Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen Deathwave


  • This topic is locked This topic is locked
41 replies to this topic

#1 Scott Wyllie

Scott Wyllie

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 10 January 2013 - 08:24 AM

Greetings and salutations bleedingcomputer.com. I very rarely need to ask for help like this because I consider myself pretty self sufficient when it comes to computers but right now I am at my wits end. About a month ago my Symentec Auto-protect started popping up with a wave of Trojan.Gen | quarantined | all coming from the C:\\Windows\Temp\tmp00000e65\ folder. I have thrown everything in my arsenal at it and it just will not stop which makes me think its buried in deep with the hardware. I read your prep topic and will attempt to do everything right. Thank you in advance and I hope someone can help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16968 BrowserJavaVersion: 10.9.2
Run by Core at 8:08:11 on 2013-01-10
Microsoft Windows 7 Ultimate

6.1.7600.0.1252.1.1033.18.24567.19812 [GMT -5:00]
.
AV: Ad-Aware Total Security *Enabled/Outdated* {54ACC2FC-837E-

E665-7A92-5352D560D5EF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-

9E44-DA132C1ACF46}
SP: Ad-Aware Total Security *Enabled/Outdated* {EFCD2318-A544-

E9EB-4022-6820AEE79F52}
FW: Ad-Aware Personal Firewall *Enabled* {6C9743D9-C911-E73D-

51CD-FA672BB39294}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK

\AVKWCtlX64.exe
C:\Windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds

\vistasrv.exe
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds

\WBVista.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds

\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy

\AVKProxy.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK

\AVKService.exe
C:\Program Files (x86)\Common Files\Symantec Shared

\ccSvcHst.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device

Manager\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon

\ForwardDaemon.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\TuneUp Utilities

2010\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security

\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k

NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy

\AvkBap64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK

\AVK.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device

Manager\MotoHelperAgent.exe
C:\Program Files (x86)\TuneUp Utilities

2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds

\WBVista.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Topos\cFosSpeed\cfosspeed.exe
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files\HP\HP Photosmart 5510d series\Bin

\ScanToPCActivationApp.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup

Scheduler.exe
C:\Users\Core\AppData\Local\Programs\Google\MusicManager

\MusicManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Free Ride Games\GPlayer.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\slui.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher

\Application Launcher.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security

\AVKTray\AVKTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security

\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Common Files\Teleca Shared

\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Symantec AntiVirus\SavUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter

\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor

\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor

\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor

\FsynSrvStarter.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Core\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?

publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-

4185-8f4e-e3e45321caa1&searchtype=hp
uSearch Bar = hxxp://feed.snap.do/?

publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-

4185-8f4e-e3e45321caa1&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?

publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-

4185-8f4e-e3e45321caa1&searchtype=ds&q={searchTerms}
uProxyOverride = 192.168.*.*
uSearchAssistant = hxxp://feed.snap.do/?

publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-

4185-8f4e-e3e45321caa1&searchtype=ds&q={searchTerms}
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-

4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTo0.dll
mWinlogon: Userinit = userinit.exe,
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:

\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5}

- C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security

\WebFilter\AvkWebIE.dll
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-

110211181104} - C:\Program Files (x86)\Coupon Companion Plugin

\Coupon Companion Plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-

30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program

Files (x86)\Wajam\IE\priam_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-

8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-

F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077}

- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
BHO: {F6222CB7-E738-4DA5-B305-28E5F1ED8B1E} - <orphaned>
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-

4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar

\DTToolbar.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:

\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-

30EE31099E03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTo0.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-

4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar

\DTToolbar.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:

\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-

30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTo0.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} -

LocalServer32 - <no file>
TB: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5}

- C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security

\WebFilter\AvkWebIE.dll
uRun: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX

\CursorFX.exe"
uRun: [AdobeBridge] <no file>
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec

Shared\ccApp.exe"
mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC

\HTC Sync\Application Launcher\Application Launcher.exe"

/startoptions
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe

\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori

\SendoriTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common

Files\Java\Java Update\jusched.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core

\smax4pnp.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam

\LifeExp.exe"
mRun: [G Data AntiVirus Tray Application] C:\Program Files

(x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\Lavasoft\Ad-Aware

Total Security\Firewall\GDFirewallTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe

\ARM\1.0\AdobeARM.exe"
dRunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-

Aware\AutoLaunch.exe monthly
StartupFolder: C:\Users\Core\AppData\Roaming\MICROS~1\Windows

\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows

\System32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download by Orbit - C:\Program Files

(x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files

(x86)\Orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Do&wnload selected by Orbit - C:\Program Files

(x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files

(x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Core\AppData

\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files

(x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-

479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-

4E2E-BF3B-96E929D65503}
LSP: C:\Windows\System32\Sendori.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all

domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all

domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-

i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-

i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-

i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5FBA087B-E18C-4DB9-8971-250640816106} :

DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C0963209-098F-4EBA-A9AE-5BB58D900817} :

DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E13CA507-B55E-401C-8B3F-B15592FAC173} :

NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
TCP: Interfaces\{E13CA507-B55E-401C-8B3F-B15592FAC173} :

DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-

07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: WB - <no file>
Notify: WBSrv - C:\Program Files (x86)\Stardock\Object Desktop

\WindowBlinds\wbsrv.dll
AppInit_DLLs= wbsys.dll
SSODL: WebCheck - <orphaned>
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-

4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop

\IconPackager\iprepair.dll
x64-BHO: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-

78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total

Security\Webfilter\AVKWebIEx64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-

4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-

BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-

4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar

\DTToolbar64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} -

LocalServer32 - <no file>
x64-TB: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-

78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total

Security\Webfilter\AVKWebIEx64.dll
x64-Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices

\SoundMAX\SoundMAX.exe" /tray
x64-Run: [cFosSpeed] C:\Program Files\Topos\cFosSpeed

\cFosSpeed.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common

Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-

E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all

domains' option.
.
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-

i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-

i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-

07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

- <orphaned>
x64-Notify: WB - C:\PROGRA~2\Stardock

\OBJECT~1\WINDOW~1\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-

4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop

\IconPackager\iprepair64.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Core\AppData\Roaming\Mozilla

\Firefox\Profiles\2fcbfal9.default\
FF - prefs.js: browser.startup.homepage -

hxxp://feed.snap.do/?

publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-

4185-8f4e-e3e45321caa1&searchtype=hp
FF - prefs.js: keyword.URL -

hxxp://search.conduit.com/ResultsExt.aspx?

ctid=CT3072253&SearchSource=2&q=
FF - component: C:\Users\Core\AppData\Roaming\Mozilla\Firefox

\Profiles\2fcbfal9.default\extensions\DTToolbar@toolbarnet.com

\components\DTToolbarFF.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat

\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader

\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games

\npExentCtl.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games

\npGameTreatWidget.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin

\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin

\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin

\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight

\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins

\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins

\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D

Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D

Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game

Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game

Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Core\AppData\Local\Google\Update

\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Core\AppData\Roaming\Mozilla\Firefox

\Profiles\2fcbfal9.default\extensions\{687578b9-7132-4a7a-80e4

-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-10 10:54; {ACAA314B-EEBA-48e4-AD47-

84E31C44796C}; C:\Program Files (x86)\Common Files

\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-20 08:24; plugin@selectionlinks.com; C:

\Users\Core\AppData\Roaming\Mozilla\Firefox\Profiles

\2fcbfal9.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-01-01 18:28; {9AA46F4F-4DC7-4c06-97AF-

5035170633FE}; C:\Program Files (x86)\Mozilla Firefox

\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - ExtSQL: 2013-01-08 07:23; {82AF8DCA-6DE9-405D-BD5E-

43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox

\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-08 09:47;

extension21804@extension21804.com; C:\Users\Core\AppData

\Roaming\Mozilla\Firefox\Profiles\2fcbfal9.default\extensions

\extension21804@extension21804.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-

server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extentions.y2layers.installId - a455d5d4-21f3-

47b2-922e-3773cdec0177
FF - user.js: extentions.y2layers.defaultEnableAppsList -

ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 0
user_pref('extensions.autoDisableScopes', 0);user_pref

('security.csp.enable', false);user_pref

('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys

[2013-1-1 40392]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys

[2012-7-4 56208]
R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys

[2013-1-1 85960]
R1 gdwfpcd;G DATA WFP CD;C:\Windows\System32\drivers

\gdwfpcd64.sys [2013-1-1 48584]
R1 HookCentre;HookCentre;C:\Windows\System32\drivers

\HookCentre.sys [2013-1-1 49096]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware

\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware

\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware

\SASCore64.exe [2012-7-11 140672]
R2 Application Sendori;Application Sendori;C:\Program Files

(x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
R2 AVKProxy;Ad-Aware Total Security Proxy;C:\Program Files

(x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-6-16

1081384]
R2 AVKService;Ad-Aware Scheduler;C:\Program Files

(x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe

[2010-6-16 412944]
R2 AVKWCtl;Ad-Aware Filesystem Monitor;C:\Program Files

(x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe

[2010-6-14 2160960]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files

(x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files

(x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows

\System32\drivers\LMIRfsDriver.sys [2011-1-20 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-4

398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbamservice.exe [2013-1-4 682344]
R2 Motorola Device Manager;Motorola Device Manager Service;C:

\Program Files (x86)\Motorola Mobility\Motorola Device Manager

\MotoHelperService.exe [2012-10-23 120728]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola

\MotForwardDaemon\ForwardDaemon.exe [2012-12-8 65657]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files

(x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-12

1153368]
R2 Service Sendori;Service Sendori;C:\Program Files

(x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype

\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13

3290896]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori

\sndappv2.exe [2012-12-10 3569512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:

\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe [2012-8-30 382312]
R2 Symantec AntiVirus;Symantec AntiVirus;C:\Program Files

(x86)\Symantec AntiVirus\Rtvscan.exe [2008-10-23 1956752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program

Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

[2009-10-30 1353544]
R2 WinisoCDBus;WinISO Virtual CD Drive;C:\Windows

\System32\drivers\WinisoCDBus.sys [2012-5-21 204032]
R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride

Games\X5XSEx_Pr143.sys [2013-1-8 56136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files

(x86)\Common Files\Symantec Shared\EENGINE

\EraserUtilRebootDrv.sys [2012-8-11 138912]
R3 GDFwSvc;Ad-Aware Personal Firewall;C:\Program Files

(x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe

[2010-6-15 1954472]
R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys

[2013-1-1 57288]
R3 GDScan;Ad-Aware Scanner;C:\Program Files (x86)\Common Files

\G Data\GDScan\GDScan.exe [2010-6-17 624064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers

\mbam.sys [2013-1-4 24176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema

Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20

36720]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0

Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys

[2010-11-25 694888]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files

(x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-

10-14 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype

\Updater\Updater.exe [2012-10-19 160944]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:

\Program Files (x86)\Dragon Age\bin_ship

\daupdatersvc.service.exe [2009-11-11 25832]
S3 GDBackupSvc;Ad-Aware Backup Service;C:\Program Files

(x86)\Lavasoft\Ad-Aware Total Security\AVKBackup

\AVKBackupService.exe [2010-6-16 911976]
S3 GDTunerSvc;Ad-Aware Tuner Service;C:\Program Files

(x86)\Lavasoft\Ad-Aware Total Security\AVKTuner

\AVKTunerService.exe [2010-6-16 1234896]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers

\ANDROIDUSB.sys [2009-11-1 33736]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows

\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 rt70x64;Conceptronic 54Mbps RT2500 USB adapter Driver for

Vista;C:\Windows\System32\drivers\netr7064.sys [2007-10-9

371200]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common

Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows

\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam

\Updater\WajamUpdater.exe [2012-10-5 109064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:

\Windows\System32\Wat\WatAdminSvc.exe [2010-3-31 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows

\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1

[UserChoice]
.
=============== Created Last 30 ================
.
2013-01-09 15:36:43 -------- d-----w- C:\FRST
2013-01-08 14:48:44 -------- d-----w- C:

\Remote Programs
2013-01-08 14:48:41 -------- d-----w- C:

\ProgramData\Free Ride Games
2013-01-08 14:48:38 57824 ------w- C:\Windows

\ExentInfo.exe
2013-01-08 14:48:38 -------- d-----w- C:

\Program Files (x86)\Free Ride Games
2013-01-08 14:47:20 -------- d-----w- C:

\Users\Core\AppData\Local\Wajam
2013-01-08 14:47:10 -------- d-----w- C:

\Program Files (x86)\Wajam
2013-01-08 14:47:09 -------- d-----w- C:

\Users\Core\AppData\Local\Coupon Companion Plugin
2013-01-08 14:47:05 -------- d-----w- C:

\Program Files (x86)\Coupon Companion Plugin
2013-01-05 20:30:26 -------- d-----w- C:

\Users\Core\AppData\Local\G DATA
2013-01-04 12:38:19 -------- d-----w- C:

\Users\Core\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 12:37:57 -------- d-----w- C:

\ProgramData\SUPERAntiSpyware.com
2013-01-04 12:37:57 -------- d-----w- C:

\Program Files\SUPERAntiSpyware
2013-01-04 12:37:27 -------- d-----w- C:

\Users\Core\AppData\Roaming\Malwarebytes
2013-01-04 12:36:43 -------- d-----w- C:

\ProgramData\Malwarebytes
2013-01-04 12:36:41 24176 ----a-w- C:\Windows

\System32\drivers\mbam.sys
2013-01-04 12:36:40 -------- d-----w- C:

\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-03 14:06:48 -------- d-----w- C:

\Program Files\CCleaner
2013-01-02 12:07:39 188 ---ha-w- C:\aaw7boot.cmd
2013-01-01 23:36:10 106224 ----a-w- C:\Windows

\SysWow64\drivers\GRD.sys
2013-01-01 23:28:57 40392 ----a-w- C:\Windows

\System32\drivers\GDBehave.sys
2013-01-01 23:28:44 57288 ----a-w- C:\Windows

\System32\drivers\PktIcpt.sys
2013-01-01 23:28:30 15880 ----a-w- C:\Windows

\SysWow64\lsdelete.exe
2013-01-01 23:28:24 137288 ----a-w- C:\Program

Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-

97AF-5035170633FE}\Components\AvkWebFilterFF.dll
2013-01-01 23:28:18 49096 ----a-w- C:\Windows

\System32\drivers\HookCentre.sys
2013-01-01 23:28:17 85960 ----a-w- C:\Windows

\System32\drivers\MiniIcpt.sys
2013-01-01 23:28:16 48584 ----a-w- C:\Windows

\System32\drivers\gdwfpcd64.sys
2013-01-01 23:27:31 -------- d-----w- C:

\ProgramData\G DATA
2013-01-01 23:27:31 -------- d-----w- C:

\Program Files (x86)\Common Files\G Data
2012-12-22 18:10:32 281392 ----a-w- C:\Windows

\SysWow64\PnkBstrB.xtr
2012-12-22 18:10:29 -------- d-----w- C:

\Users\Core\AppData\Local\PunkBuster
2012-12-22 18:09:54 -------- d-----w- C:

\ProgramData\Orbit
2012-12-22 17:34:58 3123272 ----a-w- C:\Windows

\SysWow64\pbsvc.exe
2012-12-13 19:30:28 5955856 ----a-w- C:\Program

Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-

BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-01-09 01:40:29 74248 ----a-w- C:\Windows

\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:40:29 697864 ----a-w- C:\Windows

\SysWow64\FlashPlayerApp.exe
2013-01-09 01:40:02 16369160 ----a-w- C:

\Windows\SysWow64\FlashPlayerInstaller.exe
2012-12-22 18:17:08 281392 ----a-w- C:\Windows

\SysWow64\PnkBstrB.exe
2012-12-22 18:10:38 76888 ----a-w- C:\Windows

\SysWow64\PnkBstrA.exe
2012-12-22 18:10:32 281392 ----a-w- C:\Windows

\SysWow64\PnkBstrB.ex0
2012-12-10 23:01:54 321384 ----a-w- C:\Windows

\SysWow64\Sendori.dll
2012-12-08 14:47:14 95208 ----a-w- C:\Windows

\SysWow64\WindowsAccessBridge-32.dll
2012-12-08 14:47:13 821736 ----a-w- C:\Windows

\SysWow64\npDeployJava1.dll
2012-12-08 14:47:13 746984 ----a-w- C:\Windows

\SysWow64\deployJava1.dll
2012-11-10 03:02:02 88008 ----a-w- C:\Windows

\System32\LMIRfsClientNP.dll
2012-11-10 03:02:01 83880 ----a-w- C:\Windows

\System32\LMIinit.dll
2012-11-10 03:02:01 35240 ----a-w- C:\Windows

\System32\LMIport.dll
.
============= FINISH: 8:08:57.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 PM

Posted 10 January 2013 - 10:04 AM

please uncheck "word wrap" from Notepad before you paste your logs into the thread, it makes the logs very hard to read

Please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Scott Wyllie

Scott Wyllie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 10 January 2013 - 10:09 PM

Sorry about the word wrap, I got it right this time.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-10 20:14:09
-----------------------------
20:14:09.606 OS Version: Windows x64 6.1.7600
20:14:09.606 Number of processors: 8 586 0x1A05
20:14:09.608 ComputerName: THECORE UserName: Core
20:14:43.218 Initialize success
20:14:54.068 AVAST engine defs: 13011000
20:15:08.535 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
20:15:08.536 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01118 Size: 953869MB BusType: 3
20:15:08.702 Disk 0 MBR read successfully
20:15:08.704 Disk 0 MBR scan
20:15:08.776 Disk 0 Windows 7 default MBR code
20:15:08.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
20:15:09.310 Disk 0 scanning C:\Windows\system32\drivers
20:17:03.482 Service scanning
20:18:39.979 Modules scanning
20:18:39.984 Disk 0 trace - called modules:
20:18:40.012 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
20:18:40.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8013f0e060]
20:18:40.018 3 CLASSPNP.SYS[fffff880018e843f] -> nt!IofCallDriver -> [0xfffffa8013c3f580]
20:18:40.022 5 ACPI.sys[fffff88000f81781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8013c41060]
20:18:44.910 AVAST engine scan C:\Windows
20:19:08.191 AVAST engine scan C:\Windows\system32
20:28:18.653 AVAST engine scan C:\Windows\system32\drivers
20:28:47.058 AVAST engine scan C:\Users\Core
20:40:35.055 File: C:\Users\Core\Desktop\Red Giant Software\Motion Graphics Products\ToonIt 2.0\Crack\Red Giant ToonIt V2 Keygen.exe **INFECTED** Win32:Malware-gen
20:46:37.262 AVAST engine scan C:\ProgramData
22:01:09.482 Scan finished successfully
22:04:47.954 Disk 0 MBR has been saved successfully to "C:\Users\Core\Desktop\MBR.dat"
22:04:47.963 The log file has been saved successfully to "C:\Users\Core\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   545bytes   0 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 PM

Posted 10 January 2013 - 10:13 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Scott Wyllie

Scott Wyllie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 11 January 2013 - 07:53 AM

