Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Sirefef.B infection


  • This topic is locked This topic is locked
51 replies to this topic

#1 MSWallack

MSWallack

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 25 June 2012 - 08:46 PM

Running Win7 (x64). First noticed a problem when I booted and my desktop icons were in the wrong places (and medium instead of small). Then Norton Internet Security 2012 (fully updated) reported an error related to the Base Filtering Engine. Since then I've tried various things with the following results:

Norton Internet Security:

Reports that it has blocked 80000000.@ (Trojan Zeroaccess) and 00000001.@ (Trojan Zeroaccess) repeatedly. It has also blocked attempts by services.exe to target RMTray.exe (part of Norton, I believe).

Malwarebytes Anti-Malware:

I've run this several times (both quick and full scans; both regular and safe mode). It kept finding a rootkit in the windows\installer folder, but the most recent scans no longer report this.

Hitman Pro

I've run this several times (both regular and safe mode). It finds \windows\system32\services.exe and reports it as Virus.Win64!IK and Virus:Win64/Sirefef.B. It suggests Replace as the fix. I've tried this several times. In Safe Mode, it doesn't tell me it failed, but it doesn't seem to have fixed the problem. In standard mode, while it is trying to fix the problem I get an error telling me that Windows will reboot in 1 minute (and it does). However, as of this morning (and after posting the original help request), Hitman Pro is no longer reporting the virus (though Norton still seems to be stopping something...).

I've also run the McAfee rootkit tool, the Microsoft Malicious Software Removal tool, and maybe a few others, all without any success.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Michael at 20:25:29 on 2012-06-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3838.1658 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Zentimo\ZentimoService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files (x86)\Fast Windows Hider\fwh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Zentimo\Zentimo.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Ilium Software\ListPro\ListProSync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\FreeMeter\FreeMeter.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB: Ultra Recall: {c501607c-4a98-4f5e-b9af-425e6bbd5186} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\rmtray.exe /H
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
uRun: [Fast Windows Hider] C:\Program Files (x86)\Fast Windows Hider\fwh.exe
uRun: [Zentimo xStorage Manager] C:\Program Files (x86)\Zentimo\Zentimo.exe /startup
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIRECT~1.LNK - C:\Program Files (x86)\GPSoftware\Directory Opus\dopus.exe
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FREEME~1.LNK - C:\Program Files (x86)\FreeMeter\FreeMeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LISTPR~2.LNK - C:\Program Files (x86)\Ilium Software\ListPro\ListProSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send To &Ultra Recall (copy) - C:\Program Files (x86)\UltraRecall\Integration\StoreFromIE.html
IE: Send To Ultra &Recall (link) - C:\Program Files (x86)\UltraRecall\Integration\LinkFromIE.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - {7FAD4718-729A-4fea-AA4B-EC340A7C0841} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - {60D7C798-8979-4560-AF4C-2FADE1075EF7} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{12B323C7-8A1A-4DAA-B74D-CEC9CF057A65} : DhcpNameServer = 4.2.2.2 12.127.16.68 138.210.81.3
TCP: Interfaces\{C802242F-CD9D-44D4-A15B-0B0165AF8637} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C802242F-CD9D-44D4-A15B-0B0165AF8637}\1427961602441363236393 : DhcpNameServer = 192.168.240.1
TCP: Interfaces\{C802242F-CD9D-44D4-A15B-0B0165AF8637}\9434C45464D2E4564776561627D22374A7 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C802242F-CD9D-44D4-A15B-0B0165AF8637}\9434C45464F5C696E6B6379737 : DhcpNameServer = 216.54.196.250 216.54.196.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
SEH: Directory Opus Shell Execute Hook: {ee761688-c137-4b04-8fab-3c9cdf0886f0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB-X64: Ultra Recall: {C501607C-4A98-4f5e-B9AF-425E6BBD5186} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
SEH-X64: Directory Opus Shell Execute Hook: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\r78js6hl.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSviA64.sys [2012-6-22 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-25 37280]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-8-21 20376]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-3-20 788000]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-5-1 4710040]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-6-10 341328]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360]
R2 ZentimoService;Zentimo Assistant;C:\Program Files (x86)\Zentimo\ZentimoService.exe [2010-11-3 561824]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-6-10 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-11 135664]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-11 135664]
S3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;C:\Program Files\HitmanPro\HitmanPro.exe [2012-6-23 8828112]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 KSafeSvc;KSafe service;C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe [2011-12-6 452000]
S3 ksfmonsys;ksfmonsys;C:\Program Files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys [2011-12-6 21312]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SureThing Labelflash service;SureThing Labelflash service;C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-12-18 74384]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
.
=============== Created Last 30 ================
.
2012-06-24 14:19:09 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-23 16:25:32 -------- d-----w- C:\ComboFix
2012-06-23 15:53:22 332 ----a-w- C:\Start_.cmd
2012-06-23 15:16:43 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-23 12:07:45 -------- d-----w- C:\Program Files\HitmanPro
2012-06-23 12:07:25 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-23 04:06:02 -------- d-----w- C:\Program Files (x86)\Desktop Restore
2012-06-23 03:52:42 -------- d-----w- C:\Users\Michael\AppData\Roaming\Malwarebytes
2012-06-23 03:52:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-23 03:52:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-23 03:52:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 03:35:10 -------- d-----w- C:\Users\Michael\AppData\Local\NPE
2012-06-21 01:00:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 01:00:06 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 00:59:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 00:59:46 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 01:57:33 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 01:57:33 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-14 01:52:22 -------- d-----w- C:\ProgramData\fwh
2012-06-08 01:07:30 -------- d-----w- C:\Program Files (x86)\AssetCAT
2012-06-07 01:50:53 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 01:50:52 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
.
==================== Find3M ====================
.
2012-06-23 04:23:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 04:23:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 23:55:20 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 06:28:38 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys
2012-03-29 06:28:30 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\symefa64.sys
2012-03-29 06:06:25 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\ironx64.sys
2012-03-29 06:03:27 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\srtsp64.sys
2012-03-29 06:03:27 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\srtspx64.sys
.
============= FINISH: 20:27:14.48 ===============

I did run GMER (even though I'm on Win7 (x64). When I ran the app, all choices were grayed out other than Services, Registery, Files, and ADS. I ran GMER with these selected and it reported that it didn't find anything (ark.log is a blank file).

I understand that people who help here are volunteers and I truly appreciate the help. If there is any way to expedite help I'd appreciate it as I leave town Thursday night. I need my laptop and I'm going to have limited access to the Internet while I'm gone (and when I do have access it's via a really slow connection).

Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 25 June 2012 - 11:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 07:54 AM

Here is the security scan log.

I'll run Combofix later today (I have to go to work, but I'll take my laptop with me and see if I can run it while I'm there...)


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 26
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Symantec Norton Online Backup NOBuAgent.exe
Symantec Norton Online Backup NOBuClient.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Attached Files


Edited by gringo_pr, 26 June 2012 - 08:01 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 26 June 2012 - 08:00 AM

Greetings

Ok no problem I will look for you later!!


PS please don't attach the report just copy and paste into the topic - see my edit above



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 10:07 AM

Quick question: Is it better to run ComboFix in standard mode or in safe mode?

#6 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 10:50 AM

I ran ComboFix. It gave me a report (in Notepad). However, I've now discovered that EVERYTHING I try to start on the computer (Internet Explorer or Notepad for example) is an "illegal operation attempted on a registry key that has been marked for deletion". The computer was working almost correctly. Now it appears to be in really bad shape! Help!

#7 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 10:52 AM

Update. I can open My Computer and Windows Explorer. But so far nothing else will work. Nothing.

#8 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 11:38 AM

Oops. Just re-read your previous message about the "illegal operation" error. Restarting now. I guess I freaked out and didn't go back and look for into first. It's been that kind of day/week...

#9 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 12:07 PM

ComboFix log below (and obviously rebooting solved the error; sorry again for my little freakout). The computer seems to be behaving fine (I'm not getting Noton's "red" alerts anymore. But Norton is reporting continuing efforts (from various locations) to try to attack it (I think). The newest source is the Logitech SetPoint application. Norton is successfully blocking these attacks, but it would be nice to get rid of whatever is operating in the background.

