592D38.sys
2009-01-06 01:58 . 2008-04-16 04:44 56 -rahs---- c:\windows\system32\5912592D38.sys
2009-01-06 00:20 . 2009-01-06 00:20 <DIR> d-------- c:\documents and settings\Administrator.XUP\Application Data\Malwarebytes
2009-01-05 23:54 . 2009-01-07 03:09 <DIR> d-------- C:\SDFix
2009-01-05 23:43 . 2009-01-05 23:44 2,895,001 -ra------ C:\Comb1Fix.exe
2009-01-05 22:58 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-05 22:33 . 2009-01-05 22:33 1,660,821 --a------ C:\SmitfraudFix.exe
2009-01-05 19:23 . 2009-01-06 20:54 <DIR> d-------- C:\help
2009-01-03 21:58 . 2009-01-03 21:58 3,014,656 --a------ c:\windows\system32\YKSZDINX
2009-01-03 16:57 . 2009-01-03 16:58 <DIR> d-------- c:\windows\ERUNT
2009-01-03 16:51 . 2009-01-03 17:57 1,529,241 --a------ C:\SDFix.exe
2009-01-03 16:27 . 2009-01-06 23:13 2,626 --a------ c:\windows\system32\CONFIG.NT
2009-01-03 16:26 . 2009-01-07 03:31 2,148 --a------ c:\windows\system32\wpa.dbl
2009-01-03 16:24 . 2009-01-03 17:51 11,495 --a------ c:\windows\system32\Config.MPF
2009-01-03 16:03 . 2009-01-03 16:03 <DIR> d-------- C:\_OTScanIt
2009-01-03 04:03 . 2009-01-03 04:03 362 --a------ c:\windows\Shortcut to WINDOWS.lnk
2009-01-02 23:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-02 11:43 . 2009-01-02 11:43 <DIR> d-------- C:\New Folder (2)
2009-01-01 23:46 . 2009-01-06 00:40 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-30 07:20 . 2009-01-07 03:13 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-30 07:20 . 2009-01-07 03:13 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-15 09:52 . 2008-11-15 04:15 796 --a------ C:\Kso.Lv Team Fortress 2 Server (run STEAM before clicking on this).lnk
2008-12-15 09:52 . 2008-10-12 05:42 782 --a------ C:\Join KSO.Lv Team Fortress 2 Server 1.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 02:57 --------- d-----w c:\program files\Remove-it
2009-01-07 01:50 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-07 01:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-06 19:24 --------- d-----w c:\program files\PeerGuardian2
2009-01-06 07:19 --------- d-----w c:\program files\AOL 9.1
2009-01-06 02:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-05 00:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 00:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 09:11 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avg8
2009-01-03 05:57 --------- d-----w c:\program files\Panda Security
2009-01-02 05:46 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-02 04:19 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-01-02 04:19 --------- d-----w c:\program files\SpywareBlaster
2008-12-31 12:33 --------- d-----w c:\program files\Steam
2008-12-31 02:05 --------- d-----w c:\documents and settings\MM\Application Data\Tor
2008-12-31 01:33 --------- d-----w c:\documents and settings\MM\Application Data\Vidalia
2008-12-28 04:37 --------- d-----w c:\program files\CCleaner
2008-12-25 13:44 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-12-24 11:12 --------- d-----w c:\program files\DivX
2008-12-10 08:39 --------- d-----w c:\documents and settings\MM\Application Data\uTorrent
2008-12-02 12:05 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-11-20 06:34 --------- d-----w c:\documents and settings\MM\Application Data\R-Wipe&Clean
2008-11-15 05:47 --------- d-----w c:\documents and settings\MM\Application Data\AOL
2008-11-15 05:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 05:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2008-11-14 05:29 --------- d-----w c:\program files\SIW
2008-11-14 03:48 --------- d-----w c:\documents and settings\Administrator.XUP\Application Data\Ahead
2008-11-13 22:13 --------- d-----w c:\documents and settings\MM\Application Data\Lavasoft
2008-11-13 21:49 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-11-13 12:09 --------- d-----w c:\program files\Azureus
2008-11-13 10:46 --------- d-----w c:\program files\Viewpoint
2008-11-13 04:59 --------- d-----w c:\program files\Lavasoft
2008-11-08 16:00 --------- d-----w c:\program files\MetaBench
2008-11-08 14:47 --------- d-----w c:\program files\PerformanceTest
2008-11-08 13:03 --------- d-----w c:\program files\Java
2008-11-07 22:00 --------- d-----w c:\program files\AVG
2008-11-07 16:26 --------- d-----w c:\program files\FreeCommander
2008-11-07 16:04 --------- d-----w c:\program files\McAfee
2008-11-07 15:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2008-11-07 15:15 --------- d-----w c:\program files\McAfee.com
2008-11-07 15:15 --------- d-----w c:\program files\Common Files\McAfee
2008-11-07 07:09 --------- d-----w c:\program files\Common Files\aolshare
2008-11-07 07:09 --------- d-----w c:\program files\Common Files\AOL
2008-11-06 08:41 61,224 ----a-w c:\documents and settings\MM\GoToAssistDownloadHelper.exe
2008-04-16 01:25 905 ----a-w c:\program files\uninstal.log
2008-04-15 15:09 24,192 ----a-w c:\documents and settings\MM\usbsermptxp.sys
2008-04-15 15:09 22,768 ----a-w c:\documents and settings\MM\usbsermpt.sys
2008-12-14 09:31 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-14 09:31 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2004-05-07 19:31 348,160 ----a-w c:\program files\mozilla firefox\components\MSVCR71.DLL
2008-12-14 09:31 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-11-07 16:58 139,264 ----a-w c:\program files\mozilla firefox\components\SABFF15.DLL
2008-12-14 09:31 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-14 09:31 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-27 00:44 144 --sha-w c:\windows\system32\2226305475.dat
2008-04-16 10:44 56 --sha-r c:\windows\system32\5912592D38.sys
2008-04-16 10:55 616,448 --sha-r c:\windows\system32\cygwin1.dll
2008-04-16 10:55 45,568 --sha-r c:\windows\system32\cygz.dll
2008-04-16 10:44 56 --sha-r c:\windows\system32\drivers\5912592D38.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe" [2008-04-15 16944]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru"="c:\program files\ABIT\ABIT uGuru\uGuru.exe" [2004-09-13 1695827]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"GuruClock"="c:\program files\ABIT\ABIT uGuru\GuruClock.exe" [2008-04-15 4489302]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-14 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 c:\windows\SOUNDMAN.EXE]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2008-04-16 c:\windows\system32\HdAShCut.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 c:\windows\ALCWZRD.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"wave1"= c_947281.nls
"midi1"= c_947281.nls
"mixer1"= c_947281.nls
"aux1"= c_947281.nls
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"mixer2"= c_947281.nls
"wave2"= c_947281.nls
"midi2"= c_947281.nls
"aux2"= c_947281.nls
"63947312"= 36443932353832352d313234342d343642432d384346332d453742304636454132423033
"63947301"= c97c3334e24ebf86977c35297807162f054d5ac778328a329468bda56359819f3d8bc375b782c808aad6e7f2c00c135683f43168a361684156d46d02ebe26f4e0849ab27da5b8c5255dc286bf1c70559e388c86436d0d9f5a66254c590a154749487c3f38c9bed2386ca586a12d5bc068806b0d5d4dcb2e6835e57a5e68df08a11cf14213675cfeb3b207ce57b492f58b6f0f7bcca757ff8ad6b652aa2281d195ed837047ad16e45781389a67cd608769f5d5692462fc826cd6324c0a8f5993549a065d8cb4bf7d9f03746be126076b9240a700886311d15dd0338f83e723ce6172f8b10305b3014a4713a8bd62841eb03f7fd3635754cf123dbd5027411b0b750e7046831cfcc40f7a6dd7e2a118a69ff0b00b69e62e2334f195d8ae927546e1c8d81c6de4e7b1275936a975193e3ab2e9f99b09458feb2cfe671773908692e5ce83c05318d0de33ae0a1bd8197ede7c140718a2d8e1161f172fe59e9cc72874d3f6e6e4648e1ad48e985bb81595cdcf969932b0d58453f909da0b48fe0bccc692c9257fdd3e454708437d14ee4360b280f5f7a75c4733da15cf4486f5e1a5429a0173f5f582a25b2b4957b2e4fcffb0a
"63947331"= 36c08e969b78dd676c231b06f9a6348d0f12bb5347a58f14f8d10aea01f06de858c9ff5b48e526de8dd40cec156aa5721b947ab8da19c02e4c4fd237a230c7d40e3236f46dfac3ca45747e0659a6a0b32bb64a52814991748fd03453b1b3c15beb3711ffd05d516a94645cbfb350da520c38a799d9561ea5a285c21bdf19dd84928f9bef3aeeb0f1b2206f8ee5aab6fc291daebbd812dd666160fb063834f949fa908a04d5dd8fd76b386b89cc241bf4c929c549c35e275b4c8d61d7fd48d39bf8fde7e7a96a3cee0cf0f6056d40a52531ce1a7479a77b2e6b17c3772b6e9eba7dc28c8a7ae53fae7d502c35ec0ac80d1481e84f74be728873ed1e95f5c9d3f059d7c322bdd4f4ff7c96ba616cb6e3b385eec0da8c66589e6d66597e19c7ee8c910d051a1594b64648ca2bb56cb464a3135c3990c477c0d01bc255ec446ed95db87f45d2c517c1288815c37be37da8d05fc14da43ba58aaaba505671dd96817fd64cee49527bba843a8d501ff47dea0735bc7f290db10e9a0063684c5ad927630184c62026a28a220c1f1944c62de101abd30306b26f1f9a8ec34c58af75cb45a8c2736ab3f3a902d469b0d3f2475b79d0260ceb194c1e9ff7dba174e3499f66eec793bacbc3a052f502de8cd5317cef0f9202931ebbf5e1d41cf940189cf8e28e4c0243787b5aa592a5c4fc0274c754a8fab4d92cbe85aa1319432976f01b44da221cef3f1adc4e5257fd4277ba4aa3f13b5eaec3e1acf3e036567b51a85a41b0e6fad02fb86d9406abd5bef3d27170fcf36a9ee383658e4570b1af8f58073f3cd6c1c283562b134d81202173b486de97c0a40aa3a9771a4103be88d994c90f8c28b9b1eb6e1f46f02432867e033909866b62505636a3138f67a2fba88c7c07ac559cee40143233faa88ef5644186c853cb143c7db0f08014b23a738b6d2674711414ae9c2f7bbb3d75a9fe318a659761479650a0cfca42a3af9f0709d3f79a976d228214bb5a3ab102405570ff43abfe5292947e6e4b4790684eb794966bc821669d53100f6441888e22e6e660b45cf5db5766de2a9c6937cbc50048d457644f685a9698f156da4d13b7cb9569781397f2c2f95fe50e28752d573552768731de69d4087155ded3f4d3ae2d9e97e6207540ca6af41949822a63c3f151cec286581eaf097e47b7c7bf27c4648b24e207a66ca482834deb95cb6e5cd9a1c39e7126fcc92b51753f84bb4332e7415f53129381fb9ea7b6d4e0168dd0569c7cc6dcee04591bdd7ee7253e1cfb8e33220341d81650c7574fe4583f13c69daa7774bf2456dff0f8d7ff144c84c69001f07201a1524472e8f32682932a3aced83dda6a2fe3a84580453410f21589d42236810b33ac36fc558b93c7fce1efed98e0efb0b6af772eeef457e1795e10e52e77b27292d1a5dda89373592fdc990b70c708287c49bae247b1f14f1adfe014b4bd91f9ac33c2bb17b873bdfbf9d8d5077bfb4aaa90f477e905823b1da1e4abbc697bc0efd51c96c5751ea79e8ed22f6a24a8d038e5a1e2ea8a2e34c6c01d9620968a41ce78daddf3ac87ba708b2000d294220a2e397897cce03ec625b6ab604c92fd3ce3ed8998f3f8c1bb79e7644acee6277a8517890d68a4da50d30df5893e42f018fed0400ba493ccc5c01e8bbb676cb2aae538f5fe731b95563d676665221d6496504aef3937dd4a005dddce899b05811cca2cd571170f0942d2e37f5ca58e1075de8150cc743bbf394e336d4e5b4499f6c982ff943e985d23faccecf6d185498e7ab798bf82e62147de10d4096bce5fd6ec0139745462fe068c6f7d3a74e086e990ae9a8691e18be3f85865fda7a21a8385752305820e589f9947a83900a405671674c46988653b38ee71311bf6ff4036301358f0c23ff931e500e8a160da15b06cb3f5349cab2f7e873a8aeb00d2ad8321d9f9740d04dcc28b5fca86706063bb2ab4ba28c5c097197c3ffd451e8f2880a397cbaa6af508c07da94eca5d2c285c0dd605aa105ee095419d20170ba64dbf594b6228c61c5789225eee631c477edd21e7246f0ee1a4b9e1299553aeb816480076c74e1c71dd63e98e8d8546988578c0b960fea18402d19405c16a92174284d03ecd71a0ecedaeb99871f13a9a535c554b39091dfbdbeaf2deddcb57cd186339c3130cb333aef0953862bebf13cf6a5e35b1ae487cd3c8eb56402c34fce090b9cae08e667d210dcf43e8c6f409358243560ec537b81bed47b02a7202e79984f79f544693b2794c6b013a1234c0fd7cfdae3efe584e2052138a34cf2fa6cba36ba793e75c6e6f9d545ed9f855cdae626200f7f7a8a528296445390c861f77ad012f49d55498666afb9f2ff6c51c9cbe70c4e60831e11e036ddf9bac302006008f8d93fcd5f0ec6df3d2dcd7df39bafd589f7095a39cb1cbca8f14e5fd0fcdba341b76062eeb9ea0c070482935dc700736b9bc5f82136e3077ed395b256748d4299511c722a7c1dc2e9be97d25c7cda62de8fd7ef0b12846b773e4d66d78da0fff9cb326ab8c89d5f86ad0f495386e96bc34bf9e8d067183ff1e72fbe7a72b85d2836ef7ffb0c1ce65c66b72f39ea01453696130833480774a12e60fe3bc98dcb42575b5203bd3d3afffced7c92362b182a9e63ecd0bf189ac2679c96ba1a8619879081cab495d5a832e212e7a753f706450f059b87466379686158cafae23d5a015e9fa9a1270f53432eef3944db2e05e5213df0837256fc8fa059b1e4ab53b013318c2645b9211f6f668ca43337b836d37884fb64cdb477d91db59ad45c43e7e36973cbde97e7690b8e79b94f0c223b08fe0818db393f7eda5f38eb6d7b8c51c4d0662440ec2f5da0a6534912529372476facb56d31f69e2fcd40bcb7fba8914223d3adb8de73b002da32398732f1242b7a14c43430590a06f10df1c37b292df41d9e6438cc41c5e0cdfb5a56094f7c83b4339b69ec1814907e73646415f5c67bff3233e4bf38425917d2f7b6176ff494ec3d71b326cb6041d6b8ef0d04f7eb7b87661e21d41b6c62e8b73216e4364834bb78d63af7c6da297fafabc722d99f194fdd7744e3c76fbad7ef1075faa5d7609f7d4df1268da93a51f7c8dd6ca8f5872c48ca7590ac76bf7dfe5518b8b83f30255f9e97c5d4d49d985c0ab5e47c937336bd0fbd9f83a1b6c2f024a56730d550c68c3e9bf93c80ce653fbb943204c542446122af8448a6020689e801f310c6d7747456256e47144d9daeba6e789f0443ddb76522b924b141cbbacb0c670376fbb6ef7fdd31269d30414e674cd9499169bebd370860e61c6fbbd7822468de2f5671ef4cd706a5f8090acbec663b835b0d860e812e03bade3997195a8d9e7c5518df4aaa28c1d4d3af9400c7716b828d5926893f4772399413ea550431f98ac31d762c07aeee8b272602b99ab92561f2dc15fd425de603aae627084d446991f6f15855e2e140b74c401fdce88010d14b58fe25fd2aa801303016ed6f7630772f8b96c37a35c03fdb5e2c94f70889c1f4237f21a4847c6cc71e18723ec6a4b1927681742779485b5a63b7096fe90b7f12d778f3b32264588b480ca6edcae8e272c743fd887f7478968535d38f297488d30434253e738adba09628bec8c5d7ee1ef7391fd634a38dcb2e86f32600a2ce413981a14faf604a1fde9f24f5cd62c2cf3a7742c096081a59088584bf2a712e1eb6000dd5182701436ce2b2d8d7dce607485b54ce7e30ec36a22956f3bc7863a2dbaeaddc1abb6ba38234c9a764ca91ef7d156e4f9ff7d27c98fdf7490570e1a450e0aef30018ed6f9f1d7766f932a982c6450c3679cd27b651c1dc63e68469d27752300a1a07114cc41b2bef7e0f7a99acb70833caa15c5f3abaeddc03dd9159ee92e0c2384bf2727e3d6e7e4d4639026f651bd84dcaf89f25f16af47a68c0e346ff84c11d736c1e1616f70948ec04598df307d332c2d7908314b95606b040e98758046ba5e419a69587f3241ef76c1a1ec1ae2f64468ef3820af806aed89db1f5236bccc1ad114141d42de3d55e11be87f321d49e1531f47fd628660790ad7b4f3d2f4be70664fe3ff4bc95ec95a59a8c3a9f237256a33eba9eb8cc2d71a89aa6f4bd4d36eeeefc5a809f43f3442125bfa3ed1550cf94a98effdd291b814dc6e31d1e4b6bc6cfe2e665afc652e71126b91a2442d6d0395f46a666636902da394080c4e3ab6bac4d24a1ef4b625aa1858e62e51366949c8402b3fe56c77b3af9128ab13ca93097699446f3dbc4230ad07275e9fd8200d551d23899816d8b0758879ebc5efd9043a09eabeccb313793b4ac33bed467b9cabf6aed12d8ddf1ae1da431ad34581ed2ed5fba6b655d31bb9327cd5d65d640096333446491e27fc3678fefd486d4743477c39adfba665761b00a304f1286466787b8e54f4280656d5185d793f8d0384b4c28d439b3afb5703ebd69acaeb38dd2b1e2047e86b88327a27a751ac71a039c4f5db568fa47f7285c7e375a07d532b9563151c7c6af531d60fb2cef071d3fbb1af2ee040278a33c9ba267afca2329608e9621705597c2d28f5f915e6a2e5f8a676c72354f228f1037f488bcd8d30bcde87881bf1d70a70740133b1a21aec0fcf247f0619d8b23973471cb7dbffc079acb0b7d40448eea9327c5ef602280c99ca28cf567cb44ad6d4561984f11c34f5999f20db10df2b41a73f7c08a085f1eb43b874f3063049e12f08a1d023072eff0818b8552ae0da3bd446e838fd3632046029870e86330ed0c1d0bb79e918728a334c8347a0f6b3184c7272c1c361c5d72f8de676c6645324e0e60108b6772f31a5778e02bccf9661b652781f38fcb836159be019de103c52e9ec1ec8f67e0dcc5ca43723cff150b4a4251e1847094a24daa0a5034823bf9f25ad14fe824a4a3bbd4f34137518bdb3e752352a757320be5f33f73f064ce9cbec11b3e80ec957059b52f805753abb6f379a8e3e624cbe9146ef60b5a3939ff077b988edbece86e08c03943ba6c858db622a6de4a070628d723f3433d246ea755bd3e697688dcb204c607b4e6522b77b3892b6d9ec25af3deb765a7f7a8751e46490e724eeeb6658e566e54d5c9d28b26799258c91a85f8b21bb99bd716d03681d148e00de00c91a342e946e46e62e64fb2fa8fa6108e0a4e07145ccac5221581dc85844a1eb6af51f3ec20a4ecfbeeabd13b0b0cc50476fff934ae7ffa1a3f1f9f1d5c7122aa6f873fbfb259444afc76431304cecaaf527242d6a58e6b7e2ddc647f68aa883dd381956d94def07120999018f49b9f9c1a70f7c6935501a35526bea36e68a9fbf80733da01b5418293b1c79db060896eb231a012cd01bc751ec378d7e815d57199dcc990980e2a999b82cb0b783fdf6b40895d7537369a8ddfd1b6ad7026c5f4a2808a06ba3abb8301e3386a30457d7370c0c21ed224c7a06855432908e172988499164113493447e2e7bf9c80b641d8b69d5826d5aa04d909a981b3f493883b3e3cd3dbdbb10529af064c246f099319f9ec8900cac330cdd6481d338ffeba094877669d269b76b5700ee71abbee78905b4887cc06d3b8b8b963c6dcecdb9275442f54e6daa823d785509338bfc56f4d2634c93af66cb10e7c228fa24634e816c80985f2f574a97bb7362dbf16df96bc7ab00fac4c5d4f8cb22ecebedced28c2d3f4ebed92bbd20291bdb35fe164bef96fd6a79f1f8e13eacbb8272ac6a1410a71c5e32ca888c74219c10d58c3da5c89f25457f7f8991ffe6561f3f79d80935e8a7bdf99addd81025ead6489d80ac884715e26618c53ce304c7d41f8cdb07dedb98ab13928f37acf370f727c9aa83a46eda2c74bd4033b47fed5c26dfdaed0fa42436dae59cc765e5de1477d05ffade6469df47a1fd6705cf7eb9985df708a32aef09b1841d46c3d545f298eea534a99454956f0a5c77b3eb2fcab5c6d192981b6ee3b63e8ef576a6cf4aa1c12a0d4410aaed2124665af2c536c7ffb02433bc7c8ac347b0e3ac6aa374b919c216b4072b3f5ea0456ee9dce5675e88e048add6e4dd584af0d3c90e87e82d1fff84cefc87dc806fcd127357360461b3813662355de24c45c36d01498fbebf7dc7c0bd2d061ef0f280c4d92e3503ebf57632c2d9f9378826bd9364a61845cd9fe9573f0f5dcf5abdc59121971e1277ef4f6db1e7638f673e086d36f565e9f7ba21506892baa362bba850a8b80ebcc01398810b03750c24bd6d6a128e40d6958bb29aa08689a5da46037853fd40c01cbc2bbdaeba47042e057c814623fc56aa5e49ee8830fea786e857bec2b14007c0116a828638fd047b796f3feddfd172b9bfe80a8149fae5961aab1d2114189f14248a6314a8cc5e801c517361e25db600c46136e561755b00feecc44ec95ed69786cedec99bcaf91f2b7f9696da94732d380d591d842f0b9aa1c4f1dbd9e3693401a53922f5b466c2f0a07d7f580bc302283538ce0fd24412931f2c63b5b8607dc22d46e82b32eef45b7f68896c11277f2e8bb4b1133a6bdfdbf1bb3ba5b8f1408500f2674a4db11a13503ce938845ae8c9a7083e3adb93f8d138e30a34fd11f2fe60022f11b1059543fbc0cb1f90d8458c2568492814f56c813647b22e2a71a146254ed7a67a345dc833ae101d26491eba9b143197938408efc3ad166c6373ac7cffa6a06cfe24649e7bd47f456ddd98fd2aa3b0e51ff44e4a0c6dc98cb975d7b51ebff0b7c0aa764de5041d7e8e28b7413d0b34a992cb7aab9d525a7772c98c1c0fc9fd6667ed599c71326ab352ff55e68ec6ec881f7913e0b5e1ef12b8c6eed51ff26c07777bcece97f72b1c16650f92abce308810cd0be2f5e4b0e722f1962e98ab7c9f89ead920a580ab516f14f77ca9dd337f74ca2a8d88e27b3beca7b52773b621fe1434c2d96e874078515b42d4dd33392ef483cd654ec0aa328a6e369efa6a58766665868de419a535a6f37532a8ffce23eed4e413582c86db3d9e2db74f5633cb9cde7cceeb857c54644996f814c1a47e475de5ddb725b01db5dbe935007034fb087608f4ea782a9d6d0b97a3ec8e1b9bb87d6d6c9c00e701d7d831f923203127c3abf16414bca00fa06e9ccbb6b8e565ccf9afe43474b10b5cca86ebe3a5865b8b3cc652cc78b6d759ae93f14e0315d4e267d5b124a4e4a8530b35370682b94408d2cdce94d140c3fb8a1360aec255d933fc479cd1e5b208ce72778299da6e7496c576f15616a3be11951f8882bcd052a15c2f3763be188e89504045babec38b75d9fdeb63a2343aef7792c8a5c7f1601cb58d1d41818b8d678ee359cd466e30386bef640b87c4ae7158a3b2956be3b780bb6978752382bea6ee85367f51f3ba4729abba5d1