ComboFix 13-01-11.01 - Core 01/11/2013 7:18.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.24567.19713 [GMT -5:00]
Running from: c:\users\Core\Desktop\ComboFix.exe
AV: Ad-Aware Total Security *Disabled/Outdated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: Ad-Aware Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Ad-Aware Total Security *Disabled/Outdated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Coupon Companion Plugin\CoUPon companion plugin.dll
c:\programdata\DYA_PPGNOHWWWWJRTBLBR
c:\programdata\DYA_PPGNOHWWWWJRTBLBR\1.0.0\Data\app.dat
c:\programdata\DYA_PPGNOHWWWWJRTBLBR\1.0.0\Data\updates.dat
c:\users\Core\AppData\Roaming\Core3SQLite3.dll
c:\users\Core\AppData\Roaming\Corelog.dat
c:\users\Core\AppData\Roaming\DYA_PPGNOHWWWWJRTBLBR
c:\users\Core\AppData\Roaming\DYA_PPGNOHWWWWJRTBLBR\1.0.0\Data\dya.dat
c:\users\Core\AppData\Roaming\inst.exe
c:\users\Core\AppData\Roaming\vso_ts_preview.xml
c:\users\Core\Documents\~WRL0500.tmp
c:\users\Core\Documents\~WRL3026.tmp
c:\users\Core\Documents\~WRL3135.tmp
c:\users\Core\Documents\~WRL3768.tmp
c:\users\Core\Documents\~WRL3807.tmp
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\windir
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-09 15:36 . 2013-01-09 15:36 -------- d-----w- C:\FRST
2013-01-09 15:20 . 2013-01-10 01:11 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-08 14:48 . 2013-01-08 14:48 -------- d-----w- C:\Remote Programs
2013-01-08 14:48 . 2013-01-08 14:48 -------- d-----w- c:\programdata\Free Ride Games
2013-01-08 14:48 . 2013-01-08 14:51 -------- d-----w- c:\program files (x86)\Free Ride Games
2013-01-08 14:48 . 2012-12-04 21:48 57824 ------w- c:\windows\ExentInfo.exe
2013-01-08 14:47 . 2013-01-08 14:47 -------- d-----w- c:\users\Core\AppData\Local\Wajam
2013-01-08 14:47 . 2013-01-08 14:47 -------- d-----w- c:\program files (x86)\Wajam
2013-01-08 14:47 . 2013-01-08 14:47 -------- d-----w- c:\users\Core\AppData\Local\Coupon Companion Plugin
2013-01-08 14:47 . 2013-01-11 12:34 -------- d-----w- c:\program files (x86)\Coupon Companion Plugin
2013-01-05 20:30 . 2013-01-05 20:30 -------- d-----w- c:\users\Core\AppData\Local\G DATA
2013-01-04 12:38 . 2013-01-04 12:38 -------- d-----w- c:\users\Core\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 12:37 . 2013-01-05 20:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-04 12:37 . 2013-01-04 12:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-04 12:37 . 2013-01-04 12:37 -------- d-----w- c:\users\Core\AppData\Roaming\Malwarebytes
2013-01-04 12:36 . 2013-01-04 12:36 -------- d-----w- c:\programdata\Malwarebytes
2013-01-04 12:36 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 12:36 . 2013-01-05 14:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 14:06 . 2013-01-03 14:07 -------- d-----w- c:\program files\CCleaner
2013-01-02 12:07 . 2013-01-02 12:07 188 ---ha-w- C:\aaw7boot.cmd
2013-01-01 23:36 . 2013-01-11 12:13 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys
2013-01-01 23:28 . 2013-01-01 23:28 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2013-01-01 23:28 . 2013-01-01 23:28 57288 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2013-01-01 23:28 . 2013-01-01 23:17 15880 ----a-w- c:\windows\SysWow64\lsdelete.exe
2013-01-01 23:28 . 2010-05-11 09:19 137288 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\Components\AvkWebFilterFF.dll
2013-01-01 23:28 . 2013-01-01 23:28 49096 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2013-01-01 23:28 . 2013-01-01 23:28 85960 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2013-01-01 23:28 . 2013-01-01 23:28 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2013-01-01 23:27 . 2013-01-11 03:13 -------- d-----w- c:\programdata\G DATA
2013-01-01 23:27 . 2013-01-01 23:27 -------- d-----w- c:\program files (x86)\Common Files\G Data
2012-12-22 18:10 . 2012-12-22 18:17 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-22 18:10 . 2012-12-22 18:10 -------- d-----w- c:\users\Core\AppData\Local\PunkBuster
2012-12-22 18:09 . 2012-12-22 18:09 -------- d-----w- c:\programdata\Orbit
2012-12-22 17:34 . 2012-11-21 04:32 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-12-13 19:30 . 2012-12-13 19:30 5955856 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 01:40 . 2012-07-05 15:48 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:40 . 2012-07-05 15:48 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 01:40 . 2012-10-09 00:37 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-22 18:17 . 2012-12-03 13:14 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-22 18:10 . 2012-12-03 13:14 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-22 18:10 . 2012-12-03 13:14 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-10 23:01 . 2012-09-05 23:02 321384 ----a-w- c:\windows\SysWow64\Sendori.dll
2012-12-08 14:47 . 2012-12-08 14:47 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-08 14:47 . 2012-12-08 14:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-08 14:47 . 2010-07-19 12:38 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-10 03:02 . 2011-01-20 13:27 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-10 03:02 . 2011-01-20 13:27 35240 ----a-w- c:\windows\system32\LMIport.dll
2012-11-10 03:02 . 2011-01-20 13:27 83880 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 2676584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17888944]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]
"MusicManager"="c:\users\Core\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-12-10 7416320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-01-05 5629312]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-10 969104]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"vptray"="c:\progra~2\SYMANT~1\VPTray.exe" [2008-10-23 136080]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-12-10 82792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-04-16 1310720]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"G Data AntiVirus Tray Application"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-16 979968]
"GDFirewallTray"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-16 1550576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\users\Core\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2011-09-26 18:10 500016 ----a-w- c:\program files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 GDBackupSvc;Ad-Aware Backup Service;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-06-16 911976]
R3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-06-16 1234896]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 rt70x64;Conceptronic 54Mbps RT2500 USB adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7064.sys [2007-10-09 371200]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-05 109064]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-15 834544]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-01-01 40392]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-01-01 85960]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-01-01 48584]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-01-01 49096]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
S2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-06-16 1081384]
S2 AVKService;Ad-Aware Scheduler;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-06-16 412944]
S2 AVKWCtl;Ad-Aware Filesystem Monitor;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-06-14 2160960]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]
S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys [2012-05-17 204032]
S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-01 138912]
S3 GDFwSvc;Ad-Aware Personal Firewall;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-06-15 1954472]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-01-01 57288]
S3 GDScan;Ad-Aware Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-06-17 624064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 01:40]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 19:38]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 19:38]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-628688775-3673737984-2390678477-1000Core.job
- c:\users\Core\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 00:39]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-628688775-3673737984-2390678477-1000UA.job
- c:\users\Core\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 00:39]
.
2013-01-11 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="c:\program files\Topos\cFosSpeed\cFosSpeed.exe" [2009-02-11 1225432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-4185-8f4e-e3e45321caa1&searchtype=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-4185-8f4e-e3e45321caa1&searchtype=ds&q={searchTerms}
mSearchAssistant =
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Core\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E13CA507-B55E-401C-8B3F-B15592FAC173}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
FF - ProfilePath - c:\users\Core\AppData\Roaming\Mozilla\Firefox\Profiles\2fcbfal9.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-4185-8f4e-e3e45321caa1&searchtype=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - ExtSQL: 2012-12-10 10:54; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-20 08:24; plugin@selectionlinks.com; c:\users\Core\AppData\Roaming\Mozilla\Firefox\Profiles\2fcbfal9.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-01-01 18:28; {9AA46F4F-4DC7-4c06-97AF-5035170633FE}; c:\program files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - ExtSQL: 2013-01-08 07:23; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-08 09:47; extension21804@extension21804.com; c:\users\Core\AppData\Roaming\Mozilla\Firefox\Profiles\2fcbfal9.default\extensions\extension21804@extension21804.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extentions.y2layers.installId - a455d5d4-21f3-47b2-922e-3773cdec0177
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 0
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110211181104} - c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll
BHO-{F6222CB7-E738-4DA5-B305-28E5F1ED8B1E} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-AutoLaunch - c:\program files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe
Notify-WB - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.nws\shellex]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ee,5b,c2,19,6f,45,af,3a,54,58,c7,27,15,22,d0,c8,7c,24,de,8e,58,
3b,2b,74,7f,66,53,88,76,3a,69,e7,c9,c2,ef,17,3c,20,8c,be,c3,4d,93,a9,91,d7,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ee,5b,c2,19,6f,45,af,3a,54,58,c7,27,15,22,d0,c8,7c,24,de,8e,58,
3b,2b,74,7f,66,53,88,76,3a,69,e7,c9,c2,ef,17,3c,20,8c,be,c3,4d,93,a9,91,d7,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Common Client\ccService\Channels]
@Denied: (C D) (Everyone)
"{04527D89-FC10-4648-9497-B2446CDE55CF}"="{C0DBEF56-6074-4C54-9338-094D1018FC4C}"
"{04B8A18D-8AD9-41B9-82D3-6FA1E066CE78}"="{8E434DAF-D8F7-4B7E-830B-27A29C8F5863}"
"{13BF9E03-07B1-44B3-9B09-46EE149C4BC2}"="{22B28D93-8AA4-4247-9AEF-7D8D9BFCD5CE}"
"{1CBB51DF-8ED3-4CCE-8601-551D0AAEB76B}"="{41DB4454-4D17-44B7-8ACC-C852B7ED33D5}"
"{1EF2E87B-CF13-4E9F-9736-F8DD377201E6}"="{C90F38F7-17DA-465D-9435-D41732024E23}"
"{23224F60-FB27-41D6-82BB-5252506C0A6F}"="{137A4697-0FC4-4D2D-B5F9-7CEE9E618EED}"
"{2457DFE6-1B58-4516-840F-9D4EA579593F}"="{A69E42A4-B506-449A-B38A-BFFF0214396C}"
"{2ADD4EA4-9D7C-4B59-AB25-34F078E9CC54}"="{41162C0F-36B1-4D17-A000-F888E4A6BA70}"
"{371C1320-D32E-44F2-B6B7-6A3F7B88742E}"="{7BA5F0BE-2FE8-4408-9765-6E43831DA959}"
"{3B8FC798-FE10-47F0-8B92-A6873AC9A64F}"="{09A7AB4F-3448-4FED-9258-E377367F5FAE}"
"{3E69C681-29E2-4A17-B97D-F71E81BF48DE}"="{D1A389C9-B209-4778-A5E8-55AA6BA435BD}"
"{400E3C09-55A1-4471-86A3-6CC5424E10B7}"="{B96285D1-68E0-4ADC-B72C-722F3F02B141}"
"{4B65DE03-295A-42D9-BBC5-A9BD25FA7863}"="{B8BEC352-E20C-4EFB-B551-AA5BEDBFF3F0}"
"{4CB70711-C7D1-4F6C-B424-9CA8895330B1}"="{D335610B-6BB9-49B6-A862-0256C6FC1A08}"
"{4D75D17C-9C08-430D-884B-F9C2947565E2}"="{952CB9B0-B618-4632-94CA-91448EE1DADD}"
"{4F722ECA-ABF5-42D4-821C-65FAE3FB77AF}"="{8E434DAF-D8F7-4B7E-830B-27A29C8F5863}"
"{505C4A2D-E03D-4100-9B03-24F2966CFB49}"="{DDDDD0EF-26E8-4585-9B52-79301150745B}"
"{5102E132-AD05-4872-B2BC-38373A78A265}"="{22B28D93-8AA4-4247-9AEF-7D8D9BFCD5CE}"
"{64215F40-6F23-422E-8334-50E129117A30}"="{2D0867AF-CF8A-48F8-B40B-C282DF283CC1}"
"{69E765C7-FAAF-4A7B-94F4-3C3D24DFB88C}"="{952CB9B0-B618-4632-94CA-91448EE1DADD}"
"{6B9161F7-6F93-44BF-81F0-776C2B73E889}"="{FF6C95F5-3592-4497-95CB-6A29625C4BF8}"
"{6BD96A46-36A1-498E-8F28-AEE8BA55C70B}"="{8B64481D-DBDF-42CB-9811-14F7E5616D44}"
"{6DCDDE50-03D4-4EE4-AE1D-0C19B62C8127}"="{36948A14-4FA4-42E3-A0ED-DCE6E3E84B71}"
"{6FAE61CE-21E9-4BB3-A6AC-EAB0FB150A8C}"="{2D0867AF-CF8A-48F8-B40B-C282DF283CC1}"
"{778B16C8-256F-4017-9BEE-03B4C688D59F}"="{943FF25C-7A2E-4413-AB18-B0BD923B062D}"
"{81751467-CE04-4FFB-8E5B-90D82BD81925}"="{D1A389C9-B209-4778-A5E8-55AA6BA435BD}"
"{82EA217A-1C46-472E-A46B-A47208B9AB74}"="{3DE4B8A2-9AF7-4913-9A30-36C7ABA2710A}"
"{8CA3CC27-EB92-4315-ADD7-EF2DF43FB58F}"="{C90F38F7-17DA-465D-9435-D41732024E23}"
"{8D005F65-39BC-4C11-8D01-15A8C06BF064}"="{09A7AB4F-3448-4FED-9258-E377367F5FAE}"
"{8F7867FD-9F35-44C2-9414-2C1E8845718A}"="{137A4697-0FC4-4D2D-B5F9-7CEE9E618EED}"
"{913A1C8A-7255-451F-8A80-CA126D79199D}"="{B96285D1-68E0-4ADC-B72C-722F3F02B141}"
"{9EE2D6C9-F12F-4D43-9BA7-1F3D790FB9C6}"="{A69E42A4-B506-449A-B38A-BFFF0214396C}"
"{A24DDD63-F8E0-47B4-AF6E-21670A067672}"="{E7330EE0-4A09-4563-8BB1-A98709487F0E}"
"{A6B8E5FE-F4D3-42D0-90B6-21DF9839D8E6}"="{A4CB74FF-2159-41B2-B53A-7033BDCB4AEF}"
"{B09601B9-9772-4F0D-B83C-D91A7B9CA15D}"="{7BA5F0BE-2FE8-4408-9765-6E43831DA959}"
"{B2252287-2DF8-49BE-9E56-0EEA58BAFC4E}"="{E7330EE0-4A09-4563-8BB1-A98709487F0E}"
"{B22F8A91-2AD7-479F-A229-002BC552FCD1}"="{B8BEC352-E20C-4EFB-B551-AA5BEDBFF3F0}"
"{B8F10A0B-1EE4-43AD-A1BA-551A2B4B8F34}"="{41162C0F-36B1-4D17-A000-F888E4A6BA70}"
"{CD401654-DD5C-45FA-B736-F04CAC0BB613}"="{CE33BA56-952E-4F38-937D-BD01C63D9B7C}"
"{D517D21D-EB38-4B8C-A3E8-4F9D3661252E}"="{3DE4B8A2-9AF7-4913-9A30-36C7ABA2710A}"
"{D539644E-7963-43E3-ABC9-801FEC42E949}"="{A4CB74FF-2159-41B2-B53A-7033BDCB4AEF}"
"{D71382CC-FC4F-4D04-B1A6-F1DDAFE958AC}"="{FF6C95F5-3592-4497-95CB-6A29625C4BF8}"
"{D99B0095-FF01-44CE-AAF6-A98F7CEDCD02}"="{41DB4454-4D17-44B7-8ACC-C852B7ED33D5}"
"{DADFF171-B722-4AAF-9917-3BE1B046564F}"="{CE33BA56-952E-4F38-937D-BD01C63D9B7C}"
"{DF2DBED1-3520-43FD-ADD4-54AFF1C8CC99}"="{943FF25C-7A2E-4413-AB18-B0BD923B062D}"
"{E691BCBE-FFD1-409E-A999-DE43DF061D90}"="{F382FB4B-69CC-4D86-8C51-5E0C6077A953}"
"{F020C667-4573-4F54-9B79-49241118198C}"="{EE48F6D0-7753-4A53-B416-C262F56E753A}"
"{F393A9BA-9ADC-4C6C-B879-738F8987AF5C}"="{D335610B-6BB9-49B6-A862-0256C6FC1A08}"
"{FA58B828-6359-4CAE-AE0D-2283F8FF180A}"="{F382FB4B-69CC-4D86-8C51-5E0C6077A953}"
"{FB0F8E96-BFF8-44D6-A3AA-E57DE4727113}"="{EE48F6D0-7753-4A53-B416-C262F56E753A}"
"{FF89694B-6015-4907-931B-CA04AE9757E8}"="{DDDDD0EF-26E8-4585-9B52-79301150745B}"
"{4D083D3A-070E-4241-8AE7-5EE7B51256E9}"="{93BD9DC7-BAFC-41C8-A8EA-8820ED47BDD6}"
"{8134E93C-BCFA-4259-BBA6-99D2A489390E}"="{93BD9DC7-BAFC-41C8-A8EA-8820ED47BDD6}"
"{9574F6CD-1BB8-4D8C-A16A-A9FE92C1AF4B}"="{0BE46308-C906-4133-A9FC-52DDEEDE2B1D}"
"{E0524BD3-8808-45AB-9ED5-F18FE8695D62}"="{0BE46308-C906-4133-A9FC-52DDEEDE2B1D}"
"{F1DF8695-579C-4108-9A43-1F87555245BD}"="{D607E4F6-63CE-43F9-9FC6-0830C1F319CB}"
"{6E586781-1153-43A5-918D-DAD61C830955}"="{D607E4F6-63CE-43F9-9FC6-0830C1F319CB}"
"{E38CB4B8-9B5E-463E-9800-D1CC3D5F912D}"="{2073D708-D289-4882-A661-BB2C7040A881}"
"{169972E2-7E3A-4CB7-94DE-2AA137C98C24}"="{2073D708-D289-4882-A661-BB2C7040A881}"
"{335C5190-6BB4-48FE-8170-ACF0F9304662}"="{C175C15D-DB56-4F78-B7F4-D5E1DA682C8D}"
"{74F451EE-BE26-406F-9DA9-F0FD850D911B}"="{C175C15D-DB56-4F78-B7F4-D5E1DA682C8D}"
"{5CC2C019-3966-4D32-B2A7-49CC4EC14EEA}"="{5D5F0864-1E43-4C28-B017-50838DFF9495}"
"{0CF2BFEE-9E00-447B-8F0F-E83AD12D33B2}"="{5D5F0864-1E43-4C28-B017-50838DFF9495}"
"{4025E1EE-C280-4366-998F-B9E1F8906F3F}"="{5447E3C2-F8BF-44FC-9219-CC5696B9A996}"
"{01E69D00-7FB3-454B-BF9E-3B9B3FDA4ABA}"="{5447E3C2-F8BF-44FC-9219-CC5696B9A996}"
"{E595EFDF-3985-4906-98D9-3C68D0721E36}"="{46A0F805-F5A1-41BE-9423-E2AB334EBD43}"
"{6C2309B6-4A70-4F71-AAE1-CD158DBD0261}"="{46A0F805-F5A1-41BE-9423-E2AB334EBD43}"
"{79EA6E4A-5C86-4F2D-9529-4706513D1FEF}"="{7A664016-CE79-4879-9154-7FCFA992AB8B}"
"{45BEDA1F-EBEB-415D-A492-445DA63EE281}"="{48DEF8A0-D912-488B-82D9-2AA5EFEC2A67}"