ComboFix 12-06-26.01 - Michael 06/26/2012 11:07:17.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3838.2213 [GMT -4:00]
Running from: c:\users\Michael\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Safe
c:\programdata\Safe\zsinfo.dat
c:\programdata\SplashID.ico
c:\programdata\SQLite3.dll
c:\programdata\uninst.exe
c:\users\Michael\AppData\Local\TempDIR
c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 15:23 . 2012-06-26 15:23 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-26 15:23 . 2012-06-26 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 03:07 . 2012-06-26 03:07 -------- d-----w- c:\users\Michael\AppData\Local\Macromedia
2012-06-24 14:19 . 2012-06-24 14:19 -------- d-----w- c:\program files (x86)\ESET
2012-06-23 15:16 . 2012-06-23 15:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 12:07 . 2012-06-23 12:07 -------- d-----w- c:\program files\HitmanPro
2012-06-23 12:07 . 2012-06-23 13:14 -------- d-----w- c:\programdata\HitmanPro
2012-06-23 04:06 . 2012-06-23 04:06 -------- d-----w- c:\program files (x86)\Desktop Restore
2012-06-23 03:52 . 2012-06-23 03:52 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2012-06-23 03:52 . 2012-06-23 03:52 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 03:52 . 2012-06-23 03:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 03:52 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 03:35 . 2012-06-23 16:46 -------- d-----w- c:\users\Michael\AppData\Local\NPE
2012-06-21 01:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 01:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 01:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 01:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 01:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 01:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 01:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 00:59 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 00:59 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 01:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 01:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-14 01:52 . 2012-06-14 02:47 -------- d-----w- c:\programdata\fwh
2012-06-08 01:07 . 2012-06-08 01:07 -------- d-----w- c:\program files (x86)\AssetCAT
2012-06-07 01:50 . 2012-06-07 01:50 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 01:50 . 2012-06-07 01:50 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 04:23 . 2012-03-29 23:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 04:23 . 2011-06-06 22:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 23:55 . 2009-10-24 14:36 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-30 11:35 . 2012-05-09 02:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 06:28 . 2012-05-18 05:24 405624 ----a-w- c:\windows\system32\drivers\NISx64\1307010.005\symnets.sys
2012-03-29 06:28 . 2012-05-18 05:24 1092728 ----a-w- c:\windows\system32\drivers\NISx64\1307010.005\symefa64.sys
2012-03-29 06:06 . 2012-05-18 05:24 190072 ----a-w- c:\windows\system32\drivers\NISx64\1307010.005\ironx64.sys
2012-03-29 06:03 . 2012-05-18 05:24 737912 ----a-w- c:\windows\system32\drivers\NISx64\1307010.005\srtsp64.sys
2012-03-29 06:03 . 2012-05-18 05:24 37496 ----a-w- c:\windows\system32\drivers\NISx64\1307010.005\srtspx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-28 39408]
"NortonUtilities"="c:\program files (x86)\Norton Utilities 14\rmtray.exe" [2009-09-14 279912]
"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-10-26 2164256]
"Fast Windows Hider"="c:\program files (x86)\Fast Windows Hider\fwh.exe" [2010-02-04 796160]
"Zentimo xStorage Manager"="c:\program files (x86)\Zentimo\Zentimo.exe" [2011-08-30 2072920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-10-08 322104]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Directory Opus (Startup).lnk - c:\program files\GPSoftware\Directory Opus\dopus.exe [2012-4-25 17606776]
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
FreeMeter.lnk - c:\program files (x86)\FreeMeter\FreeMeter.exe [2008-12-20 614400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
ListProSync.lnk - c:\program files (x86)\Ilium Software\ListPro\ListProSync.exe [2010-9-17 619304]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EE761688-C137-4b04-8FAB-3C9CDF0886F0}"= "c:\program files\GPSoftware\Directory Opus\dopuslib32.dll" [2012-04-24 362608]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;c:\program files\HitmanPro\HitmanPro.exe [2012-06-23 8828112]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 KSafeSvc;KSafe service;c:\program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe [2011-12-06 452000]
R3 ksfmonsys;ksfmonsys;c:\program files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys [2011-12-06 21312]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [x]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [x]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-09-25 74384]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120623.002\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2011-10-26 788000]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 49152]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
S2 ZentimoService;Zentimo Assistant;c:\program files (x86)\Zentimo\ZentimoService.exe [2011-08-30 561824]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 04:23]
.
2012-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-28 10:09]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 04:00]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 04:00]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4178357238-683190084-4101743121-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 00:29]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4178357238-683190084-4101743121-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 00:29]
.
2012-06-21 c:\windows\Tasks\HPCeeScheduleForMichael.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-10 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00ZumoCast]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-08 03:11 2208768 ----a-w- c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01ZumoCast]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-08 03:11 2208768 ----a-w- c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02ZumoCast]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-08 03:11 2208768 ----a-w- c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03ZumoCast]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-08 03:11 2208768 ----a-w- c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04ZumoCast]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-08 03:11 2208768 ----a-w- c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2012-04-24 1361048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send To &Ultra Recall (copy) - c:\program files (x86)\UltraRecall\Integration\StoreFromIE.html
IE: Send To Ultra &Recall (link) - c:\program files (x86)\UltraRecall\Integration\LinkFromIE.html
IE: {{24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - {7FAD4718-729A-4fea-AA4B-EC340A7C0841} - c:\program files (x86)\UltraRecall\Integration\IEToolbar.dll
IE: {{FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - {60D7C798-8979-4560-AF4C-2FADE1075EF7} - c:\program files (x86)\UltraRecall\Integration\IEToolbar.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\r78js6hl.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4178357238-683190084-4101743121-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_2676"="{0C0E48B0-96CA-48BB-9072-36966081828A}"
"ccSvcHst_UserSession_4972"="{198AC023-7C41-4798-B336-6175F6959F22}"
"ccSvcHst_UserSession_5000"="{35DCE187-F3F8-4DF4-BA2D-BF49923201AC}"
"ccSvcHst_UserSession_3344"="{CCDC2861-3688-44C9-841A-CC55BDB9A2E3}"
"ccSvcHst_UserSession_3512"="{4EFCC82C-B410-4D52-91A9-4478534E98E0}"
"ccSvcHst_UserSession_2904"="{E695585E-2A94-4BED-AD68-490FB1E74647}"
"ccSvcHst_UserSession_4084"="{B39ED0F3-24BC-4C44-B66C-EB7C96499919}"
"ccSvcHst_UserSession_3568"="{E2CA3A47-76F5-4D7A-A7DF-07702A54F7F8}"
"g_coUserCommandChannel"="{08B4D9CC-F8A6-4479-B54B-0CFCC7724296}"
"ccSvcHst_UserSession_2744"="{C9D2B9CE-56A6-479B-92D6-4A8C26CB4591}"
"ccSvcHst_UserSession_1040"="{A6532C03-A134-4455-B769-DF9892C567BB}"
"ccSvcHst_UserSession_3528"="{B69D2488-C42D-47A7-AD19-0E68411E6A92}"
"ccSvcHst_UserSession_1392"="{09E08D71-19F5-482B-BC5F-5756631A368E}"
"ccSvcHst_UserSession_2504"="{BAF2DE69-0B16-4AD9-87C1-B1D54E8BCE17}"
"ccSvcHst_UserSession_4176"="{9C5D5DDB-886E-4BFC-A893-E426F9493829}"
"ccSvcHst_UserSession_5696"="{0CE19F5D-66AB-4385-A179-1796C2B62840}"
"ccSvcHst_UserSession_3788"="{F9F5F558-9FAC-4002-AF94-598ED4F9F625}"
"ccSvcHst_UserSession_784"="{8C01349B-183A-4AB9-86D3-57E5A3A0CAE9}"
"ccSvcHst_UserSession_3384"="{0EEDE56B-FF25-4B87-8D07-C27FA9D04293}"
"ccSvcHst_UserSession_796"="{60FEF0E3-E6E7-41E0-813C-91B2C3879BA9}"
"ccSvcHst_UserSession_4336"="{E3DAFB3B-007F-481D-B5E2-8989C88C031F}"
"ccSvcHst_UserSession_3532"="{EE7780D2-1891-428A-AEB7-DBC674E04963}"
"ccSvcHst_UserSession_3136"="{A18EE90F-5D44-40BA-9493-9835598E9FBD}"
"ccSvcHst_UserSession_3268"="{C83C6976-491D-43C6-8FE2-BC4D83513762}"
"ccSvcHst_UserSession_3868"="{7226275C-9ECB-481B-B0EF-7373EB438775}"
"ccSvcHst_UserSession_4268"="{C062CBFD-49A8-4444-B9CD-FDE3481A49F8}"
"ccSvcHst_UserSession_3124"="{560E871C-A5E3-42E3-B40B-D888175E648E}"
"ccSvcHst_UserSession_3544"="{2EC4D6EE-E872-46BF-A88E-542D3B090401}"
"ccSvcHst_UserSession_6900"="{65488D31-B4CA-4052-9D1A-836FCEE3E9FF}"
"ccSvcHst_UserSession_4100"="{27166553-E296-4E7C-BB7F-8A53562E4D43}"
"ccSvcHst_UserSession_2652"="{8DED54BA-33DF-4796-B1CB-5A1DBA600732}"
"ccSvcHst_UserSession_2824"="{6AC2038A-D9C4-494F-B091-E33A3F796617}"
"ccSvcHst_UserSession_3628"="{5B7B105A-EACE-4B84-93D9-BAC143B5F592}"
"ccSvcHst_UserSession_3668"="{DC3DA886-BA66-43EE-82A9-166DE962E860}"
"ccSvcHst_UserSession_3284"="{435FCBE1-250D-479E-850A-B83797B3649B}"
"ccSvcHst_UserSession_1480"="{01831503-FD1B-45B5-9EC4-C4BEE0BAE587}"
"ccSvcHst_UserSession_4216"="{3A5AC2A8-5961-44D6-8C24-EF781F14A775}"
"ccSvcHst_UserSession_648"="{1D6D6004-9944-41E3-B7EC-829B12A4767A}"
"ccSvcHst_UserSession_4300"="{D2003483-8CDC-450D-8232-382FAE10A9AF}"
"ccSvcHst_UserSession_3280"="{E3B2AFA0-690E-40EA-B773-5CDC83834841}"
"ccSvcHst_UserSession_2968"="{AC620C80-100D-4250-A1B6-B69489391598}"
"ccSvcHst_UserSession_2892"="{DA96C18E-3AF2-4E0C-95B8-EA2D2B28858A}"
"ccSvcHst_UserSession_4320"="{CED8E002-F568-4231-BF7E-54DBE4A7684E}"
"ccSvcHst_UserSession_4384"="{97E70D1B-F029-4C5C-99D8-2A0A1BF21D70}"
"ccSvcHst_UserSession_6560"="{C03E3C4D-A477-417B-9DA3-A8849EAB7BD1}"
"ccSvcHst_UserSession_4756"="{5E8C2B17-943C-43A7-9F52-2C2B28B55221}"
"ccSvcHst_UserSession_3652"="{F9233D36-F43D-462A-842D-47D31C670EC4}"
"ccSvcHst_UserSession_2468"="{A425180A-4B8C-4830-A35B-B9DF1C34E95F}"
"ccSvcHst_UserSession_1112"="{EB5920E5-0D40-42E5-8DF8-5E3A4B407845}"
"ccSvcHst_UserSession_3120"="{5886FBEA-D733-4093-A620-A132C96601B9}"
"g_coVistaProxyChannel"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ccSvcHst_UserSession_3308"="{A82DDBFC-DF54-44A4-932D-7F02B6EDEE29}"
"{A1B48937-0778-4e7c-885B-271F65B485D2}"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ccSvcHst_NIS"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ccGenericEvent_Global_EM"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ccGenericEvent_Global_LM"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ccGenericLog_Manager"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"SNDServiceRequestChannel"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"SymRedirSvcRequestChannel"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"SNDLocationChannel"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ipcChannel_ShastaServer"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"NortonNetServiceIPC"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"NetMapServiceIPC"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"_isDataPrComm_"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ncw_performance_IPC"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"_ProcessDetection_"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"isError_Service_IPC"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"BashIPCChannel"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"_AvProdSvcComm_"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"_ISPOCClient_"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"_IDataStoreMgr_"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"_NortonOnlineCommFeatureRequest_"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"_HSPlayerCommand_"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"FWAlert"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"IPS_COMMAND_CHANNEL"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ccSvcHst_UserSession_3988"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"AvProdSession_01"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"AvProdSession_Options_01"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"AvProdSession_MessageCenter_01"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"AvProdSession_Scanless_01"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"AvProdSession_IPUA_01"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"AvProdSession_CanIRun_01"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"clt::AlertChannel2_01"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"g_coUserCommandChannel_S-1-5-21-4178357238-683190084-4101743121-1000"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"TRUSTCHANNEL"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"SDKCHANNEL1"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"ToasterNotify\\SessionID_1"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"_IPCChannel_PerformAutoLogin_1_"="{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"
"_ReputationSvcComm_ReputationPublisher"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
"ncw_reputation_scan_server_IPC"="{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{0C0E48B0-96CA-48BB-9072-36966081828A}"=""
"{65318274-E39E-4983-8729-849B1CBE814C}"=""
"{7A29C1AE-86A5-4FEE-80F7-F8D5D7DF6D95}"=""
"{A677776E-4574-470F-91BA-95CF8AC962B6}"=""
"{5B417BA8-5951-4D90-A83E-E8CBA399D925}"=""
"{A0A94258-AB6F-4F5C-AF64-8777ECEBB67D}"=""
"{198AC023-7C41-4798-B336-6175F6959F22}"=""
"{93AD8AF3-6953-4F7B-9CDC-D2F2E10588FB}"=""
"{2F5B502D-A75D-4900-97BA-EB5BDFA9FAA6}"=""
"{D03D2124-7370-47EE-A98F-0CCCDA946CC1}"=""
"{6582B9EB-0C4E-4A19-A99C-460ADF1CE61F}"=""
"{7E9A2D83-CCDD-41F5-AD7E-B0B765CE3A8C}"=""
"{7D07C19A-D688-42A8-A3CF-572978AA4B78}"=""
"{E7AC6C9C-4258-40F3-9650-CFD0D520433C}"=""
"{D2C668F4-140D-4D10-A938-CE7CA393483F}"=""
"{F0B5F138-1BDC-42DC-8539-705A9B033E81}"=""
"{BD49B132-1842-44D1-BA45-EE2CB2D5ABB3}"=""
"{F3BA673A-1CA6-4190-B977-FC279E62F230}"=""
"{A12205B8-8918-45F1-9DCA-A039E8EB2B9E}"=""
"{749FDFBF-472D-46EA-B9BD-995A9F77AC5B}"=""
"{1346D31E-F657-41F8-9DB0-E4712C59F374}"=""
"{0AF8F35E-E710-4FEB-8390-E4413CEA3D7B}"=""
"{4754744E-966C-4E1E-A1C9-712774C3AA06}"=""
"{68A0C3C6-D32C-40DF-B78D-E37837D3FB07}"=""
"{9AF7B064-689A-4015-9B86-608E75E0B6EE}"=""
"{049A7654-8BA1-4488-AC80-7599370A4968}"=""
"{56F822C7-7D7E-45A8-BE08-480BE307BF25}"=""
"{1F3674DF-D625-4B3F-882F-3F7A7934D2E1}"=""
"{EBEC691D-2189-4E2D-9D77-E5596B7110DA}"=""
"{BD89917F-1CD8-418B-8402-8C0F862CA4A2}"=""
"{C266B82B-E1B3-456E-9EDA-E414D03AA6C1}"=""
"{786F9388-BF30-4CE1-844F-1AD987095BF5}"=""
"{DBC9796F-BA8A-4043-91E0-D7EF9441CEA5}"=""
"{71E86994-E6A0-4196-B3A0-746ABD1D0401}"=""
"{A09713CD-AEC9-47DB-AC97-9629C8AD3278}"=""
"{614A4020-2583-4686-9932-B1421A2EEAB4}"=""
"{E7CBDE9A-173A-4D3D-9807-3B78F0916337}"=""
"{CD21DEEB-B1AD-4CD6-AC80-E10452C986D6}"=""
"{D4FD4BB9-BEC0-4487-A98D-6B4170637B6F}"=""
"{CDD064A1-8014-4FC4-96A7-8585738BF969}"=""
"{7F885AF6-6178-472C-89F0-DD4166918563}"=""
"{36FD9E78-3F94-4B13-A899-5A192382A77D}"=""
"{3167BB06-1CCC-40C3-86FB-C4240C585D3E}"=""
"{34614FBB-F73F-4D1C-9BF2-223843014512}"=""