aa8ba02df704cfed81a21bb7fd11e3aa9bc66733cff7f328327ca07ce67d847dd5be9c035ae34b58a5c969b684dc10e35df4d1f5ce49ae98485d096566e8bc486a485b8b60be33ca17e5e9e1d24b5c30b44a7561c61fc4fae5b9ffc972fa996eb417a52429890176aef2731e6c12b40467943d8cb39080125e337ddc6f3ff64d4c4f026d368990a8de775f34dedb7a312bdf0926ca9ce8c5bcc991a4446389d591fb01ef5d4f85aa41def5d41b8d236e08a071c781d63dcf39936ed744b41c479246b0c1ecc8bc19cd32909823ed9dbe7594f5551e1b6a0c9929132e92e8222850ce7965ae56f7262a8361ad83e3f058c1bbc858c4a2909fb0d52ff57f9f7d3695c7c82fb54f13344802fff7b140bb82a6950b31a94705b3fdeaaa541a90d463fd40d605ef041851c57439560b807e5c875b1cb45fad15d271144a39fabbf0dbad02a1927f96f6e771ef4193544663ab86e007ca8d1c8172fd6c4554eb6e2d93d06285455dcf9fe3865146681e9ff50af8ca43a3c42cdfc8ea67ea97325029414f6d412c5a14616c4d659a247c904dedfe5ef553692bce72cb78a89733311b5b634071dcc3a4ff753509ada3f83cd29be60461e698ae4f17913e33177486f2fa436df6f35a76c21dda4da8af7e6c45a211aae7e81b8b404f3a7fea161c7b12b7685367e8bef299d32e462b5da8064e1918783c83d3c25238b8f69426afe852af0b324c41e69c15b48946ad5d88c3b324765e9f13feeceab158e18a45e169a2dbd134edaf7e16a1ce4fa07cdbeb05bf27ddf94ae93dba8ffa887f8ef08fb102960914e2acc0f747b8c34aab7783b73d6bb5581ffe859f09e8f2a53abe58fa4d939ea94a0618b576468f3025da86ef328b2b751580facb4e5adf01d15c2f4b5dd2b8461d4740bc469fa9961c0a73456d17aca45b91f20f3af110091b7fe3d88cbfafc8d84c3182faab61514390f0e2b9a9d5bd40cc448cd13f78af88969d7783f60c15740b99c2259d3490b568ba89b283626871c90d4ada65eb88b446c172cb1b60c377a412304f08d81f9d58ebdf243f91752b4bc2a55977a6d936ec45e0bd606cc00d039b2430194a4e0d08a6ad6481f28e31c0230438c7d3718004fbd3de92fd6332335700413af726c652413c127846c6701479ebccaf4f9f341828a69bb311453cd6e405727d1b791bab5a0177fa92b03b22524b5093547fdb49c60b36cfb3afea37f341463518c768529b4a820993198f69345acc8ec1e0892bd72364b06a166bb3a18c05d969b62d5901d268cb94fa3936178610483214b8d6bdf8593506595f2afc495f961449b3176c8ed3145b8f9eac702205edd639abb50a354ed74e9792538d8a0caffb1106e879f80982a37858ceb87ff86764d2a620366b456a773b7217610b255fc07e75dde81ed362587502b7d9fd4edef4b48779f595fc9f9e93284fb7c33add3697ea9d610b532d075954b139fd8c0ddf22806c2429efeed5fe5c4446163eac8095879972590edffbc0832191241dafd8ae28c83debeb99c3e9addfcf6abf75e5976a95f47323240bef35d14acc482dc4b724d572c570c510d76edad4c557d60e84b2d872e4d1f8b0f7dbac7207d1642ae1b2ec9c4bb850b0d1160597ab224a79d20dc08b1b294271d73c34f40446c5073a37540994cd51bd21d4f39533fbc719a5d29b70c9f2a56a69a35ec3e3cd483e321d91d669263128cb694bc63abbe686dfe92e9bfaf7ecb96d83235e4ed84afd767f889662e64191914055a642aa131d44234a1d66aba6f1432ca6ec17daaa40884e82ed04d8b83de0156442eda5a2b9b2791aafe95719373f91798af59467edd6befb8fe433ccd43ed3494c3dd50d8ea3ef9535909cb0453bb11764f75ab80a75852390d21996aa4e86a5b183b3db0212c9e8649987aca40a81cfe048193f2a70546f65869df21f1aec41cde2cd72ea9ada1b3adbd2f4ae31e62ec1aa73d7dd03ccc10d46c6e9a82c2afe3c1e129502b05259c550e632ceddf4cb93aac73c276507e8d4cf8530c5f6b6c015847faf5e43dccc4e356cc81291080d33cd50cebb273528ed12ec2778f5f78b25c0cd70d57510bdd1618a96295418d902a9fd8d3f12c51abf75e930c3a99ddc39d7456c72c60bf2285582d546d8cba8adc43588e8f18a8e1fad3a77246352b489154afb93dc5626708241b7e34f721272a24c0970b1732d216281aa66470b99b69ff5a912481cc190e59a173ed20631bc760d79e99a5b3a350d4fa7b6e1034c5a332488a535fffda8976e56d6b29fc4a60c18f72d99149b393cbbd9fb837ede77fd3381d7007f5438f521e1c8404ea362097696f4c98fba6e3ccd510cdeae52969732c6d5276622f66abfd481484d5f32b00a9a4c2abd2ac7af686766a90277ddbfba621d0b3b39ef9f2d8eb10c64a2ae135915c149b7eaf94f42d1cb92d0c3282ae9645fb1062a02b036e64169f8f2096ae836d3569f0b2f93b96c36a2f7646b3e43c8dbbc627bd9da85026260e7ffa1257b45a292273360be877ac12e2709548cad8c67661356429065e57459ee6f05f694e8634cddac26c17a912ed698b7c174da83c44d226aa1653b9f726979eb3ab789d618309b4208faa7b6dbbe7cc6b2dff076aad4c069a47dcc3d3702f3fd5b0bf70465b2843c5a2549c7f24498dcf231712b2ae89c1458d78b2e091e833f39dd48881fd4b55da0caf6fbdd50902a0b31e8054ecf94d7feb51dd7c2ed8c582ee3e367e92725c5f2f143130c314e94b6540378d4e11167bd329d79cfa2aedf49f2c60906b4c93aef80b4cbbfb99f5a25792bc2936e8064749b604a8e76588fe95afba0f43f7736726ec5df04989d6d5eca098ed969b9c750567380559b1fa22a6dcc12a7650fa9b68a9864cb470e5ee4a237af3b56060e8fd542bf75c05b95cb314c6692a20144540e8e3605c599068e6ee0478f51c60c921ec208135ef9344929a4cb210753dad3e328e22010dfbc3274ade80e5d4e9fa97a237634427fabfa376e30ecbb4fa638ce252fb2869ecd6262b9c21a275a647eaca5ef1a00673e3502f366c02f22b32910c25de62c06dec416909cd69a1a36a83976d7b4146c01871d673b5bafb3f6f0a848fc1054d4fab25dc99574dfbd5d6d88d52b22d34dcb30bb7ecb7569297d76a8861cbb97e85eb7bb07a8e8367ecb6c30fa653fb7d9f819feed94ff23ba14725a8310d7e541f5996bdb114bc971019c4ef8f3f3e567b8dcf0238e092cc5cc9fd11aa9931071734c50f2f3b79a37f1e185d56a6051ef64377c1dc36d245850f1d621cc4260158f74fabfa01a35d34f71f452979e3e22519190922ca735fc43c074187028f79c8d35516ab6a4342d6706358149bae44f14bddd93c24feab1a5419ae53a5f2f2ad6c6094cd21e1e0c0dcacd4ec049a28f8eedc7997cb17de694e3d108b6ff22bab4d6f2c026c5ce2df73310328cb77f0fb42a6d452075ce613ba2cfcf6a58b87e50c4eed351f5d842d3f7e117459ba7f815069f743d4c67572620ec9e49ed244d8c239dcb8553d4de503c5c001a3f89a80f2a6edd3c249245c8d8066d27d7e83943e6f89dfce1758f695875840cc25e4565bcbc25e0202cf9b232e327d7c7d544577f66664fe7af6fc7b1590b9a65d2d96d07ad9e647f7c9762d558cc2d2f743ea4834b833889c6e3e4b0b89a057e65e6d26f856777cd24862578fdd66757e55c41594a73bb19396f1c62aa1ff89f9738f5282c4605a902e860d19ac0423730e617ed0ebe3329f116818eb2e2182ec4b45830627228e05ab347b249568cef6ffd12e1dbf634f62a86c1cb0980dc3fe6c05bfda949ccdcb9453af53f00cf590c87233e2f1836363a61b5e4c0ef1d146a921c1547e5a53025c42ef78676d17c31d67cc761bf64182724bcd731962eedd80809a623e4c86bf93d0348b3eb8b9c21f00db04c0b7f6fa2d394e1b37c73fa820960a0a1be4676da3865813b32b81178746ec5f428bd0dd20a1be44d36c41c907c486799b61092fab6eea5948ffb70da78f821df099660834ad74f39253212a55d5cc55ae5a3b26576afa2abfc919915edac165c0d506ee2507980c4b2ef1cee2ad0911f6119a3e79b8cb95eecd64c58d2af2f263b0a128ce7ccef2fda3cdadb5aefa320e1575e2536c50ae04b00f9b46d733b9079e21911fc1b64823c57336d56e9f4e6736938365e9577612f3cd689aea72782999f114ffbcd19fe164ecdf51513239af5e4fe3248a54a232352d2e954bebd91b14c36ac53c41eb742f458bcaa27b5d98e4786c26d11ad7078f9e541a47b9acdf53592aafd5da253f038ec30bb5f098b957568887ced541430b0bbfb001d7a48a0df938e96df9e25360b0fe9efadad85c9ee705bc83a39a22dfda31dec023479f60fdf3c4852eac62e41ccfce1bfab673f83e32f666e125557f24ed07b85fd7c84a8fc1db034793fdb56bf59251e97cb5ebfa153de1bcac974887b34b4b2bf00cfb0f06dab3c3546c3e104890746b731ef0ae3245eb458dd8dfddbf027db62bd999b4baad6f76d140b18b8a89007b2996d3dbff82bf7793f56b35761f2075c5a766cb09aa924cff733a7e05124a36e70b1ca1194a8e7605965f2b00d8c73a1a6072c06e5387f433baa1fe08a63d9891fd27a25334f48260ec0480d8e388cfe743c1e40e44506ecd4a29b99ce311c554d2dee3f11e6ca7f8ca4d7d48eaac0c7a3c497cf3041b95063e61d00f261e85aeeade0d94516bb342b3ccc69949a4a5195f0156125f894ceda57d78b1d04798ee9c8a237f581ffc763d32b91a9c33d731d86a6b351a64103162173d01da3e426c67b6b3228ecbc1fdc5f7d6225d5759477e60d3bb4ba3ad1c6f300087e0717882bf8cd933b9e286e83e66630bf44120125574c5f9c4e980ee3b94f3f056812e17358fe9a510a0b665cc19915627e41e2a647e23267294ab9667665f000a6839f1b972dfc7455b16294fdf3ad2baa20c57508b30ae465627447ccccf1565341419e13d2e21b27ce9d7113a3f1e7497bb74ac6690d546e8a4d676d97533fac604c67a0d6f90591aee77eafdd3cb2921554384524113c7bf1a1ed66e82f94885392e0a660ffcde4e41517c3ebc52af5a15c94ac9f4176a0a5362efced3445cabe66db8f7102a81e3cab0b6b729f30636cd64518494cb10fc1b647a0882f91cda0b14c44441ed8d4972783d251c7cdbf129eaa5074dfea6d867f2325eb6522f96d590f615375c2d62c2d700a35e3ebba6c5d05bb846f8a932f9b120f17cd2d18ef60bdb7b5b25ad44204ba1c13c3b0ceee8fb78a70e68bd9cde0b6cb4662f6b2d6d1907ac92adf34fa298f18b1db93855db5a57bebf087ed690b6b1141d9695cb541870b79bedf52088c84ea327e74af17494c1a4c344f2ed57b8a8f1893b72be8b20f7d0a4b6035c408287920946db93a4a98a5ae2289969619a081653c24292e8b9766ec4044ee17d02695217e15fae8d516861d3236b0290b51172a0a411a2e6f73e812c085645bb0ab144692dd3a883d3f0f72cce7f902d40b57cca602a8837392301a87eb1edcc718d935c3bd7c86ceacb0b735a48bcc3278676230107030fc4daa742ade31efd9b379849c71cb5dc41319c1f148cb52288f0c4d7af66e2c7f4f8190f0b82c5c8e38c1727050a3eb1856322f88f1a1b83e68811cba861cd1fe51bf53bac0b89f796acc002b156f9e4ce579976b58e7f0776d20b8e6b9586f1c7ac1d49ad013423c5123be1a0abd84b802d907ab0e75a5598de561ac9177b2fb89e3048adef57e04ccb2934c936f584999d78e7360448e349d828470ae12c727b32195ee3b7ff9d75361624f301db914355d1737cd8a47b6201920e2d767bc87b92fea2fb96eb2329a5d8a605ddb305744727b3edb298a6881e03773e2fa21eb1d8e711028e4afb99a0e11f06dbd5affe9c5fb2443664f524058e29b4d451526ff59bcced28ce161b9b14e2ecda37e9a7b3a325b09a906d60a6d8deaf5078b701cf90420d5d8e0a5183c19c045c2a13ed2e376dff224179d3eaf5127edb946531ed0ebdda93baaab714d3a18744c11ef11c12b26e53f909c087e208897b026b8e86a2f6845c727f042d763816a5c3066bf749ed485d2be213e1be94fe207724fa11c2413d2af0ec30ca5254e654684ff10241e3f66f5aba415dde0e20931271928f36d3e3ac7c4b81939275ca676d6b55a54b82b6744adc01bad9e58f8667cd2b048d283827cb221e8d413c7834ce0827626218210b3e78b51896cb1cd1adb54f0cfe82d6054f8ae282e83c7fe9fad7cd4725ed49f67b4fcc697939d3055ad4a3f4ecfd81e9af2d794f8657ba37c01cd72fef5effe9019c2fbc560efff36b8214d5c8e2d4fae91a8c35baf41e5230268aa8d2f76082ad3e9b5305491df9343176d3eaa6a75a78e45e193577666b0997aeea2d63fc92bbdc39e44ef49562de16e5e0a1640e183de52588cd0f72d73d2758174e769b7878e7dbd204a36c54aac972b211511fe2781a50a7b337d5f9cf52d2bd4941bc45d153d9ee162e59ab11538d516c74e144a0fa30d0275a984a19076c0a1d4debec46574a57456a06b51648e4b8131d0cfeb7a8dcf7d90efcfaa4cb2eacdb55dc583d151751e3bfc18ee420592d78a9fe24e350d1a1815c235d8180b3f9082dd38a225bc5e70471382b6f2775cf310c96bd67cafb99d8521df5c6c90f868e255f7d1815a65686e0b8262cb5c121f26b08e952e015b9976a1a41fbe9c1801ac6a362db171b0a74b01e01512286f05581aef00759c0db9a1e9f1d768c8b827edf00c5937969f720fc5f0ac141353209aeb09d1812e0ac5ce66199f6167dd2cc682f1ef8740b8bf56323ab6a15080f5494e81d0928a88c362c38c4f7057c5b651dcf0d29893cb8f2f63d3a0fc745e67210ed98f7935804087da8f538a87ec0c7cb20f7f5553e76df258c37867db0a59518f6a048b40bc8af32604d6f2ad416aaefc9fa694c45919875c012bf29515932987c7e51b9eb082a4e3c14a0789e5553af04aa2ef19033f4de0c3f5919ee59dae37bcb72380c65df6a0555fb82b69616936d593dff1682ac1b9415ab52d7561344184290e5c8afb82267abebb8cf7f85e1acb95248be051b3a55d84d4c21197fa67de36a7055ce19e1b0e14257158ec8c773cd852288bc48c2fa8e8d01be5d10a34babca481355d3abf5a3befefc79748e3f5d16bdd9d6002716cfcfcf86f2fcbcc3d928d09abe5f1805922a912cfadbdbd94657280922e8822c5146b8185d3c7f0ea6e5e0fccfb5c182bf40ee0c497e462602f119abfde73a8ead74ca68503fe730bf2dcd70983572b2b590f75f25ec5e06bab01f6f97752f0eb987ad0bdeb7351a1bb8100a0dae321d6c6a05a4b0089220a97e0b00fa051254c9b3cb90d3030381b909218ced13729586116fe1d0eebd56d8ffaff2cbbb719577d8e7734819939b3532b449bb3ce46bb5aefa178bb0ee2a34fff6a6d4535121a0a1d1c2205bc54f16b6e2c2dd57122e77c95e0e143cdc6e3969df4479d587fb84d58d4fabe5a2df7489349c124bda893cb30f0c32bc3d131ba7f665d5a4d7e0207d6c2d5fa333cdf3bc1612cb896eb1da96b3ba0e768ee18267ace61138484e62f575b2b2101c7140f6c4b3f2792ab9ba6910c5caa534ee206676a33ff9aca1606b709e613a2de6ed8b07d8ce0b906baaffb95989d36ec6356cbb652739032c479989b2e753a66e5c05fa36f3b25e53803d05414cd5f051cb4f8ec65a692c441d61773c7489eaf1a4bd203690211bd629b2ad2b6d98130cb1b431a396de1939b945206635c91918ab45e1053f1d37c8e4dd79115d84f5c632a56d00bb5136d0ff80b40c3986393b47a51d46dbc7545e785cc2ab3edc6c4cb5c9094bae1a8a04617b4540140a2adbca90ee838d11b1053e7400ff29c9cc3801c045bbc2f97123ce49e4cf65cf3f2cbbc938b13a550a74de864cc41c476f109c58fad764f8b808bcc9767c20b992704667c2177abb671735d094ff36ba3cf7fd35a3ff3695b71ea93b114249c3d2f74f22fdb33849fcb2e0f874688f09b9a7af5651e87f954f98d1b34140b2082b0daa72eba554998686df57886e1e2736127ae0cce570762cc895b382dd330cb9794eb673d167d90749124aea93771caa00051947f0b301a47d1489a874d533ed407774fb86d8def55a07cf313440898adaa9eba2e30059f31bb65aabea347f17fe28d76630fad4ce9640d5af7fe3097163e4e12ebbf299d6e167c923636d8af782f5f20b7e4db1dccdd35a5eea094701af6c69fa940e45c0e647e4f4ff5dfa66e1268f449aed393ee961fd9666e35d6f6684f8287664588fe4d89d20c2b9955d8e7b75f63ebd9cbbaf1b634cc29dccd1a087aa077102afc50ef803440beee153998092e138243ece435b957da48e6ebc45ece33584c192f3fcb4960ab854a48cb4f348305f95c9bac66d3331c853859a26f4b9179172f5865f066aa9ab2e48578cdc1f3d4f7a400fe76a9956a7b817604267e400830d97daebfc03aa89604970162635b528f4d667ed8f37d208c9326d7d313d546eb962703d8d1a19d7ac2a643b8e553e816ee4a9e98206acca31ff7ee6b5ee5e9a7348e376373014678957b8e74db1ec4ad0028577deb06ad637030e277ff192f520c315036437cb3563c3d4de189efd9390ff0ec55733f712752b8bdf645da9ece614674d7fc982b4f76570fd467dfd19bfe80d2df6ff85b34350054e20d3be1f421c97b8864faa393e7d62b32003be8fddbc677646f0685d35988c4dd1d39b09c18dc299fa14428fce60434f1fdbcf7067d25abe0c933637b7031e82d823bd71d3872ac64c481e40fe282d4ec35eea23361530bd8a26c10dc1fb3d9470c2cdeb90c6679991bee72dc2bbeaaa9fdf96ea456017d26c9b46a9f1f127b517869a9116b33e9203889dcd83d044cd6bc4b48f3540dad4c3dc2b134c798825350d42fc3190ddf8d8e5bc509e53d3ab2c565c785700eea141a84a34f2756aacb13cd3a567fd45d7fc5304c1f85e30c66b074b7b37b46f1c72008cb07012f9addfae8ba90ffec6942ac70f4ea1960b2e2f0ce6a4b6bd123dcf23a96ef97b60af0e48664c29d4bac1d11e9a3dfc9662de341d5c16e1f961ed8fc78009847c15d86cfc28113bf6ce78695d0961c0073ae4946c4207bf27d642e9bb2e0419cfefacbf74769c3654b5f75cdd63020bcbe4ae4f2f6e32a3063ccae39468ad9e8d3e03987b0a7c615bc71274df42ab48c6514ebc4bd87642b17cece33cdd4495934af4628fe09fea9ba78e96fb321eb26fc5cf176ea4aff564fa35bca15bce17ac401e7d1bbc86456777fb7488786ae25204d8408c4b39b4a9243121b4c6fa228eff178de80d09d55baa77a903a07cd838543bf76bbbf3c0428576a3af2245c860aeef3400462e80af532ee19ff9ff1c58d0e51e73a15591005f9b85dda564679d2626f0ce9d6bac1bbe89532eec050be86c9230efc93f557f705a0f730074da782f5872e2a583c37b31625ac7c822f0b3df2d14d4cc252b36edb96cd02cff5cb57cc260df943726ad799a73e28ac762b45ec21d96cd8db8d738e0735535170c7f7119bdfc6498459379ac4460fe540799557ce4d169df9a7bc124c2ced64c6c5c707ab8f84c78831a6d589f3569a0ad4cd511b696923262346e20c6dfa531e9444a6fda6ccc2b11bc043fa427dcea78c65287a125ff4da9f5f21dfb016ea7165fdc2c45626bee373631300d010a
"63947311"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc3dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd1f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67ad38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932f5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315e9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc3879197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6938ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e9b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc82dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e629789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff718f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f69d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb9e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb37fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832ce558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5b7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd3802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba3210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0ee5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7faadcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574ce997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f8984a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225ea7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f549c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f17d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5ded36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9f1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780dff9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc747dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1bc2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d1b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b389f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57fe13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8f31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e7582101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08f3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2c1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77efc19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c4736573658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b062263fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0fb0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e8227929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a2287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c48cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6cc3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2cbd92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c95702d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1dc02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e611b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9d74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a88a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b7c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5cf539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc246cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332aa7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851aea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e519105878459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c807d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2dc23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d4782f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce66342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db195111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe8d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96cbbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db5410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f85d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f013546601a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccdae545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a691c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a4cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0bd2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a21d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd81db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a72ce5f514188ff