"{E4E750BF-F661-4B50-A7BF-5403BDC87CD6}"="{48DEF8A0-D912-488B-82D9-2AA5EFEC2A67}"
"{AAAC59FD-5B5E-4669-9149-E339C4F4C541}"="{86CC696D-AFFC-4BDE-953D-A304B6D7585D}"
"{A4E02B9A-55CA-4840-A59B-D5C96DDE2807}"="{86CC696D-AFFC-4BDE-953D-A304B6D7585D}"
"{2F3AB85C-0FF7-425B-B9E9-EF34C82ABD53}"="{EBEC2193-0CBF-4D93-B44C-9B504BDAC3B4}"
"{3D944952-C927-4FD1-AB84-9D99AB194D51}"="{EBEC2193-0CBF-4D93-B44C-9B504BDAC3B4}"
"{1AD6EE45-BFD3-4581-93C1-D1A8E4A246A0}"="{665AA384-B3CF-44A9-8F26-23CE051C765A}"
"{AE5B7EAE-EA18-473A-8D6B-187A0ADC4CAE}"="{665AA384-B3CF-44A9-8F26-23CE051C765A}"
"{D03C08C3-888E-462B-81BB-9F0E51076F0E}"="{744E6EE1-2DCD-4B89-85F5-045CA1F4C220}"
"{6431279A-653B-4C15-A2A4-974E600549D4}"="{744E6EE1-2DCD-4B89-85F5-045CA1F4C220}"
"{7376E3CE-DC5F-4AFB-8531-5D24BA694B94}"="{634CE7B3-4AB0-42C8-B7E6-E59E83B6706D}"
"{15259F63-6AB6-4995-8358-FBC3DC1A9812}"="{634CE7B3-4AB0-42C8-B7E6-E59E83B6706D}"
"{1833820C-9703-45D8-A2EF-840138AFF8BD}"="{D2212805-443B-40FE-BB3E-62C2C63532D3}"
"{D6EA3482-D946-4361-A192-48A84A4EBA4F}"="{D2212805-443B-40FE-BB3E-62C2C63532D3}"
"{228E9E5D-3431-4FF6-84F9-0C8C2CA1D4D6}"="{C664170F-3E16-4FFA-BDD4-DCA6AC04528D}"
"{0872DAD4-50EE-4398-ABDD-15E369C96286}"="{C664170F-3E16-4FFA-BDD4-DCA6AC04528D}"
"{54D1E137-5832-4419-B663-DC1B41EBCE40}"="{E7EA3C4C-0F5B-4F5A-BB5E-00BA50C6EC7A}"
"{B69C7A9D-90DB-4D00-A953-04F31EB578E1}"="{E7EA3C4C-0F5B-4F5A-BB5E-00BA50C6EC7A}"
"{B20A1D10-CA9D-4F0C-B9D3-FA7D25B001D2}"="{3D5ACBC2-9D47-4662-B53E-37B1448BDA9E}"
"{DAFDAB1A-803E-4B9E-8970-2974C9434C49}"="{3D5ACBC2-9D47-4662-B53E-37B1448BDA9E}"
"{F627F0DC-D655-4B9E-A511-0E7DC0709384}"="{DCCAB40C-7FF0-44D5-A5C6-FE0CF27C3CE9}"
"{791B68E5-2938-40E1-BEF2-72E849EB98E5}"="{DCCAB40C-7FF0-44D5-A5C6-FE0CF27C3CE9}"
"{6451E2F4-686E-4B8F-9EAB-3A3B5C331A91}"="{A79834DB-5EF5-49BD-8258-96E9C44C99C9}"
"{32B0D612-8CB3-4CE2-A9FA-A9053426D7CF}"="{A79834DB-5EF5-49BD-8258-96E9C44C99C9}"
"{E6E51650-B39A-4EF2-8701-C9AD9B450046}"="{921837C3-EDF2-4438-A849-2ECA10D9E7DE}"
"{94524587-63CE-46EF-A735-6B41F94A308B}"="{921837C3-EDF2-4438-A849-2ECA10D9E7DE}"
"{B3530F2B-9D38-492F-9FCE-E6D60798C9C1}"="{76862412-B08B-4613-8D1F-B066593D2910}"
"{8692F394-23D8-4A5A-8CED-2B1461F302DF}"="{76862412-B08B-4613-8D1F-B066593D2910}"
"{C043B0AC-8077-4C44-996B-97EB69380755}"="{50229D6C-3CC7-4B95-81B2-0B14544D93F6}"
"{56EF2562-6CC9-466E-99A6-18019CC44040}"="{50229D6C-3CC7-4B95-81B2-0B14544D93F6}"
"{AD026C95-FDBB-4AB8-8EED-4E61D3B136A4}"="{46B38A06-4F32-4ABF-9027-3A8F32283E3A}"
"{5D4E34E2-D735-4BE8-9F27-747F214B73D7}"="{46B38A06-4F32-4ABF-9027-3A8F32283E3A}"
"{66E4AF01-3DDA-46EA-8F5B-BC55444A691F}"="{815CB39A-B6D4-4567-8A07-1509B2104D5C}"
"{22B7E2BE-C587-45D3-A250-22F438913366}"="{815CB39A-B6D4-4567-8A07-1509B2104D5C}"
"{6CEC2C6A-3341-4D6D-AE89-8308FF44C6FA}"="{BEF23C68-B582-4DB4-BEB9-61D88AA8DFB8}"
"{3F595B7E-4526-4F93-93BF-F4F7B038942B}"="{BEF23C68-B582-4DB4-BEB9-61D88AA8DFB8}"
"{CACB09C0-6DF6-4076-A4DF-B16CBBB7217C}"="{F02F9EC2-303E-40E1-BE86-B187A4A8663F}"
"{E2AF9B71-56E3-469D-94BF-5E86CD35B2A3}"="{F02F9EC2-303E-40E1-BE86-B187A4A8663F}"
"{5BDD5C03-2BB2-4DD0-9B14-97F3A1B4B92F}"="{7F04D8E3-6FC7-4BF0-8DDC-91817FDC04D5}"
"{2BA1F8E2-F1A5-4DD5-B85A-70A969533698}"="{7F04D8E3-6FC7-4BF0-8DDC-91817FDC04D5}"
"{98A4F6F9-5B6B-4325-8ECA-DC74957D68BB}"="{386B37A3-FB01-4612-86DC-A70AB271CE34}"
"{B28E2EC4-5086-47FE-AECF-F172BA34193C}"="{386B37A3-FB01-4612-86DC-A70AB271CE34}"
"{519BA523-9C6D-4FF2-8BAF-7E990FF43549}"="{565915C9-976D-49A8-9612-00CA4F78BA67}"
"{612BCD23-A00F-4154-B5D5-292B721B4078}"="{565915C9-976D-49A8-9612-00CA4F78BA67}"
"{1071BD43-F737-49F2-8771-DB0BED45A2E3}"="{7498EFF1-A9F2-473C-9879-85806D32B098}"
"{C8BF2477-AB14-4AA1-A9E7-85CC0247D6CD}"="{7498EFF1-A9F2-473C-9879-85806D32B098}"
"{1BC57B02-D623-4113-91D8-323A5C804CF1}"="{AE0237F6-A4FB-40DC-B629-5855BE82FBB0}"
"{D1B1B414-81DA-4A79-93E5-611016C7A445}"="{AE0237F6-A4FB-40DC-B629-5855BE82FBB0}"
"{33F23262-2540-4064-A2D5-FA8CAFABAB53}"="{8A1DA04D-025C-45F8-834F-30A4BD37DEF6}"
"{4FF9467B-2C25-47BD-92C7-E9CBEFA26195}"="{8A1DA04D-025C-45F8-834F-30A4BD37DEF6}"
"{AB53C43D-6421-4B90-9090-9E7BA833F565}"="{DBBF4A29-56AE-4356-B461-2C55189BB449}"
"{A116F076-D677-402C-83E3-E138AE6246E2}"="{DBBF4A29-56AE-4356-B461-2C55189BB449}"
"{20DDEB1F-784B-43BF-BBB1-F30F7F169A68}"="{05158AE4-14C9-4884-9868-1CBBD5F6C248}"
"{141C88AD-9E81-4F81-A02B-35C570F7F831}"="{05158AE4-14C9-4884-9868-1CBBD5F6C248}"
"{6F677AD4-F8EB-4A3B-8DB7-19ED21B5ED9B}"="{99BA5846-3EF8-44D4-B6F2-4ED4C0A7F0C0}"
"{A187E310-3513-43E3-9ECD-F85480C03B18}"="{99BA5846-3EF8-44D4-B6F2-4ED4C0A7F0C0}"
"{D5CBE933-E686-476C-B886-EAB02B0ADCE8}"="{1F8B3AF5-52CD-4EEE-AA33-B8EC73583FCE}"
"{A27179C6-BD4B-4CB3-B6A5-49137723394F}"="{1F8B3AF5-52CD-4EEE-AA33-B8EC73583FCE}"
"{FFD22A43-CD0D-4D11-A0A1-1AFC7FD607F9}"="{2F48CD92-A833-431A-B490-26D7D25D6D80}"
"{84244771-32F9-435F-8342-97267AA69A80}"="{2F48CD92-A833-431A-B490-26D7D25D6D80}"
"{A3C5C936-3C48-400B-B5E3-7C2FAA7DF33A}"="{4F106BBB-FDD0-41F9-81A4-22C2B45A665F}"
"{4FBCE498-767E-4AB9-BBA2-D325CB1849B3}"="{4F106BBB-FDD0-41F9-81A4-22C2B45A665F}"
"{52AD2F95-EA1C-4F3F-87E4-2B7CC955ACA0}"="{BF98C8B3-769A-4419-9839-8262E5DE7A5F}"
"{B5AF4F9F-17AC-4D40-8F06-8C08FF74EF7E}"="{BF98C8B3-769A-4419-9839-8262E5DE7A5F}"
"{37613663-C007-45FB-885E-359611C798CD}"="{E86EB953-3AA1-4C39-9A73-ED4755CD9751}"
"{3AF89080-295C-4B77-8489-706A1E17AA41}"="{E86EB953-3AA1-4C39-9A73-ED4755CD9751}"
"{EC7917F1-03EA-4718-B9D2-D8EA6AA183B9}"="{6722CF79-E2D8-4AED-874E-41A2302017AE}"
"{FAB47B99-CB3F-43A0-A0C1-0D7265C19D86}"="{6722CF79-E2D8-4AED-874E-41A2302017AE}"
"{E2942B35-0E89-41A9-A033-3E7419120A21}"="{976B5A20-98A4-4D65-8045-FD7019CEF868}"
"{090D8D80-F7E4-4B36-96D9-4C433DBA965C}"="{976B5A20-98A4-4D65-8045-FD7019CEF868}"
"{8D2FBC6B-5A95-4F03-923E-A6CC66D7E5DD}"="{BE267458-3B53-42FE-B309-0D8601D143CF}"
"{17B80487-8651-43EC-B7CF-F2E6A1510A9E}"="{BE267458-3B53-42FE-B309-0D8601D143CF}"
"{AD55B197-FEA9-4943-BBBA-21AAE980CD3F}"="{229A6BB2-2859-4FCD-9B65-C3CFB0C929C1}"
"{44218CBC-7BAF-4A32-910C-1D07C0F6CD90}"="{229A6BB2-2859-4FCD-9B65-C3CFB0C929C1}"
"{46FF6287-A8D2-46FA-90F9-A8F2A2F8C724}"="{3E2CCED7-EF60-4CAB-BE23-396141B03EE0}"
"{A10B35CD-16DA-4496-BCE7-A8A6C2791FC2}"="{3E2CCED7-EF60-4CAB-BE23-396141B03EE0}"
"{AD395543-C048-4B54-A7AD-ECCDB841FFAE}"="{BDE389F5-4CB2-4312-9BFE-4DC5DBA919AB}"
"{6A29A0C2-34B5-4766-A9F6-796FD19EAD40}"="{BDE389F5-4CB2-4312-9BFE-4DC5DBA919AB}"
"{247EC9FB-DD34-46DC-BF66-5F919CF1162D}"="{AD704BD3-9888-4C12-A7F0-8428F89F0A36}"
"{FB1D6528-3C17-4FB2-9198-0E249D96B256}"="{AD704BD3-9888-4C12-A7F0-8428F89F0A36}"
"{1DC664F6-BDF5-4306-8BE8-F13C676EC4C4}"="{7DC08407-9284-4CB5-B032-8DD80627D9AB}"
"{D1661432-A77C-4674-905E-E94A301E3ECF}"="{7DC08407-9284-4CB5-B032-8DD80627D9AB}"
"{90BDF325-601B-49F9-9F12-DC9A9B167417}"="{D6C04B78-013D-402C-BC35-4541FAD87A2F}"
"{F002BA7C-BC88-447D-B412-C247DF7CC8D4}"="{D6C04B78-013D-402C-BC35-4541FAD87A2F}"
"{48436956-470D-48E9-A9D0-17D514E36692}"="{7FD275EC-5D9D-43ED-8851-2870CD621AF1}"
"{DA6391F1-0AB3-4D3D-A8E2-465615D4FA63}"="{7FD275EC-5D9D-43ED-8851-2870CD621AF1}"
"{B0FBAFAC-83B8-4CAE-BEB4-54485BEDC8B8}"="{FC970785-07EE-4A6B-8891-E294B19F0EAE}"
"{4EBB0CFB-EF98-43BB-B901-234B006E72EC}"="{FC970785-07EE-4A6B-8891-E294B19F0EAE}"
"{F19F6A71-2CE1-4911-8451-90829F7957F4}"="{54BDF3F5-A13A-4315-B1AD-EAB00D0CF86A}"
"{902FFFEF-0CB7-40C0-80B5-1384B8190278}"="{54BDF3F5-A13A-4315-B1AD-EAB00D0CF86A}"
"{96D6D767-9B80-4CB9-B19C-4F751759FCAD}"="{A38C3B2B-BEC9-4035-A129-4C8448218C92}"
"{CD3219D5-D0FF-4EB4-8B9C-DE99AED633FA}"="{A38C3B2B-BEC9-4035-A129-4C8448218C92}"
"{B63B6E07-5AA2-40F5-BA7F-2DC800D08DDA}"="{7755F8E3-399E-4DB7-A695-62905C8C3E42}"
"{FB2FE46D-C2F6-4841-A222-BCFF77EE1957}"="{7755F8E3-399E-4DB7-A695-62905C8C3E42}"
"{499AA084-541D-4FA7-811F-2C10A246773E}"="{294D24A1-6321-49DC-B6EF-69ACAB545314}"
"{4543B475-0223-4CF8-9A02-C87B53375519}"="{CCB570D7-07F3-4D6C-839D-14F7EB9E4723}"
"{8665B425-2597-4B98-9E8F-71105621BA87}"="{CCB570D7-07F3-4D6C-839D-14F7EB9E4723}"
"{966F6929-9853-40C8-9C3D-DF1E946C9030}"="{228A95C1-F895-4D84-8D24-6C721074368D}"
"{910F844C-AA00-4A02-80AE-6E6D4387CE25}"="{228A95C1-F895-4D84-8D24-6C721074368D}"
"{881D2965-8998-494E-ADDE-E1550227974E}"="{9E5085E9-5633-46CC-8422-EF56F5D71F34}"
"{3297469D-1D96-48A1-B15C-71101A29493E}"="{95227466-F75E-4479-BDBA-DD91EEA57128}"
"{91F356A5-B700-4723-BB26-0066DD02FD3F}"="{95227466-F75E-4479-BDBA-DD91EEA57128}"
"{DDDA2EFB-9B40-4C26-889B-67D0CF062AD4}"="{362DAD4D-35D1-4EFB-AA14-5EC559F1EC0F}"
"{419424B9-186F-4822-8B39-12D25FBA993C}"="{362DAD4D-35D1-4EFB-AA14-5EC559F1EC0F}"
"{D1DBF1BA-EBD4-4BB8-B7CC-87E6B2CCFE94}"="{668FD4CF-CCF7-4AE1-A4EB-5B4E1F9104A6}"
"{0BE9E900-27F1-4C55-9FD2-6E074E67DB96}"="{668FD4CF-CCF7-4AE1-A4EB-5B4E1F9104A6}"
"{1EFB0C92-9FD3-4048-A605-DAE2FAC7566D}"="{198E68CD-92DC-4B75-8AF6-4941AEA41E79}"
"{0DBBC01F-D989-4F5E-A50E-A553F68BEF5F}"="{754CDB08-201B-459A-98BA-02DC4216E92B}"
"{95D18BB0-0E20-455A-8660-4B3169A5EF08}"="{754CDB08-201B-459A-98BA-02DC4216E92B}"
"{6831B3A7-362E-46FE-99EE-3C7C00C47D79}"="{DE8580FE-C253-4A4F-8FD0-16872CFABC8C}"
"{76867B9B-E09D-491A-B5BF-94E54168C17D}"="{DE8580FE-C253-4A4F-8FD0-16872CFABC8C}"
"{1A06D1A2-6E2A-4C32-BE1F-60ED56C14ED8}"="{5FBB8281-565D-4171-A29D-A6D7283AFD18}"
"{73E986DD-E589-4F86-B24D-14D3EBBDF0E7}"="{5FBB8281-565D-4171-A29D-A6D7283AFD18}"
"{19FA85EE-4F33-4B50-AF92-D84C3ABA70D6}"="{ECD6228C-B95F-4320-8D2B-51DF3DD0B332}"
"{E16F54DD-F26F-4092-BD76-34E2D1A9295B}"="{ECD6228C-B95F-4320-8D2B-51DF3DD0B332}"
"{7425DC20-9292-4741-A90F-86D6D277D86A}"="{1B049FF2-1B83-4EBC-AEBC-D78C7A152391}"
"{7E76157C-860A-45EC-A46A-F32138BBCB11}"="{1B049FF2-1B83-4EBC-AEBC-D78C7A152391}"
"{8117205E-3877-436E-B0EC-9C637E47F163}"="{55566CAC-DDDA-4770-982F-53E439D53266}"
"{35713E43-DB6E-4317-B229-C48A88512E89}"="{55566CAC-DDDA-4770-982F-53E439D53266}"
"{6F4CC4EB-AA58-4FEE-B484-A5F6485DF667}"="{F69A8D20-5504-4232-91E8-8678469506C6}"
"{87EB71DA-2FD0-46EE-B257-E8E32E1FE747}"="{F69A8D20-5504-4232-91E8-8678469506C6}"
"{B8A038BE-C479-4D50-9755-51BFC0A07B96}"="{1C1A1715-9F84-4C4A-B3BA-CDE47C87233A}"
"{B8B38C6E-65D2-45D2-8291-51095A74EA70}"="{1C1A1715-9F84-4C4A-B3BA-CDE47C87233A}"
"{DC263369-C3D5-43DB-A6A4-EB158E1929FD}"="{EA73AFCA-E80F-4E5E-815F-2889A8E8E712}"
"{D15B9919-A141-4D27-89AB-CBC0EAC02182}"="{EA73AFCA-E80F-4E5E-815F-2889A8E8E712}"
"{FC012DEB-2FEF-41E9-8227-F80F0D267CAD}"="{ADE02034-5621-4962-8E3C-E776D6BF3AE8}"
"{52AC0341-E3A2-46CC-879B-959BCD308919}"="{ADE02034-5621-4962-8E3C-E776D6BF3AE8}"
"{0D2AD04E-8399-409E-9481-D784DA0A17DE}"="{73647894-67F1-43EE-A24E-1940374C9E25}"
"{9E0A6C85-70C1-499B-9DD1-2F9CF38E47FC}"="{73647894-67F1-43EE-A24E-1940374C9E25}"
"{4E136903-A344-4747-8284-C4CEEE5938F2}"="{C29AA0B9-EAA3-435E-8398-13B00354E8AC}"
"{A0D93357-E6D8-4A35-B6DD-CC27B5D85FDE}"="{C29AA0B9-EAA3-435E-8398-13B00354E8AC}"
"{2D59D008-2ABF-42AD-BABE-175BC5DF7765}"="{E5620B4B-8149-450F-AB94-DB76F7F5F370}"
"{0A99E59B-1C1B-4C0C-A613-D4910B64E3E0}"="{69BE475C-8D30-40CB-8EFD-B235372F9F4D}"
"{A3EED930-B771-41A0-8295-614B6EACC565}"="{69BE475C-8D30-40CB-8EFD-B235372F9F4D}"
"{D440F9FB-9488-4403-B2FD-835B873BF632}"="{87DDC0D6-7E60-404B-A225-899585E97F69}"
"{F08B476E-DD9B-4F34-A58F-2C7470501C67}"="{87DDC0D6-7E60-404B-A225-899585E97F69}"
"{2C3D4A7B-0D32-4FFB-85BE-531E8AEBDAEA}"="{6F40B22F-8813-4930-AE20-3B02012E5800}"
"{26592A0C-9862-47DF-B042-8B167644AABC}"="{6F40B22F-8813-4930-AE20-3B02012E5800}"
"{CEB9525A-E8A1-4097-9771-8A986B72F916}"="{A53E09A5-73B6-4041-87F1-AC057A1EA06C}"
"{115D0AF4-6F7B-4749-8BB7-B6A1F9C69590}"="{A53E09A5-73B6-4041-87F1-AC057A1EA06C}"
"{B93A4E51-CCC6-4D0E-B8AA-44FDD5231569}"="{2828DF1E-B31F-448B-9A9D-32C23BDABDE9}"
"{C823DE0B-3D75-4979-B773-F54E40F4AD15}"="{2828DF1E-B31F-448B-9A9D-32C23BDABDE9}"
"{C099FB6F-AFEC-4DFC-9E7C-2108F5104A3C}"="{B1E14C6A-D730-4D26-9074-54BD3DD6D08B}"
"{44AFB20E-2F05-4155-8477-997AA7AABED9}"="{B1E14C6A-D730-4D26-9074-54BD3DD6D08B}"
"{318DDA02-5985-44FF-A176-3F407580B333}"="{6C8899FD-C48D-4BC4-998B-AB5706D8C8E1}"
"{C2066170-C945-4D10-B49D-1B5DE4DF6150}"="{6C8899FD-C48D-4BC4-998B-AB5706D8C8E1}"
"{92884F94-2B3D-4FF5-8B3A-014673DCA22C}"="{A3AB9B1B-127F-4E16-917F-AC2AF29D4720}"
"{231F58D7-DECB-4706-80D8-CF54C2F77B9A}"="{FF216153-E96B-455F-96C5-960A3EF5ACD8}"
"{00D52D47-E861-431B-BD6C-9C610C21EF23}"="{FF216153-E96B-455F-96C5-960A3EF5ACD8}"
"{7E0744E7-41A9-4B4F-AD03-FED7202A5671}"="{3F5D4DC4-A814-47FA-9306-4A176B6F8EDC}"
"{1CCC8B77-0E8C-48D6-84B5-F4E07751FDAA}"="{3F5D4DC4-A814-47FA-9306-4A176B6F8EDC}"
"{AC674ED7-9266-4420-8AAA-56323B1EE673}"="{4F0E0F6F-43E8-47D4-BE1C-09E649F462EE}"
"{45193345-359E-467B-931A-B196F617507E}"="{4F0E0F6F-43E8-47D4-BE1C-09E649F462EE}"
"{2662F2E9-8A11-4260-A032-1F18E1C946DE}"="{14A9D9B2-1BA6-47FA-A710-3515A0ED6BD4}"
"{4867D3D7-DADC-447F-A22D-08257915F164}"="{14A9D9B2-1BA6-47FA-A710-3515A0ED6BD4}"
"{4BBF1A48-2A09-4A51-B42A-E176D7D13BB7}"="{5D03C061-56DC-45FB-AB67-BA790EFA759F}"
"{0CCC496C-5807-4E58-A535-67C2BEF12488}"="{5D03C061-56DC-45FB-AB67-BA790EFA759F}"
"{9979499F-84BB-48E3-B0D2-D4D699A1A4AA}"="{4171EB5C-4719-4182-AA9D-3A6C9A68F06C}"
"{FC6928A7-55FF-4076-A77F-A55E20ED2F1C}"="{DF751772-5762-4B29-A1B8-6F4E8E02292C}"
"{D85C0D1B-CCD4-4BDC-9059-58A59D05EC94}"="{DF751772-5762-4B29-A1B8-6F4E8E02292C}"
"{F84BA7CB-5A7F-4A37-A809-DC0FFB6902F0}"="{D37DD330-4224-4672-A878-79B7A126EDA9}"
"{D7BB3647-EDE3-4166-8FBE-DEDEBFEAEAC6}"="{D37DD330-4224-4672-A878-79B7A126EDA9}"
"{BD0A0A86-8266-495E-8C03-588365B7EEB5}"="{F88E9829-81F9-4644-91F1-23BB9142E338}"
"{ECFCA038-2C36-48A9-B111-5BAC075EDADE}"="{F88E9829-81F9-4644-91F1-23BB9142E338}"
"{9D56E732-1BF4-4E1B-8899-ADD2CE8534C0}"="{CADB2123-C177-466C-8973-4A81C1305339}"
"{4385E187-A575-4932-B93E-61CFD711B89E}"="{CADB2123-C177-466C-8973-4A81C1305339}"
"{65E02138-C1C1-4716-AFE1-9CCCC345A14D}"="{EA068DAF-841A-459A-A930-FDD55F678E38}"
"{937B4A31-78A4-4313-B2F0-513737A9F2AA}"="{EA068DAF-841A-459A-A930-FDD55F678E38}"
"{F28F568F-6C0B-4872-83E6-ABC03CCE2129}"="{2C87B154-5917-4A8D-8787-E7EE684B0481}"
"{66E5901E-B4E4-4B64-9696-002D1EC79183}"="{2C87B154-5917-4A8D-8787-E7EE684B0481}"
"{7D5B205A-BCC0-48E6-8332-4B7685E097E6}"="{A947B68D-7718-4D8C-98A1-849BBC2C2A69}"
"{7AEFB9D4-7327-49B4-8BC3-5104B213C063}"="{A947B68D-7718-4D8C-98A1-849BBC2C2A69}"
"{FD5EA666-E54E-484C-820B-523490E14D29}"="{71E36803-42E4-4FF3-BBA4-725044581E5A}"
"{B07AB622-8695-4894-8AD1-C77957353B9C}"="{71E36803-42E4-4FF3-BBA4-725044581E5A}"
"{B6BFC594-7203-4392-9E46-DF163E1243C6}"="{BB5D1F65-4E9A-43A2-B5A0-60B263F529A4}"
"{22E194B0-930C-4953-B291-A4F3901C3295}"="{BB5D1F65-4E9A-43A2-B5A0-60B263F529A4}"
"{CDC72621-0A5A-4CB0-BE9E-C13932ABC29D}"="{7D725DB8-D45A-4FE8-8980-48E8C514D5C1}"
"{050F03BE-426B-4534-A91F-5D08AF0D72F4}"="{7D725DB8-D45A-4FE8-8980-48E8C514D5C1}"
"{FB01A908-32E6-43FA-BB0F-96F6AB469EDF}"="{76A7DAC8-CF73-4CC0-8B5A-93CE26DDBD62}"
"{2713DBF1-43A7-44C0-A4CF-E20F1A7856E8}"="{76A7DAC8-CF73-4CC0-8B5A-93CE26DDBD62}"
"{F4208B8B-AFA3-4A54-BEBB-80EC37908153}"="{A2D4F9BC-F36C-4332-BC26-8D06BB6BCDEE}"
"{C117B667-D889-47A8-841D-674794804E75}"="{A2D4F9BC-F36C-4332-BC26-8D06BB6BCDEE}"
"{94AA3A5D-C21D-4802-8EFA-5AB2B7A6B42D}"="{22E5B0C5-38FC-4644-AB49-D73609151E6C}"
"{5FA0E514-94A3-4D6D-BC50-34632768A486}"="{22E5B0C5-38FC-4644-AB49-D73609151E6C}"
"{2B05E591-08E2-4B62-9FF3-B90F9D1054F4}"="{DE20492B-6096-4458-B0F9-E0BFB3DE7B69}"
"{495C5AD0-FD32-4A77-A0B9-BC24F2DF1754}"="{DE20492B-6096-4458-B0F9-E0BFB3DE7B69}"
"{BB58A2F1-6D9A-4AB4-B59D-BEAF0BBB186B}"="{C14062A0-18F0-4E59-9880-DA81B1C848E0}"
"{E8BAC9D8-C271-486A-A8BA-637C9748BB7C}"="{C14062A0-18F0-4E59-9880-DA81B1C848E0}"
"{E4538E0E-FD97-41FF-9EBC-5B7A9E18FD97}"="{9B78F07C-A9EB-4A17-8E0B-64C62A899E67}"
"{02D443EA-6E03-4E43-B437-ED40FFBC2F9C}"="{9B78F07C-A9EB-4A17-8E0B-64C62A899E67}"
"{DB090FD7-DEB8-471B-8315-EA4FFCD363B9}"="{A49DBC0D-BDF3-468E-AD5D-3252C77A7948}"
"{4E374698-9D45-4477-83C2-753B62BB0F8C}"="{A49DBC0D-BDF3-468E-AD5D-3252C77A7948}"
"{9382AE7B-626E-4D23-AFC3-B7E54103EBDC}"="{EBA14468-34D8-42AA-858A-F5119591DF75}"
"{808082BC-2366-40D0-AE63-D3FB167B2596}"="{EBA14468-34D8-42AA-858A-F5119591DF75}"
"{31374297-DDF7-4F68-8801-37F931E9258B}"="{1DF4FFF2-255D-4A79-8AA0-0D4CEB7F4383}"
"{15081B4E-E82E-4B5F-97BB-81B65D8EA928}"="{6B7FF73C-8292-451F-B6D4-23C4A5445638}"
"{9DC37498-6F8F-4E84-B948-14ABF54169E7}"="{6B7FF73C-8292-451F-B6D4-23C4A5445638}"
"{18BB18DE-6D95-428C-842F-C5E64295BDE1}"="{43109B77-FF54-46DA-A2A5-1C23F4762C62}"
"{6033F98B-9A8E-44FC-B01F-58F5A3DDA058}"="{43109B77-FF54-46DA-A2A5-1C23F4762C62}"
"{BEAC9BCA-FF44-43F4-9FA7-A63DC2B5ABB9}"="{7F97EBD8-21D5-466A-8C02-8AA6FD8178D3}"
"{DD354806-3A64-425B-8BD7-02658474CCB9}"="{7F97EBD8-21D5-466A-8C02-8AA6FD8178D3}"
"{2E32C70F-42C1-4328-B565-CB79CFA11D0C}"="{CEF71027-DF77-4A1A-A881-7B54DC1235B9}"
"{AC27EC6D-8133-432D-B782-DF01F779CCED}"="{CEF71027-DF77-4A1A-A881-7B54DC1235B9}"