"{71B88BF6-4A6A-4A13-AFFD-AE2277CC390E}"=""
"{B6A76256-BF91-4C82-9960-310A674032F9}"=""
"{28D6048B-0125-48D5-99B8-1E6553D01265}"=""
"{6980E232-FD5B-4ADB-AE82-BEFFBB05ED88}"=""
"{8C372DA0-94BA-4169-B1D3-B3DD873099DB}"=""
"{4B154850-7F76-4204-BFC7-E053419E7061}"=""
"{5E6C9B1C-B6BB-4AB3-B068-81DF7F717A25}"=""
"{79A2E1FA-DC53-4919-B135-A0C17B005EC3}"=""
"{AEA5C41F-4051-495D-9B23-45711D5B25B2}"=""
"{912EA49F-68E3-451E-90E5-ED7E9672A54E}"=""
"{B131A134-5A10-4EF2-9A0F-C02B5CDA3CFD}"=""
"{D1DB3407-5DA4-4909-A8F7-EC49450D4811}"=""
"{11795965-248B-491F-B1E2-2226570D4C7A}"=""
"{A8BD0EC3-F8DA-428D-A0EB-A596DF358550}"=""
"{EF3031EC-D48C-4BF5-8CC1-756248C61605}"=""
"{90B10437-5351-4F6A-BA18-039215F37360}"=""
"{5CE521FB-7E30-44FE-B3C5-5E95198544C6}"=""
"{E04AF4AA-88D8-4F8B-8C98-4D45316524A3}"=""
"{2B4828C1-19E4-4040-BB81-70E85905358B}"=""
"{BCE05A69-EA8E-4AC9-9D62-B37B62F54106}"=""
"{684DA860-C45F-4B78-96DF-66D7C0B7856C}"=""
"{5581CA62-6C10-4EC3-9C02-7A55131FDAF1}"=""
"{2ECC06B7-3796-4B96-BC55-30AED02B8F17}"=""
"{864B0CE5-F9CF-4341-BFDB-A78B872B85D5}"=""
"{666578C1-B6DA-4F72-B98A-4618D80D2AA4}"=""
"{DB3D8E0F-95C5-4A5F-92E2-D7E24A329C1F}"=""
"{8A86A815-4E88-4F1C-9FC6-1848EC6914EC}"=""
"{D1821862-EE3D-4108-BD91-6424979AC1D8}"=""
"{585B0E6D-94F1-468B-95F9-8B99D7A93036}"=""
"{FB0A81AC-222A-4BE8-A154-CEF4C0678291}"=""
"{5EA4CAA4-C888-40FD-B653-112754A74C1C}"=""
"{C904831E-6877-45C2-A6B6-E8931B078FF3}"=""
"{4383C98E-9294-4D6D-83A4-823F40785575}"=""
"{E594047E-0DE7-4502-8C42-9D05F4B67711}"=""
"{4AF92120-891E-4F8A-B62D-33C745DC90F1}"=""
"{14C5F643-BC08-41C4-A0F7-B4EE1D8F37B7}"=""
"{577C1FA2-F6D2-42F6-BC8A-76761B09040C}"=""
"{91186F66-EBF8-4AE5-8F6A-D85C300FC5AF}"=""
"{3730FEB8-28DE-4C81-B1BF-47D2D8C29982}"=""
"{B2A49AF5-3ECE-4EA7-A6EB-D3D27C01EFD8}"=""
"{D424D22C-06E1-44E9-9986-0CE4EFD0C7C5}"=""
"{90BC8AA1-FECA-48A6-9409-D7A10951FB38}"=""
"{C6758031-783E-422F-85F9-3765A83D5B94}"=""
"{65C96CB9-11DB-42C2-A1C2-DCCB67DA5243}"=""
"{F50E9A55-AEDC-4F43-A94F-54F5E8C56F8A}"=""
"{72C25BBF-2537-42DA-93D5-65FE52CE01A1}"=""
"{1E4ECA81-A48D-4E84-93B8-F2ADD09915A1}"=""
"{7752911D-3F22-4404-8283-EAF76B95F884}"=""
"{62808A26-67A8-41B7-B2AE-B4CDD3E2088F}"=""
"{C83ED014-3862-4E96-8A0B-6C50C8A9CFCD}"=""
"{6E03640A-BA9A-4596-9D7C-7ECB4A958304}"=""
"{EE9FD8FF-B1D9-4DD4-9741-3E67E339807C}"=""
"{D12CCCA1-3B90-49B0-9B97-F21447E3ACD3}"=""
"{7B38A481-D215-4DA0-929B-0A5C4D38B7C8}"=""
"{C83FC1F3-E7D8-45FA-8EC6-6962909AD2DE}"=""
"{7B00DD0B-C40B-4964-9C58-DA8305282F18}"=""
"{2107157A-072C-4A0E-85A1-35E1C32BE635}"=""
"{32A9C32A-FF1B-4450-856E-983CE210694A}"=""
"{63FF9DF9-1153-419C-B8F7-33247B55DCE9}"=""
"{B2DEED7C-DAA2-4082-8F6D-B019B9473290}"=""
"{0555453E-38C9-432C-A07E-75D65C0BDC73}"=""
"{F8CEFF4C-E9F0-4BCB-8E60-9E7364F055EF}"=""
"{192EE099-4EDD-4BDA-BEF1-6F7D6299E564}"=""
"{55C58DE8-74F0-4BEF-B094-6FE7BDAE0AAD}"=""
"{9F9465DC-11D6-4AF0-91B5-5A715C46478C}"=""
"{3413DEA7-9048-4694-9BC2-2178D7975010}"=""
"{DB6DC14C-A4FC-4546-BE1A-2AB7FF3A8E1C}"=""
"{168F5E33-C1D3-4CAA-822A-59829FD21212}"=""
"{B8C84113-57A8-4C7D-8606-89B5EF6FE35D}"=""
"{4ED844EC-E6EE-4F69-BE55-32A7E43096C7}"=""
"{FC4FF9A5-BE0B-4B80-8589-B42C88B89C0F}"=""
"{5F558EA4-79C1-4EA2-A96E-54DAACAC2EFE}"=""
"{9375D461-C579-4141-99F2-C8FE526C80F1}"=""
"{DADF0735-AE95-412F-B990-7A6320A04F53}"=""
"{DB8F5902-AAF6-4A60-9788-2B0044423215}"=""
"{78443EC6-AD3B-4C31-81E3-BA3B14DC6BA8}"=""
"{32318CE4-C7CA-4478-95BF-43E7EAACA62D}"=""
"{CE40B67E-8CB7-4EFF-AD4D-AC3956BDDFA0}"=""
"{940BF2D3-7896-41E6-8B7D-7D264D6C45BF}"=""
"{5D08841C-7907-4D2C-9EA3-18445D15A500}"=""
"{88C46142-1253-493E-93B2-151361292EB9}"=""
"{5FF760F6-6474-4FDC-9659-ECD208CFEB53}"=""
"{5758D8D1-13D0-4D34-BA79-CED6F38B96B2}"=""
"{176EE48F-1895-492D-BE6D-F6673A21BBC7}"=""
"{8737C332-F6A9-47D1-BBEB-28C43A2709D9}"=""
"{E263CF07-A81B-4CB3-AAAD-0742C9672A82}"=""
"{83CC18F6-23E7-4C0E-AF01-0B8B1E21AF16}"=""
"{B46652E0-622E-421B-A480-89B71544A91C}"=""
"{186B266A-8560-48B7-B722-C728A493B9FF}"=""
"{10240EBC-038F-4345-A386-553A4B0C26C3}"=""
"{BEA05409-AD32-4A48-A5B9-EF7E9805287A}"=""
"{3F486CDD-A732-4D25-B0FE-D613688187FF}"=""
"{C399330F-A94A-4434-9253-344251C3CB03}"=""
"{88E09648-BD22-42B8-B547-A8ABDD1C2F20}"=""
"{2FFB6020-347C-45AB-9B68-742E8B5C8EE7}"=""
"{99E6EE35-8C39-4FD1-88F5-D44BE099CC8E}"=""
"{B76013D6-9DDA-4910-829B-682C3AF3F2E5}"=""
"{B9965EF7-F49A-40D2-A3B1-2A5CAFFDE7D5}"=""
"{9F0473DC-7C17-46D3-A0AF-0444CC4ACC92}"=""
"{DD17AF15-A7AD-4EF1-BD1D-277AB637EF17}"=""
"{24FB32A4-7F92-4F3D-8173-A5BB2A58BE4B}"=""
"{BAFCCC32-BC9B-4796-9B0D-BEFD6787755F}"=""
"{3290E7E2-A282-4C28-8311-6E74548032AA}"=""
"{211036E2-605D-456C-BF28-A59DABF4E73F}"=""
"{75DD6933-E3DD-4EE8-BC45-87242197742C}"=""
"{5F706CDD-E0A3-450E-A664-68658E104FBB}"=""
"{CD80D3F1-26B5-4A34-93D1-954F1486813A}"=""
"{C6F6ED6E-003D-4328-A40F-EAC0B88EC5F1}"=""
"{66718922-E331-4A12-AE2B-13E68A0096DC}"=""
"{11E3D4CC-6389-4BF5-806F-4D26594582C5}"=""
"{3D128826-8F66-4BEA-8D68-1675B38E6485}"=""
"{E1D08996-8CF9-4F7A-8491-30B12F552FC3}"=""
"{1544F897-BA36-40F2-9383-DA5AE7CA9C3C}"=""
"{E8757A45-6143-408B-8291-3829C6AB7D70}"=""
"{8FB5C4E7-8749-4230-9365-6D389E33FA4E}"=""
"{AC4446DC-EAD7-4E44-95AA-B4044F8D3CA6}"=""
"{3FA3AA00-7D90-48BD-A592-0D1DEB4488A3}"=""
"{07500F17-BDF5-4DFF-8D7C-B51EE9A67CFF}"=""
"{1EAC9D9C-23CD-4389-87C5-989F518CDA2F}"=""
"{097D3068-3938-49B6-AFFA-76B650EEEDC9}"=""
"{09720229-B29D-40A8-93FE-8D18621008E3}"=""
"{D31CBD85-F1AD-4FAF-B019-15BA9B680F1D}"=""
"{A0D031DF-F87D-421C-949B-DD748C3A7D53}"=""
"{05B2E7F5-E073-4324-8E4B-C10FA377243E}"=""
"{A5814544-5C8D-4667-9A0E-F5ED679F8985}"=""
"{E2446009-0996-477B-83DD-204AAD70C4C0}"=""
"{E5FA4680-2D16-4B4D-B244-075AB410F05D}"=""
"{709DA3E5-F008-4719-8731-97909E1A7085}"=""
"{59D2BB0A-E83F-431E-964D-2A606615AB57}"=""
"{BCF32541-527B-47B0-8007-BA2E0966BDFD}"=""
"{E840CB5C-1FF1-4510-BEBD-7950F77C27CD}"=""
"{C39CC105-A2A8-49BE-B4EF-D4942060C14E}"=""
"{1968E79D-451B-4D84-B002-AD39DE01022B}"=""
"{EFCF8D8D-9FC1-46FD-9CDA-7EF7C2C120C2}"=""
"{0116CAE5-A1F0-490C-BDA5-AFB11C29B025}"=""
"{9FAE23E6-F99E-4F8C-923D-BB093CF5A00E}"=""
"{00B9ED91-8AEF-4831-9B40-CAA699585AFD}"=""
"{EDEBB155-25B8-4C96-84FA-1F8F7A564CD7}"=""
"{56C4B62C-455C-4346-931E-67034D849AC5}"=""
"{A217D1FB-AC58-4CA5-ADCA-AA8DC7D07897}"=""
"{E72BAD35-911B-4359-96F0-A0AA9A068808}"=""
"{B56E9A99-E37B-4607-8700-907D082C2E99}"=""
"{DED01009-5197-4AB5-93D9-959249D465BD}"=""
"{EAE811C2-0BCA-4BD2-B0C5-8C81E95254CE}"=""
"{64EEFED7-95BC-470C-866C-8FB3A82BC1F1}"=""
"{6D35DE5B-01D5-4FCC-90FC-A357FDF5E30F}"=""
"{2B922137-3C83-4BC0-A594-364F77588C35}"=""
"{A7F0AB96-F61B-46E3-A94B-4A05E7B607F0}"=""
"{25FF1670-ACF3-4E1B-B981-AF67ED73EADA}"=""
"{74903772-8AD1-402B-B438-3C5C357D70E5}"=""
"{3848B031-A4D0-4381-B1FC-7981627ECF3D}"=""
"{F902A394-DFA6-4F1F-9CC6-97342C3A8F1F}"=""
"{D5E7DC30-60E7-4488-AEE1-1FAED612EA2E}"=""
"{61D4D18D-ACD9-41C8-AC06-0B0275492F3C}"=""
"{0359F18B-BABA-4770-812F-160D86E35241}"=""
"{7480DEEF-64B8-4B4B-8B2C-945FEDAB166B}"=""
"{CA71926B-66C3-492B-BEC0-6911654A9EC5}"=""
"{AE053A19-8C51-465D-8845-12CC21F94C62}"=""
"{AAEF5AF4-E511-4574-A53D-C2CB1B7119CD}"=""
"{F63802BD-9DF2-49ED-A63C-8E296DF9F490}"=""
"{0F30A873-EF25-445A-8B3D-DFC851023A01}"=""
"{1A9DB947-367D-40C9-BA71-DFDF51B63DC4}"=""
"{CFF004D1-2CBA-4000-B067-8D90FC22C2FE}"=""
"{7C451487-AC20-4781-A033-26260BF0A3F4}"=""
"{4335D0B5-795A-4AC3-ADAC-A677C92CFA70}"=""
"{211D38D6-768E-4114-B6D6-E468D21A6123}"=""
"{D4B76718-18E9-41FF-B070-DFB06ECEB6F6}"=""
"{226791CC-AAFE-4061-A113-6F320C189E06}"=""
"{98DAA655-E472-42E4-BB55-903F8FF56DBA}"=""
"{895E1047-A32F-4118-97DF-978FBE5DF155}"=""
"{79F59E97-9C67-423C-A6A8-57D0FEDA072F}"=""
"{90E3F4D2-6DB8-46A5-99E3-D77F763046D5}"=""
"{A623D37E-24DC-46B4-A63D-F273EA72F6CF}"=""
"{8D5BC4C7-74AA-4530-942E-D4E49A8A88C1}"=""
"{B81B3322-DD99-4177-AC7E-EF5335F5022A}"=""
"{BCE05331-77B2-409E-A156-8E9A8592B340}"=""
"{CBD8CBA7-F885-4374-AA5A-2571771F741E}"=""
"{948EE583-F3B5-4811-BD15-0D29FFD0CCAC}"=""
"{AB07EF6A-BC7F-4D94-901F-FF35753E1BC9}"=""
"{D9F8C92D-5879-4EE7-98BD-25B97CEA2960}"=""
"{0F9E180F-4F41-4B1B-8194-A40F2880C7B3}"=""
"{0CB5FDFF-DD57-4604-A8FA-D71C932C1D57}"=""
"{776C55FE-F083-4BF9-BC19-C886DCBD8682}"=""
"{AC830F8D-CF74-4142-BEE7-CFAF9145D239}"=""
"{A39BAC69-DF28-4496-9900-07E32850FE92}"=""
"{F3DDE5FC-0141-4C63-8BF6-009BEEA5E518}"=""
"{37145C57-7311-4098-8BF3-DE423E204CF5}"=""
"{C1CB6EDD-6158-4032-84E7-8978A1956DEF}"=""
"{662AB65B-A9F4-4E2E-9F9B-691797442278}"=""
"{1292EB8E-90A6-4332-ACB9-52ADAA2CDA58}"=""
"{3638D613-5D99-442E-B0B2-F43CBD416CAC}"=""
"{4B44A593-78C9-4C55-83DB-C6BECAB9C752}"=""
"{B0CB40BC-38D4-4759-8EE3-74CD1F56460F}"=""
"{F47BE271-044E-4D58-BC53-018160963548}"=""
"{A9E42B26-C9FD-4DD2-9411-1CDF8C8A4CBC}"=""
"{A1D2CF68-E38C-4353-9096-B9085C86BCE9}"=""
"{1A027390-A617-48B6-A6D9-EA8850C27349}"=""
"{F2157F4B-186C-425A-A698-600CDCEAC0DC}"=""
"{4A57028F-7BD6-491F-9BDD-EF13A218F17D}"=""
"{2A4E094B-C9F6-4E5D-91E4-B2900E7472A9}"=""
"{8FCE9118-DCEF-4BB4-A66C-20FEBD1BC867}"=""
"{B849CD67-A882-4CA6-911B-D14BEB7C18CB}"=""
"{BCD126EE-F5CA-43FD-8689-240315C341A8}"=""
"{D12ABE8A-77C2-4C74-8993-1134E1C686D8}"=""
"{F6D82AB0-3E97-417B-A4C7-140FE0AC4762}"=""
"{EDF97C84-CD42-4230-99F7-874CFE098DA9}"=""
"{DB8B8A18-D865-4D49-B10B-BF2A905F4E5C}"=""
"{0C4386CD-A72A-4B1D-9B4D-ACA650572A79}"=""
"{3D395AC4-888B-4D69-8361-90E45853095D}"=""
"{822E89ED-2B76-4E24-8709-C2C7B8305954}"=""
"{6CA5903E-4D00-4934-A9ED-84903FCED6FA}"=""
"{D3EC38E1-D9FD-466F-B348-168C23DDDB2E}"=""
"{9F3DE50C-45DC-4F34-A38D-03BDA265D59F}"=""
"{329275F8-A7AE-440C-A9D1-7E6B7FD481C7}"=""
"{6641A6F9-589E-4BEA-8825-70D4EE24AA36}"=""
"{F10EA74D-31F1-4CC8-A17A-20939EE471FF}"=""
"{91060535-2E61-409B-9844-D944FF71CF00}"=""
"{3BF19C9E-0521-47FA-9BCC-8B3BDA18D93D}"=""
"{DCA8B10C-510A-49AC-8DF1-519D24C90DD2}"=""
"{17DFF4AD-3AE6-440D-8D17-D5212AC02421}"=""
"{14762353-F64E-49CF-8F64-27BEE15CBFF7}"=""
"{0AC12E5A-0CFB-4D1C-82FB-6ABE3C86326B}"=""
"{D43BA544-7884-402C-A0F6-8610495ADBEF}"=""
"{A05377EF-B013-4965-9C57-F3B597893542}"=""
"{CD2242FF-A877-420C-ACCB-C9A06C4F52E9}"=""
"{739AB491-046A-439E-BB8D-4F2C4A6B68FC}"=""
"{922FB030-2DB0-412D-B3F2-DBB8B61F3B53}"=""
"{74A2AF11-DF10-4084-87A2-C7F331564863}"=""
"{C143C486-B776-4E5A-838D-BD7E24474CEB}"=""
"{8C367DD4-5C4D-4D64-B4A7-13E766B23E89}"=""
"{6413EFCE-6A56-4A22-A2AD-C8C51FBB2031}"=""
"{66C0E471-2109-411D-B601-1F47811318CF}"=""
"{EE572D91-C2B4-44AF-9930-71F67866F9B0}"=""
"{32470ABE-DE21-4323-A25B-C02E6CAEB5D3}"=""
"{D05FCFFA-E844-48A0-88AD-9229A0179A1B}"=""
"{DEE791CB-3020-491E-819E-07F6A4F77561}"=""
"{F6F30DD5-D46B-4319-8D2C-D4A880340490}"=""
"{9437E543-52E6-4A9A-90DA-E0ABFC805ACA}"=""
"{0DF60569-1771-4F75-8F03-F2D5F282EE38}"=""
"{95D81E95-2481-4DB0-B3D3-E438D3339975}"=""
"{F5B9F7BD-7491-44D5-A2A5-1386BADE65BF}"=""
"{5F544679-9AF9-457E-A56C-DABC11108716}"=""
"{CA9536AA-CD1F-4AFC-B0CF-DBADA9238BB7}"=""
"{0C5F9F72-F43E-409B-B69A-BF5131C02D6F}"=""
"{AE4A27DE-7F3A-4033-81B7-71BF92CF368C}"=""
"{5FCA0089-2A12-4737-AB70-BF1C0BA39379}"=""
"{0421ECA0-9CED-4967-A1F2-652405BFAA0D}"=""
"{E81A664F-C2C4-43C4-B4D2-1BDCE22AF1E8}"=""
"{B5EC3297-DE6A-49EB-B2AD-49698FD63F63}"=""
"{15BE92FD-F01E-4723-BED2-3DB2315E7573}"=""
"{406F8E82-F09A-4F80-8DB7-C1ACED467095}"=""
"{B169B300-9B15-439B-A554-7C6B8A2395F3}"=""
"{56F43E31-44FA-45C2-BE09-C5C022862CD3}"=""
"{27E130F2-9E99-4751-94C7-39E729B313DF}"=""
"{62EB090C-10A8-4B33-9934-1A33C4E71309}"=""
"{A24DCF4F-976D-43B8-BADA-6975893F0420}"=""
"{5446F02C-3019-4018-9128-3F70129BFBB6}"=""
"{40E2DA58-3E85-44AC-B119-2329BB1851CE}"=""
"{AD94574C-7368-4F8F-A0E2-8C7AE1CF3851}"=""
"{35DCE187-F3F8-4DF4-BA2D-BF49923201AC}"=""
"{B0B9B43C-516A-432B-AB4C-6D144DC25969}"=""
"{3150F0F6-50D4-4CBD-9149-2E3BB100AD83}"=""
"{533FCEBC-A740-4790-9192-80FF5EA53D94}"=""
"{479A9F31-F2D5-4614-9D8B-D77B93A843B6}"=""
"{0F2D04D8-054A-47A8-B21D-BBEDAA5D01C0}"=""
"{34780229-157C-48A0-8A94-5018B26F2DEF}"=""
"{FE5B5911-9473-423E-AE77-408AA339E157}"=""
"{B2C25EB6-BB7C-40FF-AA71-B0C2C9141259}"=""
"{1553E5A8-FC6E-46C0-ACBC-DC325EA9B325}"=""
"{76985038-CA79-4008-9456-C9659B445326}"=""
"{268B0A4A-535D-469B-A5F9-E2C80C697E8C}"=""
"{866ED5EA-8148-43C8-9648-8B91C6ACDE0C}"=""
"{5FD2114F-336A-4DCE-9992-0D8E8952941C}"=""
"{9371CCAE-B578-4B8C-BD59-E04B33AD0035}"=""
"{36EF10AF-5D6A-4AF0-ABC3-6632D185745F}"=""
"{BDC0C3A5-8865-452C-9A0E-26C2731BA7E9}"=""
"{E84D9FA9-65FF-4466-852E-459E17AB7FCA}"=""
"{A7B87BD4-12BD-4CB6-978B-ECF5963290EC}"=""
"{105680AE-4754-47F0-84F1-C19FA305F4F9}"=""
"{3F5654F0-AECC-4C54-96A7-1141278D4BA5}"=""
"{843AC789-C929-44A2-90F1-C3CB6C61F3F8}"=""
"{005693F1-6CBB-4188-82D2-14A4B6C99D9E}"=""
"{D73367AF-75A1-4E59-BE8C-48BA9E529C4D}"=""
"{26150978-B936-4287-884F-FEC2CCB8F903}"=""
"{E9E5C226-24F0-4B68-8B9D-5DDD1597DEA2}"=""
"{88317860-42AC-4F43-93A3-4EC20A007559}"=""
"{CCDC2861-3688-44C9-841A-CC55BDB9A2E3}"=""
"{F0683845-3ECA-408A-A6D2-ADF45C9FCB81}"=""
"{BC655E8C-021A-41CB-8C5E-464AD8BF0B39}"=""
"{04744159-217F-47EC-ADA3-FA0E8F750DB4}"=""
"{9ECD2A48-5DE0-4C7E-8AFE-7C6D48EDE05F}"=""
"{4AFB382A-556D-4071-ADDC-B45A61870647}"=""
"{F6C9AEF3-90AE-4A9F-B35D-15E2947DC832}"=""
"{FD6C3ADE-FDE4-46C5-BFC9-0E62EE501C85}"=""
"{AB8FEF14-5806-44FE-8B5C-A5D842D225B5}"=""
"{613E5E7F-4F2A-4F1D-A64D-CD961DC5F982}"=""
"{58EEBFC6-BE9E-4AC5-8832-C9A1B6579659}"=""
"{B6D1E186-DF9F-4035-A95D-BF0B60D059A7}"=""
"{784C648C-3D26-4923-920A-0268FA80D82D}"=""
"{B95E9A1D-BD00-4507-998A-8E16D2AFAE6C}"=""
"{1B4EF11D-69C4-4DB6-A41A-D0B4006C0552}"=""
"{DD1D36C6-1115-4201-AEA1-653CEF0DFBA7}"=""
"{92263525-18DE-4947-9192-0A8EE8511B86}"=""
"{29523CF5-7929-47BE-8D1B-2BC262DDF1BC}"=""
"{E7CD3C4B-A798-4D45-A5AD-1907E1AA38AB}"=""
"{89F15793-459F-4E09-AEBF-F8542F805085}"=""
"{27EC9D5D-2DF8-4AF4-B6D3-44CD3925CC4B}"=""
"{D44E37EC-02F3-42BE-B0BE-386FC7328720}"=""
"{3DEDACA0-9A51-4762-B909-109935881AB8}"=""
"{7B2D4C6E-F06D-493E-AADF-3CAF955699AC}"=""
"{27103C92-CF88-4EB7-8736-8DDAA00C8CAC}"=""
"{DE0F1688-61C3-4B52-B882-3B97D6186DA7}"=""
"{BBAFBFCB-1CDB-41B4-AAAA-AA186F165E8A}"=""
"{3B21584C-209E-44D9-9510-E65AD44E7F33}"=""
"{1E633094-0983-44C0-A2CD-21FF06D8BCF1}"=""
"{9271EE8E-F71C-463D-BF92-AEE3F3DD2A16}"=""
"{784E2775-59AC-4E79-90C2-436057637CB3}"=""
"{612CF1B2-EEA4-4A1E-9C53-3ADA79DC10E1}"=""
"{653BF9C8-85C0-4E37-B22D-ED47821D4CC4}"=""
"{B10601A8-6224-43CD-A273-072B8B508A3F}"=""
"{3DA965BD-3C72-4416-8B13-EDACF43185EB}"=""
"{F85BC144-A872-4F17-BE82-FB9B820BA05C}"=""
"{77A29D50-1500-4296-8BCA-C850552531B6}"=""
"{FB4DF957-1930-4654-9498-9A0AFEA0D2BC}"=""
"{9E17F4EB-AA12-4BA3-A1A1-DAFE88F699BC}"=""
"{5AE82F9E-7167-458D-A953-9673566A71CA}"=""
"{782C3089-EBDF-4D23-ACA2-7BBD260383F3}"=""
"{BBBC7168-840C-4C4D-AD26-E73EA2D62D07}"=""
"{4B1A292E-96D0-4115-958A-C1DC77C9EC2C}"=""
"{9C969243-9FE4-4675-B47D-55795B15E3B2}"=""
"{72F87AA7-145F-4244-8F69-13F727C7DC4F}"=""
"{37CBF879-CAEB-4644-BFF2-10BACEC616CE}"=""
"{10852327-191A-4FFA-8BA2-CF80C050634D}"=""
"{9B10E3DF-E3A5-41EA-BB46-C96E12179E6E}"=""
"{E801C6D0-7B5D-49E2-8960-BBF938E6EDE9}"=""
"{83F89195-C506-41D5-BE10-AB06A1903CDB}"=""
"{1779EEC0-1C98-4E34-B786-D6E7A8680538}"=""
"{C59B1725-B8A6-4C24-ACE6-7EB38DC44710}"=""
"{CA34CFA5-DCD6-4F7E-B232-DCFCA9E92F85}"=""
"{DEB3CB4A-5236-4DF8-9ABE-62CB4981CB64}"=""
"{A16748EF-9604-472D-9F9F-7EAC05AA0FC7}"=""
"{F60FDE5C-8E79-42DB-AF17-744D0070A658}"=""
"{42ABA010-08E2-4258-8A33-0D14A2D30E55}"=""
"{463D8E0C-1408-4D80-B99E-E19028B319A0}"=""
"{ADC778EA-1456-4117-98A4-D501FB7AF030}"=""
"{9CE9C128-882F-4DD6-AECE-FC042CE55437}"=""
"{85BA0CD5-FBF7-4AFF-BD25-15055C18EDA2}"=""
"{40C84943-4ED6-412A-84B5-602849316EDC}"=""
"{3424FF0D-97DB-427E-AB5E-C3A3236B8F7E}"=""
"{63227D41-095E-4B98-871F-7E83FF8836AE}"=""
"{77B41BB4-5B3B-4263-8339-1ED6DCB5F588}"=""
"{F3B70DA0-3BA7-487C-8BA5-78B4D6D55A6D}"=""
"{1F9EED21-9724-4B2A-B6CD-4A4601932C69}"=""
"{E0318DFE-6D0F-4F5C-A860-148562D256E3}"=""
"{3727048E-488C-446F-B287-C660DD536301}"=""
"{D4D935F0-7E02-40C5-9CAB-A3778BDDC402}"=""
"{FA1399CD-B0C2-4D22-AA23-2CAABD4BB74C}"=""
"{6FFB70CF-E21D-4F94-948C-23A3AF4C583D}"=""
"{2AD9F1BE-07E3-4233-8909-FBD0C8B563EC}"=""
"{D78BB568-D2DD-4193-AAC8-B899233E9A23}"=""
"{151DC066-AE08-4C4B-8C43-EE5CF65063A0}"=""
"{7F51D5E0-6803-437C-BAA6-E362668B29AD}"=""
"{51672CC1-C19D-4D5F-AC59-041BA9FD6C20}"=""