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^ .lnk]
backup=c:\windows\pss\ .lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^MRU-Blaster Silent Clean.lnk]
backup=c:\windows\pss\MRU-Blaster Silent Clean.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
--a------ 2005-12-14 02:14 208896 c:\program files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-06-02 23:35 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-09-01 11:59 3563232 c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-04-15 15:09 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 11:16 42032 c:\program files\Common Files\AOL\1226041669\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2008-04-15 17:39 1055792 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iNetFormFiller]
--a------ 2008-04-15 15:52 1732096 c:\program files\iNetFormFiller Freeware\iNetFormFiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 15:24 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2008-01-04 16:33 684118 c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-04-15 14:09 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite RiskMonitor]
--a------ 2007-11-22 09:53 1777296 c:\program files\CyberScrub Privacy Suite\CSRiskMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-28 01:06 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-04-15 19:04 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2008-04-15 17:40 1626160 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-27 23:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2008-04-15 19:25 11891712 c:\program files\Vidalia\vidalia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SABSVC"=2 (0x2)
"InCDsrv"=2 (0x2)
"RSVP"=3 (0x3)
"PD91Engine"=3 (0x3)
"PD91Agent"=3 (0x3)
"gusvc"=3 (0x3)
"bgsvcgen"=2 (0x2)
"AOL ACS"=2 (0x2)
"McShield"=2 (0x2)
"McODS"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\snipsnipe\\counter-strike\\hl.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1226041669\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\WS_FTP Pro\\ftp95pro.exe"=