"{6D26E993-7C02-45F0-B0FB-4DF5588FF64B}"="{E015D67A-91CC-4B6D-9F2A-B976F73CC415}"
"{B84EFA0F-703B-4105-B3B7-C87283B5C594}"="{EF50330A-2B22-449E-A395-82D2E42D7C78}"
"{B22D412D-159A-4239-84FC-CCAF604F83A6}"="{E015D67A-91CC-4B6D-9F2A-B976F73CC415}"
"{288844FC-578E-496E-A3D8-10B3C121C431}"="{EF50330A-2B22-449E-A395-82D2E42D7C78}"
"{9D359D77-A423-4520-85A3-E475CECA4DF9}"="{96E2087D-A0BE-4D5F-8BF4-02C218114EDB}"
"{BC8E2550-10D4-4D44-9331-CEE4747CBDA6}"="{96E2087D-A0BE-4D5F-8BF4-02C218114EDB}"
"{CDF4D400-C0C7-469F-9496-E4B528AE9AE1}"="{3D9425F1-DE20-49F5-AE75-1D8FF0C26E5D}"
"{DEA7F230-2224-4F56-B392-2933D39BB4F0}"="{3D9425F1-DE20-49F5-AE75-1D8FF0C26E5D}"
"{FFA99158-7E67-4C2A-94FD-1AE8B3A9510B}"="{8CFDA63E-A63B-446B-B26C-4610A781CAD3}"
"{FF0AC046-573F-4555-B4C5-443256D1D3C8}"="{8CFDA63E-A63B-446B-B26C-4610A781CAD3}"
"{8458CF4A-503E-4DF8-AE93-0290DA608CCF}"="{3512A15B-C2D1-4C4C-B1FC-A0A0D530892D}"
"{EB6C6F70-34BB-4742-BA96-25DE9DD28C64}"="{3512A15B-C2D1-4C4C-B1FC-A0A0D530892D}"
"{A3C1DC4A-1385-4305-B016-35D88F64F9D8}"="{58277F2A-9AE6-46D8-B95B-8CB3F8F9ACE6}"
"{9A6167B5-0AB4-433F-ABBA-4C73FF64951F}"="{58277F2A-9AE6-46D8-B95B-8CB3F8F9ACE6}"
"{F097FDC1-3C75-45EC-B9D2-6A5F62968E32}"="{B9065C6F-B412-4970-ADA0-8ACD34675F87}"
"{2D82BA83-FC9A-4DB8-BCAF-532E37FD0AA8}"="{B33E11CA-0A17-4175-8E86-0C0A0C83AD67}"
"{AEE68E77-7022-451E-ACE3-CF75A41EB0AB}"="{B33E11CA-0A17-4175-8E86-0C0A0C83AD67}"
"{CD45A7F5-BC39-4978-B8F1-34B67CAC997E}"="{24E8ACA0-6922-4DCD-A9D7-9816FF80116A}"
"{6784884E-EEDB-4C25-8670-BB17BE3F7588}"="{24E8ACA0-6922-4DCD-A9D7-9816FF80116A}"
"{863ABE25-E7D6-43B5-A524-1CF44E64416B}"="{617982B2-5EF9-4025-A009-F224667FD931}"
"{B5B9EBDC-9EC9-44C7-A9A3-5077EA67AE12}"="{617982B2-5EF9-4025-A009-F224667FD931}"
"{8C71BAA4-BEF9-46C8-8350-64B119A289E2}"="{41FC98A4-131D-43EE-885B-68EB5E5611A5}"
"{F181B696-A7D2-4037-BF57-7498BBC4C6CB}"="{41FC98A4-131D-43EE-885B-68EB5E5611A5}"
"{27447ED6-9A44-493F-8CE7-74C79B5E7B63}"="{DEF19879-9198-455A-B73F-AD1C687B2B72}"
"{9D422E71-6408-4E40-BF76-286BD7B2B77E}"="{D69B47FE-C4EA-4B20-BC37-34368E6C05DD}"
"{820F1269-326E-457E-A592-95DC00381D48}"="{D69B47FE-C4EA-4B20-BC37-34368E6C05DD}"
"{D19D8D0C-1594-4188-9CBC-A9841A4891E1}"="{A05050FE-5DAE-4261-B314-8BB3063697AB}"
"{3178BCAA-1987-4D09-AF12-0BC85A0726EA}"="{A05050FE-5DAE-4261-B314-8BB3063697AB}"
"{93C0847C-84E1-4644-80EF-74E40E65281A}"="{5720BE94-E808-4BDA-BEAB-2B48602DE16E}"
"{4B815DDA-9EA6-407C-9031-70EACBB4D154}"="{EC9712FA-E724-48DB-983B-EBAE9445B824}"
"{60FDE264-71D5-4337-A90E-4D277DD5971D}"="{EC9712FA-E724-48DB-983B-EBAE9445B824}"
"{D13995CD-6477-4A23-8357-EA948B530311}"="{23A8991F-5284-4EA2-94C9-947503996FD1}"
"{BAF62288-BFD8-414B-A825-0B0663F86CEA}"="{23A8991F-5284-4EA2-94C9-947503996FD1}"
"{F45D796B-F13B-427B-BDCF-17FC7C5642AE}"="{5CDED129-A84B-4DE0-A74D-D72A73DE80B1}"
"{539E5897-4C0C-44BF-907E-8AADD038B8D1}"="{354002D7-81F5-4E51-8702-EE79F7CD4736}"
"{7358AA77-85E0-406E-970E-E55217E334DE}"="{354002D7-81F5-4E51-8702-EE79F7CD4736}"
"{C83C4A77-395B-48D1-8E7D-EE6DC25EC3DA}"="{517FF7B7-8AAD-40FF-B68A-CB2A60A89C05}"
"{41B32CEB-E7D8-4682-AD3D-5A5C4FF5015B}"="{517FF7B7-8AAD-40FF-B68A-CB2A60A89C05}"
"{5461DA61-D352-405C-9909-60439A75A3B1}"="{7343B264-8E53-4227-A28A-BCD31514175B}"
"{1ADD9749-495C-4CA8-BDCB-80103744C8F0}"="{7343B264-8E53-4227-A28A-BCD31514175B}"
"{6444F4DD-BB6A-4E9E-8F90-1D1FB08ECEBB}"="{C7FF23D6-D01B-44E3-8DF3-8A8464C260C0}"
"{528705DB-9198-4A23-8F31-F507E21DD1D7}"="{33F36B30-470F-434D-889B-8975585A6192}"
"{E00EEBA9-E448-4237-853A-95D74F362657}"="{33F36B30-470F-434D-889B-8975585A6192}"
"{4AB8F8C1-D2CB-46ED-82B8-DD5B7200D8C4}"="{0C6EB852-286C-44A9-B246-39A1609F5CE9}"
"{8E22C6FD-3C9F-4B11-8DD1-0642216E329E}"="{0C6EB852-286C-44A9-B246-39A1609F5CE9}"
"{2727BC46-C639-4D67-9452-011DCDFA64DC}"="{D6E305A4-4F66-47D6-9CA2-545925694958}"
"{B433F646-BD0E-4B97-BA61-D70339171D48}"="{A635A72E-9E2D-41D3-849D-34D5F26FE74B}"
"{1336A274-D6A3-4101-A1E5-5C2DB026F2A9}"="{A635A72E-9E2D-41D3-849D-34D5F26FE74B}"
"{1D17B93A-55AB-4F26-B916-D137741EC01B}"="{418AF1D5-3694-4710-BDFD-0D6A851EA0BD}"
"{27583790-D0F5-4805-B660-5E0300C64389}"="{418AF1D5-3694-4710-BDFD-0D6A851EA0BD}"
"{D9D1DC9D-BFE2-4813-9930-E26AF6C251E4}"="{B3E6EB84-D25B-45DF-9A26-927322FA9796}"
"{4DA5810B-1BCC-4227-962D-F3373B6C3B89}"="{B3E6EB84-D25B-45DF-9A26-927322FA9796}"
"{F1859EC0-0636-4628-BD0F-9B30DBE0637E}"="{8685D78B-088A-4C26-8FDA-7A1436406A61}"
"{2A9D8DC6-C4EF-4014-B3EA-9408F753C036}"="{8685D78B-088A-4C26-8FDA-7A1436406A61}"
"{017FBDF5-D97F-4750-B08E-D3D15A7385A7}"="{E582CCB8-8F55-44CA-ACE1-4C1675AC76DC}"
"{8AB740E4-4194-4929-AAA1-1E9A76B3F1DE}"="{E582CCB8-8F55-44CA-ACE1-4C1675AC76DC}"
"{D66334A7-F9FF-4486-8D55-105FE468F0D7}"="{90301BE6-06B3-4429-AEBC-B9F7BA49A1B9}"
"{B3CDB1A5-542B-4ECD-9A9A-19C2C0A750E1}"="{90301BE6-06B3-4429-AEBC-B9F7BA49A1B9}"
"{F9410CD0-40D0-461B-A5A4-1DD8F5931399}"="{E8563191-98B1-46B8-9243-208B6BDC315F}"
"{DE310C8F-3057-4846-98D6-67058A91CC53}"="{9FF8A2F0-EF05-4EDE-BF70-18A7391D0A6D}"
"{84309975-42E7-4A2C-8CE3-335E7AE61A45}"="{9FF8A2F0-EF05-4EDE-BF70-18A7391D0A6D}"
"{C48EB9D6-9E07-4D59-A4DD-B4FA7BB6DFC1}"="{EEE3D6E8-C71B-4055-BF8E-A0BD6F3041CC}"
"{F6B5152E-557F-417A-997A-5206DEB18510}"="{EEE3D6E8-C71B-4055-BF8E-A0BD6F3041CC}"
"{D5CCF176-78EC-4092-9937-B6D25A527193}"="{65D3A4C0-770F-4847-9E57-CF5618157739}"
"{24204283-42E0-49E2-9674-46B2E5B2643F}"="{65D3A4C0-770F-4847-9E57-CF5618157739}"
"{CFB55530-FF2C-44CD-8BD0-A415E627FB7C}"="{A7196B65-91C1-4044-B927-3FF29D9910F7}"
"{B839CB1E-8EBB-4D6D-A0AB-0719B722417C}"="{A7196B65-91C1-4044-B927-3FF29D9910F7}"
"{E881472B-4D48-47C5-BB07-2146029EA97C}"="{8458C0BA-5A53-4EEF-8811-BD1456BB8455}"
"{FA1F9E5F-00B7-474C-925E-A0CC8629FD22}"="{8458C0BA-5A53-4EEF-8811-BD1456BB8455}"
"{F250CD75-A9CA-49AB-A31F-BB54CFAECBD2}"="{872AC4AA-9403-4B21-903A-4C7EFE2F4B27}"
"{888B95B2-6184-44A6-9856-51BCDDD249C2}"="{C228ECBA-6949-4D0B-ABEB-DB84460D3B4A}"
"{E4BF5256-96BC-4778-A9E0-99F696DF8A05}"="{C228ECBA-6949-4D0B-ABEB-DB84460D3B4A}"
"{E839C642-FC30-4F2D-9D07-D6C406B2730F}"="{A75106B3-094D-487C-A9B3-CC0D771E5665}"
"{78207642-422B-4CA1-A991-2AF21A94D97B}"="{A75106B3-094D-487C-A9B3-CC0D771E5665}"
"{79EA2A14-DB82-45FD-B9C2-21EC654A6C27}"="{4A53305C-77E0-4609-B3DE-204F79528C0F}"
"{94489924-0E3A-4FDD-BD3C-F7724EAFEA65}"="{2FAEA5BC-4A30-4575-BCD0-A71546134E31}"
"{DB2DC741-BFEB-4508-8469-E67ED4851AA7}"="{2FAEA5BC-4A30-4575-BCD0-A71546134E31}"
"{97D31492-676F-4EF7-829C-53BAE8E7AF95}"="{A687B3B4-1A22-4D93-8E47-F10697B70D28}"
"{0932258F-8784-4000-8D22-AF9F06E06861}"="{A687B3B4-1A22-4D93-8E47-F10697B70D28}"
"{44BF2C91-9E1B-402C-B337-F30B424C4F15}"="{54CD296E-429A-46CE-A47B-09EC2024CA29}"
"{C14879A5-2C6C-4579-A2C6-1FAAC3691B03}"="{54CD296E-429A-46CE-A47B-09EC2024CA29}"
"{82A9A0D8-D243-41ED-A663-61026A6F8308}"="{BAB0759B-D1A8-4203-B6B6-09C6DA187177}"
"{E26317BA-FAAA-4505-803C-31D1B1658D92}"="{BAB0759B-D1A8-4203-B6B6-09C6DA187177}"
"{00AD53C9-6159-4B1D-A9EE-911533A160C8}"="{3D4C7CC8-C13A-4BB0-AACF-85CEB8A7DD7C}"
"{8EDA4820-5A0B-439C-869D-7DF4AFB2867D}"="{3D4C7CC8-C13A-4BB0-AACF-85CEB8A7DD7C}"
"{72C55CCE-5D75-428D-8692-3D7505E2C2BD}"="{EF2FDCFD-FFE9-4DB1-BA02-5B3CCF66C87E}"
"{312D5CA3-0ED9-4BE4-9A15-A694C0BF93F4}"="{3D7A8758-A95A-415B-99D5-41DD1D8D2614}"
"{8BB31670-C297-41D6-A19A-0A1AB38BFB10}"="{651C4706-42BA-4AF4-A98E-D8B133497223}"
"{CAC10456-C971-4694-BB42-D471C038CF01}"="{651C4706-42BA-4AF4-A98E-D8B133497223}"
"{862041ED-327A-4EAF-8723-F4D59FAD174B}"="{3D7A8758-A95A-415B-99D5-41DD1D8D2614}"
"{C11BD296-0E19-425E-B812-FDC5252EDA66}"="{BDF0C571-336E-4150-B946-7A58855C75DB}"
"{B0E158A0-3B85-412F-8C97-7B0EED03E141}"="{BDF0C571-336E-4150-B946-7A58855C75DB}"
"{950A1DB9-8005-4B70-920A-2232F267C3DD}"="{44577EF2-CB29-40B7-ADFB-7BFC79BAE910}"
"{2D0C9CCC-C625-44DF-B754-3B45258296C5}"="{44577EF2-CB29-40B7-ADFB-7BFC79BAE910}"
"{2F8CF6F0-AC2E-41DA-B2A4-4271291149BE}"="{E70B60E9-5F20-4C25-99AE-79C4C1928DC4}"
"{169F66C4-0044-490A-A3D4-F6AFB556B5D4}"="{E70B60E9-5F20-4C25-99AE-79C4C1928DC4}"
"{7EB42D36-76D7-447E-8D08-ECE68EBB5490}"="{2AEF590E-C610-4D5D-B8F4-893688DBB42B}"
"{CEB313EE-270E-4E36-970B-C4C5D3C0D5D0}"="{2AEF590E-C610-4D5D-B8F4-893688DBB42B}"
"{66BB6E1B-F61E-46F5-BA7E-103710ABD884}"="{74559F74-7EA7-49AE-B3BA-CADDA046CC61}"
"{CDB4A0B4-6CCD-4F0F-A380-11654BBE3BA8}"="{A0339FAF-8C30-48D9-A84F-1B8773D8113D}"
"{A3657BD6-9522-403C-AC4C-204125B44ADC}"="{A0339FAF-8C30-48D9-A84F-1B8773D8113D}"
"{4F76C610-C0E8-48CF-91DE-8E1A1039CD26}"="{BADF4FAA-4B26-40CB-8F63-7F33B3F0FFD3}"
"{C136F019-7B6E-4959-8B2C-EA16F1527858}"="{BADF4FAA-4B26-40CB-8F63-7F33B3F0FFD3}"
"{745CD370-43E3-4ED6-A10C-B1A83DDD3803}"="{5D900BDC-9B06-48AD-A9CA-F287241031CE}"
"{423D48F9-FA64-48ED-A5A1-4A2A0CE9B53E}"="{5D900BDC-9B06-48AD-A9CA-F287241031CE}"
"{EA3C3FAC-7139-4F77-8C32-B1F199D6BAD3}"="{2ACF2BF7-C1F0-486E-BE13-077118A0693D}"
"{3837A11D-15C7-4DC7-BCF6-0AD43FF87B9F}"="{2ACF2BF7-C1F0-486E-BE13-077118A0693D}"
"{4E452A51-297B-4759-8178-13A31DDF6D32}"="{2A03A0D0-667D-40A4-A324-896B925C64FE}"
"{D2F38156-7B65-4DF9-8E64-95EA90F3B605}"="{2A03A0D0-667D-40A4-A324-896B925C64FE}"
"{01F55F8E-8187-4275-A052-5226DBFCF278}"="{FDBAA476-F82A-47B9-AF1B-4396CB609C27}"
"{4CE5FBE2-F048-472F-9907-9743472D41AC}"="{FDBAA476-F82A-47B9-AF1B-4396CB609C27}"
"{4B5711B8-9C06-474B-8762-F4D3C0E77BA3}"="{D17DFEBE-9412-4DEC-A149-21EC9C6F5DDE}"
"{B3699B75-C138-4402-B3B2-A895C404F5B6}"="{D17DFEBE-9412-4DEC-A149-21EC9C6F5DDE}"
"{47B6DFA5-35E9-4C50-AF9C-2D3DE471EAAC}"="{B23E059A-6DB7-4F6F-9B69-645591C0EA60}"
"{646BF22A-DB54-40B8-93E0-E729B4474FF0}"="{B23E059A-6DB7-4F6F-9B69-645591C0EA60}"
"{AE9B2680-E2DA-4163-A189-CDFEB6EA5396}"="{D202A15B-D548-4277-BEC7-5331E54584D2}"
"{562A2918-BC68-4198-A2C8-25C61D0A0037}"="{D202A15B-D548-4277-BEC7-5331E54584D2}"
"{3819528A-00BA-4EF3-94D6-995A7E36183D}"="{E0BC73AF-7745-40BF-B4D9-973B838BCA0B}"
"{B50C0931-9996-42B7-B13F-3A999DFB0CB6}"="{E0BC73AF-7745-40BF-B4D9-973B838BCA0B}"
"{3ABAC507-58D2-448E-BD11-BE3A281CFB52}"="{A87DE42E-33AB-4D77-AD53-F1948B8878A4}"
"{789049BE-5775-4185-AF7C-43644C8BE081}"="{A87DE42E-33AB-4D77-AD53-F1948B8878A4}"
"{89B6D871-F0FD-4760-9CA0-E46E7CBF651F}"="{243A205D-10D2-48F8-9D1A-E90245CC8D71}"
"{3E7302A9-350B-4A47-AA17-E72C120FB3C7}"="{2F0BE97C-7387-42C9-985F-C7D37391F2C2}"
"{027E1095-9B3E-47D6-A578-A994028B447D}"="{2F0BE97C-7387-42C9-985F-C7D37391F2C2}"
"{1469F974-7112-4F15-9350-C4096933EFEF}"="{2693B8EC-0AFC-450C-AA23-864CCBF857D6}"
"{D4B27F5C-7D93-4DA5-AB04-105EC25750E3}"="{2693B8EC-0AFC-450C-AA23-864CCBF857D6}"
"{52308BEE-83D0-4F82-9396-D2A9C967FF40}"="{8CA339C1-A7E3-4136-9239-9883560AFB67}"
"{F17FEB70-5D23-4653-8C7C-40D7CAC39C72}"="{8CA339C1-A7E3-4136-9239-9883560AFB67}"
"{5F72FB90-E937-40CE-893C-4F2723989338}"="{090DF97B-9082-48AC-9D8E-E590F870B4A0}"
"{C058280C-7E98-4A8B-A8F2-B117A5CA4974}"="{090DF97B-9082-48AC-9D8E-E590F870B4A0}"
"{0858B21C-8222-4E82-8A06-AFDFC4958B94}"="{51A004C4-B7EE-4743-A8DA-B14D68734BB5}"
"{5EA19412-9C59-4BE5-9095-B56A5B6B1439}"="{51A004C4-B7EE-4743-A8DA-B14D68734BB5}"
"{A981F934-55C5-48CE-A1DD-B32D540544E4}"="{126CD728-0D52-45D4-9540-F88837ABE1E2}"
"{9D04AE38-27D3-465D-9154-2EC8BAA46F5A}"="{126CD728-0D52-45D4-9540-F88837ABE1E2}"
"{458AB368-6D1F-4BA9-A8DD-61C5758A8A51}"="{A7245189-8403-4330-A0D4-CB6308530919}"
"{09AEFEFD-2A7C-49BD-9E23-3C0B2B8C8602}"="{A7245189-8403-4330-A0D4-CB6308530919}"
"{4661D5D1-AB59-44F4-8593-22FA36AD49B8}"="{94F0CF76-7091-4156-9DA9-560B97DEFE25}"
"{8E94376A-1AAB-4852-8F79-CA0BA83E1F9C}"="{94F0CF76-7091-4156-9DA9-560B97DEFE25}"
"{88E36A9C-3BA4-44C0-AD2C-A8F36AE1092F}"="{AAD89076-61E6-40BC-ACAB-552CD2E315CA}"
"{C5B404A3-0462-4ADF-A49B-C5F2D6B78D70}"="{82133DB5-7CE2-4400-BC13-48AEA4E46413}"
"{31D31EF1-021B-4612-B2E5-4C88FE37120F}"="{82133DB5-7CE2-4400-BC13-48AEA4E46413}"
"{32D480D1-F32E-4800-888E-069F7B810873}"="{75D33983-1CF7-4630-A5B9-B6B96CE14EDC}"
"{9175FE8C-EE5F-4A8E-9801-3C02FA41A76D}"="{75D33983-1CF7-4630-A5B9-B6B96CE14EDC}"
"{B6AA8B5A-23C2-4D5D-9ECE-372706CED65A}"="{5480A77C-D49F-4E6B-8E3F-B7B84BDA398A}"
"{9CC84637-1E74-49F1-A425-8908C7BA3410}"="{5480A77C-D49F-4E6B-8E3F-B7B84BDA398A}"
"{1FF34544-BA50-4453-9EAC-454BF5B09CB2}"="{5E8C2C1F-873E-41BD-B4BE-95946AE00B0E}"
"{FFF3A258-F9B6-436D-9FA8-2EE5EFCD3ECD}"="{5E8C2C1F-873E-41BD-B4BE-95946AE00B0E}"
"{620A98BA-352B-423E-ABDB-E098953A502B}"="{725FA17D-6559-4046-85F8-0D49E53364DE}"
"{7EEE27EE-7FBD-4A5C-B17F-FEC7113CDC39}"="{725FA17D-6559-4046-85F8-0D49E53364DE}"
"{FBC3F94D-84C4-47FA-A512-0281313B2654}"="{851B8346-D354-4326-B49C-F132607E891C}"
"{E6BF2679-DE76-4F6C-8807-F391AA119140}"="{851B8346-D354-4326-B49C-F132607E891C}"
"{DC6D7BAA-79CF-4521-ABB8-1AAE4CCEC3E6}"="{D9F79C59-EF2D-4AA9-9EBE-97F18156CDBD}"
"{E9DD3749-B8FB-4001-810D-CE68A116DA65}"="{D9F79C59-EF2D-4AA9-9EBE-97F18156CDBD}"
"{F5834F77-7911-4A7C-80D0-BDB608904369}"="{864C8CA3-A472-43C5-A934-CC501F1E4ED2}"
"{819C402B-83F7-4F1A-B186-4195A3DE27FB}"="{7396FA3E-C2F5-4926-9267-F87F62D3B8D9}"
"{D8C832DD-B576-4EE2-A61F-A90BB9AA1295}"="{7396FA3E-C2F5-4926-9267-F87F62D3B8D9}"
"{0827AD1F-9A7F-46BB-AE45-B8EC3B588863}"="{2CFD5D71-E424-4AE6-9525-0B7F4F200D59}"
"{CC896A2E-0B6B-4AC1-BC85-C1C966578A01}"="{2CFD5D71-E424-4AE6-9525-0B7F4F200D59}"
"{924E6831-97EB-4F95-9FA7-52E2EAF571E3}"="{53F4FDC6-9844-4102-9FD9-D62A265DBCCF}"
"{127E78B0-AA93-45EE-9FA1-5DE355453827}"="{53F4FDC6-9844-4102-9FD9-D62A265DBCCF}"
"{3CE601BA-4E48-4A6A-BC69-98E0429E64C6}"="{7A7A3B55-7D67-4890-A452-256A37EEF69A}"
"{F1A0354B-D17C-49E4-B874-45F284499B6B}"="{7A7A3B55-7D67-4890-A452-256A37EEF69A}"
"{40569666-9861-49C6-9CAA-081CED7870BF}"="{1BA22039-9E9A-4CAF-8010-ECB15A0608A7}"
"{4D1FF6C9-D874-4AA9-8A41-F34F5D4FD2A1}"="{1BA22039-9E9A-4CAF-8010-ECB15A0608A7}"
"{6A13D0C6-2EEB-4AAE-B7F3-A221F9502D4D}"="{E9A2AD01-3D01-4F73-89CC-36BD296E4090}"
"{378EFB0D-239A-4198-91D2-2B3B012582C0}"="{4EE823B2-B167-42CA-BE15-62BAE5D5AFA3}"
"{6F6724EF-BA5B-4004-8866-6B3A5451AFF6}"="{4EE823B2-B167-42CA-BE15-62BAE5D5AFA3}"
"{46AB1CE4-C627-4A8D-9CC4-2A009D3F401B}"="{E9A2AD01-3D01-4F73-89CC-36BD296E4090}"
"{6ECFB5F4-D481-4E7B-A369-DA09CB020BDA}"="{F4600D96-8981-453B-86CB-66C2747E9631}"
"{63A10C1B-C7D0-43C5-AE66-CDE913CA8E7B}"="{F4600D96-8981-453B-86CB-66C2747E9631}"
"{C31E82E3-F1AC-4E72-BF30-73D3F6F30438}"="{B0A58B4E-260F-4A44-B353-6D3C1B288E3E}"
"{3478FAED-34E7-4AFD-BE3A-B03257BCD8B9}"="{B0A58B4E-260F-4A44-B353-6D3C1B288E3E}"
"{D62FD7E2-2F3B-44AD-9465-92ECCAB0C70F}"="{39704C38-69AA-43FE-A52C-FB10A5A32840}"
"{311AC4CD-D719-4150-854B-50E495915A6A}"="{39704C38-69AA-43FE-A52C-FB10A5A32840}"
"{21F54264-CE11-4B2A-9A20-57B98104A4A6}"="{0D8D8299-25A8-4315-B82C-2757357D5317}"
"{EA1F01C9-05D9-4CA2-8160-131649981EEB}"="{0D8D8299-25A8-4315-B82C-2757357D5317}"
"{023BC1CD-847B-456D-8EAC-75610E14AD48}"="{03ED39D5-1183-4090-8127-79BE983D35B1}"
"{0A3848B0-15E0-4461-B08C-CCB7B5442E17}"="{D0380189-660C-4016-B624-918CB6DBE10F}"
"{70D40678-3371-45E9-ACB0-CFA4573F8D05}"="{D0380189-660C-4016-B624-918CB6DBE10F}"
"{FB087E8E-CA2E-4934-ABCE-EB61CED0735F}"="{840C1E1F-13EC-433C-8464-2D0C956BF346}"
"{317C58D9-AF21-4CF9-BFE3-9F5476AB5D06}"="{840C1E1F-13EC-433C-8464-2D0C956BF346}"
"{E144C7B5-CBA7-4091-A4E5-07C4816C9EF1}"="{B667D642-FA27-4280-AFB2-01AEE7FEF82A}"
"{5C3EB2AD-F0AD-45CD-BE61-BC07CB36D509}"="{B667D642-FA27-4280-AFB2-01AEE7FEF82A}"
"{84295E22-F51B-4685-9DC8-0FB63096D8A8}"="{71E041D7-D115-4EB5-9F70-FE3C04B0D244}"
"{B578A860-A655-48E1-AC4A-297582142D23}"="{71E041D7-D115-4EB5-9F70-FE3C04B0D244}"
"{00BAB932-A77B-4B9D-9067-8A2E5E582B1B}"="{B00E034B-DD97-4D84-A383-C3E8966BF831}"
"{8C42FC1D-FA91-4654-8A53-8D7E26A60A8D}"="{02AE497A-3233-4B94-9635-52B970CBB0A4}"
"{598B44DC-B191-4F7E-B4CB-69A2F8B30F87}"="{02AE497A-3233-4B94-9635-52B970CBB0A4}"
"{3DB9387B-3FF2-4A6E-83BB-97464304890E}"="{07675489-0952-4CF8-8CF0-ABA550C04780}"
"{7C2C2DE4-97DD-4F30-9D67-68147AD3F321}"="{07675489-0952-4CF8-8CF0-ABA550C04780}"
"{5E6B27A3-519B-4E12-A846-E2D47E1E0835}"="{91C41503-DCDB-443F-A419-793CD51EEB24}"
"{0C576461-A92D-4B0E-8F99-DC8A88E6D1F2}"="{91C41503-DCDB-443F-A419-793CD51EEB24}"
"{E7C2E7CF-6987-4BAF-A310-137DF3267EF2}"="{C811B6AA-146D-482F-B80B-D046787F5697}"
"{8DBB1A31-5C2A-4989-AAFF-69DE7C31BFC7}"="{C811B6AA-146D-482F-B80B-D046787F5697}"
"{1D9EC001-94DD-41F4-BDF6-903F1600BF19}"="{A41797F1-1986-4A6B-B508-7BB725C925F7}"
"{D9160651-160A-4427-8A96-02E911462D26}"="{5CBA770C-56C3-45A0-9D5C-A65FC461AF7A}"
"{E4E3B882-CD14-4614-A513-5C749E45182A}"="{5CBA770C-56C3-45A0-9D5C-A65FC461AF7A}"
"{DF2C8FD0-D615-49D4-9792-7F6838722C3D}"="{A812C591-2655-4D41-ADA4-CD9D9A01CE2B}"
"{B09ED4E6-B585-4A0C-B5B9-661D4BAE0EC4}"="{A812C591-2655-4D41-ADA4-CD9D9A01CE2B}"
"{F5AE7A07-75FD-49D6-B419-E0F4087007DE}"="{291602D9-595A-4B67-9152-6C2FFF8B6B5E}"
"{7CB761E2-238D-45B8-9BA7-A60DAFE577C6}"="{291602D9-595A-4B67-9152-6C2FFF8B6B5E}"
"{834D0713-743D-4809-B674-6BDA8770D5AE}"="{BD91AED3-F421-438D-8544-158FBFA00D96}"