"{AE7AC750-E856-4054-887F-86CA01E06111}"=""
"{A45F9DE9-40D3-48B1-B887-45F514EDFC64}"=""
"{2FEC721B-D3D0-40C0-8EDE-25E866DB670B}"=""
"{BEA61873-331C-47D1-932F-3609E1F26886}"=""
"{ACA5DC2B-B60C-4AB3-9BA8-B07C595EC4BA}"=""
"{4523707C-2639-4CF7-B5AB-BA7C26C00801}"=""
"{8AA0CA38-CA53-4C07-A55E-67CB6BDDBDD7}"=""
"{ED3A2C7A-E953-4AF8-97DD-DEAAC8A8DC7A}"=""
"{96C68FB6-62D0-49B3-86AB-0C39AC7F0962}"=""
"{6E3604C5-DE29-4DE5-B797-E271BCBEAD14}"=""
"{B33DF0F8-6BD5-4B4D-B2CE-BD060CD93AD6}"=""
"{7619F600-8E8D-4809-904E-B2180347C6CE}"=""
"{0395F5CD-4C68-4612-B26F-75EBB24EE55D}"=""
"{EC31F0FF-1727-40FD-9809-A448D3B450AD}"=""
"{4A9F922B-CC10-4574-A78E-5484DEBF9E8D}"=""
"{ECED684F-CF23-43B5-AAFA-A91D785B87F1}"=""
"{6F68FDCA-8BEF-48C2-BDC6-88C407C75042}"=""
"{54DC5D3F-C551-4012-8A3F-31DEB1D1FED8}"=""
"{008EEE26-673D-4303-9422-1FD15F7BED3B}"=""
"{C2F1462B-D857-40FC-9709-525EBD0F010F}"=""
"{1FDDD881-BBBA-4303-8B39-31A1C2DF657C}"=""
"{E626FAD4-F99A-42FF-A0EC-1C694309F107}"=""
"{BF42B7CB-4CA8-4062-8A52-2AE823F366CA}"=""
"{E7B21095-8C7F-4859-ADEC-8D49FD1B2FD3}"=""
"{F6C675B0-7B9E-4047-9E59-1D68F55DE9CD}"=""
"{12C02047-3A67-4019-A495-79925BF38614}"=""
"{A33E56ED-B257-486E-8A0E-E5F437E351E3}"=""
"{9EE6DF05-CCEA-459E-BE5D-D90E3D4941A5}"=""
"{35BB7711-D349-4587-8F0C-47DD17426BAA}"=""
"{AFA1EF69-6EF2-4611-964F-938A68EC3416}"=""
"{F532E6A0-C72F-4150-B405-FAD1B2B52D5B}"=""
"{79813A83-3097-4DAC-9BC4-6160DEF41CE8}"=""
"{254C9E8A-35F2-4513-A367-DF06192D4909}"=""
"{4EFCC82C-B410-4D52-91A9-4478534E98E0}"=""
"{A70EB74D-CC5D-46FD-A5E0-1F8A2CB97030}"=""
"{59BFA071-BE1D-4957-88A8-ED18A2A90881}"=""
"{67A02525-BDCB-4E84-88F1-37DBE8A591B7}"=""
"{70BF2290-AE8F-4BEC-95D8-E47BBD53B12A}"=""
"{38CD0CC6-3681-483D-A30F-1F6F03F55B99}"=""
"{8C6169D5-1F00-4E49-A21B-EF01809286CE}"=""
"{7BD64925-2E98-47FD-8C68-1F2692366A19}"=""
"{932433F9-BAD9-4E4D-B1CA-0AB4869E589D}"=""
"{FFBB6D4F-1387-4146-9F6C-232B43EF6513}"=""
"{8EB35546-E1A5-437B-8448-28709B5B86E1}"=""
"{8339A489-C2AE-46DA-828D-53A411845B1B}"=""
"{D90C6645-9A12-4DCD-A20A-EE7429F2D956}"=""
"{B121B8F0-4070-407E-B7FE-079F2AB939D1}"=""
"{B8461ED2-B72C-477E-9728-07D668B8EE2F}"=""
"{7189AD42-4478-4170-9190-982DBC39ADF9}"=""
"{02D8E459-0FB7-4CB1-8486-8EA28C9F133D}"=""
"{C25A6A7A-0BCF-4AE6-92FE-0B92C5C83558}"=""
"{A957BD82-139D-4973-A3EB-190356FE16F2}"=""
"{35F4620D-9960-4E5C-BDC0-3E17FDB41D58}"=""
"{3A403469-BFC4-4651-8C8E-7A295AF66CD9}"=""
"{5F543FD2-C102-4996-9CEB-A20364826520}"=""
"{CD33D713-9012-4A91-B5F2-0C9A399BEC14}"=""
"{1DCAF07F-C4FB-4039-BC32-0C1B2D03F127}"=""
"{E7F1E4BA-87C8-4C26-A8A6-FFAEF72FD5BE}"=""
"{893753F5-FA16-405B-95FC-FC70F7642F58}"=""
"{743EC19B-B6B4-4AA9-864B-5F0B835C75A0}"=""
"{5BF658B5-8881-4911-879F-24028A5245D3}"=""
"{C2FECBF6-0D41-4805-8F08-E78BC39FF50A}"=""
"{6BA66A8C-A8B7-465F-8C2B-45193BB0D3E1}"=""
"{7A95DE7D-559D-4383-9056-BB435138DDF4}"=""
"{AFB89A23-6A40-4CA5-91A2-D962CBE78D04}"=""
"{72399B2D-BBAB-40E3-AFFC-6C72D757E9C9}"=""
"{85180CA8-503E-49D3-AAA5-D5B3496CB80B}"=""
"{998673FC-C281-409E-9466-A7F9A9FC9B51}"=""
"{2F80E1E6-4310-47CC-92BC-401968A47531}"=""
"{3D712F7E-C1CF-45D5-AC7E-50DBD5F1434F}"=""
"{C6898798-D1E9-487D-B66E-2369863CD73E}"=""
"{1EA3736B-5AE6-4BBB-91E4-17A38E8D54A8}"=""
"{D7BA5CDB-CB0E-4ED7-9278-CA8C7129EC35}"=""
"{793E2774-2355-40E5-A22F-4A0AF389AE2B}"=""
"{7D7D779C-54A8-4BAD-A53A-00B7859C11A2}"=""
"{E1224D15-FEC2-4F2F-AB53-0D2E762B6323}"=""
"{B0D0FDC9-1E04-4660-A59A-E542128853E0}"=""
"{A3A7FBEA-CF43-4B87-915A-0555F861887B}"=""
"{30E18CF7-E8D8-46D2-852D-8049E4FC7CD3}"=""
"{8B047472-8F4D-41C2-8C73-10857C441B4D}"=""
"{5865BC44-2678-4FCD-A725-29212A1B85F1}"=""
"{5EE490A8-BD25-4CE8-827E-01D8E5B2F476}"=""
"{6D276CC7-2894-4E1D-8BAA-6A60A500B54E}"=""
"{DF61FCA8-7B42-4BFE-BB2D-09D319981C5C}"=""
"{84FA424E-A0F7-42C4-A35D-80DBE1FA553E}"=""
"{C92A584D-2C3A-4CA5-A61C-4E1B3E7B93BF}"=""
"{1267BDAC-EF50-4B71-873E-169679681D4D}"=""
"{44AF96E7-ABBD-4A31-B40A-55CD06BEAC3E}"=""
"{FFF5B973-30CF-4719-ACCB-ADE21D9F1CDC}"=""
"{B237306C-F67E-45E5-A360-4BABB0CF4217}"=""
"{E92C9E2A-54AC-40F0-98D6-B9C2A2019EBE}"=""
"{9AF76B41-BC06-43CE-B4CE-89094F981CB9}"=""
"{0C6F8B44-851A-4681-A376-D915884CE8B4}"=""
"{AA29EF06-E385-488F-A261-8E584C5F7E9D}"=""
"{00E29715-C0E5-4351-A4F1-64806C63902D}"=""
"{5C1201BC-6FD9-4B76-B7AE-5C5E8F968415}"=""
"{AEC9B9C3-416D-4DCF-8F70-730F129686AC}"=""
"{98518F7D-AB6C-4C6D-943C-678786A66791}"=""
"{6B93F209-936D-403E-A2B6-E77DF6FB7146}"=""
"{7D694ED7-FC8E-4F3A-9A48-2D188DF50F40}"=""
"{BB42A61C-22E9-422D-AAA7-0066788CFE58}"=""
"{D322BA6B-E4E9-478B-AF6E-5597493E65F6}"=""
"{B6C7294C-B05B-415F-BB44-C5751EABC222}"=""
"{D804D25C-F360-4F09-8548-CFE4FF3B8953}"=""
"{EA7A9212-698F-4C54-98CE-FC7BF52DC072}"=""
"{872637AD-3E56-4B44-9C36-14154D3A6C64}"=""
"{CE043865-D630-4CB3-AC71-D027A5888A50}"=""
"{4460686C-252A-44BE-BCA5-2774E2AE69F2}"=""
"{EB763B5A-E46E-4FED-A617-9433C28518AF}"=""
"{722BBF0C-4022-4032-91BE-4886BE074399}"=""
"{356A1917-BBF8-413D-BC76-3FFC09F09E29}"=""
"{BBF6F3E9-0845-40AE-B84A-8DD3C1433811}"=""
"{BFA0A2CB-F402-42E0-BC4F-2BE4D6162E87}"=""
"{B35F7266-3F13-45B5-9909-8003279907C4}"=""
"{86AD1CFD-8FEA-4F0E-93F6-125DC66C72A5}"=""
"{A4C39DD7-7841-486F-829B-AC3DAF81E445}"=""
"{397996DB-B0FD-4A10-803F-DC8C9BBF02A6}"=""
"{8CA3B91F-A1F6-4C64-9139-E0782683B2E4}"=""
"{F36D1F80-C263-428F-B07A-F614C6371BCF}"=""
"{70134642-427B-47C1-B331-DEEEC3C02D42}"=""
"{621A528A-74CB-4E9D-A4DF-2FD15EE0E12F}"=""
"{94D0BBB6-6236-4E2C-92C6-9295AB54A790}"=""
"{C0522748-1D5D-45BF-AFA0-CC8708C93368}"=""
"{686E2BCC-44AF-4505-AA7F-B9331E156F80}"=""
"{1BD7AF59-8ED5-4044-8513-966629F21806}"=""
"{56612C6A-4666-4851-9B87-C0410807C4D0}"=""
"{E745EE18-B889-4881-A345-AB7CBAA34CE7}"=""
"{68B9EE8E-296D-4E52-A9A7-F7F360EE2E04}"=""
"{FEAFD36A-5968-477B-BD98-1228D5822A36}"=""
"{2D95264D-E099-4392-B1DD-7A91629C6706}"=""
"{A1C3A43A-9826-4FB2-B6C4-0AAEA7878509}"=""
"{9237E45D-5AE9-49B7-BE38-B16DCF26C6D2}"=""
"{BA249D3D-26E7-4519-A32F-978A824DFBDA}"=""
"{A967E329-7839-4AF2-9702-B5F9BE5E08CD}"=""
"{CFC18BF9-EE49-4AB7-B304-5A1FDA55F25B}"=""
"{CCB6328E-55F5-47F9-82D6-9306062DF72C}"=""
"{A865076D-A342-47DE-9A1D-BC03C7ECA975}"=""
"{896E1535-F80C-404F-9339-0F29E6983316}"=""
"{1173DADC-3480-4AF8-8D31-E717C487EC4A}"=""
"{FD2798E3-060C-4E34-B30E-0A85BA867075}"=""
"{9A7B58F6-4288-40C0-92F5-B9C2288921BA}"=""
"{47FAB8F6-759F-4D79-9712-3681F6C8426C}"=""
"{13CC83B0-BF8F-4116-AE07-991EBE76F163}"=""
"{3601303A-1612-4A97-946C-286CCB1F8D56}"=""
"{89DE4033-3E3A-4238-87A0-4567EC20DC73}"=""
"{59CDBD73-39E5-44C3-AE1D-C58D93A78154}"=""
"{1AFC7592-DC29-403C-8062-97E402C347AE}"=""
"{4B647FF4-2700-4AFA-A93F-BD47D4C46170}"=""
"{D911D17B-B806-4867-8B86-56A574FDB3BD}"=""
"{731B7395-173E-47B8-9C69-F818D25A9A0B}"=""
"{6CB81AEA-937C-4C62-AAC8-B97D4C2A4E84}"=""
"{632E1986-F336-47CB-B5C7-EF3CF5EE0967}"=""
"{F5E856B6-5FDE-4DC3-BA10-DBCBA074D785}"=""
"{8C5E53BE-3186-456E-90FB-FDD2EFBC7D78}"=""
"{877D2965-1C26-4A63-9400-2F481A0D9507}"=""
"{CE52FAF6-C954-4700-9BA8-F2A848763E20}"=""
"{6DD39258-A112-4156-80EF-1169727B1388}"=""
"{1051A7EF-C06C-4491-AD0D-7B266344364E}"=""
"{44ED25DF-E14A-4214-A1AF-3ABCB35E88F4}"=""
"{DA7D8944-688B-4CED-A05D-EC53BE138487}"=""
"{DA4A51A7-47FB-43D2-83B0-E44DA326D26F}"=""
"{771B1A0C-2706-4A55-8176-5D8CF36A240E}"=""
"{F76B3D91-FD3C-4691-ADE8-3F2542048CD9}"=""
"{7E7448C6-99BA-4615-A2E4-4D0838227BBC}"=""
"{56A19C30-47E5-408E-8A77-9625E6339BB9}"=""
"{773439F8-C751-4087-9A45-96D618F02D15}"=""
"{B9A293B5-D261-45C8-AA67-3E50DB760F3C}"=""
"{0517C15F-2D2A-4021-AE06-37AB07C902C1}"=""
"{8A70523A-F4FD-4371-9B90-8DA4D3476C8C}"=""
"{DE50BF0D-ADF4-4B77-B81F-824BF76E110C}"=""
"{99056EDC-76B7-4D41-866F-D6746C8D6E30}"=""
"{DF5BB972-09B7-4926-B6BF-4AF9C1F795FE}"=""
"{707BB3C9-9034-4A3A-9F55-C5EFC1DDDF87}"=""
"{FCAF429B-B36D-4217-A3B6-B278C3E5A612}"=""
"{D86A6978-8539-4729-9391-0C5E6799DCAA}"=""
"{AE892D4C-B111-473E-98B0-0DDE7F894FDC}"=""
"{E6A99818-6D21-41BE-AEB6-67C3BD786E8B}"=""
"{1EF2D35B-E16C-4316-8CE8-B75BD4071B57}"=""
"{A60E600A-67E8-4125-AACC-5036C3A4DEFF}"=""
"{AFDFA0C2-FD12-4F94-90BA-74E71C1FF231}"=""
"{8AC6236A-0D7D-4F6D-A23D-C5F26DBBA211}"=""
"{43D6FF50-8DEF-4578-A283-97555D1801CB}"=""
"{B4234756-A99C-4E4A-8C06-BCF717D1C2AB}"=""
"{BA02E3D3-5505-4F5C-ABE4-B72A40F663F8}"=""
"{763524A3-61FF-4B9A-94B8-16326C0535E5}"=""
"{65B8439F-4DD5-4969-8799-97D410A5AA9C}"=""
"{10406D36-0E3B-43A1-ADDB-C3B2D9DD6C60}"=""
"{09D0A781-73BE-43B6-8695-4B8C5D9684A0}"=""
"{26C3429D-1EFB-46AA-B8D1-515696B53752}"=""
"{6B472C2F-25FC-434A-86CD-D0E476A12B76}"=""
"{4B1D3140-B880-4AD3-80F9-C18520D42D0F}"=""
"{405579DC-8712-450A-8C73-6BC2F288C238}"=""
"{B46BE264-0095-464D-8124-BE29C71970F1}"=""
"{BD31CE11-CBC1-4467-A676-686B918FCB85}"=""
"{FB91016D-F9D0-4132-B5A5-375BB523156C}"=""
"{980BCC89-0034-469C-8CB8-2F3CE0976363}"=""
"{B3A876F5-0C73-4F99-B728-38D213BD5052}"=""
"{78C6ABB6-E057-497A-BC02-0B6C27B9BECE}"=""
"{070E9451-9997-439C-9BD6-6D7488138549}"=""
"{A6C21844-2634-4F51-A97E-0147927EF262}"=""
"{25B0E65A-DDD2-4967-9EEC-BAC6D2E0EF8E}"=""
"{5805D597-03D5-475A-89B2-C572F4FA5C2B}"=""
"{FBF268C8-C60F-4944-AF55-4D66029F6869}"=""
"{E9C40E76-9ECD-4F37-80C2-C5916B8CDC7F}"=""
"{51FDFF22-63F7-45FF-8F47-9523B913B6B1}"=""
"{A08B20F5-1ECD-443D-B155-745C6EAB70DE}"=""
"{53CA0DF2-DD3F-4FCD-823F-CB47ECC25833}"=""
"{3636961E-D0CD-42B3-B5F8-CAE74A1F562C}"=""
"{AD74B675-ABA5-417F-9783-EF7666AAB5EF}"=""
"{36A5EA91-2308-4178-A581-B9ADE1AE67CB}"=""
"{3DB48251-0F75-4D35-A432-E57F6C1DA12A}"=""
"{AB96EAEC-1264-451B-ADDB-25CDB3B2E7B6}"=""
"{FE933F4B-8EDF-4E31-BB7D-EC9DC3BF149A}"=""
"{2069F295-D19D-4A37-B773-02F271B98128}"=""
"{CD9CD821-DB10-4850-B7BB-4EE02489AA6A}"=""
"{41E66E72-C416-4EFA-8865-838E2AD0F274}"=""
"{21CCBC2C-2C07-4D43-8E08-DB26B4AB5C53}"=""
"{E487D540-0068-4960-9696-6A7B209B1730}"=""
"{DCE4A0FC-6FCC-41E2-9BB0-03A6888ED6ED}"=""
"{421878CE-3E0C-40E4-9CAF-F4C21E8A20ED}"=""
"{4632D259-0D12-426B-849B-1CA0FC598A45}"=""
"{2D4EE2CD-6265-483B-A498-952AEC29D575}"=""
"{7A434B97-273C-4E42-AA92-5E4D66C2F286}"=""
"{05BD110D-9AE2-49F6-AB65-E3117130E764}"=""
"{8D5DB430-2753-42F1-84B8-B9BBBC0719E9}"=""
"{3F62A5CE-C784-41F2-88FC-3BEC3BC40C2B}"=""
"{8CB47107-55CC-4A67-91A0-4C118378BF1E}"=""
"{6844202A-A46D-4F5D-A17C-3D19B4B67E06}"=""
"{DA33F368-D980-4C53-B537-553FBDE726ED}"=""
"{2CF449A7-D4A1-40A8-9983-BD052218F7EF}"=""
"{572DF9D2-35FC-4663-BF2D-A0ACB42428EA}"=""
"{9807E851-2451-431C-A8D3-07C65CB4579D}"=""
"{B153D759-DAF6-4351-BDDD-884FE351F1DE}"=""
"{D6871ED0-EFAE-4BEA-8813-42941B11E3EA}"=""
"{1AE355D0-753C-41E7-8897-671CD96280D9}"=""
"{5909D798-CD83-4E0B-A5CE-35912ECA5972}"=""
"{E4A8343C-E424-4682-8E55-D2AED50E49A5}"=""
"{782A123A-6C8E-49E6-B412-BABDE810DE15}"=""
"{C827B2D0-7C59-4ED0-90CD-1BACAA488C95}"=""
"{78C77983-C63A-4013-854F-B5D47B5D30C0}"=""
"{62A38143-5C48-4D3D-A559-B575E99C4E78}"=""
"{82BCE75A-1DC1-40C8-974F-0F949B1B825C}"=""
"{301586CE-2B38-4CCB-A853-6A2132A67727}"=""
"{C9DA1400-EA21-4DEC-9AB4-E5F43CF67799}"=""
"{D7B99427-3B49-43D1-8F92-7A297F3D8CC0}"=""
"{13B2882D-54BD-4121-A9D5-9A90091BBEA7}"=""
"{14C18DD7-6CB3-4244-B465-EBAEBD6FD282}"=""
"{AF549165-15B6-4599-A8EC-96C1C11C43CE}"=""
"{1129B38D-0051-40BA-A3CD-724402A593C4}"=""
"{E6C0A6B7-AC0B-403F-97B3-5902C62EAB4B}"=""
"{577A74B7-46FD-4B07-921E-B38DB200389C}"=""
"{C5118ED2-3444-4A6E-B207-7B9E2311583B}"=""
"{E695585E-2A94-4BED-AD68-490FB1E74647}"=""
"{D5FF0462-007E-417E-8AEF-7DBF9559877D}"=""
"{468D15E5-062D-47FC-99F5-EC4944A7D5A5}"=""
"{1D0F9BE9-BF2D-4BB6-A0C9-A8B95F593FD0}"=""
"{8B0CFC28-047A-4BB4-AFE3-08B2518135D5}"=""
"{3ED20029-F035-4E27-AC8E-A9035A1C18E0}"=""
"{C3BC4AF8-CFAD-4589-9339-BA2B792CC556}"=""
"{7F518D1D-ECDC-49F7-9B09-81ABF91F9CB1}"=""
"{29BAC23C-ED5A-460F-BFB2-677A3F73C030}"=""
"{DEA55526-95D7-4410-B3EE-D02A512E99A1}"=""
"{BE942FBC-56AF-4FB4-A0C7-09E9F23C4092}"=""
"{95D6C0B6-BAB7-4332-8E12-A0DCC5C7AB40}"=""
"{8BB77B68-A5AB-4AC4-9994-E953C410015E}"=""
"{1FE1BCFD-A59E-4FEA-9C8B-F3ECD169138A}"=""
"{1E79E28D-FDBB-48C3-97E6-8860551897F2}"=""
"{5834E63C-053E-4EAD-927F-A6A56D80B5B9}"=""
"{0523F895-4642-401B-80F1-38D61822D2F0}"=""
"{CB96CBF3-9D0B-434B-8EDF-82CDE3FD710E}"=""
"{74DD32A1-66CD-491D-8AF5-399CEC94FD82}"=""
"{8E02E6C7-F555-4AB6-91C3-D2CFBF9FF503}"=""
"{E9121E95-672B-44EE-9CA3-363D25B980F4}"=""
"{E4453043-AE27-4547-BA97-177534085872}"=""
"{58EEF4A3-F9C6-4117-B516-68884CA8BA20}"=""
"{62389C8D-CAA8-4C31-92A6-7FC89752E75D}"=""
"{3995BFDE-3010-43F2-9B28-06D789750942}"=""
"{394F924F-E10B-4B2E-BE92-4E1745E00E94}"=""
"{8435C4D7-F997-4002-AB26-2772F1CA5BF8}"=""
"{F12BC84D-1494-4E5D-9883-47942B64C7FE}"=""
"{6157930D-4957-4A41-9936-1602A1F6E3BE}"=""
"{937D47CA-4DAE-44BE-A69A-492A7C255F41}"=""
"{137CF280-0C53-4C9E-8CF3-647388CAFC03}"=""
"{9BE2F443-F203-486B-BC27-EDF51715915D}"=""
"{0F829EA7-BB26-45D7-A676-083CB09C84FB}"=""
"{355B4C3C-BDEB-415B-B369-AA083B9D8CE7}"=""
"{6F17D021-C879-446F-9049-0D66B5C64F71}"=""
"{C9AEA83A-07ED-4915-8161-F1892BB4A4D9}"=""
"{9F2DBAF4-2B5F-413B-A19B-F9403F8A4013}"=""
"{209127BF-2F11-4D78-B592-380A32D200FB}"=""
"{AF5F9CB3-AEE7-4E1E-9063-47C8B8F66C5F}"=""
"{B39ED0F3-24BC-4C44-B66C-EB7C96499919}"=""
"{E5107A02-0D66-46C4-B0D5-C9C8711E66A6}"=""
"{981E85E6-6096-4784-A678-7BC28FBBDCAD}"=""
"{02CDF8C1-A006-4F8C-9279-5B217DA42736}"=""
"{05E832BF-0055-4FE3-8486-ED0959CCB0BB}"=""
"{5009C586-FB53-47E1-8F32-035BC05327EB}"=""
"{CC95ED8D-8CDC-4981-9B76-FBC47ABE940D}"=""
"{C4E97270-D3BB-4F64-97ED-7BCB5958C19E}"=""
"{7CA56E9C-78DF-44FA-B687-D96B14482F54}"=""
"{0ED753AB-8C53-4376-B3C7-905B96ABB777}"=""
"{A465F7FB-AEE0-407E-A9C3-34B1DA6F4B4E}"=""
"{52F41C39-20E8-4969-B37A-8B8DD8DDE586}"=""
"{2330EE83-5522-462A-ADE5-4EA90A39153C}"=""
"{D89CA166-2128-4F01-A6FE-A102F2197ECB}"=""
"{D4AF99A7-E581-4657-A7E7-453F26784B2E}"=""
"{A2F609AC-A7BA-400C-AAEA-0F62DDD7C0AD}"=""
"{EB8FC8DE-3127-4544-85AB-565EE017B343}"=""
"{E797F295-FB23-489A-81FD-985F15F1E355}"=""
"{38455A8E-CFCA-499C-AF06-AC88B244700F}"=""
"{0A73BE4B-3703-4EDE-9224-25C0793C4BF1}"=""
"{C424C826-222C-4CC3-9BA6-CF4C4C854B0E}"=""
"{3D92BE83-0060-4276-8285-CC4B06B4C7FF}"=""
"{ECA0BFCF-46E9-4033-B3DB-138B296EBF4E}"=""
"{7D21EBEB-C283-4029-AC7D-2B4B6CD39581}"=""
"{7F99D4CA-1CDD-4425-ADE5-9561A75C425F}"=""
"{1F2299C8-30AB-487E-ACD6-B839EB7E1788}"=""
"{36BEC69F-9704-4602-A66D-634896D1A120}"=""
"{F42302B8-24AB-42DB-9593-C9C5C7929855}"=""
"{9C0B0223-2F5A-4427-A22E-BDF5F70462DA}"=""
"{BF3257E8-F1C6-4EC5-BB14-8B640FED0462}"=""
"{332064A5-05E7-4B3B-B083-1B78B12300EB}"=""
"{96A70DA0-0F27-4A6E-9697-19F0FB92A58D}"=""
"{1550010D-02A7-4F37-9E6A-5550F475C628}"=""
"{6BEEB68D-B6A8-4750-A7A8-86BE2E5E16FD}"=""
"{4ECA1115-50C1-45FD-A948-11B15AFED087}"=""
"{0FA1E184-4C07-469F-9994-8B9C68115DDC}"=""
"{A6E4F4BF-B913-49FB-8470-EAD1B325F71B}"=""
"{CF2CEC01-C300-4442-AB6D-67CE0DD13745}"=""
"{7C20F03C-63B7-4B63-99BF-4F22A3F20462}"=""
"{0730287B-E394-4025-83AB-B077FB45EB3A}"=""
"{7F376459-377F-41D5-901B-E3210520FB6C}"=""
"{69788E5C-FC28-418E-9B2A-44CC6EB44C55}"=""
"{92A9D082-FF6B-4F37-8004-CACCCDB90917}"=""
"{10C646C6-6DC3-4CCF-9DAE-F1C0268CD914}"=""
"{728E11C8-AC78-44B2-9217-910CA9B2D9B6}"=""
"{5FF2CC83-D9E8-49C4-AB65-A3E53BD2E27B}"=""
"{5A193EC0-7CE0-47E5-8D7A-B39045B80E8D}"=""
"{630A7486-3B40-43BE-85E8-A5B1501DA46C}"=""
"{4F287D76-CC82-469D-9E18-B5DD86852ADD}"=""
"{08213C70-E4D9-44A9-9D04-F82966DB9B4B}"=""
"{3F60C4FD-0CD2-47AB-AF4F-C067713F359F}"=""
"{C7607F2E-5CBE-4B0B-A87B-397374CF3635}"=""
"{E80A7C15-2C45-4C2F-9CEE-9198B325D01D}"=""
"{EE2FE889-503E-4C78-9039-198459A03BDD}"=""
"{D795B1EC-7542-4274-A547-06B277E7E9DD}"=""
"{9DEA4BB6-15EB-441D-AAB2-AEB86ACE2E56}"=""
"{383C9A4F-DD8F-4D59-96AA-A49089BB8AD6}"=""
"{6BF1805F-FD75-4C15-8A0A-8AFC86B21BF7}"=""
"{D83CD7EC-4CF2-4E05-AE55-A644B2ED0A71}"=""
"{685A257D-35AF-4168-8ACD-C999017193E4}"=""
"{06220D46-845C-43F2-AC45-684648867AB9}"=""
"{0B50B02F-7EB3-4BCA-A722-739DD2842789}"=""
"{AB6552F3-F8BA-4FE7-BAC3-B0DF205830C5}"=""
"{351A58DA-8E43-4A10-B805-B8DA2E103EB1}"=""
"{6321FA3B-0D00-4978-B282-06115FBC9C72}"=""
"{BFB31681-5B75-4D50-8CC5-075AB4481B9C}"=""
"{BA17B048-A2F6-4AB1-A825-B0F85D8A5C40}"=""
"{240C89C6-C5A6-411D-88A9-9C0A5505E340}"=""
"{8488DC79-D6D0-420B-864E-29A8AC8F45A4}"=""
"{8137311E-00A7-4A06-AEF4-8A33232C6947}"=""
"{CD52C734-53CD-449F-81EB-E9E997FC2C31}"=""