R0 oxas;oxas; [x]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 pxark;pxark; [x]
R1 aswSP;avast! Self Protection; [x]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2008-04-16 6656]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2006-06-14 12288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]
R2 RVRWPOSM;RVRWPOSM; [x]
R3 bcgame;Nostromo HID Device Minidriver; [x]
R3 Memctl;Memctl;c:\program files\ABIT\ABIT uGuru\Memctl.sys [2008-04-15 4047]
R3 NJXSDNC;NJXSDNC; [x]
R3 PORTMON;PORTMON; [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2008-04-16 3567]
R3 ProtoWall;ProtoWall Network Service; [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2007-10-23 10752]
R3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R4 CSIScanner;CSIScanner; [x]
R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-04-16 689416]
R4 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-04-16 894216]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2008-04-16 35328]
S0 uGuru;uGuru;c:\windows\System32\Drivers\uGuru.sys [2008-04-16 10752]


--- Other Services/Drivers In Memory ---

*Deregistered* - aawservice
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Fastfat
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - helpsvc
*Deregistered* - KSecDD
*Deregistered* - mcdbus
*Deregistered* - MountMgr
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - prohlp02
*Deregistered* - prosync1
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - sfdrv01
*Deregistered* - sfhlp01
*Deregistered* - sfhlp02
*Deregistered* - sfsync03
*Deregistered* - sfsync04
*Deregistered* - sfvfs02
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - swenum
*Deregistered* - TermDD
*Deregistered* - uGuru
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - Winflash
*Deregistered* - winmgmt
*Deregistered* - WmXlCore

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\ElMatador_Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-11-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 17:08]

2008-11-05 c:\windows\Tasks\ZDAutoClean.job
- c:\progra~1\LSOFTT~1\ACTIVE~1.NET\ZDAutoClean.exe []
.
.
------- Supplementary Scan -------
.

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 03:32:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\c_947281.nls 125952 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(332)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
.
**************************************************************************
.
Completion time: 2009-01-07 3:39:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 09:39:40
ComboFix2.txt 2009-01-07 02:26:46
ComboFix3.txt 2009-01-06 05:36:24
ComboFix4.txt 2009-01-06 01:16:35

Pre-Run: 247,255,040 bytes free
Post-Run: 276,447,232 bytes free

353 --- E O F --- 2009-01-07 03:07:29

The zip file attached shows the previous ones to this one.

Attached Files


Edited by Mjay22, 09 January 2009 - 05:34 AM.


#8 Mjay22

Mjay22
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 09 January 2009 - 07:36 AM

The file C:/windows/system32/aamd532.dll is showing up on MBam now,
but I think its highly likely an FP (false Positive)! Other than that, there isn't
anything else being detected. This virus I have or had, I think seemed to be living
off an infected Mcafee service as of right now. I'm starting to wonder what
would happen if I reinstall Mcafee and if I would come back. :thumbsup:
Do you think I should try it?

Edited by Mjay22, 09 January 2009 - 07:37 AM.


#9 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:07 PM

Posted 09 January 2009 - 06:21 PM

I have reviewed the logs and will be posting instructions soon. Please do not run any tools, including MBAM, or install/uninstall any programs unless I specifically ask you to do so. Making changes to your system will make cleaning it all the more difficult and could lead to unexpected/undesired results.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#10 Mjay22

Mjay22
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 09 January 2009 - 06:45 PM

Ok, no prob, thanks!

Edited by Mjay22, 09 January 2009 - 06:46 PM.


#11 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:07 PM

Posted 09 January 2009 - 08:11 PM

Hi,

It appears ComboFix didn't delete anything. Furthermore the TDSS rootkit has not been touched and doesn't appear to exist, we will run a Gmer scan to identify any rootkits.

RegFix

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c swreg null delete "HKEY_USERS\S-1-5-21-1078081533-1965331169-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8D8055E-9CDE-42AE-5D9A-10F12044FECA}*" /n *

A command window will open and close quickly.

CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\5912592D38.sys
c:\windows\system32\5912592D38.sys
c:\windows\system32\c_947281.nls
c:\windows\system32\2226305475.dat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=-
"midi1"=-
"mixer1"=-
"aux1"=-
"mixer2"=-
"wave2"=-
"midi2"=-
"aux2"=-
"63947312"=-
"63947301"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Update Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Gmer

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
Scan with HJT

We need to create a HJT report.

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.


In your next reply, please post:
  • ComboFix log
  • Gmer log
  • HJT log

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#12 Mjay22

Mjay22
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 09 January 2009 - 09:28 PM

Actually I don't think that TDSS ever did exist with this virus and
as I was suggesting to boopme, I'm almost positive that its just left
over traces from the TDSS virus that I removed about 6 months ago.
Furthermore I never seen any of the TDS files during this infection.
However I'd still like to have the left over traces out of my registry.
Ok, this is a lot to do, I'll try to get it all done ASAP! Thanks

Edited by Mjay22, 10 January 2009 - 04:10 AM.


#13 Mjay22

Mjay22
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 10 January 2009 - 02:47 AM

Gmer Log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-10 01:26:29
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB6140576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6140432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6140910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB614000A]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateKey [0xF74F4E2C]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateValueKey [0xF74F51BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB614050C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB613FF4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB613FFAE]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryKey [0xF74F5292]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB614062C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB61405EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB614076C]

---- Kernel code sections - GMER 1.0.14 ----

.text USBPORT.SYS!DllUnload B8CF48AC 5 Bytes JMP 8AB2C1C8
? System32\Drivers\amsf54dw.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\ctfmon.exe[260] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, EC, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, A6, 00, C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[260] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, ED, 00, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[260] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, A6, 00, C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[260] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, EF, 00, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[260] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, A6, 00, C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[260] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 07, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 07, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 0A, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 1C, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 1C, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 1C, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 1C, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 1C, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 1D, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 1D, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 1F, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ A6, 00, C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 1F, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 1F, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 21, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[260] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 22, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, F2, 00, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, B1, 00, C3 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, F3, 00, 50 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, B1, 00, C3 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, F5, 00, 50 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, B1, 00, C3 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 0D, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 0D, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 10, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 22, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 22, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 22, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 22, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 22, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 23, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 23, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 25, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ B1, 00, C3 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 25, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 25, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 27, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[488] WININET.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 28, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 86, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, 61, 01, C3 ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 87, 01, 50 ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, 61, 01, C3 ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 89, 01, 50 ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, 61, 01, C3 ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, A1, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, A1, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, A4, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, CB, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, CB, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, CB, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, CB, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, CB, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, CC, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, CC, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, CE, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ 61, 01, C3 ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, CE, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, CE, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, D0, 01, 50, ... ]
.text D:\Program Files\Alwil Software\Avast4\ashDisp.exe[540] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, D1, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 4A, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, 2D, 01, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 4B, 01, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, 2D, 01, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 4D, 01, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, 2D, 01, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[716] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 65, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 65, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 68, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 7A, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 7A, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 7A, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 7A, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 7A, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 7B, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 7B, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 7D, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ 2D, 01, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 7D, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 7D, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 7F, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[716] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 80, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 11, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, 7B, 00, C3 ]
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 12, 01, 50 ]
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, 7B, 00, C3 ]
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 14, 01, 50 ]
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, 7B, 00, C3 ]
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 2C, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 2C, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 2F, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 41, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 41, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 41, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 41, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 41, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 42, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 42, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 44, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ 7B, 00, C3 ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 44, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 44, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 46, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[772] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 47, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 01, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, 8B, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 02, 01, 50 ]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, 8B, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 04, 01, 50 ]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, 8B, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 1C, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 1C, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 1F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 31, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 31, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 31, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 31, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 31, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!CommitUrlCacheEntryA 771D1BB2 10 Bytes [ 58, 68, B2, 1B, 32, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!CommitUrlCacheEntryA + B 771D1BBD 2 Bytes [ 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 32, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 34, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ 8B, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 34, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 34, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 36, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[968] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 37, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, E6, 00, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, A3, 00, C3 ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, E7, 00, 50 ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, A3, 00, C3 ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, E9, 00, 50 ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, A3, 00, C3 ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 02, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 02, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 05, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 17, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 17, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 17, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 17, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 17, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 18, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 18, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 1A, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ A3, 00, C3 ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 1A, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 1A, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 1C, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1092] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 1D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 15, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, 8B, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 16, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, 8B, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 18, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, 8B, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 30, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 30, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 33, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, E1, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, E1, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, E1, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, E1, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, E1, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!CommitUrlCacheEntryA 771D1BB2 10 Bytes [ 58, 68, B2, 1B, E2, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!CommitUrlCacheEntryA + B 771D1BBD 2 Bytes [ 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, E2, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, E4, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ 8B, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, E4, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, E4, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, E6, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1124] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, E7, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 74, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, 51, 01, C3 ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 75, 01, 50 ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, 51, 01, C3 ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 77, 01, 50 ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, 51, 01, C3 ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 8F, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 8F, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 92, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, A4, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, A4, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, A4, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, A4, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, A4, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, A5, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, A5, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, A7, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ 51, 01, C3 ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, A7, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, A7, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, A9, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, AA, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, F9, 00, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, B2, 00, C3 ]
.text C:\WINDOWS\LTMSG.exe[1816] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, FA, 00, 50 ]
.text C:\WINDOWS\LTMSG.exe[1816] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, B2, 00, C3 ]
.text C:\WINDOWS\LTMSG.exe[1816] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, FC, 00, 50 ]
.text C:\WINDOWS\LTMSG.exe[1816] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, B2, 00, C3 ]
.text C:\WINDOWS\LTMSG.exe[1816] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 14, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 14, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 17, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 29, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 29, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 29, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 29, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 29, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 2A, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 2A, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 2C, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ B2, 00, C3 ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 2C, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 2C, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 2E, 01, 50, ... ]
.text C:\WINDOWS\LTMSG.exe[1816] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 2F, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 72, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, BA, 00, C3 ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 73, 01, 50 ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, BA, 00, C3 ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 75, 01, 50 ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, BA, 00, C3 ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 8D, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 8D, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 90, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!HttpOpenRequestA 771C2AF1 10 Bytes [ 58, 68, F1, 2A, A2, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!HttpOpenRequestA + B 771C2AFC 2 Bytes [ 00, C3 ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, A2, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, A2, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, A2, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, A2, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, A3, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, A3, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, A5, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ BA, 00, C3 ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, A5, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, A5, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, A7, 01, 50, ... ]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1824] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, A8, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, AA, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, D6, 00, C3 ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, AB, 01, 50 ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, D6, 00, C3 ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, AD, 01, 50 ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, D6, 00, C3 ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, C5, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, C5, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, C8, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, DA, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, DA, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, DA, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, DA, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, DA, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, DB, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, DB, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, DD, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ D6, 00, C3 ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, DD, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, DD, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, DF, 01, 50, ... ]
.text C:\WINDOWS\ALCWZRD.EXE[1856] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, E0, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 5C, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, B3, 00, C3 ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 5D, 01, 50 ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, B3, 00, C3 ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 5F, 01, 50 ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, B3, 00, C3 ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 77, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 77, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 7A, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 8C, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 8C, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 8C, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 8C, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 8C, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 8D, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 8D, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 8F, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ B3, 00, C3 ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 8F, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 8F, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 91, 01, 50, ... ]
.text C:\Program Files\Logitech\Profiler\lwemon.exe[1980] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 92, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, F1, 00, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, A8, 00, C3 ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, F2, 00, 50 ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, A8, 00, C3 ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, F4, 00, 50 ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, A8, 00, C3 ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 0C, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 0C, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 21, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 21, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 21, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 21, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 21, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 22, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 22, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 24, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ A8, 00, C3 ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 24, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 24, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 26, 01, 50, ... ]
.text C:\WINDOWS\system32\nvsvc32.exe[2068] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 27, 01, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, C2, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, 8B, 00, C3 ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, C3, 00, 50 ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, 8B, 00, C3 ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, C5, 00, 50 ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, 8B, 00, C3 ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, DD, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, DD, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, E0, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!CommitUrlCacheEntryA 771D1BB2 10 Bytes [ 58, 68, B2, 1B, F3, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!CommitUrlCacheEntryA + B 771D1BBD 2 Bytes [ 00, C3 ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, F3, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, F5, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ 8B, 00, C3 ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, F5, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, F5, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, F7, 00, 50, ... ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2116] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, F8, 00, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 01, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, 8B, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[2176] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 02, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[2176] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, 8B, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[2176] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 04, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[2176] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, 8B, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[2176] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 1C, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 1C, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 1F, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 31, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 31, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 31, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 31, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 31, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!CommitUrlCacheEntryA 771D1BB2 10 Bytes [ 58, 68, B2, 1B, 32, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!CommitUrlCacheEntryA + B 771D1BBD 2 Bytes [ 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 32, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 34, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ 8B, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 34, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 34, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 36, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[2176] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 37, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] kernel32.dll!FindNextFileW 7C80EFCA 8 Bytes [ 58, 68, CA, EF, 1F, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] kernel32.dll!FindNextFileW + 9 7C80EFD3 4 Bytes [ C2, BC, 00, C3 ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 20, 01, 50 ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 36, C0, BC, 00, C3 ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 22, 01, 50 ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ BB, C1, BC, 00, C3 ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 3A, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 3A, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 3D, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!HttpOpenRequestA 771C2AF1 13 Bytes [ 58, 68, F1, 2A, 4F, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!InternetConnectA 771C344A 13 Bytes [ 58, 68, 4A, 34, 4F, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!HttpSendRequestA 771C6099 13 Bytes [ 58, 68, 99, 60, 4F, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!InternetReadFile 771C82E2 13 Bytes [ 58, 68, E2, 82, 4F, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!HttpOpenRequestW 771CF507 13 Bytes [ 58, 68, 07, F5, 4F, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!CommitUrlCacheEntryA 771D1BB2 13 Bytes [ 58, 68, B2, 1B, 50, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!InternetQueryDataAvailable 771D8A27 13 Bytes [ 58, 68, 27, 8A, 50, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!InternetReadFileExW 771F84B1 9 Bytes [ 58, 68, B1, 84, 52, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!InternetReadFileExW + A 771F84BB 3 Bytes [ BC, 00, C3 ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!InternetWriteFile 771F8C71 13 Bytes [ 58, 68, 71, 8C, 52, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!InternetReadFileExA 771F91B8 13 Bytes [ 58, 68, B8, 91, 52, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!HttpSendRequestW 77212F74 13 Bytes [ 58, 68, 74, 2F, 54, 01, 50, ... ]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] wininet.dll!InternetErrorDlg 7722DB15 13 Bytes [ 58, 68, 15, DB, 55, 01, 50, ... ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7505886] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7505832] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7527892] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7505886] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EFAD4] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EFC1A] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EFB9C] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74F0748] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74F061E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7504ACA] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[760] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[760] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe[1728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2736] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8ADC01E8