"{7AE42F59-2ECE-4FA3-B235-CE48DF1BE889}"="{BD91AED3-F421-438D-8544-158FBFA00D96}"
"{C3CD1144-1467-4F61-85DC-E1D486A07730}"="{4D333AD3-7376-41FD-AEC0-5279752C869A}"
"{C4E1265F-6AB9-4B04-AD30-CA59492715D0}"="{4D333AD3-7376-41FD-AEC0-5279752C869A}"
"{0C8BC880-985D-4DB8-8F9B-B0A4682BA9B6}"="{246F781B-CD7C-4D8C-903E-D2110C27F64D}"
"{9C0C2A59-4E5E-4245-9940-EE75AE1285BC}"="{66D39E32-C0E9-44F3-916D-BAB1D7C6650B}"
"{A111DEF1-08DA-421F-9AD5-C24D8E873BFC}"="{66D39E32-C0E9-44F3-916D-BAB1D7C6650B}"
"{323C8488-2204-4512-9F12-93AAA40B9486}"="{80493FF0-10D7-4B68-98A5-D2EE955DDD28}"
"{1B3D8DDD-40B9-4C3B-BF8F-FCBEE95C3707}"="{80493FF0-10D7-4B68-98A5-D2EE955DDD28}"
"{04C2528B-2EA8-4714-869F-988502440AB9}"="{EA596C5D-F71B-4965-884C-2E9941BCB142}"
"{0E64099C-FE4B-4310-B3E3-7220B8DB5B06}"="{EA596C5D-F71B-4965-884C-2E9941BCB142}"
"{5BF630A7-BE14-46AF-8726-87BB1422B104}"="{7CDB2378-4F17-49C1-8AD3-2EEAF2F6E959}"
"{0DA2BB9A-3336-416A-8CC0-F28BEDCC9B4F}"="{7CDB2378-4F17-49C1-8AD3-2EEAF2F6E959}"
"{265AAF43-5349-4BC5-984D-AC0CB211803C}"="{7BF75312-A295-4B29-B0A7-E54EFB9D1777}"
"{FCF066AB-A830-4C1C-AB16-BCC998435F2F}"="{7BF75312-A295-4B29-B0A7-E54EFB9D1777}"
"{85762C65-90BF-4D26-BF8C-81824CCFAC53}"="{A8FB1286-04F6-4AEC-833A-D2910D4AFB69}"
"{EFECB1CE-C71E-4293-9318-32ACF2D9F4C8}"="{A8FB1286-04F6-4AEC-833A-D2910D4AFB69}"
"{AACACA94-F255-4D48-9357-8F66FC4AD63F}"="{22C75451-653B-42B7-85E2-6BE4457FE1EC}"
"{D05DA892-8DCB-4ED9-9D18-FD872C5E795F}"="{22C75451-653B-42B7-85E2-6BE4457FE1EC}"
"{2E157B4D-507A-478E-87AE-2C1653B2B102}"="{5F931D1A-0DA5-4F15-9D9C-DD6DB539C6BF}"
"{8F1BD8D8-8841-480A-A28A-34E05BE80F0D}"="{5F931D1A-0DA5-4F15-9D9C-DD6DB539C6BF}"
"{9C7D1EDC-2757-4FF6-A884-E385107417D1}"="{88E7F384-A2A4-48DB-A741-89EDC1F36D03}"
"{309DA724-74EF-416E-B627-CF715CE62A86}"="{88E7F384-A2A4-48DB-A741-89EDC1F36D03}"
"{E257207C-AC23-45FD-8CF2-F5638E15467C}"="{23AFB170-25ED-44A6-B46E-8797D0217BD9}"
"{2BC7E1C4-AAD9-4C79-926E-B5727EA8D946}"="{23AFB170-25ED-44A6-B46E-8797D0217BD9}"
"{2C9D8693-470F-4F29-9D14-47E62AC89188}"="{4181F679-1D92-41D6-B2D7-7153E68DB384}"
"{9148B079-7FF5-46D8-881D-119CEF00A6FC}"="{4181F679-1D92-41D6-B2D7-7153E68DB384}"
"{4D32D496-ACFF-457A-BA42-D97AEFAC9ABF}"="{92811F60-9F1F-4079-B72D-47966474FE53}"
"{C5D41714-1D50-4790-B349-45B68DC9E42F}"="{92811F60-9F1F-4079-B72D-47966474FE53}"
"{15D1A562-F25C-4C41-A12E-39073B375FEA}"="{4BB6EEE1-E68B-4C07-9586-659D68FF4B2A}"
"{0B7A113C-3F01-4E3C-A0E8-122CCBBDAB19}"="{4BB6EEE1-E68B-4C07-9586-659D68FF4B2A}"
"{DDB65266-2C3B-476A-A4E5-3A587E3CA54E}"="{F87B8A9B-2FB1-410B-AEB6-9C7C7A570000}"
"{0CE23784-4193-45B5-B02F-51C459B600B7}"="{F87B8A9B-2FB1-410B-AEB6-9C7C7A570000}"
"{94E99B3A-51E8-472A-B575-CD9EE71960E2}"="{4CF1372B-9088-475E-89D9-692BE5DAD5FB}"
"{0587D1D2-077C-4447-A862-06547D703232}"="{4CF1372B-9088-475E-89D9-692BE5DAD5FB}"
"{8218C28B-B3BA-49E0-A27A-09C5DB5289F3}"="{CF3A8BC7-FE18-4E8D-9F9B-7F6E6CB98EAB}"
"{BA38A520-35A6-40DD-834A-E57BD6AC2CDC}"="{CF3A8BC7-FE18-4E8D-9F9B-7F6E6CB98EAB}"
"{35D0EE1E-BBD4-4709-82C3-A6B8EEB11A6C}"="{E4601C47-81F2-4752-B650-245A3A4A36CE}"
"{DAA980CA-81EC-47F9-B30C-5950793AD243}"="{E4601C47-81F2-4752-B650-245A3A4A36CE}"
"{FD379A5F-261B-405A-8E9F-17F182C1B4FD}"="{681F2B21-E317-4C33-A627-E9C5A4FE8709}"
"{DCA9A88B-3763-41C3-B8C2-BDC8CC76EF31}"="{681F2B21-E317-4C33-A627-E9C5A4FE8709}"
"{04665D1F-9E31-48E5-80C8-0E7B53F60EAE}"="{12C05E74-13B1-4F12-9555-381F38680861}"
"{9938A372-95E2-4405-9458-04F51C9E2AB8}"="{12C05E74-13B1-4F12-9555-381F38680861}"
"{C64F41DE-3201-45C0-8FD9-9DFE412D3F8A}"="{09CD2585-2CAF-420F-8A42-8CA3FE4CC71E}"
"{EB2C3C03-DF1E-44C3-8337-D82B48AE1F95}"="{09CD2585-2CAF-420F-8A42-8CA3FE4CC71E}"
"{D9548A29-F943-481D-B4C7-0DAEAB146942}"="{8296A0B1-8926-46F8-94C7-5A9242D01420}"
"{CF85E23C-8D5C-48DD-A42D-FA22B49D77D3}"="{8296A0B1-8926-46F8-94C7-5A9242D01420}"
"{E229E613-B1A5-4F37-8EB0-F883B7AF3E5B}"="{6ED86BAA-FCF8-4463-907E-195C988A1F75}"
"{DAAA4F7C-D031-432F-B27A-606F63B8C2F3}"="{6ED86BAA-FCF8-4463-907E-195C988A1F75}"
"{CC879E37-5D62-4106-A580-D6B89A2A4611}"="{702C006D-526A-415B-B30D-AA5585695FB0}"
"{EEC69835-FA57-401F-B804-66C4182542FC}"="{702C006D-526A-415B-B30D-AA5585695FB0}"
"{B92843BF-AA63-405A-9E54-A4CF77045F40}"="{B8720635-BF83-4DC3-8BB2-4004319C916B}"
"{3E41AAD2-BD85-48DD-AA2C-0B8E2157AFB1}"="{B8720635-BF83-4DC3-8BB2-4004319C916B}"
"{9BD84BC6-E157-4C6A-AEE2-3EF9401683A3}"="{4058AB6E-14E8-4599-BEC8-DF989C3F53DE}"
"{867A69B3-E6B3-4CB9-9370-26292B1E785F}"="{4058AB6E-14E8-4599-BEC8-DF989C3F53DE}"
"{D794EE00-5AD2-40EC-8A4B-A09311FADD55}"="{079952F5-CA47-4B76-B1EC-F9AB7CD1B80B}"
"{95EA5755-04AD-4B4D-9A13-FB05BFE50681}"="{079952F5-CA47-4B76-B1EC-F9AB7CD1B80B}"
"{227B750D-EDED-403F-A1D6-8799DCE4E8CD}"="{E99C938A-6A70-4A88-AC77-C67D52518BCA}"
"{DC7A72EF-1002-4A87-8439-C75850D45BB3}"="{E99C938A-6A70-4A88-AC77-C67D52518BCA}"
"{E6053799-DA86-42E2-A4E8-84108CA57622}"="{2B414F8F-DCE1-4207-B74E-E81DEFFCE690}"
"{69A4CB79-9003-438F-BEEA-AE4BA6554EDE}"="{2B414F8F-DCE1-4207-B74E-E81DEFFCE690}"
"{9E313C41-1F3F-4E83-9B0C-75B59CF7D56C}"="{D00E7922-4C5A-4B72-BAA3-7B7D2C71A59D}"
"{60552074-0DEA-4873-AE89-361646F731B8}"="{E573F548-0A00-4109-B0EC-40EAEFAF6B7E}"
"{328AE257-69FC-4DB9-9745-ED984D2007E8}"="{E573F548-0A00-4109-B0EC-40EAEFAF6B7E}"
"{5E7CB54F-9582-43BD-8E35-A1A4CC857441}"="{85E3E331-3DCE-4B68-90E8-57A70B4335FD}"
"{1CC0E80A-84DF-4E02-8C6B-D7EFC7B536BE}"="{85E3E331-3DCE-4B68-90E8-57A70B4335FD}"
"{B0603E34-A1B7-4FC6-AA20-69AEA6C2B0F3}"="{D6940301-7520-41E5-A0E6-545E8FC62DC8}"
"{BE29F2CC-24FA-4FF1-A689-2D437F9268DD}"="{D6940301-7520-41E5-A0E6-545E8FC62DC8}"
"{1F38B139-E89A-45DD-A3FB-73A2E1F8A310}"="{036367CF-D9AE-4EF5-A9A9-CD40D8F96FDB}"
"{7AE2A2C4-660F-4BE5-8C55-8BC765CBFA11}"="{036367CF-D9AE-4EF5-A9A9-CD40D8F96FDB}"
"{FECA5E24-4AE0-4EAC-9C68-B98A50F256C6}"="{EC9B25F5-EADC-4433-9B1D-0A022F23D2C0}"
"{31F81110-8DFC-46BF-B723-E3AD6EA5CE29}"="{EC9B25F5-EADC-4433-9B1D-0A022F23D2C0}"
"{C31EF5D1-8F83-4237-9AE9-AFC6261FBABE}"="{0D5879C4-C6A3-40C1-A18D-D002E9BE204A}"
"{D753D249-B861-4F64-9EF6-495416983BEE}"="{0D5879C4-C6A3-40C1-A18D-D002E9BE204A}"
"{9D2775B4-6A40-47AA-A360-B11D9B1175A8}"="{51B2C5F1-19A2-4F98-9B1F-CE55B697B8D4}"
"{F16DF204-A29A-457C-B7E3-B0CE63FDBD46}"="{51B2C5F1-19A2-4F98-9B1F-CE55B697B8D4}"
"{445CDA86-E553-43B0-9ECD-620B7B1D5E6D}"="{E4D4DFAE-2312-48FB-B0EB-3E9D257ED10B}"
"{3387EF46-1D3F-4CBB-A5BB-B44AB980D434}"="{E4D4DFAE-2312-48FB-B0EB-3E9D257ED10B}"
"{09E8EDAB-4CDA-4EB9-AA68-7180B54E22BE}"="{354773DB-06CF-4929-984B-F0E453FB2BE7}"
"{DFBE8D9B-2B36-45D3-B9B8-1DCF07C22784}"="{976F1C2E-CD7A-493F-BB70-AFF85008D0BF}"
"{DD9031DA-C208-4D28-9193-12FFC2986867}"="{017B9783-B125-488F-8C7D-7360C17BEBF5}"
"{7FC25C8B-AC44-4657-9FBC-F8600BE22BAA}"="{017B9783-B125-488F-8C7D-7360C17BEBF5}"
"{9F80CC05-BF94-4AC3-89D3-9013E802770C}"="{C5EED3E7-D4E0-4AB3-8168-FC3786C6E953}"
"{1F2A2D38-587D-4D4F-9BF0-A31A4839166B}"="{C5EED3E7-D4E0-4AB3-8168-FC3786C6E953}"
"{636D1B17-579E-4892-93ED-2F7CA6949D8D}"="{CE68ED6A-BEB5-49FF-A034-71087BEDCAAF}"
"{0FC2240D-861D-4E82-8D38-E2A6B48F66F6}"="{CE68ED6A-BEB5-49FF-A034-71087BEDCAAF}"
"{28972B54-187C-448D-9606-B1526A354C43}"="{2D98A957-2348-47FD-8493-7A750E921617}"
"{9BC6148D-54AB-4C00-9EA0-329174D9F119}"="{2D98A957-2348-47FD-8493-7A750E921617}"
"{3F496E6A-1819-43E3-94D0-F65D78930DEB}"="{A098961C-2D26-4028-900D-68D3AB172AEB}"
"{07748BF1-DD4C-4A34-9084-86CF9BE6C32C}"="{54430EEE-1B64-4D33-AFD1-9D61C532E035}"
"{9F92201F-B346-49E8-82C5-148978E9DEC7}"="{54430EEE-1B64-4D33-AFD1-9D61C532E035}"
"{7157BE19-8429-472E-AB50-C3CB90FE3AC6}"="{524F7572-74CC-4D3F-A958-00261C428AC5}"
"{0A45FEF9-B911-43D6-942E-318E8ED63908}"="{524F7572-74CC-4D3F-A958-00261C428AC5}"
"{790DF708-7684-4168-9DD9-D33CF177A2DE}"="{A223130C-4409-4D5D-8733-748614813ED3}"
"{098B38B1-EDD1-461F-9C38-DBCFD9D256DE}"="{A223130C-4409-4D5D-8733-748614813ED3}"
"{90AA0883-3310-45D6-A5E8-A665DE94AA86}"="{CE62EEDE-6DD4-4B73-BA44-BEE6E58E7388}"
"{11570EA7-2E70-432F-8393-42E8B76E7716}"="{CE62EEDE-6DD4-4B73-BA44-BEE6E58E7388}"
"{BBB4135D-89E0-47E4-841E-EEB3970465B8}"="{ECADD212-5D01-4546-B58E-A78F982C6475}"
"{3C57900B-489D-4801-A2A2-7C4F00437889}"="{ECADD212-5D01-4546-B58E-A78F982C6475}"
"{482D087F-5DDC-45D4-B171-F25086B90537}"="{7267076B-4D2E-42C2-ACC0-AA0C2E5949F1}"
"{108EF0D0-9597-4573-AD92-43FE53FD27F0}"="{7267076B-4D2E-42C2-ACC0-AA0C2E5949F1}"
"{DFF33552-6A51-477D-BE83-4594FDD0DF04}"="{75D58484-4583-407B-9EC1-C4A20593BD08}"
"{84AC74F3-207E-422E-87A2-D94FE39A5995}"="{75D58484-4583-407B-9EC1-C4A20593BD08}"
"{F6B9AC13-DA88-4C26-A6CE-1826074864CD}"="{B5023AA1-0780-4BBA-9791-5A23FE1B9DE6}"
"{A6548DA1-2DC5-4E28-B341-BE7371D8E1FA}"="{61DB9A35-1D09-4356-B025-E494D52D9D18}"
"{970E2851-3051-4B33-BF21-E9FC1519CFD5}"="{61DB9A35-1D09-4356-B025-E494D52D9D18}"
"{050249A0-A10B-4F1A-8C7F-9FE9B5600C0F}"="{644FE3D3-828D-4B35-9A02-97DD6C04E4C8}"
"{53D1B116-DB54-4135-9088-3723CC62040D}"="{644FE3D3-828D-4B35-9A02-97DD6C04E4C8}"
"{CA6275C4-FC76-48C7-A69C-E0E0B96FFDAD}"="{FA8ACC0B-57CD-42B8-869C-7FB8239C8EE8}"
"{7304A352-2C91-4EFF-A23B-509063F1C05F}"="{FA8ACC0B-57CD-42B8-869C-7FB8239C8EE8}"
"{95A59395-E97E-47A4-9835-777979ECFC06}"="{D6D24DCF-0AF9-4FB3-B4FE-295271DF5336}"
"{932F85E1-5CDD-4242-8153-295B81EE730F}"="{D6D24DCF-0AF9-4FB3-B4FE-295271DF5336}"
"{8D426C63-7498-4EED-BEEF-A4403397563C}"="{960DE54E-C610-495E-A325-1E0947879A5F}"
"{F666B22D-4FAC-49F5-8ADB-2D25E2FF6810}"="{960DE54E-C610-495E-A325-1E0947879A5F}"
"{9983296F-4D2A-43BC-B3FF-23B8FEB67D12}"="{44AB9B28-882C-423D-9508-29FBFA42CD26}"
"{68126842-6F92-4C23-AE5A-E09DFE00849B}"="{44AB9B28-882C-423D-9508-29FBFA42CD26}"
"{51666212-2617-43E1-B991-0C11E79C1466}"="{1E26A5C7-189F-40C6-BEA8-E3489ECC2572}"
"{7CF35756-359D-40E1-9300-5B6E013D5ECB}"="{1E26A5C7-189F-40C6-BEA8-E3489ECC2572}"
"{CEA49331-F612-4A59-9933-64089F8974F8}"="{1BF2EB7A-AC62-4413-8533-AC6AE70A68B8}"
"{8D65C191-9FD2-42FE-9153-F9AB91F0D23D}"="{1BF2EB7A-AC62-4413-8533-AC6AE70A68B8}"
"{225DF82C-7A5B-4E7E-95C6-D396F7E4E535}"="{FF185F9E-DD29-4EF7-99B0-9322684FBB5D}"
"{97894FED-4D40-48DB-B60D-7557276332EB}"="{FF185F9E-DD29-4EF7-99B0-9322684FBB5D}"
"{BCC6AABB-2C16-4738-A32B-1FB4087CEDCE}"="{30706222-0C45-423A-85F7-220347174EEE}"
"{01077977-B54B-4292-9D6B-5A87E55DDECF}"="{30706222-0C45-423A-85F7-220347174EEE}"
"{7CA87354-F9EA-452E-AD19-D13ADE0A62C5}"="{5D754F36-339D-47BC-B984-1AFB420C2A99}"
"{DC1DCFD1-F826-4FF8-B5E4-EE3B7431123F}"="{5D754F36-339D-47BC-B984-1AFB420C2A99}"
"{557EFF7A-1B8A-4FE9-95AE-21421E2BED45}"="{316A50F8-FE35-4999-9301-B586E696DF1C}"
"{6D48E1CE-96C6-4CFE-953F-ED3C3122CF3E}"="{316A50F8-FE35-4999-9301-B586E696DF1C}"
"{B44349E3-75F3-4C0B-AB14-93EA4E2E23EE}"="{78127139-36FA-461D-A5CC-5B989959F309}"
"{B35E5806-E69D-41E0-B68F-FE7DDA72064B}"="{78127139-36FA-461D-A5CC-5B989959F309}"
"{46EA9DC1-BDB3-4C24-A1AD-6B9A3ADD9F35}"="{12B77ADC-DBD1-4A60-884D-A29AD57D5C78}"
"{23C1DCAE-9082-48ED-9BF6-8592E28190F8}"="{12B77ADC-DBD1-4A60-884D-A29AD57D5C78}"
"{A746E40A-1CC9-43E2-AB9E-91CCA062BB4C}"="{CD2AABD3-50A0-41AA-BD3C-80E4DB781452}"
"{2E0E5AA0-1E1C-4D82-A56B-F67A9576707D}"="{CD2AABD3-50A0-41AA-BD3C-80E4DB781452}"
"{0A1F8AEB-E7EA-4F8C-9FD4-8432CDBA1EEB}"="{31817B00-40F7-4016-8ACA-45A81709A726}"
"{66598A81-A654-49CB-9B03-7F11F88DCF2C}"="{31817B00-40F7-4016-8ACA-45A81709A726}"
"{7458492D-53D4-45D2-9A76-175D45663237}"="{996F2741-937E-4786-A29B-0CDEEE8EA59E}"
"{BA1BD2DD-16CA-4EF7-8A40-E1B2C94F49E9}"="{996F2741-937E-4786-A29B-0CDEEE8EA59E}"
"{E1D7FEB4-5EF2-4742-9038-139910C21742}"="{8D7282C5-5467-423E-8539-F37697028460}"
"{4900E8EA-0715-4179-BBF4-BFCF68057ED0}"="{8D7282C5-5467-423E-8539-F37697028460}"
"{15CE9913-13CB-4751-A498-A0EDE8C7BD16}"="{CC399B2F-0252-4836-8D21-FE58DB92A0A4}"
"{C55BAE28-9735-4446-8E76-8A99DBEE2C8F}"="{CC399B2F-0252-4836-8D21-FE58DB92A0A4}"
"{D29999A8-3078-4289-9DD1-C433ED30F0F0}"="{CB0E2660-9F11-4E73-AA98-9663105CD722}"
"{444D78D9-A6F1-418B-A2C1-D2A27E3A34FC}"="{CB0E2660-9F11-4E73-AA98-9663105CD722}"
"{D48EC5C2-F446-49BE-974B-4E4C2792F06C}"="{6A9557E2-F2E1-46E6-B456-59B4386CEA50}"
"{22B0FBC7-5C98-46EC-A5F1-58C5947A78BE}"="{6A9557E2-F2E1-46E6-B456-59B4386CEA50}"
"{0A3A7B9E-3873-4D95-B924-9C09FB81F97D}"="{EE902E85-291C-43E1-B840-31EA3879EEE5}"
"{A754B5C2-8FBA-40B6-B1DC-54B6C37C96C7}"="{EE902E85-291C-43E1-B840-31EA3879EEE5}"
"{C3343B62-2BD3-4BCA-AA78-B62C48D29FEE}"="{A33863D8-423E-4D43-AB51-853976E60B28}"
"{C74F88FE-BC50-4465-9612-04F5F32FD4D3}"="{A33863D8-423E-4D43-AB51-853976E60B28}"
"{0A8A5CE9-7D5F-4EE8-95B2-8E7DEF84D024}"="{77038931-09F3-4D0C-99BE-2C83533ABAFB}"
"{3E3C5265-69E6-44DF-BBE5-58F36F4BC334}"="{77038931-09F3-4D0C-99BE-2C83533ABAFB}"
"{ED4BDCA7-B16B-46C8-9087-73A292F844A1}"="{33507F56-A1F1-4BB1-93C5-E5BFE00761F5}"
"{3FBA4283-A46E-4D71-A4DC-854165B4A212}"="{33507F56-A1F1-4BB1-93C5-E5BFE00761F5}"
"{30C9CE1B-04EF-4DB0-89EF-DE6E05EB3A07}"="{7AD6D559-544D-4213-9216-E3FFE0DB1F57}"
"{9D8F3243-EEA9-4926-83B8-F7E06DC97BF1}"="{7AD6D559-544D-4213-9216-E3FFE0DB1F57}"
"{2441BB03-EB14-481E-9CD8-D33B67214443}"="{2CFA3A90-30C6-41E4-887E-D7FB4DDB7DAF}"
"{706033AF-50C7-40EB-9551-ED8FE49BB8FF}"="{2CFA3A90-30C6-41E4-887E-D7FB4DDB7DAF}"
"{AF844238-1650-4DE3-805D-8631F5B93361}"="{7A20C932-2CB8-4E3F-84A2-9F95451F5DD1}"
"{E3FA1F9D-9570-45CF-8478-180A6613F446}"="{7A20C932-2CB8-4E3F-84A2-9F95451F5DD1}"
"{621DCF4F-26F5-4BC4-89C4-19C05F6B1D98}"="{8BC592B9-DBEE-4CB8-BDE9-1B2300C7426C}"
"{4EA59020-C68C-4C0A-B1CD-E03871624214}"="{8BC592B9-DBEE-4CB8-BDE9-1B2300C7426C}"
"{8B325C47-8AD0-4813-893A-05EA5536D84A}"="{6038C1B1-2A6E-4F4F-9DF6-45E4403C2F53}"
"{54BF25FB-16BD-492E-BA19-65C6747A0198}"="{6038C1B1-2A6E-4F4F-9DF6-45E4403C2F53}"
"{D63A51C0-7341-4047-B687-E7E6028E2895}"="{8347FACB-0186-428C-9762-438C96D55BED}"
"{E29A1B97-4933-48FB-A2A0-1A0C05B9C06F}"="{8347FACB-0186-428C-9762-438C96D55BED}"
"{22B6E364-FDA5-4273-8E2F-EA5E5AD9D2DB}"="{28C54220-D9E2-4F51-8DF8-CA3D7B2E2138}"
"{4FAA9667-178A-48BE-BC44-D71C40CDC8D2}"="{28C54220-D9E2-4F51-8DF8-CA3D7B2E2138}"
"{3915B591-851A-48BA-A26D-0A2E779A202D}"="{9F3D4627-9927-4293-8483-22CF5F17B68D}"
"{421405DC-20B5-4748-9193-AED21FBBBF82}"="{9F3D4627-9927-4293-8483-22CF5F17B68D}"
"{5A3A33E7-24B4-433D-86C9-BA0AD1E23FA6}"="{2B173F9D-C754-417D-B36B-3B05AB6622C0}"
"{133C16FF-0289-4F01-8515-CE9805000DDB}"="{2B173F9D-C754-417D-B36B-3B05AB6622C0}"
"{EEDE7C29-DBBA-492B-8EA6-1018E19A8402}"="{92E3EC1D-23C3-4849-93D4-74954AAF927D}"
"{E7EADAD6-89D7-4010-A57D-0183B8C1022D}"="{92E3EC1D-23C3-4849-93D4-74954AAF927D}"
"{8352E53C-52F0-4A2C-AA99-A4AAB39999AB}"="{8013A4D4-17C3-42A5-8C8E-AD357835B93B}"
"{1B6EE4FE-DC19-4E85-878C-B90F12EB6F0B}"="{8013A4D4-17C3-42A5-8C8E-AD357835B93B}"
"{D272BD52-B8B7-4CEE-AE96-CC0BC56A2779}"="{957DEE6B-E601-43C5-A1A4-3F575DDCF0A8}"
"{EB93962F-8ED9-4BD5-B5A0-B698F293CC63}"="{C10D7034-AD99-43FB-9BC6-CF39A48DC811}"
"{3D468272-E3CC-4ACF-9816-F832E83607FA}"="{B026D6B2-DC1F-4C17-A2A3-403ECEA6A7BF}"
"{D71276B3-1F34-4CFE-9556-B2B16DC5EA22}"="{B026D6B2-DC1F-4C17-A2A3-403ECEA6A7BF}"
"{5E05BA6C-C69B-47F7-8BB9-654C63432387}"="{08EFED64-7A17-444A-A44B-3E179D838845}"
"{1F73F4C5-1314-4394-82C9-50EF0CEEFC52}"="{08EFED64-7A17-444A-A44B-3E179D838845}"
"{B902465B-5C6D-462B-A89D-A36537C44A6E}"="{78277712-3D04-41A9-9DE9-9007341B5E56}"
"{6A4587FE-AD16-4D57-B521-E51207A9516B}"="{78277712-3D04-41A9-9DE9-9007341B5E56}"
"{461A11D9-4E0E-4D4A-9B28-7DA3730AA5C1}"="{9C6D3B17-3932-4750-B3E5-28316CCE4434}"
"{E2C0F312-A053-4441-A8BC-E34C6C213ECC}"="{9C6D3B17-3932-4750-B3E5-28316CCE4434}"
"{4EAC15D0-D025-4E61-9534-8CFD7680AA4F}"="{EA70AA3F-309A-44D8-9ED2-A2ED92B204C7}"
"{AD2B9464-9B77-47FC-9425-7EEAC47A146E}"="{70A1996B-6EA4-490C-95BF-B92528494E9A}"
"{6E5B006C-52BE-4844-8164-91D1978E29E2}"="{70A1996B-6EA4-490C-95BF-B92528494E9A}"
"{27E81056-0DDE-4327-8B03-5BD5536C4D04}"="{3BFB64A1-4160-4542-84EC-6C49AE90F2F0}"
"{43F1A80F-05D6-4FF9-93BF-EEBF72FF43A7}"="{3BFB64A1-4160-4542-84EC-6C49AE90F2F0}"
"{A74BC307-4557-4043-8DC2-9A8A3C8EF759}"="{8B48C085-6298-4F98-8B77-04971EF66593}"
"{5828BE27-7F9D-4CFD-81AC-A773F1D139AE}"="{557D3C1A-D830-4AA0-8100-AD7AE4864DFC}"
"{AD899A77-4304-4668-B55F-F1C37671E508}"="{557D3C1A-D830-4AA0-8100-AD7AE4864DFC}"
"{572577A2-75D3-4681-A584-105D2DADA397}"="{11940021-3BD3-4610-87BB-A390BA789C40}"
"{1F128135-ABC9-42DA-8882-DD9AE011E9AA}"="{11940021-3BD3-4610-87BB-A390BA789C40}"
"{ED380FF2-469D-4E95-92E6-DC2378956895}"="{DEEC87DE-302F-4EE8-9F0A-0A838C3BB2C6}"
"{44F81BDA-07A4-46FE-97C3-BD6313C21593}"="{DEEC87DE-302F-4EE8-9F0A-0A838C3BB2C6}"
"{C8248927-D5F5-46ED-B12F-3BE9287A12DD}"="{4FE6B04A-4191-4E4F-8427-6B96C6FA09EB}"
"{C87D9E0F-B619-41AD-A0B2-82C35D1886E5}"="{4FE6B04A-4191-4E4F-8427-6B96C6FA09EB}"
"{9345014B-49AC-40BB-9DDD-4E5FCEA35EA8}"="{B7426D42-BB36-4889-AA1D-CF25C89E1E0B}"
"{E8FBE2EB-6652-44DA-9329-9A3661933282}"="{B7426D42-BB36-4889-AA1D-CF25C89E1E0B}"