"{633A1179-45D2-43A1-A20B-C3F97814ADAB}"=""
"{3EA1F8F9-3B95-4124-A97D-C8B3AAB861C4}"=""
"{AAD81C30-A40A-451F-AEDC-509C7841C2D4}"=""
"{ACABF257-BBDF-4370-B2BF-0DE3DD8F5799}"=""
"{BC069419-6AC4-462E-B48D-C3C31E5C2CDE}"=""
"{B9999341-E6CB-46FD-82F9-D0AF4EB13D02}"=""
"{E2CA3A47-76F5-4D7A-A7DF-07702A54F7F8}"=""
"{340AEDFD-00D2-4BA4-B4EF-C654B9363913}"=""
"{06628E64-1C50-4953-B943-F7A67388BD1F}"=""
"{67099B0F-4CE5-409B-BEEE-A31C6B945D45}"=""
"{C43DE441-61B6-4ECC-9A48-F3415F719301}"=""
"{8CEE307B-9AAE-42FC-BE07-7E95655B114D}"=""
"{212DD3FE-407E-4812-B45C-10A135D6EB70}"=""
"{924CFCE2-0C2E-4F02-AFE0-839624E87C4C}"=""
"{CC49BCE4-43BE-4105-A193-BE1E89B6FFD1}"=""
"{8946685A-5451-4392-98B9-388357F878CF}"=""
"{E1B6F1F8-E098-46E1-BF33-221B52859296}"=""
"{8C0F5C10-086C-4D21-81C0-E047B797A805}"=""
"{E47C0976-E0DF-4920-B75E-2F52B8156F41}"=""
"{ED4BFB9E-C803-4E01-A877-E473BC0C7A6E}"=""
"{737ACC0D-0C0F-4F40-8E73-3577BEF282CF}"=""
"{C8A1BCDD-AEC0-4253-8BF0-ED24553838A4}"=""
"{8B150319-3F4E-46C5-92D8-CC750AEB2FA3}"=""
"{271A1F60-CF90-4653-A723-51E560F9FF1F}"=""
"{7C1FE771-819C-4F3E-BCA6-40E7E52027B4}"=""
"{FBBC03BD-DE13-433A-A278-3FEBC374B2FA}"=""
"{CFC6937D-AA87-4C1D-8529-96C801394D0B}"=""
"{4E5F78EF-4220-4FFC-B5A6-8EB0663D1C12}"=""
"{26C42FD1-BDA7-4C08-83FB-D08486244FEA}"=""
"{5E6BF2FB-07B9-4C0D-8E12-FF90C8E67315}"=""
"{9A079019-8DF9-4FF8-9AAC-B28D7E5EBF1D}"=""
"{B8E2FA5C-B4C0-4A08-9AAB-D66605AFC9BE}"=""
"{109F11AD-1247-4E3E-B7E5-BB833BB6EAF0}"=""
"{0A69FA1B-C99E-44CC-97D9-517822E45A4B}"=""
"{AEA695F4-4DF0-4B24-8A4E-D063935CDDE8}"=""
"{E2CD1816-216E-4A03-A974-4ECB8FFF0A9B}"=""
"{AC51B037-B565-4303-96EA-9CB56FD8DFA3}"=""
"{8A1D34DB-15CA-416F-AE78-D26B2E7B034B}"=""
"{58C608CC-A9BD-4E78-8BE3-5FF79A3872B4}"=""
"{7E5D17FB-47F3-4867-AA65-F4A1D6C5D2DD}"=""
"{734DA4C1-8A70-4572-8A77-95227B196C97}"=""
"{AD8943C9-2DAB-4A4A-9BDF-3BAD8D692061}"=""
"{99BC5565-4117-4443-A369-060CA1A0BE59}"=""
"{E7452315-295E-4905-B2B3-EC05A6F34D18}"=""
"{B3E2DE79-A2E1-4045-A3A7-97EE6E431A65}"=""
"{1A4FE2F5-D327-4D10-9F91-E89AAEB2FBE1}"=""
"{A85E422D-9FFF-4764-B867-DA52B1BE203A}"=""
"{0EFF28D0-44AB-4306-9C04-9719CE8020E6}"=""
"{B194E638-C671-47D2-91CF-29E3A6B9E397}"=""
"{7A2DE214-2461-4E40-9540-A6444E4F98D7}"=""
"{2243010C-57B8-4573-B5FB-DD807F32261C}"=""
"{0BA54915-BEB1-4535-99EB-AAA23EF95416}"=""
"{BB6BAD1B-12A0-4CDE-98CF-308BC27CB5D2}"=""
"{A88EE2E1-D699-426E-B19A-C76D82E4EF0D}"=""
"{600B406C-58A6-47D7-B248-7A4924796415}"=""
"{84F1E1E3-8548-44B8-A4E8-CBCEF6B52ECB}"=""
"{9CB48F97-22DE-4E0F-9DAD-8B1004EA6F93}"=""
"{D6E4B67B-37AB-4300-B21C-037A77EF3B27}"=""
"{D04BF4A3-8519-4F6F-AEC6-AE7464BDCD09}"=""
"{FCB56F61-04FD-48E2-A4C0-5236AEECA7E8}"=""
"{07AE983D-BF39-4F98-AEA9-8D42C8D55716}"=""
"{D55E9DDF-1EE2-454C-A229-8B37FB9C7B6A}"=""
"{92E7E10A-BD7C-40B5-9581-B5DA2F9AC556}"=""
"{E5CB9FB5-A84F-4A20-8A29-941D1C4C1F45}"=""
"{7947B7C2-FA85-4328-99B8-4DBF33E26F37}"=""
"{A8460D89-EACB-4C5B-BB58-0DBC365EB166}"=""
"{9485EC22-29FC-430A-8816-6E39620F0904}"=""
"{0265ACF7-6C63-4D88-9FFD-08CBFE2EE3E8}"=""
"{1CB59798-803B-4E06-907F-808E4408ACB5}"=""
"{08F2D16E-EC89-419C-90F1-E4B67A022118}"=""
"{0B8BB7D5-1104-4706-8FA4-C6FA04459D2B}"=""
"{C4EAF339-D17C-462C-A465-0691C01FEAB2}"=""
"{A3FC8883-0B91-492A-9628-2B89CE2B62DA}"=""
"{54D0DC09-A0FF-43CF-AB37-B1F2106CCF7C}"=""
"{B7810FE1-0D10-4716-821F-62C572A8AE6A}"=""
"{7472C049-51D9-44E6-84B7-A84291F032E7}"=""
"{CFEF821A-DBAA-4584-85CC-8D6B92C8E733}"=""
"{571168BD-0AE2-45E0-8D81-3787E1A2221D}"=""
"{C2F79F31-34A6-4DB3-8545-151B4345CBA6}"=""
"{4893499C-8690-419C-B7F3-7644EC4F74CD}"=""
"{30C95633-7A6B-44C3-BD53-FA6D04382384}"=""
"{E67B69A2-A619-45AF-86F2-B62C72A020B5}"=""
"{33DA6C7A-FC14-431A-957A-74412849C34A}"=""
"{8B335587-3276-439F-926D-0807E57193B5}"=""
"{123362DF-AF60-45A0-ACB8-B66707C23A00}"=""
"{165A4664-E70C-4C2F-A880-6E9412183A4A}"=""
"{0D1B8DEE-3430-4387-A4F3-90EC887D55AE}"=""
"{0A414DCD-5D26-49C1-98A3-888EC34CBDDB}"=""
"{71DEF322-80BF-4AC9-9607-212A7B022A51}"=""
"{05C802CD-78EA-4F3C-B2E2-946D355BB06F}"=""
"{D9CA3E4F-9C90-4C0A-9ADA-EA957B85FA26}"=""
"{CA455691-1D68-4A88-9118-38A05CC9399F}"=""
"{BF39B85E-775F-4C43-A475-1F2AF66DA556}"=""
"{DFF57981-AA52-4F01-AED6-D6CE9368B494}"=""
"{0FD2F8C3-78EC-4D30-AD39-0F321332FC76}"=""
"{15267966-9B6C-4F0C-89A4-0A141A5576AD}"=""
"{83A16A4D-347D-4B05-A63B-1F630D8D9080}"=""
"{98BA6289-21FC-46BF-907D-B8C121F551D0}"=""
"{C62C4537-AF04-4E28-99D3-A4BAA32DB18B}"=""
"{AFE32495-AFE4-445B-A19C-80A08999F56D}"=""
"{D9FFBF67-C4EB-4905-953E-4DCBAA3EF997}"=""
"{238D3B8A-584D-4964-A0A3-A3F496625849}"=""
"{62B815BB-A85A-42DE-9A0C-A5922DBBE54B}"=""
"{9F57F62C-C5B7-470F-BCD6-B362941A026A}"=""
"{35A6AF81-E95E-4583-ACA7-28FFC937B66A}"=""
"{53B528EB-EEBA-418B-A064-43401F5DE43A}"=""
"{F6DA82AC-8002-4909-BF4A-D13B66536F97}"=""
"{C5582F41-0B68-4783-9D1C-53D493F95E80}"=""
"{2D8529BB-AAD5-4EBC-826B-D376309E5E32}"=""
"{26E8C0B2-21E9-42FD-A518-9D258B588380}"=""
"{79E72AB0-73F0-4309-AE65-1E0418E2E503}"=""
"{A9FCE33D-88EC-449C-8391-203C846E46B6}"=""
"{EB1D8F1F-B8D2-4316-A804-37B2083E6319}"=""
"{4729B10A-94DD-4C55-ABB9-1098E87EB79A}"=""
"{16DAB6B2-5F6B-49DB-ACB6-4BDB4A39333F}"=""
"{A3CFBA72-0FCF-4D8C-84FF-AA7756A44ECC}"=""
"{1A2C1E98-7CAF-45EF-B9B9-63C85CB7B4B7}"=""
"{2745FF28-C1F3-41AC-AB5F-E64BC6F94547}"=""
"{DDA520A5-73D3-4F96-BC5E-C3325F0556CA}"=""
"{516BF564-C4E6-480D-A650-93FC650FEE71}"=""
"{5D00525D-E894-4AD0-A19F-914F24D313D0}"=""
"{E7C3FA59-F24B-4622-AED2-D347FC1137CD}"=""
"{419AAB7B-CA96-4BFE-8C65-A96E695A23B8}"=""
"{E5A2AEB8-6E0C-40DD-BC77-7770D46B1397}"=""
"{AD9139F6-66AB-473D-8F32-A171B28F9F4E}"=""
"{F07BDE89-302E-4A5D-9D0D-E025B57E315B}"=""
"{5FBAC5E0-0311-41F5-9271-EC334D0CFAD5}"=""
"{0D3D753E-D175-4FFA-8D66-842FD74512CC}"=""
"{AB8832AB-6850-455C-B496-E6078805159D}"=""
"{6C0E8E0B-831B-435D-98DF-8E2E69B08EAF}"=""
"{46D123FE-8FF9-40FD-BB76-E733401A8AD1}"=""
"{554E9739-CEA3-4A92-AAA1-38E70F46410D}"=""
"{08639CD1-329C-4EE3-9862-87ED12961EC0}"=""
"{98D3AF78-4118-4266-A94D-1D3F83CC2AAA}"=""
"{BF6989EC-D2C5-43D1-8F5D-ED89A81E0DDE}"=""
"{C9D2B9CE-56A6-479B-92D6-4A8C26CB4591}"=""
"{4F724ACC-8DB4-47DF-BDED-23A18576E77B}"=""
"{7237D29F-841B-406D-957F-D8F13F5F02F5}"=""
"{41B6E448-0DA2-436B-B80C-5A300FC18445}"=""
"{14B05CF0-6F0D-440B-A019-DA26957817AD}"=""
"{1DFAA81C-F3D5-4236-ADB1-4E04F8CCF8AD}"=""
"{B73375D0-4564-42E9-8961-A6A1F5DB68D0}"=""
"{BBB537CA-E97F-4547-8232-13E8DFBF988D}"=""
"{4CC6DC87-72F4-499B-A1A3-72DA0F18918E}"=""
"{A67A0AD7-CE1B-416B-9FA9-E6DDED62AF15}"=""
"{8F1EF0B1-3B9B-4C93-A042-868483A7CE27}"=""
"{0B977B36-AB8A-4D61-B58A-560FEE430457}"=""
"{7ECE95D2-BBC2-4E35-A452-D9DEFBBCB989}"=""
"{B876DB11-EB13-45AD-83C6-6EFA58397D38}"=""
"{74AE2E75-45FD-4B45-9876-59C41611A426}"=""
"{241A1087-FFE1-41A9-9C51-746294B906FC}"=""
"{627AABD8-8850-450B-AE3B-D6C3D6085F51}"=""
"{58FE92EA-3799-43E3-8719-2B5F05D20BDB}"=""
"{94D8BE7B-C53C-43F0-ADD4-F8A87B33FCEC}"=""
"{16C6F908-DFEA-4F3C-9935-E8D8B3F173C5}"=""
"{6698AB84-ABB5-4697-911E-CDD6B74FE96D}"=""
"{5F987E31-2F41-449E-A0D7-38BD4C1D57F9}"=""
"{A248DC41-E993-47E7-9D62-18C82CC08D1A}"=""
"{FA1F4166-A4AE-46EE-A050-056B85011B60}"=""
"{E200BAA9-91DD-4B23-BEF5-F5F352E515C0}"=""
"{A5750673-225B-40E6-9818-5C943A4ABB3C}"=""
"{669EEE26-421D-47E0-B765-0362A12D408C}"=""
"{5B5D00C9-A2F8-4F15-A300-BC0C7EB3E726}"=""
"{645F5719-99C8-426B-A3C4-CE6DF9BF03A7}"=""
"{88262B24-DCF6-4F92-9E77-AD41794F587A}"=""
"{6B83B13E-A61C-4AF7-B1A4-793213DDB22B}"=""
"{81A2D746-A3D5-484E-A1A0-49AE789BA464}"=""
"{64E2778E-5B2F-4642-85A7-B528F3B4EBD4}"=""
"{81F0B9D5-775A-44CD-8D16-6AE94E9694EE}"=""
"{A2C50A43-6C53-4E02-8285-6F96D9F9D23D}"=""
"{857F25D4-16EC-4671-AEC9-B9F2E21897D2}"=""
"{B1585D04-481B-4EFC-81BB-58288A5AA245}"=""
"{CBBBDFB6-AA34-49C9-975E-30DE9D574C61}"=""
"{665CD309-DF19-433F-AD84-F70D4DE87B50}"=""
"{858825C2-2568-49D6-BE85-7DF4B7BD8FE4}"=""
"{3BE0D563-6B89-414F-826A-97F45290D200}"=""
"{73ECAA7A-3BAD-4F52-8470-7B2D44E29735}"=""
"{FDC15603-D765-49FD-BCD1-A9BB2BF6AC3E}"=""
"{6493DE8B-2434-4683-9C7F-8D6C6E5065D0}"=""
"{A489E520-4ADC-4D91-800B-4D448C1F9CEB}"=""
"{DA42BB25-5745-4EA5-A16E-DB333DE1E7B7}"=""
"{E0D00894-EDE3-4875-A57C-0FB4F21E220F}"=""
"{7CB0DBCF-2D0A-4992-8E73-A15A9579808D}"=""
"{EEAD5946-F395-4CDF-933C-D8B72897B781}"=""
"{9E3A4420-57BD-46B7-8540-82CF9389E668}"=""
"{A912450D-80B5-44B1-BFFB-F2BD1838F2C5}"=""
"{B9339B12-878D-420E-A4B4-E7023A0F7DA9}"=""
"{0F4C687C-EADB-4DF5-A91A-E0221D8E9DF3}"=""
"{7CB16A64-806E-4C0D-B5F4-8A7E7FE75C9E}"=""
"{95324425-05BF-4157-9A68-C528F3DD4B22}"=""
"{25F96068-718D-4FA3-B363-82CF6BAEEB40}"=""
"{29858029-B546-4F20-A73E-9D2092A91068}"=""
"{D13CA2AA-F750-43EA-963D-6235FCC07262}"=""
"{3542E6BF-C491-42E0-AD8D-137E44B2E855}"=""
"{900F086A-ACBC-463E-BC22-CEDAEFD016F9}"=""
"{15D08C63-1389-452B-BE60-A2F4C6FBB291}"=""
"{51454668-34D5-496B-8C52-E4CF2A8C9415}"=""
"{3905D2F1-5BEE-40B1-BB14-6D19B086EAF0}"=""
"{82F6799E-4D69-4A22-A8B0-DC6C89FF24A6}"=""
"{2ACF669A-6995-4A37-98BB-6B65448493E2}"=""
"{057D16BB-3AC3-4FCB-8DA4-22EBC98B5E64}"=""
"{0324DC10-75EA-4EB2-B4D4-9282BC5F447C}"=""
"{C80189D4-9AE5-4F85-BBAE-A22C6ECC91CC}"=""
"{F91BACF7-741A-4846-BD7C-38446DF5CA33}"=""
"{B80F04BF-108E-442B-9E94-AA2F23BA642B}"=""
"{4214F075-73A7-4946-99BD-3EFF6A28D506}"=""
"{52E90B32-68BE-42D8-A660-7DDB79E0D564}"=""
"{8807EDC9-E3EF-4C48-A90B-5C51CF8D1E09}"=""
"{AB57A425-A030-49D5-97A9-72A5CBA6B044}"=""
"{E12649B9-59F9-4D21-BB55-0174A4D1D459}"=""
"{8AEDBF11-F325-4347-8636-4B0DE64BDF2E}"=""
"{2D98ABAD-B6E4-4C67-BE9C-D8D89FE8CC03}"=""
"{09B33579-2D01-4444-913E-F50C473B7452}"=""
"{CCAAF6D5-0B9B-4982-986C-D0D69E095A72}"=""
"{7FDE2C8C-E735-47F9-81CB-7A69AF752021}"=""
"{0728E325-E201-43C3-81A0-A092E23231CA}"=""
"{9BF2C0A8-FB7F-45F0-B34C-2BB2C0C1DECE}"=""
"{65D71162-95B7-455E-9446-849091C74F5D}"=""
"{CA2B6046-7F13-4CC1-90B1-2FB98E2CDABD}"=""
"{88969082-7BBC-4C1C-A3D3-BE80A2B9498B}"=""
"{16075556-F118-404D-9AAD-435A1922F6AE}"=""
"{49FBFA4F-4687-49D4-9991-CDF023F2CB6C}"=""
"{868CE3F6-4789-4B68-AE6E-C333AED03C48}"=""
"{F06B87DF-867E-47C9-8906-E673F2432BA8}"=""
"{0575FFAA-C095-41A0-8A25-B22FE64D75B8}"=""
"{38491781-B4FD-46BF-970D-A3391FEC57E0}"=""
"{06FEFFBA-A807-46BA-A148-28F23E856C93}"=""
"{40BA35FB-B8D3-4EA0-9F93-82909D181BB2}"=""
"{A6532C03-A134-4455-B769-DF9892C567BB}"=""
"{DD76281B-5305-41EE-91D4-8B925455D7E6}"=""
"{91CF4906-38FA-4F81-8C94-5ADF94A5E989}"=""
"{D349EDA0-B431-4DF9-BD78-3639DC9B86F3}"=""
"{8E416D05-79E4-462D-BA2C-E804CA450FB5}"=""
"{C7481B1F-97B7-4F6D-AEBB-0934B14BB4FE}"=""
"{E0A0E8E5-26BA-4434-A609-4D837E867EBA}"=""
"{48DCB0FD-DC11-43BC-BE4D-5286B8ACCE2E}"=""
"{E987A85C-2FDE-49B8-8B0E-63F04DCF8569}"=""
"{0E7279F6-3F22-4E7B-BD1A-E59E90F63994}"=""
"{97B49616-E466-4CD1-A0D8-52BB2A7D54CF}"=""
"{15DE44DD-0071-4154-AC79-29B664A59393}"=""
"{BD8DE7E7-03D1-46A1-8274-B3603AAE7192}"=""
"{5A9AA5A7-F65E-4AEC-A903-BB5118BE2DD4}"=""
"{90AD46BB-E65D-4F01-B34A-D0FAF4F548CB}"=""
"{F5783ABE-ECBA-4B53-9856-41B451E7E1BF}"=""
"{491E52A4-B82C-4722-A15F-9E7F6076F858}"=""
"{298FDA0E-E216-466D-9848-F134A5DD6DA2}"=""
"{8D68C279-3151-4228-B864-044F1E8E187E}"=""
"{C84831A6-E2D2-42B7-8C8A-F9B60FB509E5}"=""
"{B69D2488-C42D-47A7-AD19-0E68411E6A92}"=""
"{ADED2CCD-BA25-4365-8266-1F195E84F2D3}"=""
"{10922DC2-EB0E-4BE6-922D-166A5D7CA843}"=""
"{14E35068-16D5-44E6-AF77-03C0F3660BDA}"=""
"{AF3D33B3-9BBE-4397-A7E7-3C8D3069256B}"=""
"{8B6C7CA8-9196-43E1-8544-458B7EFCF6BB}"=""
"{7354CD43-D670-44C8-9BDF-9E982DD29596}"=""
"{F77DF6AC-5EA6-4E07-9625-2EE8142BFA43}"=""
"{4BF5EE5A-7992-45E6-BD41-A484BF2A8803}"=""
"{883972D3-9955-44FB-A6BF-B2A93F6A48DF}"=""
"{F9F4F011-C705-4FA3-8B2F-7E79DC563049}"=""
"{0FD89243-7C6C-4926-8C63-3F13001048A6}"=""
"{9015D01B-37EF-431F-A48E-F4CEB70F3785}"=""
"{7CC7E960-16D6-4EA4-A036-77943C71A296}"=""
"{08B4D9CC-F8A6-4479-B54B-0CFCC7724296}"=""
"{547E9070-6E30-43CD-8CE1-8E2AB7610DDF}"=""
"{197E4521-6801-46A8-8D69-F54153D06F3C}"=""
"{7DBAA55C-CD2C-4A17-9C76-FFA119C5E9BB}"=""
"{1649CEE7-C019-4D4D-9E45-66DA2128823A}"=""
"{517A649B-CC31-45EB-8E7F-6F14884C309B}"=""
"{3DFDC1F8-CD82-46F1-AE43-E492F0494247}"=""
"{A3D5D58D-BC65-4C92-9D09-026E7B5E9D12}"=""
"{1B0D0FF5-C9D3-4583-8B0B-EF01D0B723F8}"=""
"{856E2186-C3F5-4A88-9899-E4DA02B66934}"=""
"{FF9A5EFA-3A3C-410E-9E9A-4B229BB1503B}"=""
"{4357A929-8DC2-44A8-A481-C59FCFF3EFC5}"=""
"{9116DC2F-4BA7-4106-90EB-12859D4FDC1E}"=""
"{12FC493F-813E-422F-9407-001E3881D88F}"=""
"{EB2B049F-E03B-4597-87C7-34F5AD18E91A}"=""
"{68A885B7-CA9B-44D1-81EB-0867C3FBD60F}"=""
"{BA3B5008-34E0-4F15-9288-9D7CA435939D}"=""
"{7EB9ACE1-458C-496D-A3E9-DA51FB93E8A2}"=""
"{19F25B67-88E7-45E0-93F0-5543DAD19BF7}"=""
"{127FD026-2A63-4927-B66F-494D7FAF1CF4}"=""
"{C84F0D43-272C-4136-9998-80CE2E5162A7}"=""
"{55C96B30-5B67-4E14-A69D-2CB268433D46}"=""
"{68A18C76-D516-43C0-B888-B586AD116161}"=""
"{039A4DAF-9A95-4B15-B643-01562E2BB42B}"=""
"{4E90FB6B-A55C-4930-9F68-AE69B1BE29F0}"=""
"{1CDE9555-B10A-4498-B22E-0FDE6E3716D8}"=""
"{D986F403-3624-4993-BDEE-21C89BCCDC5A}"=""
"{CDDC5170-2DF9-4192-97E4-D17B3CDB9CEC}"=""
"{D9AF155B-88FC-422B-9249-1E204F0932AD}"=""
"{90B4F7F4-99B0-410C-A4CE-ED45549ED0F4}"=""
"{19AC5DCA-18A5-4990-990A-0D3AF0E8BE5A}"=""
"{EAF86B7D-E682-4DB3-857C-E7BBC6BA68EE}"=""
"{D767BABF-3882-439B-9EDE-B5481AEC302E}"=""
"{7F908571-5E6B-4E00-901E-C515004326B8}"=""
"{88A22E56-3FE7-4224-88EA-6E795ADE53C5}"=""
"{F3948FB0-4FB6-4FFC-BD04-EE8F921CF31E}"=""
"{BE659141-8571-4F38-A39C-87C3EF01B9E3}"=""
"{B59E71F8-393C-42B1-B73B-7773D673D073}"=""
"{7747D096-2216-47D9-B873-B40FC2386AF7}"=""
"{8030AB29-7692-416D-BD7C-7E15CC081E3F}"=""
"{2B9B24B7-2933-47B6-B781-D9FAF3F0C409}"=""
"{AF759F04-5D69-4D4C-8EEE-6855661AB66A}"=""
"{B28858B0-657B-482B-BE3C-8E8CE87575E4}"=""
"{A16A8379-B443-4809-9875-3B0D70F04DA2}"=""
"{1A5C5472-9014-44CC-8C2A-E775ADD0250F}"=""
"{85CFB34F-23F7-4EBB-A189-869E79E23C85}"=""
"{7089A940-FF09-4792-80FB-C3C2A8F719D3}"=""
"{E75450DF-4F11-4AA0-AC38-6C55B0639396}"=""
"{EACF6AFD-06C9-4504-BBA1-4D4C5A806E7B}"=""
"{27B9CEB4-0F30-49BA-971F-A481D09C8D40}"=""
"{90D22D7C-B6A4-482C-B224-1079DB22A1DC}"=""
"{AAD71EAE-FB5D-491B-9E66-87B04639243B}"=""
"{62CE71F3-7111-481D-8CA3-9EBEBBC443C5}"=""
"{7CDAE0DB-7886-4600-A040-4F5FA0C4252B}"=""
"{EF427BE3-BBF9-4819-B5BB-CBB37536CD3C}"=""
"{B25B5AF9-FEE4-4324-8CE0-208A42CEF2A8}"=""
"{D9E4BCCC-6F8D-423D-BD60-9EE4CE35748A}"=""
"{856ED57E-AC22-418F-BA21-1132DECF6AFB}"=""
"{09E08D71-19F5-482B-BC5F-5756631A368E}"=""
"{6C0D4DCB-AD69-47AD-89B1-24A22A7A7EDF}"=""
"{B462F60F-8385-49B4-8FE6-129D6A10F7DF}"=""
"{82B64997-628B-4DA2-B460-9F519F4EED69}"=""
"{481E7A4D-0DEB-4588-AEC8-FD265CE4414C}"=""
"{49CC5466-A928-49B4-8E1B-5200894A9EEB}"=""
"{4F32673C-6B6C-490C-9AF8-448CE303172F}"=""
"{3EE214F2-942E-45C1-8F7D-54CD0DCB8C49}"=""
"{A570D0FB-43FC-4ED0-AC0F-EEC91F5D6B5A}"=""
"{2696F966-59D2-4D42-9E32-AA000C94AA4B}"=""
"{AC3FE3B5-AD79-43CE-ADFD-458C685C8DAF}"=""
"{62DF74F9-9974-4739-848E-688AC36601FF}"=""
"{20202248-43F0-43CB-9031-8AE850A0B9F4}"=""
"{B4E34003-F78A-4899-8CB8-49603F652AF8}"=""
"{EC11D3F7-9CE4-4C21-986B-A75DA857103B}"=""
"{3C015271-91F2-4D8F-B048-8D3130BADD32}"=""
"{5C2D5825-2839-47B6-8CE9-964946BFAFA6}"=""
"{2734AA04-5906-4EDF-9073-10FB884769E2}"=""
"{F7E1FEDB-DD55-49CA-8C82-F4D5AAFF1D26}"=""
"{EB2B1938-05CE-422E-88F5-37C50EA2F2DE}"=""
"{D4986292-2CF7-4810-89E5-D75705E7D39C}"=""
"{A9C42143-17CE-4DCE-9AC9-F9E9A43A37B9}"=""
"{B823D645-1855-4E26-A2D4-8A462B0AB353}"=""
"{EA976725-DDAE-4247-865C-3E5354957C66}"=""
"{09B37025-DF72-4905-88C8-0D224CE31AD9}"=""
"{9F6D0895-45E1-4FAF-9C94-2241D845BE1A}"=""
"{242BB615-8E5A-429A-8B87-66625A8AA347}"=""
"{489DD8D0-A9EB-4051-B822-B3108CD868FD}"=""
"{C52DF081-A31D-47FB-B07C-DD56A25E8965}"=""
"{A475CC06-1E5E-481E-A017-C1B6F0BCB69C}"=""
"{52D55BA2-A1A9-43E1-8C86-3DC9DD6F4282}"=""
"{4AE05B02-53F0-4610-A04E-D463A192316F}"=""
"{E3DBD4FA-CF7F-44CC-810E-1B47AF2983F7}"=""
"{C9525CBD-129F-4B4A-8305-5CBA0A7BA52F}"=""
"{9C5D5DDB-886E-4BFC-A893-E426F9493829}"=""
"{C49B0303-6223-413E-A942-16BCD1DA876F}"=""
"{369B38CF-DDAE-4955-9A45-5563AB551428}"=""
"{4B873F3F-B93C-48C1-ADE4-52834DED4772}"=""
"{CD038267-E57E-4133-9D1C-4F194740E2E1}"=""
"{9974F57C-AE38-404E-900D-57E89362EF61}"=""
"{1CC8CB58-9E54-436A-8348-8091FC3DC4B9}"=""
"{72B0F321-1268-4184-A395-C1F3A61029B8}"=""
"{B4185980-585C-467C-9135-12958F7ED7D7}"=""