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 8AB471E8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 8ABAF1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AD511E8
Device \Driver\dmio \Device\DmControl\DmConfig 8AD511E8
Device \Driver\dmio \Device\DmControl\DmPnP 8AD511E8
Device \Driver\dmio \Device\DmControl\DmInfo 8AD511E8
Device \Driver\usbuhci \Device\USBPDO-1 8ABAF1E8
Device \Driver\usbuhci \Device\USBPDO-2 8ABAF1E8
Device \Driver\usbuhci \Device\USBPDO-3 8ABAF1E8
Device \Driver\usbehci \Device\USBPDO-4 8AB981E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\prodrv06 \Device\ProDrv06 E23A64B0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8ADC21E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8ADC21E8
Device \Driver\Cdrom \Device\CdRom0 8AB8C1E8
Device \Driver\PCI_NTPNP0234 \Device\00000065 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_NTPNP0234 \Device\00000065 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\Ftdisk \Device\HarddiskVolume3 8ADC21E8
Device \Driver\Cdrom \Device\CdRom1 8AB8C1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8AB8C1E8
Device \Driver\Cdrom \Device\CdRom3 8AB8C1E8
Device \Driver\Cdrom \Device\CdRom4 8AB8C1E8
Device \Driver\prohlp02 \Device\ProHlp02 E1BEF1D8
Device \Driver\Cdrom \Device\CdRom5 8AB8C1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1DE1E8
Device \Driver\NetBT \Device\NetbiosSmb 8A1DE1E8
Device \Driver\mcdbus \Device\mcdbus sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\mcdbus \Device\00000089 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\USBSTOR \Device\00000096 8A6021E8
Device \Driver\USBSTOR \Device\00000096 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\USBSTOR \Device\00000098 8A6021E8
Device \Driver\USBSTOR \Device\00000098 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbuhci \Device\USBFDO-0 8ABAF1E8
Device \Driver\usbuhci \Device\USBFDO-1 8ABAF1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A6B17A0
Device \Driver\usbuhci \Device\USBFDO-2 8ABAF1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A6B17A0
Device \Driver\usbuhci \Device\USBFDO-3 8ABAF1E8
Device \Driver\usbehci \Device\USBFDO-4 8AB981E8
Device \Driver\Ftdisk \Device\FtControl 8ADC21E8
Device \Driver\mcdbus \Device\0000008a sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\mcdbus \Device\0000008b sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\NetBT \Device\NetBT_Tcpip_{8F548225-C649-4F9C-BD3B-620D87EA451C} 8A1DE1E8
Device \Driver\amsf54dw \Device\Scsi\amsf54dw1 8AAF4308
Device \Driver\amsf54dw \Device\Scsi\amsf54dw1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\amsf54dw \Device\Scsi\amsf54dw1Port3Path0Target0Lun0 8AAF4308
Device \Driver\amsf54dw \Device\Scsi\amsf54dw1Port3Path0Target0Lun0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \FileSystem\Fastfat \Fat 8AB471E8

AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A9E77A0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSmtvd.dat
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrxx.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvkql.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfmm.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSkhyf.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkai.log
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSlrvd.dat
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrsr.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSrtqp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 297189364
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 313940367
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0xF9 0xF0 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x92 0xD1 0x9B 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5C 0xB8 0xD7 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x4A 0x2A 0xDB ...

---- EOF - GMER 1.0.14 ----

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:24 AM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\RefreshLock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1226041669\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=localhost:9050
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [RefreshLock] C:\RefreshLock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Shortcut to ashDisp.exe.lnk = D:\Program Files\Alwil Software\Avast4\ashDisp.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.howtodrivers.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://service.futuremark.com/virtualmark/tc/MSC3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NJXSDNC - Unknown owner - C:\DOCUME~1\MM\LOCALS~1\Temp\NJXSDNC.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9065 bytes

Attached Files


Edited by sUBs, 16 January 2009 - 08:37 AM.


#14 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:07 PM

Posted 10 January 2009 - 11:18 AM

Your ComboFix log, is not being displayed correctly. This is cause by having Word Wrap checked.
Please post the log again after doing the following:

1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears un-checked.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#15 Mjay22

Mjay22
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 10 January 2009 - 07:03 PM

Sorry, didn't notice that.

ComboFix Log:

ComboFix 09-01-08.03 - MM 2009-01-09 23:41:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2557 [GMT -6:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090109-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\2226305475.dat
c:\windows\system32\5912592D38.sys
c:\windows\system32\c_947281.nls
c:\windows\system32\drivers\5912592D38.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\2226305475.dat
c:\windows\system32\5912592D38.sys
c:\windows\system32\c_947281.nls
c:\windows\system32\drivers\5912592D38.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-09 00:01 . 2009-01-09 00:01 2,913,818 -ra------ C:\ComboFix.exe
2009-01-07 03:57 . 2002-08-29 07:14 103,184 --a------ C:\ieinfo5.ocx
2009-01-07 03:57 . 2002-08-29 07:14 608 --a------ C:\iefiles5.inf
2009-01-07 03:53 . 2009-01-07 03:54 <DIR> d-------- C:\Comb1Fix
2009-01-06 00:20 . 2009-01-06 00:20 <DIR> d-------- c:\documents and settings\Administrator.XUP\Application Data\Malwarebytes
2009-01-05 22:58 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-05 22:33 . 2009-01-05 22:33 1,660,821 --a------ C:\SmitfraudFix.exe
2009-01-05 19:23 . 2009-01-09 04:28 <DIR> d-------- C:\help
2009-01-03 21:58 . 2009-01-03 21:58 3,014,656 --a------ c:\windows\system32\YKSZDINX
2009-01-03 16:57 . 2009-01-03 16:58 <DIR> d-------- c:\windows\ERUNT
2009-01-03 16:51 . 2009-01-03 17:57 1,529,241 --a------ C:\SDFix.exe
2009-01-03 16:27 . 2009-01-09 22:28 2,626 --a------ c:\windows\system32\CONFIG.NT
2009-01-03 16:03 . 2009-01-03 16:03 <DIR> d-------- C:\_OTScanIt
2009-01-03 04:03 . 2009-01-03 04:03 362 --a------ c:\windows\Shortcut to WINDOWS.lnk
2009-01-02 23:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-02 11:43 . 2009-01-02 11:43 <DIR> d-------- C:\New Folder (2)
2009-01-01 23:46 . 2009-01-06 00:40 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-30 07:20 . 2009-01-07 03:13 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-30 07:20 . 2009-01-07 03:13 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-15 09:52 . 2008-11-15 04:15 796 --a------ C:\Kso.Lv Team Fortress 2 Server (run STEAM before clicking on this).lnk
2008-12-15 09:52 . 2008-10-12 05:42 782 --a------ C:\Join KSO.Lv Team Fortress 2 Server 1.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 04:43 --------- d-----w c:\program files\PeerGuardian2
2009-01-07 02:57 --------- d-----w c:\program files\Remove-it
2009-01-07 01:50 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-07 01:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-06 07:19 --------- d-----w c:\program files\AOL 9.1
2009-01-06 02:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-05 00:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 00:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 09:11 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avg8
2009-01-03 05:57 --------- d-----w c:\program files\Panda Security
2009-01-02 05:46 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-02 04:19 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-01-02 04:19 --------- d-----w c:\program files\SpywareBlaster
2008-12-31 12:33 --------- d-----w c:\program files\Steam
2008-12-31 02:05 --------- d-----w c:\documents and settings\MM\Application Data\Tor
2008-12-31 01:33 --------- d-----w c:\documents and settings\MM\Application Data\Vidalia
2008-12-28 04:37 --------- d-----w c:\program files\CCleaner
2008-12-25 13:44 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin.bak
2008-12-24 11:12 --------- d-----w c:\program files\DivX
2008-12-12 17:01 3,067,904 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 08:39 --------- d-----w c:\documents and settings\MM\Application Data\uTorrent
2008-12-02 12:05 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2008-11-27 17:47 10,240 ----a-w c:\windows\system32\RtNicProp32.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-20 06:34 --------- d-----w c:\documents and settings\MM\Application Data\R-Wipe&Clean
2008-11-15 05:47 --------- d-----w c:\documents and settings\MM\Application Data\AOL
2008-11-15 05:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 05:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2008-11-14 23:47 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-14 05:29 --------- d-----w c:\program files\SIW
2008-11-14 03:48 --------- d-----w c:\documents and settings\Administrator.XUP\Application Data\Ahead
2008-11-13 22:13 --------- d-----w c:\documents and settings\MM\Application Data\Lavasoft
2008-11-13 21:49 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-11-13 12:09 --------- d-----w c:\program files\Azureus
2008-11-13 04:59 --------- d-----w c:\program files\Lavasoft
2008-11-07 12:45 61,224 ----a-w c:\windows\java\GoToAssistDownloadHelper.exe
2008-11-06 08:41 61,224 ----a-w c:\documents and settings\MM\GoToAssistDownloadHelper.exe
2008-11-01 10:14 133,632 ----a-w c:\windows\system32\OLD420.tmp
2008-11-01 10:12 11,776 ----a-w c:\windows\system32\wshisn.dll
2008-11-01 10:12 11,776 ----a-w c:\windows\system32\dllcache\wshisn.dll
2008-11-01 10:09 7,680 ----a-w c:\windows\system32\OLD40D.tmp
2008-11-01 09:58 7,168 ----a-w c:\windows\system32\wshnetbs.dll
2008-11-01 09:58 7,168 ----a-w c:\windows\system32\dllcache\wshnetbs.dll
2008-10-31 22:18 24,576 ----a-w c:\windows\system32\ws2help.dll.tmp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-04-16 04:58 2,402,550 ----a-w c:\windows\inf\SET50.tmp
2008-04-16 04:58 2,402,550 ----a-w c:\windows\inf\SET4F.tmp
2008-04-16 04:58 2,402,550 ----a-w c:\windows\inf\SET36E.tmp
2008-04-16 01:25 905 ----a-w c:\program files\uninstal.log
2008-04-15 15:09 24,192 ----a-w c:\documents and settings\MM\usbsermptxp.sys
2008-04-15 15:09 22,768 ----a-w c:\documents and settings\MM\usbsermpt.sys
2008-12-14 09:31 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-14 09:31 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2004-05-07 19:31 348,160 ----a-w c:\program files\mozilla firefox\components\MSVCR71.DLL
2008-12-14 09:31 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-11-07 16:58 139,264 ----a-w c:\program files\mozilla firefox\components\SABFF15.DLL
2008-12-14 09:31 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-14 09:31 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-16 10:55 616,448 --sha-r c:\windows\system32\cygwin1.dll
2008-04-16 10:55 45,568 --sha-r c:\windows\system32\cygz.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-09_ 0.12.55.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-10 00:23:21 16,384 ----atw c:\windows\temp\Perflib_Perfdata_684.dat
+ 2009-01-10 00:23:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7d8.dat
- 2009-01-09 06:07:39 1,671,168 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 05:41:51 2,293,760 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-04-15 1103480]
"RefreshLock"="C:\RefreshLock.exe" [2008-04-15 193536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-07-09 1150976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru"="c:\program files\ABIT\ABIT uGuru\uGuru.exe" [2004-09-13 1695827]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"GuruClock"="c:\program files\ABIT\ABIT uGuru\GuruClock.exe" [2008-04-15 4489302]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-14 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 c:\windows\SOUNDMAN.EXE]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2008-04-16 c:\windows\system32\HdAShCut.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 c:\windows\ALCWZRD.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\MM\Start Menu\Programs\Startup\
Shortcut to ashDisp.exe.lnk - d:\program files\Alwil Software\Avast4\ashDisp.exe [2008-11-13 81000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"63947331"= 36c08e969b78dd676c231b06f9a6348d0f12bb5347a58f14f8d10aea01f06de858c9ff5b48e526de8dd40cec156aa5721b947ab8da19c02e4c4fd237a230c7d40e3236f46dfac3ca45747e0659a6a0b32bb64a52814991748fd03453b1b3c15beb3711ffd05d516a94645cbfb350da520c38a799d9561ea5a285c21bdf19dd84928f9bef3aeeb0f1b2206f8ee5aab6fc291daebbd812dd666160fb063834f949fa908a04d5dd8fd76b386b89cc241bf4c929c549c35e275b4c8d61d7fd48d39bf8fde7e7a96a3cee0cf0f6056d40a52531ce1a7479a77b2e6b17c3772b6e9eba7dc28c8a7ae53fae7d502c35ec0ac80d1481e84f74be728873ed1e95f5c9d3f059d7c322bdd4f4ff7c96ba616cb6e3b385eec0da8c66589e6d66597e19c7ee8c910d051a1594b64648ca2bb56cb464a3135c3990c477c0d01bc255ec446ed95db87f45d2c517c1288815c37be37da8d05fc14da43ba58aaaba505671dd96817fd64cee49527bba843a8d501ff47dea0735bc7f290db10e9a0063684c5ad927630184c62026a28a220c1f1944c62de101abd30306b26f1f9a8ec34c58af75cb45a8c2736ab3f3a902d469b0d3f2475b79d0260ceb194c1e9ff7dba174e3499f66eec793bacbc3a052f502de8cd5317cef0f9202931ebbf5e1d41cf940189cf8e28e4c0243787b5aa592a5c4fc0274c754a8fab4d92cbe85aa1319432976f01b44da221cef3f1adc4e5257fd4277ba4aa3f13b5eaec3e1acf3e036567b51a85a41b0e6fad02fb86d9406abd5bef3d27170fcf36a9ee383658e4570b1af8f58073f3cd6c1c283562b134d81202173b486de97c0a40aa3a9771a4103be88d994c90f8c28b9b1eb6e1f46f02432867e033909866b62505636a3138f67a2fba88c7c07ac559cee40143233faa88ef5644186c853cb143c7db0f08014b23a738b6d2674711414ae9c2f7bbb3d75a9fe318a659761479650a0cfca42a3af9f0709d3f79a976d228214bb5a3ab102405570ff43abfe5292947e6e4b4790684eb794966bc821669d53100f6441888e22e6e660b45cf5db5766de2a9c6937cbc50048d457644f685a9698f156da4d13b7cb9569781397f2c2f95fe50e28752d573552768731de69d4087155ded3f4d3ae2d9e97e6207540ca6af41949822a63c3f151cec286581eaf097e47b7c7bf27c4648b24e207a66ca482834deb95cb6e5cd9a1c39e7126fcc92b51753f84bb4332e7415f53129381fb9ea7b6d4e0168dd0569c7cc6dcee04591bdd7ee7253e1cfb8e33220341d81650c7574fe4583f13c69daa7774bf2456dff0f8d7ff144c84c69001f07201a1524472e8f32682932a3aced83dda6a2fe3a84580453410f21589d42236810b33ac36fc558b93c7fce1efed98e0efb0b6af772eeef457e1795e10e52e77b27292d1a5dda89373592fdc990b70c708287c49bae247b1f14f1adfe014b4bd91f9ac33c2bb17b873bdfbf9d8d5077bfb4aaa90f477e905823b1da1e4abbc697bc0efd51c96c5751ea79e8ed22f6a24a8d038e5a1e2ea8a2e34c6c01d9620968a41ce78daddf3ac87ba708b2000d294220a2e397897cce03ec625b6ab604c92fd3ce3ed8998f3f8c1bb79e7644acee6277a8517890d68a4da50d30df5893e42f018fed0400ba493ccc5c01e8bbb676cb2aae538f5fe731b95563d676665221d6496504aef3937dd4a005dddce899b05811cca2cd571170f0942d2e37f5ca58e1075de8150cc743bbf394e336d4e5b4499f6c982ff943e985d23faccecf6d185498e7ab798bf82e62147de10d4096bce5fd6ec0139745462fe068c6f7d3a74e086e990ae9a8691e18be3f85865fda7a21a8385752305820e589f9947a83900a405671674c46988653b38ee71311bf6ff4036301358f0c23ff931e500e8a160da15b06cb3f5349cab2f7e873a8aeb00d2ad8321d9f9740d04dcc28b5fca86706063bb2ab4ba28c5c097197c3ffd451e8f2880a397cbaa6af508c07da94eca5d2c285c0dd605aa105ee095419d20170ba64dbf594b6228c61c5789225eee631c477edd21e7246f0ee1a4b9e1299553aeb816480076c74e1c71dd63e98e8d8546988578c0b960fea18402d19405c16a92174284d03ecd71a0ecedaeb99871f13a9a535c554b39091dfbdbeaf2deddcb57cd186339c3130cb333aef0953862bebf13cf6a5e35b1ae487cd3c8eb56402c34fce090b9cae08e667d210dcf43e8c6f409358243560ec537b81bed47b02a7202e79984f79f544693b2794c6b013a1234c0fd7cfdae3efe584e2052138a34cf2fa6cba36ba793e75c6e6f9d545ed9f855cdae626200f7f7a8a528296445390c861f77ad012f49d55498666afb9f2ff6c51c9cbe70c4e60831e11e036ddf9bac302006008f8d93fcd5f0ec6df3d2dcd7df39bafd589f7095a39cb1cbca8f14e5fd0fcdba341b76062eeb9ea0c070482935dc700736b9bc5f82136e3077ed395b256748d4299511c722a7c1dc2e9be97d25c7cda62de8fd7ef0b12846b773e4d66d78da0fff9cb326ab8c89d5f86ad0f495386e96bc34bf9e8d067183ff1e72fbe7a72b85d2836ef7ffb0c1ce65c66b72f39ea01453696130833480774a12e60fe3bc98dcb42575b5203bd3d3afffced7c92362b182a9e63ecd0bf189ac2679c96ba1a8619879081cab495d5a832e212e7a753f706450f059b87466379686158cafae23d5a015e9fa9a1270f53432eef3944db2e05e5213df0837256fc8fa059b1e4ab53b013318c2645b9211f6f668ca43337b836d37884fb64cdb477d91db59ad45c43e7e36973cbde97e7690b8e79b94f0c223b08fe0818db393f7eda5f38eb6d7b8c51c4d0662440ec2f5da0a6534912529372476facb56d31f69e2fcd40bcb7fba8914223d3adb8de73b002da32398732f1242b7a14c43430590a06f10df1c37b292df41d9e6438cc41c5e0cdfb5a56094f7c83b4339b69ec1814907e73646415f5c67bff3233e4bf38425917d2f7b6176ff494ec3d71b326cb6041d6b8ef0d04f7eb7b87661e21d41b6c62e8b73216e4364834bb78d63af7c6da297fafabc722d99f194fdd7744e3c76fbad7ef1075faa5d7609f7d4df1268da93a51f7c8dd6ca8f5872c48ca7590ac76bf7dfe5518b8b83f30255f9e97c5d4d49d985c0ab5e47c937336bd0fbd9f83a1b6c2f024a56730d550c68c3e9bf93c80ce653fbb943204c542446122af8448a6020689e801f310c6d7747456256e47144d9daeba6e789f0443ddb76522b924b141cbbacb0c670376fbb6ef7fdd31269d30414e674cd9499169bebd370860e61c6fbbd7822468de2f5671ef4cd706a5f8090acbec663b835b0d860e812e03bade3997195a8d9e7c5518df4aaa28c1d4d3af9400c7716b828d5926893f4772399413ea550431f98ac31d762c07aeee8b272602b99ab92561f2dc15fd425de603aae627084d446991f6f15855e2e140b74c401fdce88010d14b58fe25fd2aa801303016ed6f7630772f8b96c37a35c03fdb5e2c94f70889c1f4237f21a4847c6cc71e18723ec6a4b1927681742779485b5a63b7096fe90b7f12d778f3b32264588b480ca6edcae8e272c743fd887f7478968535d38f297488d30434253e738adba09628bec8c5d7ee1ef7391fd634a38dcb2e86f32600a2ce413981a14faf604a1fde9f24f5cd62c2cf3a7742c096081a59088584bf2a712e1eb6000dd5182701436ce2b2d8d7dce607485b54ce7e30ec36a22956f3bc7863a2dbaeaddc1abb6ba38234c9a764ca91ef7d156e4f9ff7d27c98fdf7490570e1a450e0aef30018ed6f9f1d7766f932a982c6450c3679cd27b651c1dc63e68469d27752300a1a07114cc41b2bef7e0f7a99acb70833caa15c5f3abaeddc03dd9159ee92e0c2384bf2727e3d6e7e4d4639026f651bd84dcaf89f25f16af47a68c0e346ff84c11d736c1e1616f70948ec04598df307d332c2d7908314b95606b040e98758046ba5e419a69587f3241ef76c1a1ec1ae2f64468ef3820af806aed89db1f5236bccc1ad114141d42de3d55e11be87f321d49e1531f47fd628660790ad7b4f3d2f4be70664fe3ff4bc95ec95a59a8c3a9f237256a33eba9eb8cc2d71a89aa6f4bd4d36eeeefc5a809f43f3442125bfa3ed1550cf94a98effdd291b814dc6e31d1e4b6bc6cfe2e665afc652e71126b91a2442d6d0395f46a666636902da394080c4e3ab6bac4d24a1ef4b625aa1858e62e51366949c8402b3fe56c77b3af9128ab13ca93097699446f3dbc4230ad07275e9fd8200d551d23899816d8b0758879ebc5efd9043a09eabeccb313793b4ac33bed467b9cabf6aed12d8ddf1ae1da431ad34581ed2ed5fba6b655d31bb9327cd5d65d640096333446491e27fc3678fefd486d4743477c39adfba665761b00a304f1286466787b8e54f4280656d5185d793f8d0384b4c28d439b3afb5703ebd69acaeb38dd2b1e2047e86b88327a27a751ac71a039c4f5db568fa47f7285c7e375a07d532b9563151c7c6af531d60fb2cef071d3fbb1af2ee040278a33c9ba267afca2329608e9621705597c2d28f5f915e6a2e5f8a676c72354f228f1037f488bcd8d30bcde87881bf1d70a70740133b1a21aec0fcf247f0619d8b23973471cb7dbffc079acb0b7d40448eea9327c5ef602280c99ca28cf567cb44ad6d4561984f11c34f5999f20db10df2b41a73f7c08a085f1eb43b874f3063049e12f08a1d023072eff0818b8552ae0da3bd446e838fd3632046029870e86330ed0c1d0bb79e918728a334c8347a0f6b3184c7272c1c361c5d72f8de676c6645324e0e60108b6772f31a5778e02bccf9661b652781f38fcb836159be019de103c52e9ec1ec8f67e0dcc5ca43723cff150b4a4251e1847094a24daa0a5034823bf9f25ad14fe824a4a3bbd4f34137518bdb3e752352a757320be5f33f73f064ce9cbec11b3e80ec957059b52f805753abb6f379a8e3e624cbe9146ef60b5a3939ff077b988edbece86e08c03943ba6c858db622a6de4a070628d723f3433d246ea755bd3e697688dcb204c607b4e6522b77b3892b6d9ec25af3deb765a7f7a8751e46490e724eeeb6658e566e54d5c9d28b26799258c91a85f8b21bb99bd716d03681d148e00de00c91a342e946e46e62e64fb2fa8fa6108e0a4e07145ccac5221581dc85844a1eb6af51f3ec20a4ecfbeeabd13b0b0cc50476fff934ae7ffa1a3f1f9f1d5c7122aa6f873fbfb259444afc76431304cecaaf527242d6a58e6b7e2ddc647f68aa883dd381956d94def07120999018f49b9f9c1a70f7c6935501a35526bea36e68a9fbf80733da01b5418293b1c79db060896eb231a012cd01bc751ec378d7e815d57199dcc990980e2a999b82cb0b783fdf6b40895d7537369a8ddfd1b6ad7026c5f4a2808a06ba3abb8301e3386a30457d7370c0c21ed224c7a06855432908e172988499164113493447e2e7bf9c80b641d8b69d5826d5aa04d909a981b3f493883b3e3cd3dbdbb10529af064c246f099319f9ec8900cac330cdd6481d338ffeba094877669d269b76b5700ee71abbee78905b4887cc06d3b8b8b963c6dcecdb9275442f54e6daa823d785509338bfc56f4d2634c93af66cb10e7c228fa24634e816c80985f2f574a97bb7362dbf16df96bc7ab00fac4c5d4f8cb22ecebedced28c2d3f4ebed92bbd20291bdb35fe164bef96fd6a79f1f8e13eacbb8272ac6a1410a71c5e32ca888c74219c10d58c3da5c89f25457f7f8991ffe6561f3f79d80935e8a7bdf99addd81025ead6489d80ac884715e26618c53ce304c7d41f8cdb07dedb98ab13928f37acf370f727c9aa83a46eda2c74bd4033b47fed5c26dfdaed0fa42436dae59cc765e5de1477d05ffade6469df47a1fd6705cf7eb9985df708a32aef09b1841d46c3d545f298eea534a99454956f0a5c77b3eb2fcab5c6d192981b6ee3b63e8ef576a6cf4aa1c12a0d4410aaed2124665af2c536c7ffb02433bc7c8ac347b0e3ac6aa374b919c216b4072b3f5ea0456ee9dce5675e88e048add6e4dd584af0d3c90e87e82d1fff84cefc87dc806fcd127357360461b3813662355de24c45c36d01498fbebf7dc7c0bd2d061ef0f280c4d92e3503ebf57632c2d9f9378826bd9364a61845cd9fe9573f0f5dcf5abdc59121971e1277ef4f6db1e7638f673e086d36f565e9f7ba21506892baa362bba850a8b80ebcc01398810b03750c24bd6d6a128e40d6958bb29aa08689a5da46037853fd40c01cbc2bbdaeba47042e057c814623fc56aa5e49ee8830fea786e857bec2b14007c0116a828638fd047b796f3feddfd172b9bfe80a8149fae5961aab1d2114189f14248a6314a8cc5e801c517361e25db600c46136e561755b00feecc44ec95ed69786cedec99bcaf91f2b7f9696da94732d380d591d842f0b9aa1c4f1dbd9e3693401a53922f5b466c2f0a07d7f580bc302283538ce0fd24412931f2c63b5b8607dc22d46e82b32eef45b7f68896c11277f2e8bb4b1133a6bdfdbf1bb3ba5b8f1408500f2674a4db11a13503ce938845ae8c9a7083e3adb93f8d138e30a34fd11f2fe60022f11b1059543fbc0cb1f90d8458c2568492814f56c813647b22e2a71a146254ed7a67a345dc833ae101d26491eba9b143197938408efc3ad166c6373ac7cffa6a06cfe24649e7bd47f456ddd98fd2aa3b0e51ff44e4a0c6dc98cb975d7b51ebff0b7c0aa764de5041d7e8e28b7413d0b34a992cb7aab9d525a7772c98c1c0fc9fd6667ed599c71326ab352ff55e68ec6ec881f7913e0b5e1ef12b8c6eed51ff26c07777bcece97f72b1c16650f92abce308810cd0be2f5e4b0e722f1962e98ab7c9f89ead920a580ab516f14f77ca9dd337f74ca2a8d88e27b3beca7b52773b621fe1434c2d96e874078515b42d4dd33392ef483cd654ec0aa328a6e369efa6a58766665868de419a535a6f37532a8ffce23eed4e413582c86db3d9e2db74f5633cb9cde7cceeb857c54644996f814c1a47e475de5ddb725b01db5dbe935007034fb087608f4ea782a9d6d0b97a3ec8e1b9bb87d6d6c9c00e701d7d831f923203127c3abf16414bca00fa06e9ccbb6b8e565ccf9afe43474b10b5cca86ebe3a5865b8b3cc652cc78b6d759ae93f14e0315d4e267d5b124a4e4a8530b35370682b94408d2cdce94d140c3fb8a1360aec255d933fc479cd1e5b208ce72778299da6e7496c576f15616a3be11951f8882bcd052a15c2f3763be188e89504045babec38b75d9fdeb63a2343aef7792c8a5c7f1601cb58d1d41818b8d678ee359cd466e30386bef640b87c4ae7158a3b2956be3b780bb6978752382bea6ee85367f51f3ba4729abba5d1aa8ba02df704cfed81a21bb7fd11e3aa9bc66733cff7f328327ca07ce67d847dd5be9c035ae34b58a5c969b684dc10e35df4d1f5ce49ae98485d096566e8bc486a485b8b60be33ca17e5e9e1d24b5c30b44a7561c61fc4fae5b9ffc972fa996eb417a52429890176aef2731e6c12b40467943d8cb39080125e337ddc6f3ff64d4c4f026d368990a8de775f34dedb7a312bdf0926ca9ce8c5bcc991a4446389d591fb01ef5d4f85aa41def5d41b8d236e08a071c781d63dcf39936ed744b41c479246b0c1ecc8bc19cd32909823ed9dbe7594f5551e1b6a0c9929132e92e8222850ce7965ae56f7262a8361ad83e3f058c1bbc858c4a2909fb0d52ff57f9f7d3695c7c82fb54f13344802fff7b140bb82a6950b31a94705b3fdeaaa541a90d463fd40d605ef041851c57439560b807e5c875b1cb45fad15d271144a39fabbf0dbad02a1927f96f6e771ef4193544663ab86e007ca8d1c8172fd6c4554eb6e2d93d06285455dcf9fe3865146681e9ff50af8ca43a3c42cdfc8ea67ea97325029414f6d412c5a14616c4d659a247c904dedfe5ef553692bce72cb78a89733311b5b634071dcc3a4ff753509ada3f83cd29be60461e698ae4f17913e33177486f2fa436df6f35a76c21dda4da8af7e6c45a211aae7e81b8b404f3a7fea161c7b12b7685367e8bef299d32e462b5da8064e1918783c83d3c25238b8f69426afe852af0b324c41e69c15b48946ad5d88c3b324765e9f13feeceab158e18a45e169a2dbd134edaf7e16a1ce4fa07cdbeb05bf27ddf94ae93dba8ffa887f8ef08fb102960914e2acc0f747b8c34aab7783b73d6bb5581ffe859f09e8f2a53abe58fa4d939ea94a0618b576468f3025da86ef328b2b751580facb4e5adf01d15c2f4b5dd2b8461d4740bc469fa9961c0a73456d17aca45b91f20f3af110091b7fe3d88cbfafc8d84c3182faab61514390f0e2b9a9d5bd40cc448cd13f78af88969d7783f60c15740b99c2259d3490b568ba89b283626871c90d4ada65eb88b446c172cb1b60c377a412304f08d81f9d58ebdf243f91752b4bc2a55977a6d936ec45e0bd606cc00d039b2430194a4e0d08a6ad6481f28e31c0230438c7d3718004fbd3de92fd6332335700413af726c652413c127846c6701479ebccaf4f9f341828a69bb311453cd6e405727d1b791bab5a0177fa92b03b22524b5093547fdb49c60b36cfb3afea37f341463518c768529b4a820993198f69345acc8ec1e0892bd72364b06a166bb3a18c05d969b62d5901d268cb94fa3936178610483214b8d6bdf8593506595f2afc495f961449b3176c8ed3145b8f9eac702205edd639abb50a354ed74e9792538d8a0caffb1106e879f80982a37858ceb87ff86764d2a620366b456a773b7217610b255fc07e75dde81ed362587502b7d9fd4edef4b48779f595fc9f9e93284fb7c33add3697ea9d610b532d075954b139fd8c0ddf22806c2429efeed5fe5c4446163eac8095879972590edffbc0832191241dafd8ae28c83debeb99c3e9addfcf6abf75e5976a95f47323240bef35d14acc482dc4b724d572c570c510d76edad4c557d60e84b2d872e4d1f8b0f7dbac7207d1642ae1b2ec9c4bb850b0d1160597ab224a79d20dc08b1b294271d73c34f40446c5073a37540994cd51bd21d4f39533fbc719a5d29b70c9f2a56a69a35ec3e3cd483e321d91d669263128cb694bc63abbe686dfe92e9bfaf7ecb96d83235e4ed84afd767f889662e64191914055a642aa131d44234a1d66aba6f1432ca6ec17daaa40884e82ed04d8b83de0156442eda5a2b9b2791aafe95719373f91798af59467edd6befb8fe433ccd43ed3494c3dd50d8ea3ef9535909cb0453bb11764f75ab80a75852390d21996aa4e86a5b183b3db0212c9e8649987aca40a81cfe048193f2a70546f65869df21f1aec41cde2cd72ea9ada1b3adbd2f4ae31e62ec1aa73d7dd03ccc10d46c6e9a82c2afe3c1e129502b05259c550e632ceddf4cb93aac73c276507e8d4cf8530c5f6b6c015847faf5e43dccc4e356cc81291080d33cd50cebb273528ed12ec2778f5f78b25c0cd70d57510bdd1618a96295418d902a9fd8d3f12c51abf75e930c3a99ddc39d7456c72c60bf2285582d546d8cba8adc43588e8f18a8e1fad3a77246352b489154afb93dc5626708241b7e34f721272a24c0970b1732d216281aa66470b99b69ff5a912481cc190e59a173ed20631bc760d79e99a5b3a350d4fa7b6e1034c5a332488a535fffda8976e56d6b29fc4a60c18f72d99149b393cbbd9fb837ede77fd3381d7007f5438f521e1c8404ea362097696f4c98fba6e3ccd510cdeae52969732c6d5276622f66abfd481484d5f32b00a9a4c2abd2ac7af686766a90277ddbfba621d0b3b39ef9f2d8eb10c64a2ae135915c149b7eaf94f42d1cb92d0c3282ae9645fb1062a02b036e64169f8f2096ae836d3569f0b2f93b96c36a2f7646b3e43c8dbbc627bd9da85026260e7ffa1257b45a292273360be877ac12e2709548cad8c67661356429065e57459ee6f05f694e8634cddac26c17a912ed698b7c174da83c44d226aa1653b9f726979eb3ab789d618309b4208faa7b6dbbe7cc6b2dff076aad4c069a47dcc3d3702f3fd5b0bf70465b2843c5a2549c7f24498dcf231712b2ae89c1458d78b2e091e833f39dd48881fd4b55da0caf6fbdd50902a0b31e8054ecf94d7feb51dd7c2ed8c582ee3e367e92725c5f2f143130c314e94b6540378d4e11167bd329d79cfa2aedf49f2c60906b4c93aef80b4cbbfb99f5a25792bc2936e8064749b604a8e76588fe95afba0f43f7736726ec5df04989d6d5eca098ed969b9c750567380559b1fa22a6dcc12a7650fa9b68a9864cb470e5ee4a237af3b56060e8fd542bf75c05b95cb314c6692a20144540e8e3605c599068e6ee0478f51c60c921ec208135ef9344929a4cb210753dad3e328e22010dfbc3274ade80e5d4e9fa97a237634427fabfa376e30ecbb4fa638ce252fb2869ecd6262b9c21a275a647eaca5ef1a00673e3502f366c02f22b32910c25de62c06dec416909cd69a1a36a83976d7b4146c01871d673b5bafb3f6f0a848fc1054d4fab25dc99574dfbd5d6d88d52b22d34dcb30bb7ecb7569297d76a8861cbb97e85eb7bb07a8e8367ecb6c30fa653fb7d9f819feed94ff23ba14725a8310d7e541f5996bdb114bc971019c4ef8f3f3e567b8dcf0238e092cc5cc9fd11aa9931071734c50f2f3b79a37f1e185d56a6051ef64377c1dc36d245850f1d621cc4260158f74fabfa01a35d34f71f452979e3e22519190922ca735fc43c074187028f79c8d35516ab6a4342d6706358149bae44f14bddd93c24feab1a5419ae53a5f2f2ad6c6094cd21e1e0c0dcacd4ec049a28f8eedc7997cb17de694e3d108b6ff22bab4d6f2c026c5ce2df73310328cb77f0fb42a6d452075ce613ba2cfcf6a58b87e50c4eed351f5d842d3f7e117459ba7f815069f743d4c67572620ec9e49ed244d8c239dcb8553d4de503c5c001a3f89a80f2a6edd3c249245c8d8066d27d7e83943e6f89dfce1758f695875840cc25e4565bcbc25e0202cf9b232e327d7c7d544577f66664fe7af6fc7b1590b9a65d2d96d07ad9e647f7c9762d558cc2d2f743ea4834b833889c6e3e4b0b89a057e65e6d26f856777cd24862578fdd66757e55c41594a73bb19396f1c62aa1ff89f9738f5282c4605a902e860d19ac0423730e617ed0ebe3329f116818eb2e2182ec4b45830627228e05ab347b249568cef6ffd12e1dbf634f62a86c1cb0980dc3fe6c05bfda949ccdcb9453af53f00cf590c87233e2f1836363a61b5e4c0ef1d146a921c1547e5a53025c42ef78676d17c31d67cc761bf64182724bcd731962eedd80809a623e4c86bf93d0348b3eb8b9c21f00db04c0b7f6fa2d394e1b37c73fa820960a0a1be4676da3865813b32b81178746ec5f428bd0dd20a1be44d36c41c907c486799b61092fab6eea5948ffb70da78f821df099660834ad74f39253212a55d5cc55ae5a3b26576afa2abfc919915edac165c0d506ee2507980c4b2ef1cee2ad0911f6119a3e79b8cb95eecd64c58d2af2f263b0a128ce7ccef2fda3cdadb5aefa320e1575e2536c50ae04b00f9b46d733b9079e21911fc1b64823c57336d56e9f4e6736938365e9577612f3cd689aea72782999f114ffbcd19fe164ecdf51513239af5e4fe3248a54a232352d2e954bebd91b14c36ac53c41eb742f458bcaa27b5d98e4786c26d11ad7078f9e541a47b9acdf53592aafd5da253f038ec30bb5f098b957568887ced541430b0bbfb001d7a48a0df938e96df9e25360b0fe9efadad85c9ee705bc83a39a22dfda31dec023479f60fdf3c4852eac62e41ccfce1bfab673f83e32f666e125557f24ed07b85fd7c84a8fc1db034793fdb56bf59251e97cb5ebfa153de1bcac974887b34b4b2bf00cfb0f06dab3c3546c3e104890746b731ef0ae3245eb458dd8dfddbf027db62bd999b4baad6f76d140b18b8a89007b2996d3dbff82bf7793f56b35761f2075c5a766cb09aa924cff733a7e05124a36e70b1ca1194a8e7605965f2b00d8c73a1a6072c06e5387f433baa1fe08a63d9891fd27a25334f48260ec0480d8e388cfe743c1e40e44506ecd4a29b99ce311c554d2dee3f11e6ca7f8ca4d7d48eaac0c7a3c497cf3041b95063e61d00f261e85aeeade0d94516bb342b3ccc69949a4a5195f0156125f894ceda57d78b1d04798ee9c8a237f581ffc763d32b91a9c33d731d86a6b351a64103162173d01da3e426c67b6b3228ecbc1fdc5f7d6225d5759477e60d3bb4ba3ad1c6f300087e0717882bf8cd933b9e286e83e66630bf44120125574c5f9c4e980ee3b94f3f056812e17358fe9a510a0b665cc19915627e41e2a647e23267294ab9667665f000a6839f1b972dfc7455b16294fdf3ad2baa20c57508b30ae465627447ccccf1565341419e13d2e21b27ce9d7113a3f1e7497bb74ac6690d546e8a4d676d97533fac604c67a0d6f90591aee77eafdd3cb2921554384524113c7bf1a1ed66e82f94885392e0a660ffcde4e41517c3ebc52af5a15c94ac9f4176a0a5362efced3445cabe66db8f7102a81e3cab0b6b729f30636cd64518494cb10fc1b647a0882f91cda0b14c44441ed8d4972783d251c7cdbf129eaa5074dfea6d867f2325eb6522f96d590f615375c2d62c2d700a35e3ebba6c5d05bb846f8a932f9b120f17cd2d18ef60bdb7b5b25ad44204ba1c13c3b0ceee8fb78a70e68bd9cde0b6cb4662f6b2d6d1907ac92adf34fa298f18b1db93855db5a57bebf087ed690b6b1141d9695cb541870b79bedf52088c84ea327e74af17494c1a4c344f2ed57b8a8f1893b72be8b20f7d0a4b6035c408287920946db93a4a98a5ae2289969619a081653c24292e8b9766ec4044ee17d02695217e15fae8d516861d3236b0290b51172a0a411a2e6f73e812c085645bb0ab144692dd3a883d3f0f72cce7f902d40b57cca602a8837392301a87eb1edcc718d935c3bd7c86ceacb0b735a48bcc3278676230107030fc4daa742ade31efd9b379849c71cb5dc41319c1f148cb52288f0c4d7af66e2c7f4f8190f0b82c5c8e38c1727050a3eb1856322f88f1a1b83e68811cba861cd1fe51bf53bac0b89f796acc002b156f9e4ce579976b58e7f0776d20b8e6b9586f1c7ac1d49ad013423c5123be1a0abd84b802d907ab0e75a5598de561ac9177b2fb89e3048adef57e04ccb2934c936f584999d78e7360448e349d828470ae12c727b32195ee3b7ff9d75361624f301db914355d1737cd8a47b6201920e2d767bc87b92fea2fb96eb2329a5d8a605ddb305744727b3edb298a6881e03773e2fa21eb1d8e711028e4afb99a0e11f06dbd5affe9c5fb2443664f524058e29b4d451526ff59bcced28ce161b9b14e2ecda37e9a7b3a325b09a906d60a6d8deaf5078b701cf90420d5d8e0a5183c19c045c2a13ed2e376dff224179d3eaf5127edb946531ed0ebdda93baaab714d3a18744c11ef11c12b26e53f909c087e208897b026b8e86a2f6845c727f042d763816a5c3066bf749ed485d2be213e1be94fe207724fa11c2413d2af0ec30ca5254e654684ff10241e3f66f5aba415dde0e20931271928f36d3e3ac7c4b81939275ca676d6b55a54b82b6744adc01bad9e58f8667cd2b048d283827cb221e8d413c7834ce0827626218210b3e78b51896cb1cd1adb54f0cfe82d6054f8ae282e83c7fe9fad7cd4725ed49f67b4fcc697939d3055ad4a3f4ecfd81e9af2d794f8657ba37c01cd72fef5effe9019c2fbc560efff36b8214d5c8e2d4fae91a8c35baf41e5230268aa8d2f76082ad3e9b5305491df9343176d3eaa6a75a78e45e193577666b0997aeea2d63fc92bbdc39e44ef49562de16e5e0a1640e183de52588cd0f72d73d2758174e769b7878e7dbd204a36c54aac972b211511fe2781a50a7b337d5f9cf52d2bd4941bc45d153d9ee162e59ab11538d516c74e144a0fa30d0275a984a19076c0a1d4debec46574a57456a06b51648e4b8131d0cfeb7a8dcf7d90efcfaa4cb2eacdb55dc583d151751e3bfc18ee420592d78a9fe24e350d1a1815c235d8180b3f9082dd38a225bc5e70471382b6f2775cf310c96bd67cafb99d8521df5c6c90f868e255f7d1815a65686e0b8262cb5c121f26b08e952e015b9976a1a41fbe9c1801ac6a362db171b0a74b01e01512286f05581aef00759c0db9a1e9f1d768c8b827edf00c5937969f720fc5f0ac141353209aeb09d1812e0ac5ce66199f6167dd2cc682f1ef8740b8bf56323ab6a15080f5494e81d0928a88c362c38c4f7057c5b651dcf0d29893cb8f2f63d3a0fc745e67210ed98f7935804087da8f538a87ec0c7cb20f7f5553e76df258c37867db0a59518f6a048b40bc8af32604d6f2ad416aaefc9fa694c45919875c012bf29515932987c7e51b9eb082a4e3c14a0789e5553af04aa2ef19033f4de0c3f5919ee59dae37bcb72380c65df6a0555fb82b69616936d593dff1682ac1b9415ab52d7561344184290e5c8afb82267abebb8cf7f85e1acb95248be051b3a55d84d4c21197fa67de36a7055ce19e1b0e14257158ec8c773cd852288bc48c2fa8e8d01be5d10a34babca481355d3abf5a3befefc79748e3f5d16bdd9d6002716cfcfcf86f2fcbcc3d928d09abe5f1805922a912cfadbdbd94657280922e8822c5146b8185d3c7f0ea6e5e0fccfb5c182bf40ee0c497e462602f119abfde73a8ead74ca68503fe730bf2dcd70983572b2b590f75f25ec5e06bab01f6f97752f0eb987ad0bdeb7351a1bb8100a0dae321d6c6a05a4b0089220a97e0b00fa051254c9b3cb90d3030381b909218ced13729586116fe1d0eebd56d8ffaff2cbbb719577d8e7734819939b3532b449bb3ce46bb5aefa178bb0ee2a34fff6a6d4535121a0a1d1c2205bc54f16b6e2c2dd57122e77c95e0e143cdc6e3969df4479d587fb84d58d4fabe5a2df7489349c124bda893cb30f0c32bc3d131ba7f665d5a4d7e0207d6c2d5fa333cdf3bc1612cb896eb1da96b3ba0e768ee18267ace61138484e62f575b2b2101c7140f6c4b3f2792ab9ba6910c5caa534ee206676a33ff9aca1606b709e613a2de6ed8b07d8ce0b906baaffb95989d36ec6356cbb652739032c479989b2e753a66e5c05fa36f3b25e53803d05414cd5f051cb4f8ec65a692c441d61773c7489eaf1a4bd203690211bd629b2ad2b6d98130cb1b431a396de1939b945206635c91918ab45e1053f1d37c8e4dd79115d84f5c632a56d00bb5136d0ff80b40c3986393b47a51d46dbc7545e785cc2ab3edc6c4cb5c9094bae1a8a04617b4540140a2adbca90ee838d11b1053e7400ff29c9cc3801c045bbc2f97123ce49e4cf65cf3f2cbbc938b13a550a74de864cc41c476f109c58fad764f8b808bcc9767c20b992704667c2177abb671735d094ff36ba3cf7fd35a3ff3695b71ea93b114249c3d2f74f22fdb33849fcb2e0f874688f09b9a7af5651e87f954f98d1b34140b2082b0daa72eba554998686df57886e1e2736127ae0cce570762cc895b382dd330cb9794eb673d167d90749124aea93771caa00051947f0b301a47d1489a874d533ed407774fb86d8def55a07cf313440898adaa9eba2e30059f31bb65aabea347f17fe28d76630fad4ce9640d5af7fe3097163e4e12ebbf299d6e167c923636d8af782f5f20b7e4db1dccdd35a5eea094701af6c69fa940e45c0e647e4f4ff5dfa66e1268f449aed393ee961fd9666e35d6f6684f8287664588fe4d89d20c2b9955d8e7b75f63ebd9cbbaf1b634cc29dccd1a087aa077102afc50ef803440beee153998092e138243ece435b957da48e6ebc45ece33584c192f3fcb4960ab854a48cb4f348305f95c9bac66d3331c853859a26f4b9179172f5865f066aa9ab2e48578cdc1f3d4f7a400fe76a9956a7b817604267e400830d97daebfc03aa89604970162635b528f4d667ed8f37d208c9326d7d313d546eb962703d8d1a19d7ac2a643b8e553e816ee4a9e98206acca31ff7ee6b5ee5e9a7348e376373014678957b8e74db1ec4ad0028577deb06ad637030e277ff192f520c315036437cb3563c3d4de189efd9390ff0ec55733f712752b8bdf645da9ece614674d7fc982b4f76570fd467dfd19bfe80d2df6ff85b34350054e20d3be1f421c97b8864faa393e7d62b32003be8fddbc677646f0685d35988c4dd1d39b09c18dc299fa14428fce60434f1fdbcf7067d25abe0c933637b7031e82d823bd71d3872ac64c481e40fe282d4ec35eea23361530bd8a26c10dc1fb3d9470c2cdeb90c6679991bee72dc2bbeaaa9fdf96ea456017d26c9b46a9f1f127b517869a9116b33e9203889dcd83d044cd6bc4b48f3540dad4c3dc2b134c798825350d42fc3190ddf8d8e5bc509e53d3ab2c565c785700eea141a84a34f2756aacb13cd3a567fd45d7fc5304c1f85e30c66b074b7b37b46f1c72008cb07012f9addfae8ba90ffec6942ac70f4ea1960b2e2f0ce6a4b6bd123dcf23a96ef97b60af0e48664c29d4bac1d11e9a3dfc9662de341d5c16e1f961ed8fc78009847c15d86cfc28113bf6ce78695d0961c0073ae4946c4207bf27d642e9bb2e0419cfefacbf74769c3654b5f75cdd63020bcbe4ae4f2f6e32a3063ccae39468ad9e8d3e03987b0a7c615bc71274df42ab48c6514ebc4bd87642b17cece33cdd4495934af4628fe09fea9ba78e96fb321eb26fc5cf176ea4aff564fa35bca15bce17ac401e7d1bbc86456777fb7488786ae25204d8408c4b39b4a9243121b4c6fa228eff178de80d09d55baa77a903a07cd838543bf76bbbf3c0428576a3af2245c860aeef3400462e80af532ee19ff9ff1c58d0e51e73a15591005f9b85dda564679d2626f0ce9d6bac1bbe89532eec050be86c9230efc93f557f705a0f730074da782f5872e2a583c37b31625ac7c822f0b3df2d14d4cc252b36edb96cd02cff5cb57cc260df943726ad799a73e28ac762b45ec21d96cd8db8d738e0735535170c7f7119bdfc6498459379ac4460fe540799557ce4d169df9a7bc124c2ced64c6c5c707ab8f84c78831a6d589f3569a0ad4cd511b696923262346e20c6dfa531e9444a6fda6ccc2b11bc043fa427dcea78c65287a125ff4da9f5f21dfb016ea7165fdc2c45626bee373631300d010a
"63947311"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc3dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd1f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67ad38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932f5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315e9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc3879197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6938ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e9b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc82dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e629789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff718f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f69d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb9e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb37fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832ce558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5b7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd3802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba3210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0ee5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7faadcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574ce997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f8984a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225ea7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f549c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f17d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5ded36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9f1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780dff9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc747dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1bc2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d1b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b389f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57fe13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8f31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e7582101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08f3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2c1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77efc19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c4736573658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b062263fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0fb0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e8227929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a2287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c48cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6cc3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2cbd92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c95702d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1dc02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e611b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9d74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a88a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b7c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5cf539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc246cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332aa7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851aea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e519105878459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c807d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2dc23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d4782f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce66342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db195111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe8d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96cbbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db5410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f85d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f013546601a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccdae545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a691c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a4cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0bd2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a21d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd81db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a72ce5f514188ff