"{08FF1FDD-B587-4E11-BB10-2E20FC1CFE34}"="{AAD4C79C-766B-4908-8E83-604CCCFB1899}"
"{B4ECC4C4-B3DB-4C00-A0A0-E160DF3B4F83}"="{AAD4C79C-766B-4908-8E83-604CCCFB1899}"
"{8B6F63B1-7B06-4780-BE7F-98C5AEA399D2}"="{972DB3F3-D7DF-42FB-8518-EFE86E2966C1}"
"{5F4BF622-32E1-495F-9A95-81ACCA67545A}"="{972DB3F3-D7DF-42FB-8518-EFE86E2966C1}"
"{7FF2814D-CF15-4A48-88C4-9AC22D493A6B}"="{CBDA31E8-2457-4A45-94DD-E296DAC06BEF}"
"{3780E940-BCD8-4851-8862-C71ED6466EE1}"="{CBDA31E8-2457-4A45-94DD-E296DAC06BEF}"
"{746A8958-29E2-4851-AC3F-F064C4579CBD}"="{5892F0C5-AA62-434F-8C78-2FE4CE7690A4}"
"{D4DBEEBF-4892-4D22-8522-10E40FA20535}"="{5892F0C5-AA62-434F-8C78-2FE4CE7690A4}"
"{85A354E1-4B6E-49AF-8FC0-F7DBD8D16483}"="{658C2D69-9BAD-49D8-A08C-019B389717D0}"
"{BE7D32FA-7CAD-4FBC-8B29-770CA1AAFF1F}"="{658C2D69-9BAD-49D8-A08C-019B389717D0}"
"{ED474F57-61B0-4365-AC69-578CB06F6941}"="{C05240DE-575D-4EF0-8425-51CF69D81F1F}"
"{1A2BBCFD-968B-45AF-A04A-9702BEADE08B}"="{C05240DE-575D-4EF0-8425-51CF69D81F1F}"
"{78CF5089-B2F9-42CA-92AA-EFC2FB427EEE}"="{961E95A7-2592-4E5E-B662-0075D6AC2001}"
"{56CE58A0-1E2B-4988-BDE2-3C997932150F}"="{961E95A7-2592-4E5E-B662-0075D6AC2001}"
"{2BF16355-2CC4-4C7B-B183-DD44FD5B4F35}"="{E2F59373-C831-4619-A1AE-B6B74C900DD7}"
"{7CE2AAF5-AFD9-4FE5-8E3A-57CE29578828}"="{E2F59373-C831-4619-A1AE-B6B74C900DD7}"
"{9EB8694C-5502-435F-A6A3-F7D25F587B8E}"="{3259171B-BC21-4108-B02B-305CFA488FED}"
"{A48430C5-C913-47BA-AF58-CC62EB966C2B}"="{3259171B-BC21-4108-B02B-305CFA488FED}"
"{6095FDE7-20A3-4A07-8DD2-42195F3DCC75}"="{411B408B-2CC7-465E-AE67-11E651C0FE66}"
"{2A95B4D4-407F-40C4-9122-43DD704541B2}"="{411B408B-2CC7-465E-AE67-11E651C0FE66}"
"{E404D8C7-6455-41B0-AE4F-58876A6ADDD7}"="{DD218FF6-8C36-4596-AB58-28172EDC3220}"
"{CB5B3F4D-8864-46E0-A635-8FB555E6F1E4}"="{DD218FF6-8C36-4596-AB58-28172EDC3220}"
"{1F288F0C-B1F8-4733-93A3-379A8E7265EC}"="{36CC158E-6EFA-4E04-86D7-4B24F4C80D56}"
"{14B08BB3-7FB9-4EE9-8585-F7433077F145}"="{36CC158E-6EFA-4E04-86D7-4B24F4C80D56}"
"{DA26FB83-78B5-4BD2-8695-23DBF8699F63}"="{8FCD8A4D-0766-4D22-8C96-460E88D0AAB3}"
"{68F257CE-81F4-4DB1-9B23-22E5BC876B0D}"="{8FCD8A4D-0766-4D22-8C96-460E88D0AAB3}"
"{DD6493FB-6DDC-4634-B7BD-60191DFCF88B}"="{97CB08FF-57D2-49BE-9100-70A56A56C8CB}"
"{5856226E-C36E-4CA5-A521-3F5488FF2F60}"="{97CB08FF-57D2-49BE-9100-70A56A56C8CB}"
"{E19688F6-B075-4A2A-A9E9-DC0390598798}"="{B3AAEE4D-CE0D-4539-806E-5BF4D1D1FA2F}"
"{CCCB6C49-0407-47EB-BB6F-A9F0ADFE80E6}"="{9913873C-E089-4115-857C-8AF7BE9DB9BB}"
"{B706627B-4E9D-4CBD-BDDE-D885780911CC}"="{9913873C-E089-4115-857C-8AF7BE9DB9BB}"
"{56F4125F-F559-43A1-A3B2-7CDA04C39CC8}"="{8061B956-065C-4C05-B17C-59E12DD241A3}"
"{CC053C82-CB99-4BB0-A619-D52F2D55195C}"="{8061B956-065C-4C05-B17C-59E12DD241A3}"
"{0CB49B73-CC26-4C7E-8E18-77FA31C7F4F7}"="{34B30E08-797E-4BB1-8176-77B5EED5B7F8}"
"{FE51974B-6A6F-42F0-98AE-94F652823E70}"="{34B30E08-797E-4BB1-8176-77B5EED5B7F8}"
"{B13A3942-3A91-48A1-B879-A28F0B7C1172}"="{65A533D9-4925-43E3-99B4-486ABE1B5353}"
"{D520BBBB-AD78-4526-9684-2D600EFFA68F}"="{65A533D9-4925-43E3-99B4-486ABE1B5353}"
"{52334C4A-444E-41CF-98D4-3891601973DD}"="{FF39F86D-3B4C-4D3B-8E7E-FB3B28E2A2AE}"
"{6933B431-7A62-4683-BC66-4E25AB03B3C6}"="{FF39F86D-3B4C-4D3B-8E7E-FB3B28E2A2AE}"
"{085B5E6B-993A-4758-B3B7-B272D71596ED}"="{6458DD0A-4D45-4B8D-A087-6AB46F5C6189}"
"{42758948-A53A-4858-91AF-9AD71EDFBEC3}"="{6458DD0A-4D45-4B8D-A087-6AB46F5C6189}"
"{0959FA73-B54D-4C5C-BE75-B88F4496BC06}"="{612EEB34-F06E-40AE-BFAE-53DAC37DD6BC}"
"{FA9DAFD0-203C-4442-AFB6-796E04614044}"="{612EEB34-F06E-40AE-BFAE-53DAC37DD6BC}"
"{A52F8B3A-659C-4BFD-9FB9-57F02022AD83}"="{04D3F27A-6565-4791-BF75-3288F3F77D19}"
"{163FD30C-182B-41ED-AC93-2F4FC667CFE6}"="{04D3F27A-6565-4791-BF75-3288F3F77D19}"
"{8C368692-534A-41BF-8FEB-4537C582999F}"="{1DF9B604-8735-43FF-80BB-00CCAE35987D}"
"{9F5D8939-B3AA-4CEE-9613-0116E4163DB6}"="{1DF9B604-8735-43FF-80BB-00CCAE35987D}"
"{944A9104-0C33-4B1B-AB31-42F09721F84D}"="{6C9718E2-525B-42AC-8310-46D246509DDD}"
"{D9DA36B8-F3C1-429E-B0F2-298C460DC327}"="{6C9718E2-525B-42AC-8310-46D246509DDD}"
"{6A4B51EF-ABA1-4E88-8EFF-326360A12BAB}"="{E76294BE-08EA-4676-9FD6-2F4148CD80CD}"
"{C4D9BAC6-7183-4D8E-A66A-DEAC596C5FFA}"="{825667B1-58E4-4DF9-9DE4-9FAF39F8772C}"
"{0A881ECD-B6D7-4FBE-B24F-C623367646BB}"="{825667B1-58E4-4DF9-9DE4-9FAF39F8772C}"
"{6810D9F0-F6E2-45E3-A790-0EFE1EAD6E33}"="{8BB2358F-CB9F-4F6E-86C9-229BB1F88CAB}"
"{95F86B64-B084-4DA0-BA04-D25FEECDDE9A}"="{8BB2358F-CB9F-4F6E-86C9-229BB1F88CAB}"
"{ACC22CAA-3972-417E-82FC-95CCD6A6D7E6}"="{4CF03887-9461-4039-898C-7D9F40F334BC}"
"{BE3CCC40-F374-495D-87E5-3B91069FCF8D}"="{A3F707B1-98F4-4B21-AAFF-03F7C36E2C92}"
"{9F515A92-E8DF-43C2-AB0D-4DE787872B1F}"="{A3F707B1-98F4-4B21-AAFF-03F7C36E2C92}"
"{5AC10829-232A-4F43-994C-7A274A29327F}"="{68095615-83FB-4DCB-A965-571EEE1C4C80}"
"{8FF78BCE-9206-4586-AA69-48249379882A}"="{68095615-83FB-4DCB-A965-571EEE1C4C80}"
"{01114C20-9A75-496E-8422-B49635E7B6F8}"="{E85CCC61-EC08-41ED-9C3B-51E05B190B65}"
"{83020124-15E1-4F46-832C-EA263FB06CB6}"="{E85CCC61-EC08-41ED-9C3B-51E05B190B65}"
"{88AD22EA-91D8-4BB4-A1BD-A747908D5FA7}"="{D85505CC-BFA3-495E-8E18-10CE48A5936E}"
"{90CF057B-0521-4304-9BCD-77FCFCF88012}"="{D85505CC-BFA3-495E-8E18-10CE48A5936E}"
"{2D85DBFE-7385-413C-8054-723B0A5C4EE1}"="{98C1427D-D632-4355-91D6-BF5643D08F6C}"
"{F9A686CA-D3CA-491F-A75E-72C659AD117F}"="{98C1427D-D632-4355-91D6-BF5643D08F6C}"
"{A9CBA00C-D7F2-482C-8E9A-642E87345185}"="{2FC9B8BE-9D1D-4D27-93E1-E57076BA135A}"
"{DDB77C5D-34B4-47A5-9A49-B65C219F111F}"="{2FC9B8BE-9D1D-4D27-93E1-E57076BA135A}"
"{B4D72A3F-F84A-48C2-AB6C-4687040A0480}"="{7BEEF07D-4FAB-4649-948C-1EE4CC7841A7}"
"{DFDD8A97-71E2-4365-8BDE-1C69D62B5EBF}"="{7BEEF07D-4FAB-4649-948C-1EE4CC7841A7}"
"{AE3256D7-C805-4485-87A6-C8C303461163}"="{37E75880-09FD-41EA-9BCD-7A9CD0FDD200}"
"{A4F7932A-AFD3-4A70-BB65-4BD8FB035606}"="{EF2DDC42-0189-40B5-9333-96CA7213EE6C}"
"{09F51D45-4EE2-4DFE-BE6F-439632CE2FD6}"="{EF2DDC42-0189-40B5-9333-96CA7213EE6C}"
"{5A313A5F-8878-4C79-81C9-2C1EECE07EBE}"="{8AEB8956-FCDD-4633-99DE-DE66FAEBD008}"
"{869C4B28-5168-4034-AC26-DE52B989B870}"="{8AEB8956-FCDD-4633-99DE-DE66FAEBD008}"
"{ACFB78C5-144C-4735-AEF5-C7D87C166367}"="{B3744DF7-EB49-4423-B6B9-47EE1905A070}"
"{C8CD8249-4D98-4316-A11D-A789115401D8}"="{B3744DF7-EB49-4423-B6B9-47EE1905A070}"
"{E7A26E6B-7DC6-4CA8-9E3C-BAB2BE568236}"="{D7932ABF-1028-4C3E-8440-8BEB6ECF2AB8}"
"{0272C456-7B29-4E4D-8142-1AF176CB1AB5}"="{D7932ABF-1028-4C3E-8440-8BEB6ECF2AB8}"
"{95D5CF25-0E1F-45C8-BB00-8FDAF4D44146}"="{6BD4F5F4-3605-47B6-83D9-2D2D40DF6808}"
"{BD48A847-F55C-4FB7-896B-A9DB30044661}"="{6BD4F5F4-3605-47B6-83D9-2D2D40DF6808}"
"{61344B6C-9148-40DA-ABE4-456F12865732}"="{CC6F7311-1952-470F-8827-6289610979EE}"
"{7D3F40E2-927B-45A2-BEA3-6D20C19A6F37}"="{CC6F7311-1952-470F-8827-6289610979EE}"
"{F6006EF9-0E8F-45DD-A9AD-B98873656567}"="{3A3F9AED-6552-433B-A3FE-EB89F9D93D6D}"
"{730182CA-4DC5-4219-A8A8-09A0B29EB3D2}"="{3A3F9AED-6552-433B-A3FE-EB89F9D93D6D}"
"{7C5B84A1-ABEB-4201-9A20-180C046D7015}"="{A8F7B194-166F-4D1D-B484-08843A616CEC}"
"{A7CAD13F-B2FD-4414-BFAC-B4047D896B19}"="{A8F7B194-166F-4D1D-B484-08843A616CEC}"
"{D73FAAF6-6D04-4C7B-ABCA-131798070F5F}"="{CF10332C-2BB9-474A-9EA0-6E4A1976B112}"
"{53BEA385-E371-4BCB-A05C-DE382D3A272A}"="{CF10332C-2BB9-474A-9EA0-6E4A1976B112}"
"{37824ED9-2AD3-43A7-B2E5-501337BDE931}"="{FA8F080B-4905-4E1C-B514-0824518668C6}"
"{E05009EE-96C5-4666-9803-8245FDDBA209}"="{FA8F080B-4905-4E1C-B514-0824518668C6}"
"{4C49E255-4F25-41A9-9CD9-361B2C42FF84}"="{E85EF844-885C-44F8-B0EE-261100F8403B}"
"{717ACA81-5C80-45D7-B38B-48C9B0E0C7DE}"="{E85EF844-885C-44F8-B0EE-261100F8403B}"
"{20C14419-EE5B-41ED-AFA3-3EE253F68DA0}"="{BF8E3B87-0549-4166-B3C5-FC262A97E06F}"
"{6237EDB0-D90B-43FD-9594-F1545E1EDBE1}"="{BF8E3B87-0549-4166-B3C5-FC262A97E06F}"
"{42FA4468-DC8C-49A8-90EA-44B8A40E864E}"="{8C2E55E2-584D-4435-BC76-B7284ECC432C}"
"{7DA169E0-3DE5-4F60-ACD3-EC2E70C372F7}"="{8C2E55E2-584D-4435-BC76-B7284ECC432C}"
"{0CFE608F-0590-4CD5-9869-7D41320E141B}"="{5AD3F648-09C7-4E5A-89C5-B464598FE973}"
"{FB339E44-B245-4F0E-B41E-CD5A30540FCF}"="{5AD3F648-09C7-4E5A-89C5-B464598FE973}"
"{A7B2F820-1988-4224-BAF9-DC44F26349F7}"="{230CE127-4B72-480B-A608-A47C8D3CA261}"
"{F5DF3284-E246-464B-B7DD-9D7D2F41FC3F}"="{230CE127-4B72-480B-A608-A47C8D3CA261}"
"{64EB89AD-F921-4337-8CBC-5B921A55D680}"="{2F886F89-1B68-469E-B69B-38C2F2F17A8E}"
"{C0A2EB07-18D1-4903-A444-D6AC322313B4}"="{2F886F89-1B68-469E-B69B-38C2F2F17A8E}"
"{99F4814D-177E-417F-B73E-29FD31C9E73A}"="{5B087B50-DAF9-4DDA-805A-30AD9204035C}"
"{B45CC062-6A55-43C0-8219-7D1395608140}"="{5B087B50-DAF9-4DDA-805A-30AD9204035C}"
"{14FA95F0-1F21-4505-9EA2-4D79ED182E6A}"="{06868134-F218-4B40-8C70-F21B29FFDC6B}"
"{A365319A-0D14-44A6-BAD5-AB58222E995D}"="{06868134-F218-4B40-8C70-F21B29FFDC6B}"
"{9E950018-25EF-405C-8811-FF9D5DD360EB}"="{E7AC350F-3034-4119-83BB-D0F04CE210F9}"
"{EDD9884A-EA73-477D-9718-70405F586286}"="{E7AC350F-3034-4119-83BB-D0F04CE210F9}"
"{592DD9D9-237F-4C42-8793-A66F475EDAB7}"="{1FBA0FBF-5062-4D1B-B6A2-7A395F73638F}"
"{08A2AC64-11D1-432D-81B0-E00CA33DF1DA}"="{1FBA0FBF-5062-4D1B-B6A2-7A395F73638F}"
"{E48F4760-C3E0-48F8-A29F-DA6526F6DB36}"="{AD45EE05-577F-40F1-87D6-FA5A5C3DDE87}"
"{AA656E64-FF82-4D79-B94B-80C048867FBE}"="{AD45EE05-577F-40F1-87D6-FA5A5C3DDE87}"
"{E3C2FBD4-A6DA-4734-9A0C-FA80B2382B92}"="{E8E6C62A-7787-4ECC-A846-C0DF1B2E3BB1}"
"{210E9353-FAE0-4A28-886B-C30E28E0D307}"="{E8E6C62A-7787-4ECC-A846-C0DF1B2E3BB1}"
"{7F7FB41C-57D3-47B8-849A-DD9FF963F676}"="{7492D8F5-9337-4DF2-8CEE-31C71840CFB5}"
"{5605B790-C8DB-4EEF-B7E7-B116719856A4}"="{7492D8F5-9337-4DF2-8CEE-31C71840CFB5}"
"{4E493723-9E03-4EC2-87E3-CF4A3CE72055}"="{A2FC9AE0-89BA-47E0-A822-4CDE4BBCD570}"
"{1A2A778E-7ED9-4B7E-8CB6-447379ED1A16}"="{A2FC9AE0-89BA-47E0-A822-4CDE4BBCD570}"
"{37BF17F4-1ADF-42D4-8A42-25747CB73F3E}"="{B22F062D-DEEE-4A84-8368-43DEA68DC1CD}"
"{76BEE20D-D28A-4C44-A9B2-47551E1E742B}"="{B22F062D-DEEE-4A84-8368-43DEA68DC1CD}"
"{7A21A21B-1920-470C-8096-672DAA980EB4}"="{E24E8783-19F9-41A4-A643-C00776835019}"
"{12BDE5D1-B6B2-4337-9B5E-F1340C63B0D4}"="{E24E8783-19F9-41A4-A643-C00776835019}"
"{6F709A00-37F8-4745-A460-B10E50A42385}"="{E93D05CA-4F64-4115-9713-7DDA898A4B9D}"
"{02352DF4-EC0B-4A50-A3EC-BD49E5CA84F7}"="{E93D05CA-4F64-4115-9713-7DDA898A4B9D}"
"{280FB2BB-B87E-4611-ACC0-C281561FFEBC}"="{9E29C953-169B-4EBD-8063-F58782E36E13}"
"{0DD90372-820A-4AB3-B081-E4B17F674FDB}"="{9E29C953-169B-4EBD-8063-F58782E36E13}"
"{153718FF-DB2D-43C0-8B29-6C728D49B66A}"="{0BD477E6-CA8A-4A14-8D96-DC7158E9DC30}"
"{870395FA-99EF-4DDE-8AC5-314AF58A2FBD}"="{0BD477E6-CA8A-4A14-8D96-DC7158E9DC30}"
"{7B8799C1-0B5C-4A75-84B7-3D32F02226D7}"="{AD0713B7-7F61-4DDE-B950-79DA2D440756}"
"{E5C85E0F-091C-4B77-9DE9-A0F479AC59EE}"="{AD0713B7-7F61-4DDE-B950-79DA2D440756}"
"{5B908CB9-4122-4160-ACD4-A6B97B86458F}"="{15D33D25-C558-4B8F-AB90-8F0E0B83824E}"
"{60C660CB-E7EE-4BB3-91B1-D2D757D32F25}"="{15D33D25-C558-4B8F-AB90-8F0E0B83824E}"
"{24A5B29D-A614-411F-BA2D-58A481702AB8}"="{B56704FB-4BC2-4ACE-868D-D48CF1B383CC}"
"{D93E8E10-D4B2-44C0-8CE4-2DB33879ABFF}"="{B56704FB-4BC2-4ACE-868D-D48CF1B383CC}"
"{6BA2FF5B-F0D4-4AAE-BD3F-283C65EBD4AD}"="{5A3E67B4-149D-4C65-8F9A-DB07165B2839}"
"{F350613E-EA68-45B4-867A-F10BEF694948}"="{5A3E67B4-149D-4C65-8F9A-DB07165B2839}"
"{8D3BD13E-4A88-4D7B-8D92-478D2A50C0FD}"="{5309A4B9-A9EB-43A9-B48E-D0DC2075AB6E}"
"{FF69DCAC-2337-400C-BC7D-9D495044F6A9}"="{5309A4B9-A9EB-43A9-B48E-D0DC2075AB6E}"
"{9ADD9EB6-59B1-4B17-9E7F-738034DCA4E1}"="{A6FADAF6-F609-4A27-B104-89020636A575}"
"{A9C171C9-9FE7-44D4-8F9A-FB1EE17CA930}"="{A6FADAF6-F609-4A27-B104-89020636A575}"
"{1EA8FDF7-01E4-4F0B-9D6C-0465C3702845}"="{6E296D6F-EDCC-4E0B-BE5A-E8CC1658C184}"
"{7E2EE4FC-54D8-4411-8ABE-7B9AB3822C0D}"="{6E296D6F-EDCC-4E0B-BE5A-E8CC1658C184}"
"{D0211838-B9BB-4B69-B11F-A3C59E1240FF}"="{43FF9091-F127-425E-8F39-958D342298A1}"
"{095A9FCD-7365-4B1B-99A0-9EAA4AC49CA6}"="{43FF9091-F127-425E-8F39-958D342298A1}"
"{DDF5F40B-85D5-4BD8-80FA-EB37B69C63E2}"="{091A2CA9-5AA6-471D-B445-FBCC85F5557F}"
"{E6100BE0-E9FC-4500-BF46-782E4BC16094}"="{091A2CA9-5AA6-471D-B445-FBCC85F5557F}"
"{F0C810A8-C73F-4282-A107-BEF0A261241F}"="{5EBEE8A6-7AC8-4233-996E-8E458313D24F}"
"{E1E3256C-8777-481E-9057-96C5338BC773}"="{5EBEE8A6-7AC8-4233-996E-8E458313D24F}"
"{092B1D2E-D7F6-4AEE-8A49-39097CF957B6}"="{308C5A6C-136E-49C3-9810-8EE87B7D45E0}"
"{A25A05D0-8587-4B35-A8D9-797BF5910A0B}"="{308C5A6C-136E-49C3-9810-8EE87B7D45E0}"
"{32D0493D-376B-4327-A600-C205913699FE}"="{DC11939F-5EDB-4D4F-A048-800CC31ED1C3}"
"{E259718E-045E-486F-9D0C-727C610B27CD}"="{DC11939F-5EDB-4D4F-A048-800CC31ED1C3}"
"{BCE83E6A-71FB-418E-BD6C-F9BD6B3E3C28}"="{45A80878-4E6B-4799-B14B-55B3CD60504A}"
"{69BC6D61-44D3-4B1C-9EC0-3DE653FEB229}"="{45A80878-4E6B-4799-B14B-55B3CD60504A}"
"{348B3B0C-910F-4C64-8346-6536E937E487}"="{AF7194CD-7402-471B-A551-7CD2095EA86D}"
"{FF671AAE-1626-4293-BEAF-75BCABC9E96C}"="{AF7194CD-7402-471B-A551-7CD2095EA86D}"
"{1F3BC33F-6CB1-4B79-9642-4567AE46B317}"="{DAF0C7A0-BBDA-4488-AF2D-FC2A606503D8}"
"{5026F8A5-A0A2-474A-9FAF-821E65CAE062}"="{DAF0C7A0-BBDA-4488-AF2D-FC2A606503D8}"
"{B58309F2-E9EB-43D8-97DE-4B191FFE9443}"="{CD42C4B5-8A0C-466A-A7BE-545244F304F5}"
"{854761D3-79B4-4A3B-9F0F-7E00BD39F7B7}"="{CD42C4B5-8A0C-466A-A7BE-545244F304F5}"
"{9BF16DF4-BA03-4615-8E96-A987BD173D93}"="{2C75CA3B-BA25-4850-95D7-895D3193652C}"
"{FFA5791B-2362-4ABC-B1EB-B47AC2B066BD}"="{2C75CA3B-BA25-4850-95D7-895D3193652C}"
"{3A7547AB-6BE1-402A-821E-B111F9C390B1}"="{9EA4AD25-252E-4A79-9E6C-8B9BB2423AFC}"
"{C207CD45-14BA-4F71-84CC-B0568A789F59}"="{9EA4AD25-252E-4A79-9E6C-8B9BB2423AFC}"
"{47FF5DAA-7EFB-48FC-98AB-FF40F0C6A50A}"="{6A667EF1-89E4-4323-BC73-A854B37DD0E7}"
"{7F92C9B4-110B-41B6-B6F2-64832E4FF0F8}"="{6A667EF1-89E4-4323-BC73-A854B37DD0E7}"
"{D8618DAB-6B69-4400-BD53-471B19314237}"="{95A84882-DFBF-4BAB-B3AA-ABF4E473B89B}"
"{715509D6-DE04-4C64-9FC4-22989E292A06}"="{95A84882-DFBF-4BAB-B3AA-ABF4E473B89B}"
"{8C2B57DC-EA11-4834-9CA9-301C70F83B4C}"="{E21D0309-C72D-4A56-90C7-D30E22BC2B02}"
"{9F5DEEF7-1DCB-49CD-867D-1CD3B3591B9A}"="{E21D0309-C72D-4A56-90C7-D30E22BC2B02}"
"{5FEEBD68-6696-40F2-BAA9-BC584448E578}"="{B5A26AF4-5577-4265-AEC8-21172E1CDA12}"
"{1DFD1CA9-8EB9-4D6C-A53D-28477D449EFD}"="{B5A26AF4-5577-4265-AEC8-21172E1CDA12}"
"{E09B3168-4C40-4ED9-9A8E-77283192918E}"="{2503FF7D-CB8D-4EB2-AEA2-9758A5CD0970}"
"{C02B9963-5065-45A9-B1D9-34A4F7212A99}"="{2503FF7D-CB8D-4EB2-AEA2-9758A5CD0970}"
"{8114F2DC-8767-4DC4-9DC7-F77814F568E2}"="{25378760-A03B-4ED6-85F0-4DE1A44F870A}"
"{7F231901-57A9-4E6B-ACE4-95AB2C1CD59C}"="{25378760-A03B-4ED6-85F0-4DE1A44F870A}"
"{EB8B262D-33B8-4C3F-B02B-E05FE6D5A746}"="{3F07E6B8-D15D-4EB8-BF81-72F39A1FB308}"
"{93D47E9E-4D0A-4D75-8A85-184AF363C91D}"="{3F07E6B8-D15D-4EB8-BF81-72F39A1FB308}"
"{891DA9AF-78E9-4264-B911-5D19A33A9F1D}"="{1E2755DC-A9F9-4989-837A-4E792F8744E7}"
"{9460ED6A-7877-4EB7-B4E3-2E4DA0247006}"="{1E2755DC-A9F9-4989-837A-4E792F8744E7}"
"{02AA12F3-6A6A-43D3-B3DC-9B828ACFA083}"="{D7B1801B-F34C-44CE-A428-424A41188E07}"
"{524D3274-D417-47CD-B8D0-34E6BA07E319}"="{D7B1801B-F34C-44CE-A428-424A41188E07}"
"{BD4286CF-F5F3-4F7A-B766-A834F18985DD}"="{1EB2BE4C-ABCA-445C-AEF7-F357E741EE51}"
"{2734E09E-33A9-4C94-AF88-3649BB59D277}"="{1EB2BE4C-ABCA-445C-AEF7-F357E741EE51}"
"{2E0D5A1A-DB8F-4DB2-8044-2183298FD845}"="{292EA879-A85C-472B-96B1-1369FCFFA509}"
"{87AAB0CB-14AB-43DB-BFDC-B21825373D94}"="{292EA879-A85C-472B-96B1-1369FCFFA509}"
"{6E3285F0-79CE-41A2-8573-51A9D3AAD8E6}"="{1E80A736-BC5F-4E51-9215-B8FF76B95467}"
"{2EE38431-C4A7-4956-9C85-F64CBE737202}"="{1E80A736-BC5F-4E51-9215-B8FF76B95467}"
"{E69ECFC4-59D1-4F96-A028-FFCFE5C264EB}"="{029D34DE-AF79-46FA-92EC-4FAA4BAA311A}"
"{13E847BF-4A6B-4E98-8DF2-F6BB0377CD83}"="{029D34DE-AF79-46FA-92EC-4FAA4BAA311A}"
"{F6C93B5A-0BDD-458A-8041-5F3EC36484CB}"="{A9FD223F-4274-4ECA-A436-BFD3B091A775}"
"{2743C17F-93EC-43F0-897E-256EEEB505FA}"="{A9FD223F-4274-4ECA-A436-BFD3B091A775}"
"{7E8AA74E-C79F-458C-A4FD-A93D65DAADF9}"="{25F07B0A-F681-4768-838D-A5A332368F60}"
"{6DB6D167-5D58-460D-86F8-27FEC99DA865}"="{25F07B0A-F681-4768-838D-A5A332368F60}"
"{FA194BBE-9055-466C-B19D-3452D5671C3A}"="{7724BDBE-D91E-4449-AAF8-EC339EE5A413}"
"{411C7870-EB84-4CA7-8392-877DF52AF6DD}"="{7724BDBE-D91E-4449-AAF8-EC339EE5A413}"
"{8C7F380B-A51E-4B72-9F92-DD026B89128A}"="{F1EECC76-F0DF-49D9-BC01-151CF10A9264}"
"{E79ED0A8-F338-4CA6-A4AE-3EBB454A6DC6}"="{F1EECC76-F0DF-49D9-BC01-151CF10A9264}"
"{6C5F77AD-5484-40C3-9531-8B9B22C061A0}"="{1F463213-F033-4768-B7AF-9C8A14236334}"
"{E6084B35-CD1E-48A5-AB87-8BD592D65246}"="{1F463213-F033-4768-B7AF-9C8A14236334}"
"{CBC5967E-306B-4AB4-8C6B-D7960718B553}"="{A670F18D-103D-4B59-8910-6CA0D114A7B1}"
"{66C71165-AC5C-474F-8F24-B6D5F31A47E6}"="{A670F18D-103D-4B59-8910-6CA0D114A7B1}"