"{DC095087-5110-4F8E-AE8B-F5CC93896C85}"=""
"{6E857CE1-EE90-4F99-B402-66A2F6655125}"=""
"{DD820FE5-D0C3-407F-B74B-FB6A4AE79BCC}"=""
"{0CE19F5D-66AB-4385-A179-1796C2B62840}"=""
"{70F461CF-B20F-4694-8A2C-A33D93E917F0}"=""
"{DA445FF0-E612-454F-AFB3-37B147874BD4}"=""
"{C98576D7-D52B-4D4C-B683-F3E527C0796B}"=""
"{9D3D7005-928E-4CBB-9699-E3A675AA8E13}"=""
"{43DD07CC-C443-4D76-82B2-0629DCAE856E}"=""
"{60A48D29-26EA-44E5-8138-BB33EF593BDF}"=""
"{A84691BB-38D5-4CB4-B043-7BD1A4432714}"=""
"{9E4519AF-3751-4CF7-B146-50DB7BFC91E2}"=""
"{F68D195E-34EE-425C-B5BD-A2390897B496}"=""
"{F107F6EA-1007-42BA-80DF-A5AFB88F4848}"=""
"{C01EC999-810B-40BA-BEBD-49D95145CF2F}"=""
"{A3B19AE0-C1D3-4DC5-9779-5A83BF44160A}"=""
"{8721A9E7-99D0-4FD1-9E6E-D811D69F8B1A}"=""
"{0B8A05E2-2D18-44E3-9604-53AEC7CC75D4}"=""
"{BB970A37-7201-49C1-9D2C-AAB8A600EF9E}"=""
"{219B9658-0956-4A4A-9B88-5BC51A32A9DD}"=""
"{8F5628AC-F8DE-4DE4-889C-390A595BE9B6}"=""
"{F9F5F558-9FAC-4002-AF94-598ED4F9F625}"=""
"{E8314F8F-C244-4295-AA70-D19B89C215E6}"=""
"{E62F7AEF-BE74-426B-8D6B-266EADBF822B}"=""
"{0221591A-0771-48C4-9F4E-C496C7E249A3}"=""
"{C3FF3EFF-6865-4D62-BD62-6ED19C2B7A3F}"=""
"{11717D4D-4FE6-4F0E-9C45-A6F0550530D5}"=""
"{8C01349B-183A-4AB9-86D3-57E5A3A0CAE9}"=""
"{863B3957-BE14-464C-B214-EEF7B5020131}"=""
"{A32F21D1-3B62-44CD-8BBA-5A1021E0CD4C}"=""
"{A7E67310-12BC-46C9-BA8C-395C5982AB93}"=""
"{4E320125-095A-4477-8A6B-DBFD96517E3A}"=""
"{8A79155A-D134-4265-A7DF-21F7AE0F21E8}"=""
"{7AF6D2AF-9E50-4DAC-81CD-18D419455BC9}"=""
"{441F6A01-3E13-4B1F-BD74-3FA3D4D8A296}"=""
"{2D224034-A7F4-4C18-BCAC-6699CB2774AD}"=""
"{85420060-0A6E-4199-B729-A0EFE085E51A}"=""
"{0EEDE56B-FF25-4B87-8D07-C27FA9D04293}"=""
"{11A242A3-21B1-4EFB-B48A-5252D0B1561F}"=""
"{E58AF99D-1E69-4D85-89F2-E354991FA40B}"=""
"{BA8CB545-29E5-4B1A-8447-BAAD2FEF4FA7}"=""
"{9FB2EA4B-3F6A-452B-A0B4-DE7AD0657328}"=""
"{9EA2D2DC-7839-4F23-8D37-C781892AB45B}"=""
"{75BA0781-86D7-4EDA-941D-7EC30AFBAD58}"=""
"{09EAA2BA-4A97-449D-A9B7-2563C60EB9A0}"=""
"{4A816BE2-B5B1-446F-B167-E52BDE5F6D2C}"=""
"{B70B4AD1-537B-4FC6-A0E3-24050E730B78}"=""
"{8D66796E-F92F-41C2-9B5F-8E9D595A1132}"=""
"{A53FC7CC-E879-4D63-A7A9-286753D3BF91}"=""
"{60FEF0E3-E6E7-41E0-813C-91B2C3879BA9}"=""
"{4323331F-B42C-4DB3-BB40-1379820F55CC}"=""
"{3A65B074-9FB8-4AE2-AF3D-02E7B5B3BC55}"=""
"{CEF65331-AB77-44DC-BD5C-298EFD8F405A}"=""
"{2DAD51D4-E124-43D2-89FF-D121D247B128}"=""
"{FE75694E-0CA2-47A3-A85D-185F4D16031C}"=""
"{671DE61C-EF59-4874-AE3A-835B14021D76}"=""
"{3AE8D003-F95F-46B5-AA70-98E7A7F359E0}"=""
"{2764060D-645E-4D09-92C5-76A361280CB9}"=""
"{C8BE289D-2322-4761-BAC6-462907AC2952}"=""
"{3A1D2CA7-56E3-448C-A22E-AEBE04B9274F}"=""
"{61A5672E-CA85-433C-9963-4E62C58B8919}"=""
"{97F8BB0F-7863-4315-8BF0-C046849194A4}"=""
"{2AE0B073-255D-412A-BC71-FE9A91A5EBDB}"=""
"{E465915C-5E8E-4FE0-B2AC-37DA361AA195}"=""
"{0A867DBF-4AC1-4B69-B2E8-6FDEA86FFA09}"=""
"{45641C60-9EFC-4A86-83FF-99835668D79F}"=""
"{32F8B633-9E7E-46C2-96D1-B368B763B4DD}"=""
"{D7096A9A-0865-475B-940B-D46A6FFB30F7}"=""
"{DF52E8F8-9215-45C3-A5BD-DF474194EC3D}"=""
"{F49E10F3-E313-40C2-BE84-930708CCC966}"=""
"{9383B524-1F32-4D68-83D0-99F47406D4B3}"=""
"{E0704086-A4BF-4197-B404-F2C77B8C6C88}"=""
"{352E14C2-93ED-4F1D-BCB9-DA1C84904803}"=""
"{47BBE71F-FDF9-4581-B62D-7009A78EE11E}"=""
"{90BE728B-0FE2-426A-9506-9809D1BC3F46}"=""
"{90DB9EC9-8DC2-4C7F-A737-3C1B6CCFD619}"=""
"{A2CDB994-7074-4327-B39B-44E76D5A52DA}"=""
"{82DEDC73-D832-4199-B378-76FEF1675E97}"=""
"{C397051C-D82C-4FA3-A7D0-E64DA18256D8}"=""
"{296FFA20-24EB-458E-8A95-3F142777CB4A}"=""
"{55D90A06-FDC8-46A4-B185-8CC369BE2112}"=""
"{486832D9-BE2C-4EEA-910C-9B0EEB521BA7}"=""
"{94757971-C947-4EC4-AC1B-18540F240333}"=""
"{AB0C8997-1563-433E-B312-EA0657185330}"=""
"{FAD037F0-D7A4-4EB7-8601-E6B25D7F7A42}"=""
"{99760CCB-FD1E-4E6A-954B-D50FA4A7B84A}"=""
"{B613C490-E07D-44D0-A9C8-BC6FD558D152}"=""
"{8BA6706E-74F8-412C-A940-9944B18D24C1}"=""
"{081C992A-D379-44F3-9540-D9A15D139B41}"=""
"{7908CE8E-6F99-488E-983A-55E293168CFE}"=""
"{946B196D-6729-4F75-B171-4033A9F6E314}"=""
"{E4FB5A7B-5867-4B90-B048-4B3F8AC7F1A1}"=""
"{094AF86C-E9F3-4BC7-991C-FF6FD5373BA1}"=""
"{91B9D7E0-D130-40BB-BD12-657DC11C19F0}"=""
"{C47102AD-F89E-49DE-A067-3A845A5DAFE9}"=""
"{9DF6B231-DBF9-4E4F-9D27-A5BA2AACB602}"=""
"{6B049E25-8C4F-4FF6-A267-612ECD3727A4}"=""
"{72FAE383-475B-4DAB-9823-94BA9126222C}"=""
"{40166BF3-BB25-4C6D-9252-2B5B88FD0AEA}"=""
"{14F45AD4-6B4B-4098-ABB8-E52C21CCDE94}"=""
"{281E4ADE-7497-44C7-BA8A-A0EBD0821E3D}"=""
"{2208C65A-7D3F-4424-8ECC-F2B03E2D55D4}"=""
"{2C077725-EC04-4899-A8F1-C8CE0442B5D9}"=""
"{C1169A9C-C280-4155-A8DD-34E7BC03FBC9}"=""
"{1692758D-16C7-4F2D-9F93-6B4A7C364BD2}"=""
"{E3DAFB3B-007F-481D-B5E2-8989C88C031F}"=""
"{982F4A3E-4BC9-4207-A22E-D91FAEF5EA1C}"=""
"{54863C34-705F-4A2C-90D4-8CEF4815A39C}"=""
"{EF3393C3-7F50-4B68-B03F-32724E3A348D}"=""
"{B6299A84-A8D9-46BC-89B7-BEEDE7EBE52F}"=""
"{F3E033F0-E7C4-407B-B59A-752FD8394B37}"=""
"{1D6912E9-C003-4225-85EE-E76E8E90B47A}"=""
"{714604D6-7278-41CE-B047-06C3C801FCA5}"=""
"{7F0A6554-D0F7-436A-82C1-7FB7528DD355}"=""
"{8627E366-191E-49A2-8B4D-68C8CA7C19E8}"=""
"{962922C7-21C7-44A5-9510-991C4BCA6C62}"=""
"{CC9F3E1B-3745-4F5A-8304-98C6C6567FD0}"=""
"{93A20DB9-99E1-4A30-8DE9-4BD1D3BEE821}"=""
"{098F283C-87B1-4CB4-AC9D-ECA815B8F4C5}"=""
"{EE7780D2-1891-428A-AEB7-DBC674E04963}"=""
"{A221E970-614E-46BA-9443-D8099DDE616C}"=""
"{A18EE90F-5D44-40BA-9493-9835598E9FBD}"=""
"{7875E851-B6C3-460B-96B1-EC0A0F39407E}"=""
"{C9B92931-5996-4DC5-9F5B-1E7E7B716310}"=""
"{2F05A815-A362-4228-A693-2FA21EF3E18A}"=""
"{0C057060-7DD7-4C63-8801-B93F3147ADAA}"=""
"{F55A76EE-35CC-40CD-873C-2F0CA6E911AC}"=""
"{D82A8705-1027-4725-AD98-40A99DA9DD1A}"=""
"{0B1EC0AE-F9FC-4A02-B871-554043693625}"=""
"{9F26305F-0982-4972-A949-E5613ED66E56}"=""
"{EC68801A-3D13-45A2-B249-E33E21933C4B}"=""
"{D054914D-8874-4446-9B85-E44BD675CF5E}"=""
"{D08903EA-2EA8-419B-9FC2-EF32BA7179F8}"=""
"{C7FC86E4-0928-41C0-B6EE-FFE34FCD7B15}"=""
"{527A1660-2516-481E-92E9-786C897A502D}"=""
"{0A6998D7-0773-4503-9903-8309AEE342C1}"=""
"{234130A6-D791-46B7-9E90-75BE1ED36154}"=""
"{769809CD-F4C0-48DC-910C-EA7EEF555F6C}"=""
"{50EFA79D-08CB-4940-A657-7D3BB4B89D27}"=""
"{C83C6976-491D-43C6-8FE2-BC4D83513762}"=""
"{E5CBE1D7-60F5-4D7E-8F29-B726D502CCB0}"=""
"{7A3860FE-29DE-48D4-B0EA-D8DB3E325A04}"=""
"{476DDCA4-FBBA-40BC-B236-BA6A787A379C}"=""
"{218F5DF5-86C5-4E6A-AA0A-0964F6EAFA6F}"=""
"{8EDBE3F9-CC5F-4D12-A83D-7CE9EBD09012}"=""
"{7226275C-9ECB-481B-B0EF-7373EB438775}"=""
"{F3C3B79A-9812-4C9F-924F-B3F25645AC39}"=""
"{C062CBFD-49A8-4444-B9CD-FDE3481A49F8}"=""
"{4685AAA0-3A68-44E3-B001-8D18B169E04F}"=""
"{89A5BFCD-0857-4C03-91A8-0614901F17C8}"=""
"{4B22F42C-9B31-4DA2-8598-CB250B8FE881}"=""
"{7BDDB60B-A026-42E4-BC73-193AAB0D466A}"=""
"{802DF303-9F77-431E-BA03-7C2988FBA967}"=""
"{AFDE251A-573E-4331-BA12-5B6D20C0BA51}"=""
"{070D1958-EAE5-42B3-89E6-E661500D240B}"=""
"{268E99DB-B958-4EC4-B0C9-DA1F950B8417}"=""
"{993270D9-AACD-44B9-B1F2-6D5EE25FBC01}"=""
"{92FFA592-94F4-4A2F-87E2-AA6C0FF98C7E}"=""
"{FF5C0BC7-AF9A-4A97-B709-8DD4C1AAC87E}"=""
"{2998E76B-46B4-4A2E-879A-D6E4A288F21B}"=""
"{566B2D6E-D0D4-4E9F-8C9A-AF22B28B833D}"=""
"{560E871C-A5E3-42E3-B40B-D888175E648E}"=""
"{C14FC1C0-A84B-441F-9F10-88F2E1E829BE}"=""
"{DDF817BC-2362-4F97-9335-E5E72EB89186}"=""
"{15CBBA30-399D-4D08-8A47-0F72B2A6AE06}"=""
"{D477F6FA-F44D-4397-8A04-761D3CC91E4F}"=""
"{A57C9B06-B34F-4B95-B71E-3D4A253EDB1F}"=""
"{4E7B76DB-00AE-45AA-A578-1A9A63121B03}"=""
"{754E9FE6-AE9E-4EA4-AB29-72208A845789}"=""
"{F8FD5A96-CA43-454E-90EA-EE722DB2F4CC}"=""
"{1F38512B-3ADA-46B2-95F9-DC7A0BCE90D4}"=""
"{2EC4D6EE-E872-46BF-A88E-542D3B090401}"=""
"{324A5A29-9311-444E-A52F-D6D56322816C}"=""
"{9AEA3E63-BD8B-456E-B489-BCFBE6E07773}"=""
"{0B8EDCA5-9FB0-4C6A-A540-2216FF83FE54}"=""
"{65488D31-B4CA-4052-9D1A-836FCEE3E9FF}"=""
"{99D0E12A-7042-4271-B2BE-9E07797AA962}"=""
"{27166553-E296-4E7C-BB7F-8A53562E4D43}"=""
"{2451E853-2B06-4027-A469-ED28CD9EDB93}"=""
"{44FCE8F6-F9A8-4F69-925B-236D5C7C3C78}"=""
"{C8AE928D-6ACD-4053-9478-C6602AB4DD22}"=""
"{2991658F-D08F-4983-A7FA-72B7A9C8274B}"=""
"{6C495874-8D20-401C-BE2C-982CCF3D02B2}"=""
"{F560496E-2449-435C-99A8-D68CA55B3FC1}"=""
"{E0166734-6BD5-4DB4-8DF8-08027B48C77B}"=""
"{95C7CF76-B2AD-49EE-AAFC-EEA21D3321C2}"=""
"{56CE001C-13E3-4A90-BF2D-E898DF5B9170}"=""
"{C5BABC2E-915D-4DD9-A61A-9D617C7D9BDD}"=""
"{EC8F955A-1D85-4992-ADE2-CF3E623F9BD7}"=""
"{8DED54BA-33DF-4796-B1CB-5A1DBA600732}"=""
"{54AAFECC-8B47-462B-8A7F-8C6C179FB055}"=""
"{F282D476-4B87-42B7-890E-F05C283CA129}"=""
"{49304698-F4F9-4E6F-B62C-B6EB504A83E7}"=""
"{8C0B5566-CB18-482F-AE8A-63948F4D364F}"=""
"{A14FBBB5-CFB8-4E58-A06D-508D078B05CE}"=""
"{089C23A8-76F8-4C95-B104-E9BFC2CA9712}"=""
"{11B0BCA4-431C-47CB-8C52-C8185E3ACC72}"=""
"{CED3324D-6A10-498E-B4D1-702F9C9BC56E}"=""
"{DB6CFF0D-B638-402C-A2FF-4762D372FBE7}"=""
"{9CB5B85D-58F0-441B-8A8F-FCCA746BF37F}"=""
"{9333FB77-6AEE-44FA-853E-346469033BBD}"=""
"{6AC2038A-D9C4-494F-B091-E33A3F796617}"=""
"{82E94BA1-16B4-48E7-A9FB-3E8A87D2745C}"=""
"{5B7B105A-EACE-4B84-93D9-BAC143B5F592}"=""
"{41A6456B-4599-4801-B04C-EAEA02FDCAED}"=""
"{00AABA81-BD6B-44E3-8E55-F856F3750448}"=""
"{693BF187-D641-44F8-ADF5-9511A676C3F1}"=""
"{47006F79-2B01-4190-8008-745E9A8ADC83}"=""
"{167C7FFC-6957-458B-82DB-FBCD2389D187}"=""
"{DC3DA886-BA66-43EE-82A9-166DE962E860}"=""
"{7E19405E-C0B8-447D-8241-C3400A0273D5}"=""
"{7DE74A0B-CB7A-4113-95A6-460203C7D7EC}"=""
"{79FD876F-1338-43C1-B4C5-31C27DA8B365}"=""
"{DE895FCC-B328-406C-80DA-B842934DC7DC}"=""
"{2EADB28E-B004-49BC-AA48-0CE93A1C3B88}"=""
"{8A987129-9986-4B24-8B47-FCF9CC08319E}"=""
"{578DFAF7-E135-4D42-B88E-003FE5C2817E}"=""
"{435FCBE1-250D-479E-850A-B83797B3649B}"=""
"{8FFA0E37-C8F5-4E55-B440-52F9395422B9}"=""
"{3448A407-886D-48C7-9F13-85A5E56728CB}"=""
"{AFB23965-FB4F-4633-8024-44326D5A80B9}"=""
"{01831503-FD1B-45B5-9EC4-C4BEE0BAE587}"=""
"{ABBE448B-5D6F-4AD7-B701-3CABE05DE08B}"=""
"{D8852721-395E-47D8-AEF9-25B8D0FDAF0C}"=""
"{53AE6707-AA60-432A-AB3D-210ACAAF9316}"=""
"{3A5AC2A8-5961-44D6-8C24-EF781F14A775}"=""
"{226BAD43-46FA-402A-A0F0-457FD6CE2DED}"=""
"{1D6D6004-9944-41E3-B7EC-829B12A4767A}"=""
"{7B75A012-CE96-46BB-BC14-D0AE0681C6F3}"=""
"{759FFC90-1F99-4821-85CA-A7AF7B25BF9A}"=""
"{22351C4A-6699-4F05-842D-1D63A9407550}"=""
"{D2003483-8CDC-450D-8232-382FAE10A9AF}"=""
"{C30C7F28-F369-4C37-A841-DE7E22610FF8}"=""
"{C6486897-F73E-443C-827B-30196200F58D}"=""
"{E724E614-FB27-406B-AE97-68657901E7F2}"=""
"{E56128DA-9BAA-41D5-87F4-36193D24E951}"=""
"{F536637A-CB62-43B0-847C-E5BE68B3B9E1}"=""
"{D5F8EDD0-B059-4397-85A4-0A46E45ACB3B}"=""
"{C0612FB8-358C-459E-9029-424F033D00CF}"=""
"{E3B2AFA0-690E-40EA-B773-5CDC83834841}"=""
"{8EEA5FD0-0564-4FC8-8065-008A41882F89}"=""
"{AC620C80-100D-4250-A1B6-B69489391598}"=""
"{7939129F-5532-47B7-B905-CD546DBE9A02}"=""
"{DA96C18E-3AF2-4E0C-95B8-EA2D2B28858A}"=""
"{030FB4FE-7C4F-4D92-9A51-9F506B924960}"=""
"{37E273C3-850C-480C-B41A-62CFB85B3BF9}"=""
"{3C6F74B4-8B58-4654-9C79-8E042C83238E}"=""
"{3A83444F-F4B3-41D7-A16B-6B40DF0BC7E9}"=""
"{3BDB8E81-53A4-4DFE-BD02-47A9BF3A9840}"=""
"{DE27715F-E79C-418D-A197-BC995DEB8344}"=""
"{902AB506-D3AB-4E1A-A9F9-9F7679404297}"=""
"{0BFB1517-7580-46F8-B710-99CE42449827}"=""
"{FE5D2DBA-7D8A-45FA-9ABB-6853A2B070C3}"=""
"{CD857799-A08C-4B3B-B673-11B5E60E62C2}"=""
"{CB1D8345-808D-421F-A621-26F1DF9BD230}"=""
"{46049A9A-65E4-4169-8120-113027AD93CC}"=""
"{8E8F96F1-414E-4468-BB14-0341B4514145}"=""
"{3153660C-31D4-43E9-B549-965FC5E389AA}"=""
"{507D70A2-928B-4A85-9A72-2770328E95D5}"=""
"{2F7993C4-C9E7-4816-8D29-67BEC810765E}"=""
"{0EB6C592-5CF7-4396-BB78-F80EA0BAEBEF}"=""
"{FCA2A91A-98AF-4F24-9D3E-227A081B4813}"=""
"{BAF2DE69-0B16-4AD9-87C1-B1D54E8BCE17}"=""
"{A788E28A-72B2-45FF-98FB-D86EDF0B3B1E}"=""
"{CED8E002-F568-4231-BF7E-54DBE4A7684E}"=""
"{872A3DD0-D8B5-44FB-BEBE-DB5860D5E4F8}"=""
"{B4AE025F-EAD8-4C18-A1F8-095B6DFD11F7}"=""
"{7288D8FE-9064-4407-82CE-294EF0DE0118}"=""
"{C96CCEDF-3AB8-42B0-B963-9F3A7DD6DBAB}"=""
"{C913D6B5-DA3F-4F26-94A2-08D28BFD3C26}"=""
"{EFEB6A56-D9BE-4DF1-871B-4AD819A25C29}"=""
"{CD98A889-7309-455D-B5C1-2C29D1F05656}"=""
"{48C9501A-3715-479B-9D11-AA9CD7062402}"=""
"{39CC20E9-E915-4286-86C0-A3FFC984DFC3}"=""
"{97E70D1B-F029-4C5C-99D8-2A0A1BF21D70}"=""
"{89D14166-8A6E-4CD6-8857-837DA80AE97D}"=""
"{70ED7A43-79C9-45AC-A228-4A38312FDE02}"=""
"{8C416FC6-8C5A-4371-9683-1DEB243F5A6B}"=""
"{513C62EF-7BED-4D60-BA61-20E91A0902E1}"=""
"{9D18820A-7BCE-47D0-8C0D-7DC59BCFBD06}"=""
"{2A394A03-1A34-4C02-9296-E78AC256B562}"=""
"{BF124D3F-AAE9-4457-AA32-7E2A900C6BBA}"=""
"{C03E3C4D-A477-417B-9DA3-A8849EAB7BD1}"=""
"{023472D0-A42D-4247-BC75-0CF5E637B40D}"=""
"{D456BD25-FCAE-4123-AFFB-4D9C34B1A5EC}"=""
"{398F6412-039B-42EB-876F-DA50BEB81228}"=""
"{561497BE-B11D-450C-A9A8-C7853E55F15C}"=""
"{DEA058DD-9C9E-4266-B18E-D9DFCC775DF8}"=""
"{038E70B1-A179-4AFD-AE21-18261640A7E4}"=""
"{D09B434B-C9CB-4E04-94C1-BDB2A87A66A3}"=""
"{83F65623-758D-4732-B087-00BB3EE57A17}"=""
"{96869991-ECB9-49A7-B116-59A202FB5299}"=""
"{0D56DE4C-03B1-47F3-8AF0-0E31A791E7FD}"=""
"{9C39D322-8B4E-453F-8B90-A9457515746C}"=""
"{16B49452-5320-4362-8D96-CDE0802D2E57}"=""
"{711A5D7F-B787-4DC4-93F6-3EF2CEFC49C4}"=""
"{2E555749-3814-49B5-AAAC-B56E9015CA3F}"=""
"{7E8E6394-4849-4A40-8885-1499828E1905}"=""
"{6303D28C-9591-4BD1-8F62-CD7C0DEB9B3D}"=""
"{2DB3DF46-631D-47AD-8925-A618500DA28B}"=""
"{3EA13516-91FD-46AA-968C-FCD076013D14}"=""
"{B391CD9A-D462-4272-9AA5-812CD6511AAF}"=""
"{50DEAB78-515F-4606-B24A-25D27CC095FF}"=""
"{D41F98B7-B560-4452-B30E-ECAB831155FA}"=""
"{1B2562FF-4843-47B8-B915-376D941A14E4}"=""
"{318E814A-2A2C-4EDB-AA20-78445526EFA8}"=""
"{0249AB22-A5FA-4FFB-BD33-26F8ED4B7A53}"=""
"{AEA8BC08-64A9-46AA-8FB2-80BE129CBBEF}"=""
"{7E1C9B09-B058-481E-B9B1-DA6174FD80DE}"=""
"{1544C84A-57C5-42CF-AEE0-21762FCEC0A4}"=""
"{22156621-7A90-4D15-8FBF-105A92465F76}"=""
"{3304074D-1F6C-4D36-ADDA-94E44B362AF6}"=""
"{3DF3E321-B191-4988-AE07-D227A0D64916}"=""
"{FD299F46-CE56-4DAC-9320-BB0C40563F04}"=""
"{F6103568-288F-4D20-87F6-7E495D5A9990}"=""
"{484E86CA-4203-4807-AF22-DE66D1AC2F0B}"=""
"{B45492A8-2599-474B-9AE0-9768CF6FEA0B}"=""
"{15183D0B-9721-4BC0-94E7-85AB96090FAC}"=""
"{D703439A-CEAE-4571-A025-CD2E011CA444}"=""
"{15010B04-20CE-4C88-A1E0-BB94236A426E}"=""
"{D7C85CB7-3B8E-42B7-B85D-9E2C7CAA0B6C}"=""
"{3C0A2ADB-DF24-44F2-86EB-643D6B738166}"=""
"{5E8C2B17-943C-43A7-9F52-2C2B28B55221}"=""
"{B57F477E-DACB-444F-86E4-2897277B9E88}"=""
"{80359740-037B-4606-A976-AB93EE6EBAAA}"=""
"{CA48E9B9-478D-48DC-84A9-23F61EFE6E23}"=""
"{97F93F7E-EA3D-44E3-83DB-36250DB891AB}"=""
"{CB22124B-9E02-4BEC-981A-13AAF7A19F80}"=""
"{48FD3BB0-2A49-41AF-B483-077C81716407}"=""
"{C4E12CC3-2F00-48DD-954C-F72780952930}"=""
"{42FB1D35-0DED-40F7-8205-CA4F0D29BA6E}"=""
"{BC0F48A5-8945-4DA5-8DCA-319C1FF9BD0A}"=""
"{ED6F5756-FB40-4946-B527-331F029D574C}"=""
"{088D3C3F-481A-4353-B050-999D7BAF94EA}"=""
"{44205514-3F60-43BF-BA4C-9B59A15CE497}"=""
"{0CC35507-42DD-4E18-BF1E-A0E13A9ED110}"=""
"{F9233D36-F43D-462A-842D-47D31C670EC4}"=""
"{788F48C7-87E2-4840-AB03-B17E6CA57782}"=""
"{A425180A-4B8C-4830-A35B-B9DF1C34E95F}"=""
"{C52EA9A4-55DB-48D3-A8BE-5B82685C3215}"=""
"{EB5920E5-0D40-42E5-8DF8-5E3A4B407845}"=""
"{8A774055-DBC3-4CBA-90DE-EAFA4ED7F8DD}"=""
"{5886FBEA-D733-4093-A620-A132C96601B9}"=""
"{0B288F0F-CDB0-402A-9A59-D6E8EF1F54AC}"=""
"{C9A5E915-E28E-4991-B898-558A9DA2F2A2}"=""
"{0B7DCAC0-22CC-46CF-A8BB-A1E9A1E72D26}"=""
"{A82DDBFC-DF54-44A4-932D-7F02B6EDEE29}"=""
"{BCC03AA9-AE79-4143-B40D-2E8DF60B3B70}"=""
"{0E92B5D9-DE5C-4DFB-9F15-62B88366E442}"=""
"{55C0B620-C575-4666-A9AC-05398CE2DC73}"=""
"{BCE751CB-1E98-44A5-B235-BD00DD5115FC}"=""
"{654D810C-2C38-45F1-8448-58542DD9F5E7}"=""
"{7F3B8D97-B896-487C-AAA9-1D07EE02A7A8}"=""
"{BA337098-078B-4DE5-B1C4-926598EE73DF}"=""
"{1BE5FC69-4726-4477-9B16-210FA21778C1}"=""
"{7CA8C61B-BFDA-49C3-8DCD-7F4388BF501E}"=""
"{B5A7C8BF-6B3B-424E-938B-8F5AC8BE3B32}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-06-26 11:39:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 15:39
.
Pre-Run: 50,409,000,960 bytes free
Post-Run: 50,781,868,032 bytes free
.
- - End Of File - - A25139DAC54FAD590E6DD6F1CEA61881