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^ .lnk]
backup=c:\windows\pss\ .lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MM^Start Menu^Programs^Startup^MRU-Blaster Silent Clean.lnk]
backup=c:\windows\pss\MRU-Blaster Silent Clean.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
--a------ 2005-12-14 02:14 208896 c:\program files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-06-02 23:35 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-09-01 11:59 3563232 c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-04-15 15:09 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 11:16 42032 c:\program files\Common Files\AOL\1226041669\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2008-04-15 17:39 1055792 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iNetFormFiller]
--a------ 2008-04-15 15:52 1732096 c:\program files\iNetFormFiller Freeware\iNetFormFiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 15:24 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2008-01-04 16:33 684118 c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-04-15 14:09 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite RiskMonitor]
--a------ 2007-11-22 09:53 1777296 c:\program files\CyberScrub Privacy Suite\CSRiskMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-28 01:06 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-04-15 19:04 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2008-04-15 17:40 1626160 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-27 23:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2008-04-15 19:25 11891712 c:\program files\Vidalia\vidalia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SABSVC"=2 (0x2)
"InCDsrv"=2 (0x2)
"RSVP"=3 (0x3)
"PD91Engine"=3 (0x3)
"PD91Agent"=3 (0x3)
"gusvc"=3 (0x3)
"bgsvcgen"=2 (0x2)
"AOL ACS"=2 (0x2)
"McShield"=2 (0x2)
"McODS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\snipsnipe\\counter-strike\\hl.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1226041669\\ee\\aolsoftware.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\WS_FTP Pro\\ftp95pro.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-02 28544]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2007-06-30 10752]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-13 111184]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-07-19 6656]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2008-11-05 12288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2008-11-05 10752]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-13 20560]
S0 oxas;oxas;c:\windows\system32\drivers\yjaauf.sys --> c:\windows\system32\drivers\yjaauf.sys [?]
S0 pxark;pxark;c:\windows\system32\drivers\pxark.sys --> c:\windows\system32\drivers\pxark.sys [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 Memctl;Memctl;c:\program files\ABIT\ABIT uGuru\MEMCTL.SYS [2007-06-30 4047]
S3 NJXSDNC;NJXSDNC;c:\docume~1\MM\LOCALS~1\Temp\NJXSDNC.exe --> c:\docume~1\MM\LOCALS~1\Temp\NJXSDNC.exe [?]
S3 PORTMON;PORTMON;\??\d:\cars\Sysinternal Complete Suite\SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS --> d:\cars\Sysinternal Complete Suite\SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS [?]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2005-12-11 3567]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-04-19 598856]
S4 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service --> c:\program files\PrevxCSI\prevxcsi.exe [?]
S4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-04-16 689416]
S4 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-04-16 894216]
S4 RVRWPOSM;RVRWPOSM;\??\c:\windows\system32\drivers\RVRWPOSM.sys --> c:\windows\system32\drivers\RVRWPOSM.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDrec
*Deregistered* - Winflash