"{F4426F2A-B195-4422-A6BF-FF036E4E5608}"="{AA40FEA2-BA32-4EDA-871C-082CEB4184BB}"
"{50E06E24-C1CD-407E-A3AB-4EBB29B1676D}"="{AA40FEA2-BA32-4EDA-871C-082CEB4184BB}"
"{F79E9379-972F-4CFE-BCA8-58F017DC8489}"="{E80114BF-4172-44A5-92FE-CD381A843BD1}"
"{1CC598BC-9CE3-4BF8-99DF-B3FAF6F01F6D}"="{E80114BF-4172-44A5-92FE-CD381A843BD1}"
"{4B9BD5D5-4507-4CC3-9CE3-B4350465DD9A}"="{BD3F5C08-92D7-45CF-91E4-C8A6E25233D2}"
"{93C3FB04-4C74-4254-946B-249BBDAFA3B2}"="{BD3F5C08-92D7-45CF-91E4-C8A6E25233D2}"
"{27AFC734-70BA-4387-A4E0-5E47278A0D93}"="{DD147348-2219-4B9F-9B5E-640AF537D82D}"
"{C2FB87E3-F9E0-4BCE-BC0B-89BCCEC5DB73}"="{DD147348-2219-4B9F-9B5E-640AF537D82D}"
"{97A320D4-F1A6-463B-B4AE-C41E97E0414D}"="{B697B15A-996A-4E4E-BA19-A3A6B0691B22}"
"{06EB4199-9016-46B1-81E5-3229BD376D05}"="{B697B15A-996A-4E4E-BA19-A3A6B0691B22}"
"{50BA31BA-B00F-491D-A866-C217B8A63ED1}"="{DFE8D471-E999-4456-BBB8-3E899FE61D03}"
"{35DB9B23-FD2C-43AB-88B1-B01E42ACF48F}"="{DFE8D471-E999-4456-BBB8-3E899FE61D03}"
"{40B01811-BE0A-40FA-A26B-58AC3A0DC896}"="{DFB208B7-4222-4283-81EE-9B9A8E5D27C9}"
"{AB872790-FBCD-4E15-B36F-2A6B8585C95B}"="{D608FF64-A24A-404B-9303-02C6A83CA348}"
"{C5E1B94A-A74C-4F73-B988-7DAA5911EC89}"="{D608FF64-A24A-404B-9303-02C6A83CA348}"
"{455459B5-4C8F-46A2-A79D-3730BDBFC69F}"="{A8CCCA32-2CDF-407E-9C19-7168A7072D10}"
"{703EC10E-883D-4ADA-BF96-4F9378B698F9}"="{A8CCCA32-2CDF-407E-9C19-7168A7072D10}"
"{DA983BD6-493A-43F2-8F88-FEC2185F90CB}"="{89633305-CE59-450F-B4DA-E7CB2A0C88F8}"
"{61AFBED6-C4E4-440A-B77D-7C1C3322BDC3}"="{89633305-CE59-450F-B4DA-E7CB2A0C88F8}"
"{B5BEF28D-467C-4ABB-BC4C-1079A6855F83}"="{2B87D699-106D-4B26-A43D-41CAEE9B422E}"
"{BBA0ACFD-64A2-4F61-8C67-21A614575192}"="{2B87D699-106D-4B26-A43D-41CAEE9B422E}"
"{7BDD88BE-E454-4163-ACD1-CBE0D8FBE798}"="{FD2ABF8B-CBB7-4F75-A84D-D43E5AFFA47F}"
"{B1E78456-11EF-464A-A9C9-CF11FA06FA58}"="{FD2ABF8B-CBB7-4F75-A84D-D43E5AFFA47F}"
"{BD52BCD9-8EE6-4ADA-A104-02CEAA8BD760}"="{BE63B2A3-6079-4DE4-878F-E89A59521175}"
"{66366294-C3A4-433C-8E33-8E200075EA1B}"="{BE63B2A3-6079-4DE4-878F-E89A59521175}"
"{F6C99801-BC11-42AE-8DE8-4BCCE3D6D283}"="{CAB8C62C-03CE-4E64-A618-0F4E2FBC4E6D}"
"{7D94E503-8534-4BF0-A9D4-0301D88679D1}"="{CAB8C62C-03CE-4E64-A618-0F4E2FBC4E6D}"
"{911311BB-F99D-4D6D-8048-9598B98C3316}"="{F3DD1964-A2BD-400D-A117-D7485CFF5FC9}"
"{B51BD39F-FAEC-415D-ACAB-D691F7603389}"="{F3DD1964-A2BD-400D-A117-D7485CFF5FC9}"
"{30ACB6BE-A8F4-4962-A4CE-CF55AA3AE45D}"="{6AB44148-4727-45F7-BEA2-2E6657B54638}"
"{C2EDBED5-6833-4C06-A942-3A335C8FFBBE}"="{6AB44148-4727-45F7-BEA2-2E6657B54638}"
"{2D08B682-0B17-4B98-A0C5-5B48F651B17A}"="{E18462FE-CB8D-4D38-8951-9FD63483F9A5}"
"{C8829A73-F04E-4573-88F0-F62A1C9BEE2A}"="{E18462FE-CB8D-4D38-8951-9FD63483F9A5}"
"{863AEFD5-0387-464E-9913-6F0B58DBFE79}"="{04AFE5DF-CE1D-431F-BBD0-5A0179D36286}"
"{537DCFBA-E381-49ED-B382-2AD44E000C1E}"="{04AFE5DF-CE1D-431F-BBD0-5A0179D36286}"
"{0C2D7A00-328A-476B-BD4A-2EAF485836D8}"="{EB41285D-2C17-4E1C-941E-0F2E714D6771}"
"{2BCA2584-8447-455C-85C3-7C946563A71B}"="{EB41285D-2C17-4E1C-941E-0F2E714D6771}"
"{17E69CBC-76DF-478D-92FA-DE0DCA71A7C0}"="{9E1C124F-C998-4FF5-BC76-8735414627E0}"
"{966590E5-A504-40D0-9A7F-42488C80B415}"="{9E1C124F-C998-4FF5-BC76-8735414627E0}"
"{AEFB92F8-E59C-4DEA-89B9-7B21ABE60B9A}"="{4B67F667-E38E-4AD3-8C67-DBD1CACBC348}"
"{694FEF2E-F55E-4080-9322-6D637C162777}"="{4B67F667-E38E-4AD3-8C67-DBD1CACBC348}"
"{31348E08-B365-4E41-95E2-2909212E9FF9}"="{AAD3CB69-20B7-481B-9EAD-054ABCA7AC82}"
"{5C262705-440C-422D-BAAB-E0E44E8097C0}"="{AAD3CB69-20B7-481B-9EAD-054ABCA7AC82}"
"{60FD2B11-EE74-4695-BF99-715EBF7AC64D}"="{8D0C9F82-7895-41E1-A523-76B642654433}"
"{16E37B03-8B03-4D68-B4CE-2D0129E14035}"="{8D0C9F82-7895-41E1-A523-76B642654433}"
"{9FB3D23C-384B-4E59-93ED-C89EE1BB8606}"="{9DEEA5DD-13D6-4520-83F0-78C028AF3F40}"
"{8387B3FB-64DF-4927-996B-0036AC2A1470}"="{F4BD7714-01D8-49EB-AAFC-973F5DE64291}"
"{C9BE93E7-5A71-4363-BEF2-D3A53A8F63BF}"="{F4BD7714-01D8-49EB-AAFC-973F5DE64291}"
"{FD6C3A13-44C5-431C-9E05-3D93C2EBBCC8}"="{AFDA244B-CE86-4393-A95C-DC384E37C8B7}"
"{3735AE04-3595-4AA3-A343-CC936391CECD}"="{AFDA244B-CE86-4393-A95C-DC384E37C8B7}"
"{04FA3C82-2D9F-4E62-9584-6F74527BD4A6}"="{2AC380CC-F4D8-43C3-A09E-F3C018D33C0C}"
"{2B1D32FC-544F-4571-A1F3-2903D269C889}"="{2AC380CC-F4D8-43C3-A09E-F3C018D33C0C}"
"{C2AAD3D0-A3F5-4C65-810C-D33CE89935FB}"="{7951F91C-83B7-4DC1-B1F6-6C2864F2A832}"
"{C7523E00-4E2E-4FEB-8390-7EB1ED6CAA35}"="{7951F91C-83B7-4DC1-B1F6-6C2864F2A832}"
"{A079C394-3888-4366-A772-601D6470C0D6}"="{077A70F8-E213-46DB-9646-758DC0EAD8A2}"
"{531D1B17-F93E-40CE-93B9-FF30098C1385}"="{077A70F8-E213-46DB-9646-758DC0EAD8A2}"
"{DEFDAF5D-B06A-4F4A-B5A3-50FF274EDFAA}"="{7FE724AB-D586-451D-87A9-2253AD55AE40}"
"{BB57AFF6-0C32-4437-86DA-1C8C220804EA}"="{3883B821-E826-4E84-8B58-388120796274}"
"{BC6B0D73-151B-4EA6-8B9A-10B2169A19DB}"="{3883B821-E826-4E84-8B58-388120796274}"
"{A92AAD59-33EE-4CEC-A633-11F2E55C6CC8}"="{48847BA4-52EE-4414-82D9-664344750589}"
"{579DA068-1D86-47D4-94C5-39D85B68A732}"="{48847BA4-52EE-4414-82D9-664344750589}"
"{03847F31-19F7-44AF-8470-944DCFD04CC2}"="{07C6C832-DC57-4FEC-99F7-4EB543C55096}"
"{CF637A64-8106-4F79-AD1E-A157CA8EAC06}"="{07C6C832-DC57-4FEC-99F7-4EB543C55096}"
"{159446C8-ED1F-4BC5-99CC-B10467C187B5}"="{3D0F83A1-E5E6-49CD-BF00-4E43CAEC2DD2}"
"{A4268C1F-1CE5-4213-98A2-68F27C1B95ED}"="{802CF2EE-8A00-4859-B59C-EC1C83B4C614}"
"{67970C37-B1F1-49AF-8C94-7048190D7419}"="{802CF2EE-8A00-4859-B59C-EC1C83B4C614}"
"{90081DCE-3718-4853-A6E4-33027F27AB87}"="{3AAB0A3B-284D-48C1-BAE6-54AD179F722E}"
"{368C9379-BA83-4C9C-800F-2BD370FF1D00}"="{3AAB0A3B-284D-48C1-BAE6-54AD179F722E}"
"{E5A45FE3-0F41-4222-BD9E-50BC1816FB41}"="{1DC6A10B-5B1B-40C4-A835-928F0635498C}"
"{1D549247-473D-4543-A225-E8A8B2E9B160}"="{1DC6A10B-5B1B-40C4-A835-928F0635498C}"
"{63049035-283C-4243-A84A-438BB188408F}"="{182AE360-5709-40C9-9D9B-B573928065AD}"
"{D8A85ECE-2C96-4CE9-AEA6-8018DEFAB043}"="{182AE360-5709-40C9-9D9B-B573928065AD}"
"{96318372-0A6E-44EA-B8ED-8B0638BE1DA9}"="{9970BE9F-55FD-452A-8A08-EC806C075A9F}"
"{75754DB3-2B15-4CDD-9531-D9016DE5E4F8}"="{9970BE9F-55FD-452A-8A08-EC806C075A9F}"
"{733D25B2-C8B5-417F-9CF7-19F3524ABC1A}"="{82BE1FF7-F668-4875-8E5A-3841B477CEE1}"
"{4279D1ED-1F76-4857-94A4-F2AC4277CF59}"="{82BE1FF7-F668-4875-8E5A-3841B477CEE1}"
"{8FA07219-0B31-4008-AD5B-3323F5FC272B}"="{AF3DC7E2-136C-4D4D-A835-1EDF8282912A}"
"{98797A90-6755-4E22-AE5B-697014C606C2}"="{AF3DC7E2-136C-4D4D-A835-1EDF8282912A}"
"{86F8E235-154C-4A80-AF41-2A222031746F}"="{B31F97D7-0CBF-4EB0-A9B1-A28D280B46D6}"
"{EE435436-AF96-4B64-8883-16BCA78897EE}"="{B31F97D7-0CBF-4EB0-A9B1-A28D280B46D6}"
"{93EF3655-338F-45CB-AFCE-D91CE06322B9}"="{DE9C89E3-E452-4E82-876E-D01381BC502A}"
"{0B3535B7-6154-48F8-B8EA-B110BBBACEC7}"="{DE9C89E3-E452-4E82-876E-D01381BC502A}"
"{B583976B-F91C-4791-A690-F06EC9BA5055}"="{4581D3EE-2208-4BB3-98AC-4C9C2A40BFE4}"
"{59FEAD5D-CDCF-4823-BA3A-098D945A9CDB}"="{4581D3EE-2208-4BB3-98AC-4C9C2A40BFE4}"
"{DE8DD48F-92BB-4ED4-B1D4-CF07936BE1D6}"="{915270DD-4459-4326-B747-A1C6323E720A}"
"{C052187B-9008-4680-81AD-BDEEC52CCCF8}"="{915270DD-4459-4326-B747-A1C6323E720A}"
"{7F6EF782-E7DF-4408-BE9D-99921E0FE842}"="{14FB27D7-D0F0-4ED3-A21B-ECC135017BEB}"
"{3D4448CB-7853-4622-BEC9-E63C60188DAA}"="{14FB27D7-D0F0-4ED3-A21B-ECC135017BEB}"
"{E5A21D03-4430-4860-B093-476D285E8C1D}"="{32B47DB7-CB47-4DA9-8594-24C4C8C6DA00}"
"{60E8E720-F867-4DB5-B8CB-3F8F801FB808}"="{32B47DB7-CB47-4DA9-8594-24C4C8C6DA00}"
"{4C1C177A-2E78-469B-B591-818D459AFBB2}"="{BFF4E727-E808-4652-9C2F-88CD4F875A35}"
"{CC097DA7-17FC-48AB-921B-DF54757E3C04}"="{BFF4E727-E808-4652-9C2F-88CD4F875A35}"
"{C1CBC44D-6D01-4B7D-B35D-2A6283D62B55}"="{FCAAD1B3-AE36-43C5-8714-40AD98D991D5}"
"{56593794-1A70-4C11-87C8-8416CF4DCBBE}"="{FCAAD1B3-AE36-43C5-8714-40AD98D991D5}"
"{505C3F9C-7B62-4C87-B738-E6D5544F1F43}"="{71D27F89-6E5B-4966-BB93-DEB1CEA3EC5B}"
"{0B48F00E-B130-4E88-B1AC-FA04351AFF03}"="{71D27F89-6E5B-4966-BB93-DEB1CEA3EC5B}"
"{A737BD7B-7A2D-448D-8DC1-FB1033775F86}"="{895CE5DC-B7AE-49FF-841C-3A4E2BA73246}"
"{703BE241-DE09-4010-82C1-27552F73A2F1}"="{0BAFD7BB-AB5F-43C9-890D-D59FB2C7524E}"
"{07B0A433-F716-4E77-9A0F-D667614BE18A}"="{0BAFD7BB-AB5F-43C9-890D-D59FB2C7524E}"
"{A1510C7D-70EC-40C8-A54A-8A796F99DC66}"="{4CE71489-E7A4-467D-BA7F-92DEE3E403A7}"
"{7FAF05F8-0ECF-4FEB-8A98-A0BB0337CC8E}"="{70339EBE-DFCA-43F4-87A4-99959B6F9E69}"
"{658DC6D1-D42B-4859-A89A-8134C544816B}"="{C18A8132-5B11-4B9F-969F-232AC6260858}"
"{2F66A079-8D9E-4D2D-B214-5EAC58C2F97C}"="{70339EBE-DFCA-43F4-87A4-99959B6F9E69}"
"{B0467D3D-C6E4-49C7-A486-F0BB86D2D56F}"="{C18A8132-5B11-4B9F-969F-232AC6260858}"
"{C71E27B6-96A9-4E86-BCC2-9220CF7CC457}"="{60275350-E203-4342-8224-966BC93E8570}"
"{A6F668AB-8071-41E6-991E-1CAA445BDECA}"="{60275350-E203-4342-8224-966BC93E8570}"
"{A9231AFB-EA62-4FF4-9A4C-A1F92E0B133A}"="{E07097BE-7F02-4AE6-90A5-ED6430EC3F5C}"
"{6507330C-6414-451D-B8BE-2FD9F6922CAF}"="{E07097BE-7F02-4AE6-90A5-ED6430EC3F5C}"
"{C76109E3-A6D7-4F3D-BF2C-54B9056BC94C}"="{D970D1CE-03CA-44B5-9E33-372CA70CDBCA}"
"{AEA29566-E23A-4F49-B7C9-09552F68940B}"="{D970D1CE-03CA-44B5-9E33-372CA70CDBCA}"
"{F68D7430-2747-4401-9C0E-375149D46ADD}"="{CCE3FA62-A719-4FA0-8F76-5A3395EDD755}"
"{763719D2-D3A8-49A9-83C9-F9C64653B0B8}"="{CCE3FA62-A719-4FA0-8F76-5A3395EDD755}"
"{7D02B302-BD57-41B9-83F4-B7835236748C}"="{D05400CC-1E35-4E54-82EB-CB1F7D9720F9}"
"{DF9195E8-FD3D-419B-8ECD-4E434C8B3B3F}"="{D05400CC-1E35-4E54-82EB-CB1F7D9720F9}"
"{29521D28-19F6-47F9-AB16-5F2DD26253C2}"="{09B07ECB-9CE8-4F48-AC3D-0144465B375F}"
"{B371C939-BBA5-44E4-9A2F-D2F40E1F0071}"="{09B07ECB-9CE8-4F48-AC3D-0144465B375F}"
"{8C95E423-4E27-40FB-94B8-531C64042229}"="{D4133487-2CB7-480C-BD59-A2F07E7F1C17}"
"{0AEE510C-0FC6-4C85-A66B-849A5C94008D}"="{9D4D1AA9-0EAF-45DC-9F0F-50057AF13B41}"
"{8E56772D-53B2-4F8A-8D9C-6EDA130F7DA9}"="{7476A11D-EF82-4FBE-AF13-4EA5FFA3EEB0}"
"{149AF772-BC5C-4297-BC99-19368C7B60B2}"="{7476A11D-EF82-4FBE-AF13-4EA5FFA3EEB0}"
"{AC30876F-40A9-4BF3-9BC1-53B6CC65B324}"="{9D4D1AA9-0EAF-45DC-9F0F-50057AF13B41}"
"{53843B51-42B1-4576-AF0E-3005F2F035E1}"="{608B9DB0-7E5F-4B83-B661-047CA8CE1D65}"
"{4355CE91-28E6-4D05-B8F9-ADE6DA5A0197}"="{E64B59B8-9597-47AF-A4FA-6C185DD83E60}"
"{9CA35D95-5747-4789-98EB-27220DD2ECC4}"="{E64B59B8-9597-47AF-A4FA-6C185DD83E60}"
"{9C1D618C-08D0-4B1D-97EB-1D03C76B2550}"="{B4F1DD3A-2689-4776-B31A-82969A10404F}"
"{1DED07B6-5EF6-4EA3-AFC4-7242ABC6F371}"="{B4F1DD3A-2689-4776-B31A-82969A10404F}"
"{C331BD3F-F29F-4412-A2C7-B9680B858217}"="{409ACBA6-1FFE-4B40-8F10-F8FA39A4BD8B}"
"{DE65FBF2-082C-4960-BF0A-23A120FCB2C9}"="{409ACBA6-1FFE-4B40-8F10-F8FA39A4BD8B}"
"{396BCCA0-D897-45DA-80C8-40FE2B689BF8}"="{B13E6FCA-B6C0-41AA-A22F-B00C30879718}"
"{639D2698-6915-451D-AD3C-B916FE947856}"="{B13E6FCA-B6C0-41AA-A22F-B00C30879718}"
"{5F7BB3E8-EC5C-447A-AA63-12AD195E473E}"="{86AA3B47-A11A-4E8E-9369-14F6CC00FD06}"
"{3092B7BB-4DCA-41E0-8B8B-DAAA9A844B66}"="{7C2BBD2E-AD29-4C48-9943-48EB1A5E3172}"
"{69D4D361-8A9C-4EFA-BC73-FD0E49D4180E}"="{7C2BBD2E-AD29-4C48-9943-48EB1A5E3172}"
"{371911D1-4662-44F4-88DA-7DD024AED0EB}"="{2D5AF191-0133-41A3-8234-5DC1FB616384}"
"{AD04EF03-1514-40B0-A9E8-E9EBEDC286F0}"="{2D5AF191-0133-41A3-8234-5DC1FB616384}"
"{6ADC2451-774C-4CB6-830A-9E9E050C0C92}"="{7FE5E405-4205-4B0B-AFE5-AA50D4F4A5ED}"
"{2066E724-4C65-40E1-A51B-E36C369CB1FA}"="{7FE5E405-4205-4B0B-AFE5-AA50D4F4A5ED}"
"{57166D4F-CB77-4A7D-A682-6BC4E8E74823}"="{8CEE529D-C985-485A-AC2F-5209D119DBE8}"
"{E92D561B-8D61-48C0-AE1F-A72CB481B595}"="{8CEE529D-C985-485A-AC2F-5209D119DBE8}"
"{14C5A9E1-1FCB-4FDF-B0D3-564516C71101}"="{146F8E61-D589-482D-BC4B-BE8C7F68B095}"
"{7C56A968-C5A5-4278-91A0-F791C102960C}"="{53DDDF6A-19C0-4922-B3C7-D9E26FBA0EDC}"
"{786F6D18-2CB5-43ED-9E64-CA4F779E7CAC}"="{53DDDF6A-19C0-4922-B3C7-D9E26FBA0EDC}"
"{00C8D50B-D6DD-45F6-9B36-DD12BE5F3223}"="{45122A9A-8F4F-4B08-A160-C149E797A2B5}"
"{96EA6AD0-406D-445B-AA76-8F3A2F279B73}"="{45122A9A-8F4F-4B08-A160-C149E797A2B5}"
"{D9A23A6E-7858-4900-9149-A864FFDA9452}"="{2B5B83A9-A495-4C3F-90A2-2D94E55878B7}"
"{AE954CD5-6A5F-4170-9891-D16C211D3CC3}"="{221A3723-3976-45B6-ABC7-82A433AD6D3E}"
"{58032673-19BC-4B77-91D5-B5043B423D6B}"="{3B1ECCEC-6393-4639-A1B3-F1AB086FE97B}"
"{5F7C4B4D-0EC5-4665-81EC-52337F06E6F8}"="{3B1ECCEC-6393-4639-A1B3-F1AB086FE97B}"
"{CA889411-53F0-430F-A806-FE13F1890551}"="{6D81FD77-56EE-43C1-AE65-F2FD19B4D5DF}"
"{E210ED41-9D84-4F7F-8900-249CC2F01E0D}"="{5A3A5373-5146-4598-B893-0E2438122CCB}"
"{09455466-B0D0-41D3-A8F4-5D481CBB514B}"="{5A3A5373-5146-4598-B893-0E2438122CCB}"
"{81D93892-E5C4-42B9-B6D2-C1E09E04F91A}"="{761C8369-6084-4C17-9950-1AFFC2FD5D8D}"
"{722924A2-C555-4DF6-BA44-A6FE77F1E712}"="{E1FADD63-3672-4DD4-94C8-57E1A44C3890}"
"{0473A163-2318-46F8-AA71-6C434694E7FF}"="{E1FADD63-3672-4DD4-94C8-57E1A44C3890}"
"{4316A763-7618-412A-B7DC-C42379E35091}"="{6C6F7E56-2CF5-4511-92C5-8A4D31C5AD08}"
"{51C2323F-61CE-497A-B750-01BF70833AAF}"="{A78C6E8C-8832-41D0-8CA0-A90C69D5BE0F}"
"{5970AB8F-5668-4A1D-9E5A-D1732690463B}"="{A78C6E8C-8832-41D0-8CA0-A90C69D5BE0F}"
"{87973CAD-A2EA-44C3-BBB3-3266EEFF975D}"="{3C55D893-6650-40E7-92FA-EC45513F5108}"
"{F60959D2-2A9F-4FB8-900C-B34C6D39F487}"="{3CBA0017-5BB7-4419-856A-6A24A5B295E5}"
"{F80C3CC7-56C2-4603-8D59-5A4FAAE84CC3}"="{3CBA0017-5BB7-4419-856A-6A24A5B295E5}"
"{0D6587C9-AB43-4228-8138-AED82D989394}"="{5D0C59F1-7C0F-4E19-A503-C22E4F578268}"
"{0EA93F50-A928-4CA2-B872-69458394C014}"="{5D0C59F1-7C0F-4E19-A503-C22E4F578268}"
"{115D6780-E085-4964-932F-00FD831BC4F9}"="{3A5EE389-114F-4579-8517-EAAF5690C8F4}"
"{3BEEED38-F9D9-4E2B-8810-970DF2BB8ECA}"="{7239FCE8-78CF-422A-B54B-91345AD2D942}"
"{6A3CAD7B-15EC-4804-8AC0-B3842C480CF1}"="{FC0F3965-08E9-4F66-9EC5-3F8F51CC34D0}"
"{B5A6C834-F4A1-4007-BAC3-8FBDB415D26D}"="{FC0F3965-08E9-4F66-9EC5-3F8F51CC34D0}"
"{E02517DB-B3BB-4C2B-A45A-149E8F064E49}"="{77A9E8E2-5119-4FAC-8C2B-02EA1FED332A}"
"{79493B81-3E0E-4112-A318-F863694A7D7C}"="{77A9E8E2-5119-4FAC-8C2B-02EA1FED332A}"
"{F3C2DF35-332C-42AC-80BC-5266AF0D05C4}"="{9AA79960-2503-4A08-865F-804AE5EF6E73}"
"{048AD0BA-039E-4DD0-813B-C7037F3476EE}"="{3BAC7E0E-148B-488D-B282-124B436B5460}"
"{92DAEFA3-307E-4274-8BA0-276F8BFAF51F}"="{F9C1546E-814C-4014-A3E7-6CD85FFAE7A2}"
"{35E627A3-990E-4967-86F2-5521DDEB0072}"="{F9C1546E-814C-4014-A3E7-6CD85FFAE7A2}"
"{8DFEFF3D-77CB-405F-AD51-335839D9EBBE}"="{A4C77D01-508C-497F-BB36-A8C0B684781A}"
"{29A12D6F-0169-4855-9968-253C7DEB899D}"="{A4C77D01-508C-497F-BB36-A8C0B684781A}"
"{21D6D506-2450-490C-85BA-016C3DF75274}"="{D94F2F1B-9FC2-4AAF-BE85-64D9E351D58A}"
"{09263A0F-4807-4EA5-A2E0-E7DFE6BD2965}"="{D94F2F1B-9FC2-4AAF-BE85-64D9E351D58A}"
"{76600180-77FE-4D8F-B90D-05013EC42432}"="{8E21C562-E7AC-4A63-93FE-7D2D688E6566}"
"{007412C7-1EE5-4B64-9860-1FFBAE6D1B4A}"="{0DD58AA5-B367-4B9A-B720-3094B67222E7}"
"{424AB872-329C-49BB-9773-59F9C41F0286}"="{0DD58AA5-B367-4B9A-B720-3094B67222E7}"
"{3CF52707-53FE-4A2E-B73F-E83B43901707}"="{0F2FD50B-B63D-4FDC-84EC-3179393A8130}"
"{3CB3FB09-6020-4048-A41F-6C2434018762}"="{FE306C3E-67A2-4077-89CB-FE17E87857DA}"
"{3AD82A62-44C4-4F4B-A81C-65E31A306117}"="{FE306C3E-67A2-4077-89CB-FE17E87857DA}"
"ccSvcHst_ccSetMgr"="{5B81B172-B4FD-4D77-8B67-803D89F195ED}"
"ccSettingsService"="{5B81B172-B4FD-4D77-8B67-803D89F195ED}"
"ccSvcHst_ccEvtMgr"="{5B81B172-B4FD-4D77-8B67-803D89F195ED}"
"ccEvtCli"="{5B81B172-B4FD-4D77-8B67-803D89F195ED}"
"{5C83A240-4DBA-4B24-BE9B-13C5659E2D5F}"="{5B81B172-B4FD-4D77-8B67-803D89F195ED}"
"{82863926-FD45-4855-86B7-B62943DEDFF7}"="{F2BA3B06-7535-4854-B050-603F962F9C83}"
"{ACC64D01-39AA-4BF8-BD7C-387293B66369}"="{F2BA3B06-7535-4854-B050-603F962F9C83}"
"{E746158D-8B90-4B82-B9DE-0D14BE62693E}"="{F877A030-1BE3-4276-A772-04E4F7E25AF9}"
"{07156DF1-82F3-42F7-83E2-0F1A337EA0F5}"="{F877A030-1BE3-4276-A772-04E4F7E25AF9}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Symantec AntiVirus\DefWatch.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Symantec AntiVirus\Rtvscan.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Symantec AntiVirus\SavUI.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
c:\program files (x86)\Orb Networks\Orb\bin\Orb.exe
c:\program files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
c:\program files (x86)\Symantec AntiVirus\VPTray.exe
c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwAdmin.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\Common Files\Teleca Shared\logger.exe
c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
.
**************************************************************************
.
Completion time: 2013-01-11 07:50:56 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-11 12:50
.
Pre-Run: 330,496,249,856 bytes free
Post-Run: 331,496,894,464 bytes free
.
- - End Of File - - 9F4A53EEA64C844FC6EDCBDF20017739