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 26 June 2012 - 04:16 PM

Greetings MSWallack

That may be normal Norton behavior - we will check into that soon

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 04:23 PM

I did run both of these (and posted those logs in my original message: http://www.bleepingcomputer.com/forums/topic458237.html).

#12 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 07:45 PM

TDSSKiller log (no threats detected):

20:42:26.0739 3664 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
20:42:27.0956 3664 ============================================================
20:42:27.0956 3664 Current date / time: 2012/06/26 20:42:27.0956
20:42:27.0956 3664 SystemInfo:
20:42:27.0956 3664
20:42:27.0956 3664 OS Version: 6.1.7601 ServicePack: 1.0
20:42:27.0956 3664 Product type: Workstation
20:42:27.0956 3664 ComputerName: MICHAEL-HP
20:42:27.0956 3664 UserName: Michael
20:42:27.0956 3664 Windows directory: C:\Windows
20:42:27.0956 3664 System windows directory: C:\Windows
20:42:27.0956 3664 Running under WOW64
20:42:27.0956 3664 Processor architecture: Intel x64
20:42:27.0956 3664 Number of processors: 2
20:42:27.0956 3664 Page size: 0x1000
20:42:27.0956 3664 Boot type: Normal boot
20:42:27.0956 3664 ============================================================
20:42:29.0875 3664 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:42:29.0891 3664 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:42:38.0885 3664 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:42:38.0900 3664 Drive \Device\Harddisk4\DR4 - Size: 0x2BA9F400000 (2794.49 Gb), SectorSize: 0x1000, Cylinders: 0xB21F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:42:39.0290 3664 Drive \Device\Harddisk5\DR5 - Size: 0x1D197300000 (1862.36 Gb), SectorSize: 0x200, Cylinders: 0x3B5AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:42:49.0660 3664 Drive \Device\Harddisk6\DR6 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:42:49.0675 3664 ============================================================
20:42:49.0675 3664 \Device\Harddisk0\DR0:
20:42:49.0722 3664 MBR partitions:
20:42:49.0722 3664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC127C1
20:42:49.0722 3664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC12800, BlocksNum 0x15B1800
20:42:49.0722 3664 \Device\Harddisk2\DR2:
20:42:49.0722 3664 MBR partitions:
20:42:49.0722 3664 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
20:42:49.0722 3664 \Device\Harddisk3\DR3:
20:42:49.0722 3664 MBR partitions:
20:42:49.0722 3664 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
20:42:49.0722 3664 \Device\Harddisk4\DR4:
20:42:49.0722 3664 MBR partitions:
20:42:49.0722 3664 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x2BA9F300
20:42:49.0722 3664 \Device\Harddisk5\DR5:
20:42:49.0738 3664 MBR partitions:
20:42:49.0738 3664 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8CB97C0
20:42:49.0738 3664 \Device\Harddisk6\DR6:
20:42:49.0738 3664 MBR partitions:
20:42:49.0738 3664 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
20:42:49.0738 3664 ============================================================
20:42:49.0753 3664 C: <-> \Device\Harddisk0\DR0\Partition0
20:42:49.0784 3664 D: <-> \Device\Harddisk0\DR0\Partition1
20:42:50.0174 3664 M: <-> \Device\Harddisk6\DR6\Partition0
20:42:50.0565 3664 I: <-> \Device\Harddisk4\DR4\Partition0
20:42:50.0597 3664 G: <-> \Device\Harddisk2\DR2\Partition0
20:42:50.0612 3664 F: <-> \Device\Harddisk3\DR3\Partition0
20:42:50.0628 3664 H: <-> \Device\Harddisk5\DR5\Partition0
20:42:50.0628 3664 ============================================================
20:42:50.0628 3664 Initialize success
20:42:50.0628 3664 ============================================================
20:43:25.0146 5668 ============================================================
20:43:25.0146 5668 Scan started
20:43:25.0146 5668 Mode: Manual;
20:43:25.0146 5668 ============================================================
20:43:26.0550 5668 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:43:26.0597 5668 1394ohci - ok
20:43:26.0675 5668 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
20:43:26.0691 5668 Accelerometer - ok
20:43:26.0769 5668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:43:26.0769 5668 ACPI - ok
20:43:26.0816 5668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:43:26.0816 5668 AcpiPmi - ok
20:43:27.0034 5668 ADExchange (99721e1dac2c89e8202f70b773fb14f4) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
20:43:27.0034 5668 ADExchange - ok
20:43:27.0206 5668 AdobeActiveFileMonitor10.0 (047bd1eb681453a7fe492a71802ac9f3) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
20:43:27.0206 5668 AdobeActiveFileMonitor10.0 - ok
20:43:27.0408 5668 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:43:27.0424 5668 AdobeFlashPlayerUpdateSvc - ok
20:43:27.0533 5668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:43:27.0549 5668 adp94xx - ok
20:43:27.0611 5668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:43:27.0627 5668 adpahci - ok
20:43:27.0658 5668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:43:27.0689 5668 adpu320 - ok
20:43:27.0752 5668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:43:27.0752 5668 AeLookupSvc - ok
20:43:27.0954 5668 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
20:43:27.0954 5668 AESTFilters - ok
20:43:28.0048 5668 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:43:28.0064 5668 AFD - ok
20:43:28.0157 5668 AgereModemAudio (734088cb57aea704ca716c1c6bc5e0e6) C:\Program Files\LSI SoftModem\agr64svc.exe
20:43:28.0157 5668 AgereModemAudio - ok
20:43:28.0266 5668 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
20:43:28.0298 5668 AgereSoftModem - ok
20:43:28.0360 5668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:43:28.0376 5668 agp440 - ok
20:43:28.0422 5668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:43:28.0422 5668 ALG - ok
20:43:28.0469 5668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:43:28.0469 5668 aliide - ok
20:43:28.0532 5668 AMD External Events Utility (6626d03567106689bf877504612f2c89) C:\Windows\system32\atiesrxx.exe
20:43:28.0532 5668 AMD External Events Utility - ok
20:43:28.0547 5668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:43:28.0547 5668 amdide - ok
20:43:28.0625 5668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:43:28.0625 5668 AmdK8 - ok
20:43:28.0656 5668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:43:28.0656 5668 AmdPPM - ok
20:43:28.0734 5668 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:43:28.0750 5668 amdsata - ok
20:43:28.0781 5668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:43:28.0797 5668 amdsbs - ok
20:43:28.0844 5668 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:43:28.0859 5668 amdxata - ok
20:43:28.0937 5668 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:43:28.0937 5668 AppID - ok
20:43:28.0984 5668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:43:28.0984 5668 AppIDSvc - ok
20:43:29.0046 5668 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:43:29.0046 5668 Appinfo - ok
20:43:29.0327 5668 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:43:29.0327 5668 Apple Mobile Device - ok
20:43:29.0405 5668 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:43:29.0468 5668 AppMgmt - ok
20:43:29.0670 5668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:43:29.0702 5668 arc - ok
20:43:29.0717 5668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:43:29.0733 5668 arcsas - ok
20:43:30.0326 5668 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:43:30.0341 5668 aspnet_state - ok
20:43:30.0357 5668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:30.0357 5668 AsyncMac - ok
20:43:30.0419 5668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:43:30.0419 5668 atapi - ok
20:43:30.0528 5668 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\SysWOW64\atashost.exe
20:43:30.0528 5668 atashost - ok
20:43:30.0684 5668 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
20:43:30.0731 5668 athr - ok
20:43:30.0950 5668 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
20:43:30.0981 5668 AtiHdmiService - ok
20:43:31.0464 5668 atikmdag (2263eafcf5add181b7fd47b78ae6d3e3) C:\Windows\system32\DRIVERS\atikmdag.sys
20:43:31.0605 5668 atikmdag - ok
20:43:31.0854 5668 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:43:31.0854 5668 AtiPcie - ok
20:43:31.0979 5668 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:43:31.0979 5668 AudioEndpointBuilder - ok
20:43:31.0995 5668 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:43:31.0995 5668 AudioSrv - ok
20:43:32.0073 5668 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:43:32.0073 5668 AxInstSV - ok
20:43:32.0151 5668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:43:32.0166 5668 b06bdrv - ok
20:43:32.0260 5668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:43:32.0291 5668 b57nd60a - ok
20:43:32.0354 5668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:43:32.0385 5668 BDESVC - ok
20:43:32.0400 5668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:43:32.0400 5668 Beep - ok
20:43:32.0525 5668 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:43:32.0525 5668 BFE - ok
20:43:32.0900 5668 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
20:43:32.0931 5668 BHDrvx64 - ok
20:43:33.0258 5668 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:43:33.0274 5668 BITS - ok
20:43:33.0383 5668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:43:33.0399 5668 blbdrive - ok
20:43:33.0539 5668 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:43:33.0539 5668 Bonjour Service - ok
20:43:33.0602 5668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:43:33.0602 5668 bowser - ok
20:43:33.0617 5668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:43:33.0633 5668 BrFiltLo - ok
20:43:33.0664 5668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:43:33.0680 5668 BrFiltUp - ok
20:43:33.0711 5668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:43:33.0711 5668 BridgeMP - ok
20:43:33.0789 5668 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:43:33.0804 5668 Browser - ok
20:43:33.0851 5668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:43:33.0867 5668 Brserid - ok
20:43:33.0898 5668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:43:33.0929 5668 BrSerWdm - ok
20:43:33.0945 5668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:43:33.0945 5668 BrUsbMdm - ok
20:43:33.0976 5668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:43:33.0976 5668 BrUsbSer - ok
20:43:34.0023 5668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:43:34.0023 5668 BTHMODEM - ok
20:43:34.0085 5668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:43:34.0101 5668 bthserv - ok
20:43:34.0116 5668 catchme - ok
20:43:34.0257 5668 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
20:43:34.0288 5668 ccSet_NIS - ok
20:43:34.0319 5668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:43:34.0350 5668 cdfs - ok
20:43:34.0428 5668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:43:34.0444 5668 cdrom - ok
20:43:34.0522 5668 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:43:34.0522 5668 CertPropSvc - ok
20:43:34.0662 5668 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
20:43:34.0662 5668 CinemaNow Service - ok
20:43:34.0740 5668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:43:34.0756 5668 circlass - ok
20:43:34.0818 5668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:43:34.0834 5668 CLFS - ok
20:43:34.0959 5668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:43:34.0974 5668 clr_optimization_v2.0.50727_32 - ok
20:43:35.0099 5668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:43:35.0115 5668 clr_optimization_v2.0.50727_64 - ok
20:43:35.0255 5668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:43:35.0271 5668 clr_optimization_v4.0.30319_32 - ok
20:43:35.0536 5668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:43:35.0536 5668 clr_optimization_v4.0.30319_64 - ok
20:43:35.0614 5668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:43:35.0614 5668 CmBatt - ok
20:43:35.0676 5668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:43:35.0692 5668 cmdide - ok
20:43:35.0770 5668 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:43:35.0786 5668 CNG - ok
20:43:35.0973 5668 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:43:35.0973 5668 Com4QLBEx - ok
20:43:36.0020 5668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:43:36.0020 5668 Compbatt - ok
20:43:36.0098 5668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:43:36.0113 5668 CompositeBus - ok
20:43:36.0144 5668 COMSysApp - ok
20:43:36.0160 5668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:43:36.0160 5668 crcdisk - ok
20:43:36.0254 5668 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:43:36.0254 5668 CryptSvc - ok
20:43:36.0347 5668 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:43:36.0363 5668 CSC - ok
20:43:36.0472 5668 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:43:36.0488 5668 CscService - ok
20:43:36.0550 5668 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:43:36.0566 5668 DcomLaunch - ok
20:43:36.0644 5668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:43:36.0644 5668 defragsvc - ok
20:43:36.0768 5668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:43:36.0768 5668 DfsC - ok
20:43:36.0831 5668 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:43:36.0846 5668 Dhcp - ok
20:43:36.0909 5668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:43:36.0909 5668 discache - ok
20:43:36.0940 5668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:43:36.0940 5668 Disk - ok
20:43:37.0018 5668 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:43:37.0034 5668 Dnscache - ok
20:43:37.0127 5668 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:43:37.0143 5668 dot3svc - ok
20:43:37.0221 5668 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:43:37.0252 5668 Dot4 - ok
20:43:37.0330 5668 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:43:37.0330 5668 Dot4Print - ok
20:43:37.0361 5668 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:43:37.0361 5668 dot4usb - ok
20:43:37.0439 5668 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:43:37.0439 5668 DPS - ok
20:43:37.0517 5668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:43:37.0517 5668 drmkaud - ok
20:43:37.0658 5668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:43:37.0673 5668 DXGKrnl - ok
20:43:37.0751 5668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:43:37.0751 5668 EapHost - ok
20:43:38.0063 5668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:43:38.0141 5668 ebdrv - ok
20:43:38.0313 5668 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:43:38.0344 5668 eeCtrl - ok
20:43:38.0531 5668 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:43:38.0531 5668 EFS - ok
20:43:38.0687 5668 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:43:38.0718 5668 ehRecvr - ok
20:43:38.0765 5668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:43:38.0812 5668 ehSched - ok
20:43:38.0968 5668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:43:38.0984 5668 elxstor - ok
20:43:39.0062 5668 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
20:43:39.0077 5668 enecir - ok
20:43:39.0249 5668 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:43:39.0264 5668 EraserUtilRebootDrv - ok
20:43:39.0327 5668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:43:39.0327 5668 ErrDev - ok
20:43:39.0436 5668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:43:39.0436 5668 EventSystem - ok
20:43:39.0498 5668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:43:39.0545 5668 exfat - ok
20:43:39.0576 5668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:43:39.0592 5668 fastfat - ok
20:43:39.0701 5668 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:43:39.0748 5668 Fax - ok
20:43:39.0764 5668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:43:39.0764 5668 fdc - ok
20:43:39.0810 5668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:43:39.0810 5668 fdPHost - ok
20:43:39.0826 5668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:43:39.0826 5668 FDResPub - ok
20:43:39.0873 5668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:43:39.0873 5668 FileInfo - ok
20:43:39.0888 5668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:43:39.0888 5668 Filetrace - ok
20:43:40.0122 5668 Fitbit (d4c0e5c287aad7ff3176731a310ab2af) C:\Program Files (x86)\Fitbit\fitbit.exe
20:43:40.0122 5668 Fitbit - ok
20:43:40.0263 5668 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:43:40.0294 5668 FLEXnet Licensing Service - ok
20:43:40.0544 5668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:43:40.0544 5668 flpydisk - ok
20:43:40.0637 5668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:43:40.0637 5668 FltMgr - ok
20:43:40.0778 5668 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:43:40.0809 5668 FontCache - ok
20:43:41.0013 5668 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:43:41.0013 5668 FontCache3.0.0.0 - ok
20:43:41.0091 5668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:43:41.0091 5668 FsDepends - ok
20:43:41.0153 5668 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:43:41.0169 5668 Fs_Rec - ok
20:43:41.0262 5668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:43:41.0262 5668 fvevol - ok
20:43:41.0309 5668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:43:41.0325 5668 gagp30kx - ok
20:43:41.0527 5668 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
20:43:41.0559 5668 GameConsoleService - ok
20:43:41.0621 5668 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:43:41.0652 5668 GEARAspiWDM - ok
20:43:41.0761 5668 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:43:41.0777 5668 gpsvc - ok
20:43:41.0902 5668 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:43:41.0917 5668 gupdate - ok
20:43:41.0933 5668 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:43:41.0933 5668 gupdatem - ok
20:43:41.0995 5668 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:43:41.0995 5668 gusvc - ok
20:43:42.0073 5668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:43:42.0089 5668 hcw85cir - ok
20:43:42.0167 5668 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:43:42.0198 5668 HdAudAddService - ok
20:43:42.0292 5668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:43:42.0292 5668 HDAudBus - ok
20:43:42.0323 5668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:43:42.0323 5668 HidBatt - ok
20:43:42.0354 5668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:43:42.0354 5668 HidBth - ok
20:43:42.0385 5668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:43:42.0385 5668 HidIr - ok
20:43:42.0448 5668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:43:42.0463 5668 hidserv - ok
20:43:42.0510 5668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:43:42.0510 5668 HidUsb - ok
20:43:43.0243 5668 HitmanPro36Crusader (528c1409c1f23f0bf226e5736647f837) C:\Program Files\HitmanPro\HitmanPro.exe
20:43:43.0446 5668 HitmanPro36Crusader - ok
20:43:43.0633 5668 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:43:43.0649 5668 hkmsvc - ok
20:43:43.0711 5668 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:43:43.0758 5668 HomeGroupListener - ok
20:43:43.0821 5668 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:43:43.0821 5668 HomeGroupProvider - ok
20:43:44.0008 5668 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:43:44.0008 5668 HP Health Check Service - ok
20:43:44.0101 5668 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
20:43:44.0101 5668 hpdskflt - ok
20:43:44.0226 5668 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:43:44.0226 5668 hpqcxs08 - ok
20:43:44.0242 5668 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:43:44.0257 5668 hpqddsvc - ok
20:43:44.0289 5668 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:43:44.0304 5668 HpqKbFiltr - ok
20:43:44.0398 5668 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:43:44.0398 5668 hpqwmiex - ok
20:43:44.0476 5668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:43:44.0476 5668 HpSAMD - ok
20:43:44.0507 5668 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
20:43:44.0507 5668 hpsrv - ok
20:43:44.0632 5668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:43:44.0647 5668 HTTP - ok
20:43:44.0710 5668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:43:44.0710 5668 hwpolicy - ok
20:43:44.0757 5668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:43:44.0757 5668 i8042prt - ok
20:43:44.0850 5668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:43:44.0881 5668 iaStorV - ok
20:43:45.0037 5668 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:43:45.0069 5668 IDriverT - ok
20:43:45.0318 5668 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:43:45.0365 5668 idsvc - ok
20:43:45.0693 5668 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120626.001\IDSvia64.sys
20:43:45.0724 5668 IDSVia64 - ok
20:43:45.0927 5668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:43:45.0942 5668 iirsp - ok
20:43:46.0083 5668 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:43:46.0098 5668 IKEEXT - ok
20:43:46.0145 5668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:43:46.0145 5668 intelide - ok
20:43:46.0161 5668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:43:46.0176 5668 intelppm - ok
20:43:46.0332 5668 IntuitUpdateService (1a263bd87c082fa7ab38093014c8fc79) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:43:46.0332 5668 IntuitUpdateService - ok
20:43:46.0395 5668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:43:46.0395 5668 IPBusEnum - ok
20:43:46.0441 5668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:43:46.0457 5668 IpFilterDriver - ok
20:43:46.0551 5668 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:43:46.0551 5668 iphlpsvc - ok
20:43:46.0613 5668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:43:46.0629 5668 IPMIDRV - ok
20:43:46.0707 5668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:43:46.0707 5668 IPNAT - ok
20:43:46.0925 5668 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:43:46.0941 5668 iPod Service - ok
20:43:46.0956 5668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:43:46.0956 5668 IRENUM - ok
20:43:47.0003 5668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:43:47.0019 5668 isapnp - ok
20:43:47.0081 5668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:43:47.0143 5668 iScsiPrt - ok
20:43:47.0206 5668 ivusb (5922922b27a57247aa62f5ab1a59af7c) C:\Windows\system32\DRIVERS\ivusb.sys
20:43:47.0221 5668 ivusb - ok
20:43:47.0299 5668 JMCR (bb86b1c3489463bba1fd04c876dbe414) C:\Windows\system32\DRIVERS\jmcr.sys
20:43:47.0299 5668 JMCR - ok
20:43:47.0331 5668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:43:47.0346 5668 kbdclass - ok
20:43:47.0393 5668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:43:47.0393 5668 kbdhid - ok
20:43:47.0440 5668 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:43:47.0440 5668 KeyIso - ok
20:43:47.0596 5668 KSafeSvc (e02d49dd5aa37d29c15b5f5f28a58ad6) C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
20:43:47.0643 5668 KSafeSvc - ok
20:43:47.0658 5668 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:43:47.0674 5668 KSecDD - ok
20:43:47.0689 5668 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:43:47.0689 5668 KSecPkg - ok
20:43:47.0705 5668 ksfmonsys (74ab53c41b5cc352ae6b09138f46297a) C:\Program files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys
20:43:47.0721 5668 ksfmonsys - ok
20:43:47.0767 5668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:43:47.0783 5668 ksthunk - ok
20:43:47.0845 5668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:43:47.0861 5668 KtmRm - ok
20:43:47.0955 5668 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:43:47.0970 5668 LanmanServer - ok
20:43:48.0033 5668 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:43:48.0033 5668 LanmanWorkstation - ok
20:43:48.0189 5668 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:43:48.0220 5668 LBTServ - ok
20:43:48.0282 5668 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:43:48.0298 5668 LHidFilt - ok
20:43:48.0423 5668 LightScribeService (9188d073cd14f886790d6037d1986063) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:43:48.0423 5668 LightScribeService - ok
20:43:48.0454 5668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:43:48.0485 5668 lltdio - ok
20:43:48.0547 5668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:43:48.0563 5668 lltdsvc - ok
20:43:48.0594 5668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:43:48.0594 5668 lmhosts - ok
20:43:48.0610 5668 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:43:48.0625 5668 LMouFilt - ok
20:43:48.0688 5668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:43:48.0688 5668 LSI_FC - ok
20:43:48.0719 5668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:43:48.0719 5668 LSI_SAS - ok
20:43:48.0735 5668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:43:48.0750 5668 LSI_SAS2 - ok
20:43:48.0781 5668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:43:48.0781 5668 LSI_SCSI - ok
20:43:48.0828 5668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:43:48.0828 5668 luafv - ok
20:43:48.0875 5668 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:43:48.0891 5668 Mcx2Svc - ok
20:43:48.0984 5668 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:43:49.0000 5668 MDM - ok
20:43:49.0031 5668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:43:49.0047 5668 megasas - ok
20:43:49.0078 5668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:43:49.0093 5668 MegaSR - ok
20:43:49.0140 5668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:43:49.0140 5668 MMCSS - ok
20:43:49.0156 5668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:43:49.0156 5668 Modem - ok
20:43:49.0171 5668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:43:49.0171 5668 monitor - ok
20:43:49.0234 5668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:43:49.0234 5668 mouclass - ok
20:43:49.0249 5668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:43:49.0249 5668 mouhid - ok
20:43:49.0296 5668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:43:49.0296 5668 mountmgr - ok
20:43:49.0405 5668 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:43:49.0405 5668 MozillaMaintenance - ok
20:43:49.0468 5668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:43:49.0483 5668 mpio - ok
20:43:49.0499 5668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:43:49.0499 5668 mpsdrv - ok
20:43:49.0608 5668 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:43:49.0624 5668 MpsSvc - ok
20:43:49.0686 5668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:43:49.0702 5668 MRxDAV - ok
20:43:49.0764 5668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:43:49.0764 5668 mrxsmb - ok
20:43:49.0858 5668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:43:49.0873 5668 mrxsmb10 - ok
20:43:49.0873 5668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:43:49.0889 5668 mrxsmb20 - ok
20:43:49.0936 5668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:43:49.0936 5668 msahci - ok
20:43:49.0998 5668 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:43:50.0014 5668 msdsm - ok
20:43:50.0076 5668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:43:50.0092 5668 MSDTC - ok
20:43:50.0154 5668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:43:50.0154 5668 Msfs - ok
20:43:50.0170 5668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:43:50.0185 5668 mshidkmdf - ok
20:43:50.0232 5668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:43:50.0232 5668 msisadrv - ok
20:43:50.0310 5668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:43:50.0341 5668 MSiSCSI - ok
20:43:50.0357 5668 msiserver - ok
20:43:50.0388 5668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:43:50.0404 5668 MSKSSRV - ok
20:43:50.0435 5668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:43:50.0435 5668 MSPCLOCK - ok
20:43:50.0466 5668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:43:50.0466 5668 MSPQM - ok
20:43:50.0544 5668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:43:50.0544 5668 MsRPC - ok
20:43:50.0560 5668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:43:50.0575 5668 mssmbios - ok
20:43:50.0747 5668 MSSQL$SQLEXPRESS - ok
20:43:50.0872 5668 MSSQLSERVER - ok
20:43:51.0012 5668 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:43:51.0028 5668 MSSQLServerADHelper100 - ok
20:43:51.0075 5668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:43:51.0075 5668 MSTEE - ok
20:43:51.0106 5668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:43:51.0106 5668 MTConfig - ok
20:43:51.0137 5668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:43:51.0137 5668 Mup - ok
20:43:51.0215 5668 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:43:51.0246 5668 napagent - ok
20:43:51.0293 5668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:43:51.0309 5668 NativeWifiP - ok
20:43:51.0527 5668 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120626.002\ENG64.SYS
20:43:51.0527 5668 NAVENG - ok
20:43:51.0730 5668 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120626.002\EX64.SYS
20:43:51.0761 5668 NAVEX15 - ok
20:43:52.0073 5668 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:43:52.0089 5668 NDIS - ok
20:43:52.0151 5668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:43:52.0167 5668 NdisCap - ok