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\ElMatador_Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53cf6044-688f-11da-bdde-00038a000015}]
\Shell\AutoRun\command - H:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb8e0a9e-689b-11da-bddf-00038a000015}]
\Shell\AutoRun\command - i:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - i:\directx\dxsetup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 17:08]

2008-11-05 c:\windows\Tasks\ZDAutoClean.job
- c:\progra~1\LSOFTT~1\ACTIVE~1.NET\ZDAutoClean.exe []
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.comcast.net/a/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=localhost:9050
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: www.ampd.com
Trusted Zone: www.howtodrivers.com
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
Trusted Zone: download.windowsupdate.microsoft.com
Trusted Zone: update.microsoft.com

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 23:44:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1965331169-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:11,88,c0,d2,22,aa,b5,d2,57,25,fc,49,63,0f,9d,77,23,d2,04,00,9c,37,1a,\
00,0b,aa,a5,01,fb,68,3b,d9,ee,24,0a,d8,65,23,de,30,d1,3d,66,f7,be,22,2f,e9,\
b6,42,da,34,fe,08,75,e1,ba,6a,06,48,5e,18,a5,5d,94,9c,79,5c,91,09,47,14,64,\
3c,af,f6,49,5a,30,db,84,8a,69,95,6b,34,ba,db,b8,6d,ba,4f,78,e2,1d,df,39,88,\
46,bc,a1,56,6a,55,df,db,0e,0b,bc,c7,15,ce,f4,78,c8,64,49,4d,49,c6,bc,fa,c2,\
df,50,93,96,3f,16,43,c9,1d,fa,21,44,b0,65,29,f0,a3,27,88,8d,4a,fc,ea,28,34,\
ce,eb,05,90,0c,fc,7b,b5,32,8f,40,c5,01,f5,7a,f3,32,70,82,a2,e0,1a,cd,df,95,\
f2,de,fd,79,eb,35,98,d3,b0,ec,60,b8,8f,9c,a4,4f,77,b6,5b,6a,ea,eb,9c,b4,ca,\
a7,5a,d5,fe,57,dd,b7,ad,bf,e4,2e,49,75,48,d4,20,74,ce,e6,e6,2f,54,1f,63,b3,\
b3,8b,9a,37,29,6a,cf,15,b3,76,62,1f,2c,81,e0,ab,38,6d,a1,4e,e8,e4,37,19,dc,\
d3,21,2e,53,ec,2d,33,45,c2,70,af,4c,28,0a,00,08,f1,94,93,41,73,f9,b6,96,03,\
21,65,d7,76,72,3b,bb,4a,69,e1,57,0f,83,f3,a2,ea,51,e1,9e,63,dc,09,aa,14,41,\
56,57,67,42,a5,0d,cf,ed,03,9b,5d,1d,e8,15,78,f6,f4,b0,fc,ff,18,e7,a7,1e,f4,\
cb,9d,ad,e8,43,20,79,be,a2,14,4f,b8,06,77,83,30,99,5e,0e,5d,f2,03,2f,c2,43,\
38,e3,ee,fd,f2,1c,c2,b1,58,40,72,d5,74,f4,75,62,68,02,9d,86,96,68,35,b4,38,\
ab,e1,ce,c6,de,a0,fc,b9,b7,47,eb,82,c4,e7,5c,88,36,5d,dc,ef,9d,7a,9f,30,57,\
14,99,f6,27,e7,33,e2,9e,2e,60,30,93,84,56,22,4e,59,ff,17,83,f0,17,5e,50,83,\
58,1c,5b,2e,58,07,ce,9d,c9,ba,a5,ea,92,8a,bd,4d,f9,15,10,45,09
"??"=hex:9c,1e,d3,38,f0,bf,5b,9d,0c,cc,53,9e,8b,05,c6,2a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-09 23:47:19
ComboFix-quarantined-files.txt 2009-01-10 05:47:16
ComboFix2.txt 2009-01-09 06:14:31
ComboFix3.txt 2009-01-07 09:39:46

Pre-Run: 1,009,012,736 bytes free
Post-Run: 1,043,566,592 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=4,5,6,7,8,9
369 --- E O F --- 2009-01-07 03:07:29

Edited by Mjay22, 10 January 2009 - 07:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users