20:43:52.0182 5668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:43:52.0182 5668 NdisTapi - ok
20:43:52.0245 5668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:43:52.0260 5668 Ndisuio - ok
20:43:52.0323 5668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:43:52.0338 5668 NdisWan - ok
20:43:52.0401 5668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:43:52.0416 5668 NDProxy - ok
20:43:52.0479 5668 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
20:43:52.0494 5668 Net Driver HPZ12 - ok
20:43:52.0494 5668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:43:52.0494 5668 NetBIOS - ok
20:43:52.0557 5668 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:43:52.0572 5668 NetBT - ok
20:43:52.0619 5668 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:43:52.0619 5668 Netlogon - ok
20:43:52.0713 5668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:43:52.0713 5668 Netman - ok
20:43:52.0962 5668 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:43:53.0009 5668 NetMsmqActivator - ok
20:43:53.0009 5668 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:43:53.0009 5668 NetPipeActivator - ok
20:43:53.0071 5668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:43:53.0087 5668 netprofm - ok
20:43:53.0087 5668 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:43:53.0087 5668 NetTcpActivator - ok
20:43:53.0103 5668 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:43:53.0103 5668 NetTcpPortSharing - ok
20:43:53.0227 5668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:43:53.0243 5668 nfrd960 - ok
20:43:53.0415 5668 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
20:43:53.0415 5668 NIS - ok
20:43:53.0493 5668 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:43:53.0493 5668 NlaSvc - ok
20:43:53.0602 5668 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
20:43:53.0602 5668 nmservice - ok
20:43:54.0023 5668 NOBU (320b4e93d733fac1afe53f53a1a12354) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
20:43:54.0101 5668 NOBU - ok
20:43:54.0351 5668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:43:54.0351 5668 Npfs - ok
20:43:54.0397 5668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:43:54.0413 5668 nsi - ok
20:43:54.0413 5668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:43:54.0413 5668 nsiproxy - ok
20:43:54.0585 5668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:43:54.0616 5668 Ntfs - ok
20:43:54.0678 5668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:43:54.0694 5668 Null - ok
20:43:54.0756 5668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:43:54.0772 5668 nvraid - ok
20:43:54.0834 5668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:43:54.0881 5668 nvstor - ok
20:43:54.0943 5668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:43:54.0943 5668 nv_agp - ok
20:43:55.0146 5668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:43:55.0177 5668 odserv - ok
20:43:55.0240 5668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:43:55.0240 5668 ohci1394 - ok
20:43:55.0333 5668 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:43:55.0349 5668 ose - ok
20:43:55.0848 5668 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:43:55.0942 5668 osppsvc - ok
20:43:56.0223 5668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:43:56.0238 5668 p2pimsvc - ok
20:43:56.0316 5668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:43:56.0316 5668 p2psvc - ok
20:43:56.0425 5668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:43:56.0425 5668 Parport - ok
20:43:56.0488 5668 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:43:56.0488 5668 partmgr - ok
20:43:56.0503 5668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:43:56.0503 5668 PcaSvc - ok
20:43:56.0581 5668 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:43:56.0581 5668 pci - ok
20:43:56.0597 5668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:43:56.0597 5668 pciide - ok
20:43:56.0628 5668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:43:56.0644 5668 pcmcia - ok
20:43:56.0659 5668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:43:56.0659 5668 pcw - ok
20:43:56.0737 5668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:43:56.0769 5668 PEAUTH - ok
20:43:56.0909 5668 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:43:56.0925 5668 PeerDistSvc - ok
20:43:57.0065 5668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:43:57.0081 5668 PerfHost - ok
20:43:57.0330 5668 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:43:57.0393 5668 pla - ok
20:43:57.0471 5668 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:43:57.0486 5668 PlugPlay - ok
20:43:57.0689 5668 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
20:43:57.0767 5668 PMBDeviceInfoProvider - ok
20:43:57.0829 5668 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
20:43:57.0845 5668 Pml Driver HPZ12 - ok
20:43:57.0923 5668 pnarp (f1965ae69fdb4c6d9ffeceb2c12f7898) C:\Windows\system32\DRIVERS\pnarp.sys
20:43:57.0939 5668 pnarp - ok
20:43:58.0001 5668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:43:58.0001 5668 PNRPAutoReg - ok
20:43:58.0032 5668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:43:58.0048 5668 PNRPsvc - ok
20:43:58.0126 5668 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:43:58.0141 5668 PolicyAgent - ok
20:43:58.0204 5668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:43:58.0204 5668 Power - ok
20:43:58.0266 5668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:43:58.0266 5668 PptpMiniport - ok
20:43:58.0329 5668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:43:58.0329 5668 Processor - ok
20:43:58.0407 5668 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:43:58.0407 5668 ProfSvc - ok
20:43:58.0469 5668 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:43:58.0469 5668 ProtectedStorage - ok
20:43:58.0547 5668 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:43:58.0547 5668 Psched - ok
20:43:58.0672 5668 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
20:43:58.0687 5668 PSI_SVC_2 - ok
20:43:58.0734 5668 purendis (ec7333fc339fc6a1f9bb3e50ad9b13c6) C:\Windows\system32\DRIVERS\purendis.sys
20:43:58.0734 5668 purendis - ok
20:43:58.0797 5668 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:43:58.0797 5668 PxHlpa64 - ok
20:43:58.0953 5668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:43:58.0984 5668 ql2300 - ok
20:43:59.0202 5668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:43:59.0202 5668 ql40xx - ok
20:43:59.0467 5668 QPCapSvc (026d1fa4033b82f18b99e44351d7e82e) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
20:43:59.0467 5668 QPCapSvc - ok
20:43:59.0499 5668 QPSched (7697bca450eae30a6cdb98898239e8b7) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
20:43:59.0499 5668 QPSched - ok
20:43:59.0577 5668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:43:59.0608 5668 QWAVE - ok
20:43:59.0623 5668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:43:59.0623 5668 QWAVEdrv - ok
20:43:59.0655 5668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:43:59.0670 5668 RasAcd - ok
20:43:59.0733 5668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:43:59.0733 5668 RasAgileVpn - ok
20:43:59.0748 5668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:43:59.0779 5668 RasAuto - ok
20:43:59.0826 5668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:43:59.0842 5668 Rasl2tp - ok
20:43:59.0920 5668 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:43:59.0920 5668 RasMan - ok
20:43:59.0935 5668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:43:59.0935 5668 RasPppoe - ok
20:43:59.0951 5668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:43:59.0951 5668 RasSstp - ok
20:44:00.0029 5668 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:44:00.0029 5668 rdbss - ok
20:44:00.0029 5668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:44:00.0029 5668 rdpbus - ok
20:44:00.0045 5668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:00.0045 5668 RDPCDD - ok
20:44:00.0123 5668 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:44:00.0138 5668 RDPDR - ok
20:44:00.0154 5668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:44:00.0154 5668 RDPENCDD - ok
20:44:00.0169 5668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:44:00.0169 5668 RDPREFMP - ok
20:44:00.0279 5668 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:44:00.0294 5668 RdpVideoMiniport - ok
20:44:00.0357 5668 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:44:00.0372 5668 RDPWD - ok
20:44:00.0450 5668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:44:00.0450 5668 rdyboost - ok
20:44:00.0528 5668 Recovery Service for Windows (b9570481a1babcc4a9e941c553596077) C:\Windows\SMINST\BLService.exe
20:44:00.0544 5668 Recovery Service for Windows - ok
20:44:00.0622 5668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:44:00.0637 5668 RemoteAccess - ok
20:44:00.0684 5668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:44:00.0731 5668 RemoteRegistry - ok
20:44:00.0903 5668 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:44:00.0903 5668 RichVideo - ok
20:44:00.0965 5668 Roxio UPnP Renderer 11 - ok
20:44:01.0152 5668 RoxMediaDB12 (ff578453d3b3adaab22d7151d7f9e592) C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
20:44:01.0168 5668 RoxMediaDB12 - ok
20:44:01.0261 5668 RoxWatch12 (71b38b8df1a9b55fc0fb64958cc7b9dd) C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
20:44:01.0277 5668 RoxWatch12 - ok
20:44:01.0449 5668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:44:01.0449 5668 RpcEptMapper - ok
20:44:01.0495 5668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:44:01.0511 5668 RpcLocator - ok
20:44:01.0589 5668 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:44:01.0605 5668 RpcSs - ok
20:44:01.0776 5668 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
20:44:01.0807 5668 RsFx0150 - ok
20:44:01.0901 5668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:44:01.0901 5668 rspndr - ok
20:44:01.0963 5668 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
20:44:01.0995 5668 RTL8169 - ok
20:44:02.0041 5668 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:44:02.0041 5668 s3cap - ok
20:44:02.0104 5668 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:44:02.0104 5668 SamSs - ok
20:44:02.0151 5668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:44:02.0151 5668 sbp2port - ok
20:44:02.0213 5668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:44:02.0244 5668 SCardSvr - ok
20:44:02.0291 5668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:44:02.0322 5668 scfilter - ok
20:44:02.0447 5668 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:44:02.0463 5668 Schedule - ok
20:44:02.0525 5668 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:44:02.0525 5668 SCPolicySvc - ok
20:44:02.0587 5668 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:44:02.0603 5668 SDRSVC - ok
20:44:02.0728 5668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:44:02.0759 5668 secdrv - ok
20:44:02.0806 5668 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:44:02.0806 5668 seclogon - ok
20:44:02.0868 5668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:44:02.0868 5668 SENS - ok
20:44:02.0884 5668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:44:02.0915 5668 SensrSvc - ok
20:44:02.0915 5668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:44:02.0931 5668 Serenum - ok
20:44:02.0946 5668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:44:02.0962 5668 Serial - ok
20:44:03.0009 5668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:44:03.0009 5668 sermouse - ok
20:44:03.0102 5668 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:44:03.0102 5668 SessionEnv - ok
20:44:03.0165 5668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:44:03.0165 5668 sffdisk - ok
20:44:03.0180 5668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:44:03.0180 5668 sffp_mmc - ok
20:44:03.0211 5668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:44:03.0211 5668 sffp_sd - ok
20:44:03.0227 5668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:44:03.0243 5668 sfloppy - ok
20:44:03.0336 5668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:44:03.0336 5668 SharedAccess - ok
20:44:03.0430 5668 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:44:03.0430 5668 ShellHWDetection - ok
20:44:03.0461 5668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:44:03.0477 5668 SiSRaid2 - ok
20:44:03.0508 5668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:44:03.0508 5668 SiSRaid4 - ok
20:44:03.0570 5668 SIUSBXP (4c9f8e72f87f50a6125aaa31b63b2d18) C:\Windows\system32\drivers\SiUSBXp.sys
20:44:03.0601 5668 SIUSBXP - ok
20:44:03.0679 5668 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
20:44:03.0679 5668 SmartDefragDriver - ok
20:44:03.0726 5668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:44:03.0742 5668 Smb - ok
20:44:03.0804 5668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:44:03.0820 5668 SNMPTRAP - ok
20:44:03.0898 5668 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
20:44:03.0913 5668 Sony SCSI Helper Service - ok
20:44:03.0945 5668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:44:03.0945 5668 spldr - ok
20:44:04.0023 5668 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:44:04.0038 5668 Spooler - ok
20:44:04.0319 5668 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:44:04.0366 5668 sppsvc - ok
20:44:04.0553 5668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:44:04.0553 5668 sppuinotify - ok
20:44:04.0771 5668 SQLAgent$SQLEXPRESS (bea7fea5bb31eb58d78971f821ae6844) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:44:04.0803 5668 SQLAgent$SQLEXPRESS - ok
20:44:05.0005 5668 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:44:05.0052 5668 SQLBrowser - ok
20:44:05.0193 5668 SQLSERVERAGENT (bea7fea5bb31eb58d78971f821ae6844) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
20:44:05.0239 5668 SQLSERVERAGENT - ok
20:44:05.0380 5668 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:44:05.0380 5668 SQLWriter - ok
20:44:05.0723 5668 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
20:44:05.0723 5668 SRTSP - ok
20:44:05.0770 5668 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
20:44:05.0785 5668 SRTSPX - ok
20:44:05.0863 5668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:44:05.0879 5668 srv - ok
20:44:05.0910 5668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:44:05.0926 5668 srv2 - ok
20:44:05.0941 5668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:44:05.0957 5668 srvnet - ok
20:44:06.0035 5668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:44:06.0035 5668 SSDPSRV - ok
20:44:06.0051 5668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:44:06.0051 5668 SstpSvc - ok
20:44:06.0253 5668 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
20:44:06.0253 5668 STacSV - ok
20:44:06.0316 5668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:44:06.0331 5668 stexstor - ok
20:44:06.0409 5668 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
20:44:06.0487 5668 STHDA - ok
20:44:06.0628 5668 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:44:06.0628 5668 stisvc - ok
20:44:06.0690 5668 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:44:06.0690 5668 storflt - ok
20:44:06.0721 5668 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:44:06.0721 5668 storvsc - ok
20:44:06.0940 5668 SureThing Labelflash service (2f39213b1638c4089017a536e5ca2cc8) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:44:07.0065 5668 SureThing Labelflash service - ok
20:44:07.0236 5668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:44:07.0252 5668 swenum - ok
20:44:07.0470 5668 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:44:07.0470 5668 SwitchBoard - ok
20:44:07.0548 5668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:44:07.0579 5668 swprv - ok
20:44:07.0735 5668 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
20:44:07.0782 5668 SymDS - ok
20:44:07.0891 5668 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
20:44:07.0938 5668 SymEFA - ok
20:44:08.0001 5668 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:44:08.0032 5668 SymEvent - ok
20:44:08.0032 5668 SYMFW - ok
20:44:08.0125 5668 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
20:44:08.0157 5668 SymIRON - ok
20:44:08.0157 5668 SYMNDISV - ok
20:44:08.0250 5668 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
20:44:08.0266 5668 SymNetS - ok
20:44:08.0281 5668 Synth3dVsc - ok
20:44:08.0359 5668 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
20:44:08.0391 5668 SynTP - ok
20:44:08.0562 5668 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:44:08.0593 5668 SysMain - ok
20:44:08.0765 5668 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:44:08.0796 5668 TabletInputService - ok
20:44:08.0874 5668 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:44:08.0874 5668 TapiSrv - ok
20:44:08.0937 5668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:44:08.0937 5668 TBS - ok
20:44:09.0186 5668 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:44:09.0218 5668 Tcpip - ok
20:44:09.0483 5668 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:44:09.0498 5668 TCPIP6 - ok
20:44:09.0608 5668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:44:09.0623 5668 tcpipreg - ok
20:44:09.0670 5668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:44:09.0670 5668 TDPIPE - ok
20:44:09.0717 5668 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:44:09.0717 5668 TDTCP - ok
20:44:09.0779 5668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:44:09.0810 5668 tdx - ok
20:44:09.0857 5668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:44:09.0857 5668 TermDD - ok
20:44:09.0966 5668 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:44:09.0982 5668 TermService - ok
20:44:10.0029 5668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:44:10.0029 5668 Themes - ok
20:44:10.0076 5668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:44:10.0076 5668 THREADORDER - ok
20:44:10.0122 5668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:44:10.0122 5668 TrkWks - ok
20:44:10.0200 5668 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:44:10.0216 5668 TrustedInstaller - ok
20:44:10.0263 5668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:44:10.0263 5668 tssecsrv - ok
20:44:10.0310 5668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:44:10.0310 5668 TsUsbFlt - ok
20:44:10.0341 5668 tsusbhub - ok
20:44:10.0403 5668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:44:10.0403 5668 tunnel - ok
20:44:10.0450 5668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:44:10.0481 5668 uagp35 - ok
20:44:10.0544 5668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:44:10.0575 5668 udfs - ok
20:44:10.0606 5668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:44:10.0606 5668 UI0Detect - ok
20:44:10.0668 5668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:44:10.0668 5668 uliagpkx - ok
20:44:10.0871 5668 UltiDev Cassini Web Server for ASP.NET 2.0 (bee8c1f7838a1d69d5e5a36a3efbd722) C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
20:44:10.0871 5668 UltiDev Cassini Web Server for ASP.NET 2.0 - ok
20:44:10.0934 5668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:44:10.0934 5668 umbus - ok
20:44:10.0996 5668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:44:10.0996 5668 UmPass - ok
20:44:11.0074 5668 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:44:11.0074 5668 UmRdpService - ok
20:44:11.0121 5668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:44:11.0121 5668 upnphost - ok
20:44:11.0183 5668 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:44:11.0183 5668 USBAAPL64 - ok
20:44:11.0230 5668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:44:11.0246 5668 usbccgp - ok
20:44:11.0292 5668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:44:11.0324 5668 usbcir - ok
20:44:11.0355 5668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:44:11.0370 5668 usbehci - ok
20:44:11.0433 5668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:44:11.0480 5668 usbhub - ok
20:44:11.0511 5668 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:44:11.0526 5668 usbohci - ok
20:44:11.0589 5668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:44:11.0604 5668 usbprint - ok
20:44:11.0651 5668 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:44:11.0667 5668 usbscan - ok
20:44:11.0729 5668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:44:11.0745 5668 USBSTOR - ok
20:44:11.0776 5668 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:44:11.0776 5668 usbuhci - ok
20:44:11.0838 5668 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:44:11.0885 5668 usbvideo - ok
20:44:11.0932 5668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:44:11.0932 5668 UxSms - ok
20:44:11.0979 5668 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:44:11.0979 5668 VaultSvc - ok
20:44:12.0041 5668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:44:12.0041 5668 vdrvroot - ok
20:44:12.0119 5668 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:44:12.0135 5668 vds - ok
20:44:12.0166 5668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:44:12.0166 5668 vga - ok
20:44:12.0197 5668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:44:12.0197 5668 VgaSave - ok
20:44:12.0213 5668 VGPU - ok
20:44:12.0494 5668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:44:12.0509 5668 vhdmp - ok
20:44:12.0525 5668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:44:12.0525 5668 viaide - ok
20:44:12.0603 5668 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:44:12.0603 5668 vmbus - ok
20:44:12.0634 5668 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:44:12.0634 5668 VMBusHID - ok
20:44:12.0665 5668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:44:12.0681 5668 volmgr - ok
20:44:12.0743 5668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:44:12.0759 5668 volmgrx - ok
20:44:12.0821 5668 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:44:12.0821 5668 volsnap - ok
20:44:12.0884 5668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:44:12.0915 5668 vsmraid - ok
20:44:13.0071 5668 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:44:13.0164 5668 VSS - ok
20:44:13.0352 5668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:44:13.0367 5668 vwifibus - ok
20:44:13.0367 5668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:44:13.0367 5668 vwififlt - ok
20:44:13.0398 5668 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:44:13.0414 5668 vwifimp - ok
20:44:13.0492 5668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:44:13.0508 5668 W32Time - ok
20:44:13.0523 5668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:44:13.0523 5668 WacomPen - ok
20:44:13.0601 5668 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:13.0617 5668 WANARP - ok
20:44:13.0617 5668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:13.0632 5668 Wanarpv6 - ok
20:44:13.0788 5668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:44:13.0835 5668 WatAdminSvc - ok
20:44:14.0007 5668 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:44:14.0054 5668 wbengine - ok
20:44:14.0241 5668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:44:14.0272 5668 WbioSrvc - ok
20:44:14.0350 5668 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:44:14.0366 5668 wcncsvc - ok
20:44:14.0366 5668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:44:14.0381 5668 WcsPlugInService - ok
20:44:14.0475 5668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:44:14.0490 5668 Wd - ok
20:44:14.0537 5668 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
20:44:14.0537 5668 WDC_SAM - ok
20:44:14.0600 5668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:44:14.0615 5668 Wdf01000 - ok
20:44:14.0615 5668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:44:14.0631 5668 WdiServiceHost - ok
20:44:14.0631 5668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:44:14.0631 5668 WdiSystemHost - ok
20:44:14.0709 5668 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:44:14.0740 5668 WebClient - ok
20:44:14.0880 5668 WebUpdate4 (6f02ec5d4f00671879f1672c107219c0) C:\Windows\SysWOW64\WebUpdateSvc4.exe
20:44:14.0896 5668 WebUpdate4 - ok
20:44:14.0927 5668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:44:14.0927 5668 Wecsvc - ok
20:44:14.0943 5668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:44:14.0958 5668 wercplsupport - ok
20:44:14.0974 5668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:44:14.0974 5668 WerSvc - ok
20:44:15.0083 5668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:44:15.0083 5668 WfpLwf - ok
20:44:15.0099 5668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:44:15.0114 5668 WIMMount - ok
20:44:15.0192 5668 WinDefend - ok
20:44:15.0208 5668 WinHttpAutoProxySvc - ok
20:44:15.0333 5668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:44:15.0333 5668 Winmgmt - ok
20:44:15.0504 5668 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:44:15.0551 5668 WinRM - ok
20:44:15.0785 5668 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:44:15.0785 5668 WinUsb - ok
20:44:15.0894 5668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:44:15.0910 5668 Wlansvc - ok
20:44:16.0269 5668 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:44:16.0300 5668 wlidsvc - ok
20:44:16.0550 5668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:44:16.0550 5668 WmiAcpi - ok
20:44:16.0674 5668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:44:16.0674 5668 wmiApSrv - ok
20:44:16.0768 5668 WMPNetworkSvc - ok
20:44:16.0815 5668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:44:16.0830 5668 WPCSvc - ok
20:44:16.0893 5668 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:44:16.0908 5668 WPDBusEnum - ok
20:44:16.0955 5668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:44:16.0955 5668 ws2ifsl - ok
20:44:16.0986 5668 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:44:16.0986 5668 wscsvc - ok
20:44:16.0986 5668 WSearch - ok
20:44:17.0236 5668 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:44:17.0267 5668 wuauserv - ok
20:44:17.0564 5668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:44:17.0564 5668 WudfPf - ok
20:44:17.0595 5668 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:44:17.0610 5668 WUDFRd - ok
20:44:17.0673 5668 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:44:17.0673 5668 wudfsvc - ok
20:44:17.0735 5668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:44:17.0751 5668 WwanSvc - ok
20:44:17.0922 5668 ZentimoService (f5dcf9649ed20b07ab9161659e416f85) C:\Program Files (x86)\Zentimo\ZentimoService.exe
20:44:17.0938 5668 ZentimoService - ok
20:44:17.0969 5668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:44:18.0219 5668 \Device\Harddisk0\DR0 - ok
20:44:18.0219 5668 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR2
20:44:18.0219 5668 \Device\Harddisk2\DR2 - ok
20:44:18.0234 5668 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR3
20:44:18.0250 5668 \Device\Harddisk3\DR3 - ok
20:44:18.0266 5668 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
20:44:18.0266 5668 \Device\Harddisk4\DR4 - ok
20:44:18.0266 5668 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
20:44:18.0281 5668 \Device\Harddisk5\DR5 - ok
20:44:18.0281 5668 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk6\DR6
20:44:18.0297 5668 \Device\Harddisk6\DR6 - ok
20:44:18.0297 5668 Boot (0x1200) (5e0cf5da6bd2f62ef110ab5536d73daa) \Device\Harddisk0\DR0\Partition0
20:44:18.0297 5668 \Device\Harddisk0\DR0\Partition0 - ok
20:44:18.0328 5668 Boot (0x1200) (374eb59e97862dbcc228df317090dee4) \Device\Harddisk0\DR0\Partition1
20:44:18.0328 5668 \Device\Harddisk0\DR0\Partition1 - ok
20:44:18.0344 5668 Boot (0x1200) (d66ea9763814b4aba7378917961673cf) \Device\Harddisk2\DR2\Partition0
20:44:18.0344 5668 \Device\Harddisk2\DR2\Partition0 - ok
20:44:18.0344 5668 Boot (0x1200) (fef29181910f424a560c9669d310cd2a) \Device\Harddisk3\DR3\Partition0
20:44:18.0344 5668 \Device\Harddisk3\DR3\Partition0 - ok
20:44:18.0359 5668 Boot (0x1200) (7e01c990e55590ffc2ab0fac6dbceb57) \Device\Harddisk4\DR4\Partition0
20:44:18.0359 5668 \Device\Harddisk4\DR4\Partition0 - ok
20:44:18.0359 5668 Boot (0x1200) (3b5fc3ce5dca05ac1799fa9e69856763) \Device\Harddisk5\DR5\Partition0
20:44:18.0359 5668 \Device\Harddisk5\DR5\Partition0 - ok
20:44:18.0375 5668 Boot (0x1200) (5482177d5b3c4de4e852ead8cf8fccdb) \Device\Harddisk6\DR6\Partition0
20:44:18.0375 5668 \Device\Harddisk6\DR6\Partition0 - ok
20:44:18.0375 5668 ============================================================
20:44:18.0375 5668 Scan finished
20:44:18.0375 5668 ============================================================
20:44:18.0390 3260 Detected object count: 0
20:44:18.0390 3260 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 26 June 2012 - 09:27 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 26 June 2012 - 11:42 PM

I tried to run the script. The first time, ComboFix seemed to hang at the "trying to create a restore point". I let it sit there for over an hour. Eventually, I closed the window. When I tried to run it again, the dialog box that shows it installing files opened but then it never moved on to the blue dialog box where it creates the restore point and then works through its tests.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 26 June 2012 - 11:58 PM

Hello

How is the comnputer running at this time?

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users