If it makes any difference I am still experiencing that same problem after combofix.exe restarted.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 PM

Posted 11 January 2013 - 04:17 PM

Please run the following:

If it makes any difference I am still experiencing that same problem after combofix.exe restarted.

Yes, we still have work to do, it usually takes a few rounds with different tools before we are able to eradicate the problem


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Scott Wyllie

Scott Wyllie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 12 January 2013 - 11:40 AM

This log is from Kaspersky it didn't find anything.

11:37:11.0021 2712 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:37:13.0023 2712 ============================================================
11:37:13.0023 2712 Current date / time: 2013/01/12 11:37:13.0023
11:37:13.0023 2712 SystemInfo:
11:37:13.0023 2712
11:37:13.0023 2712 OS Version: 6.1.7600 ServicePack: 0.0
11:37:13.0023 2712 Product type: Workstation
11:37:13.0024 2712 ComputerName: THECORE
11:37:13.0024 2712 UserName: Core
11:37:13.0024 2712 Windows directory: C:\Windows
11:37:13.0024 2712 System windows directory: C:\Windows
11:37:13.0024 2712 Running under WOW64
11:37:13.0024 2712 Processor architecture: Intel x64
11:37:13.0024 2712 Number of processors: 8
11:37:13.0024 2712 Page size: 0x1000
11:37:13.0024 2712 Boot type: Normal boot
11:37:13.0024 2712 ============================================================
11:37:22.0139 2712 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:37:22.0150 2712 Drive \Device\Harddisk11\DR11 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:37:22.0320 2712 Drive \Device\Harddisk6\DR6 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x74E52, SectorsPerTrack: 0x20, TracksPerCylinder: 0xFF, Type 'W'
11:37:22.0353 2712 ============================================================
11:37:22.0353 2712 \Device\Harddisk0\DR0:
11:37:22.0380 2712 MBR partitions:
11:37:22.0380 2712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
11:37:22.0380 2712 \Device\Harddisk11\DR11:
11:37:22.0380 2712 MBR partitions:
11:37:22.0380 2712 \Device\Harddisk11\DR11\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
11:37:22.0380 2712 \Device\Harddisk6\DR6:
11:37:22.0381 2712 MBR partitions:
11:37:22.0381 2712 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xE8E08871
11:37:22.0381 2712 ============================================================
11:37:22.0533 2712 C: <-> \Device\Harddisk0\DR0\Partition1
11:37:22.0534 2712 K: <-> \Device\Harddisk6\DR6\Partition1
11:37:22.0602 2712 R: <-> \Device\Harddisk11\DR11\Partition1
11:37:22.0602 2712 ============================================================
11:37:22.0602 2712 Initialize success
11:37:22.0602 2712 ============================================================
11:37:40.0605 9564 ============================================================
11:37:40.0605 9564 Scan started
11:37:40.0605 9564 Mode: Manual; TDLFS;
11:37:40.0605 9564 ============================================================
11:37:44.0300 9564 ================ Scan system memory ========================
11:37:44.0300 9564 System memory - ok
11:37:44.0300 9564 ================ Scan services =============================
11:37:44.0443 9564 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:37:44.0450 9564 !SASCORE - ok
11:37:45.0227 9564 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:37:45.0249 9564 1394ohci - ok
11:37:45.0419 9564 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
11:37:45.0429 9564 ACPI - ok
11:37:45.0486 9564 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
11:37:45.0491 9564 AcpiPmi - ok
11:37:45.0629 9564 [ 59AA63B5DCC9B99C25ACC1BC5E9E6816 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
11:37:45.0741 9564 ADIHdAudAddService - ok
11:37:46.0543 9564 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:37:46.0554 9564 AdobeARMservice - ok
11:37:48.0834 9564 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:37:48.0836 9564 AdobeFlashPlayerUpdateSvc - ok
11:37:48.0946 9564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:37:49.0011 9564 adp94xx - ok
11:37:49.0093 9564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:37:49.0146 9564 adpahci - ok
11:37:49.0182 9564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:37:49.0255 9564 adpu320 - ok
11:37:49.0279 9564 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
11:37:49.0286 9564 AEADIFilters - ok
11:37:49.0435 9564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:37:49.0437 9564 AeLookupSvc - ok
11:37:49.0523 9564 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
11:37:49.0526 9564 AFD - ok
11:37:49.0556 9564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
11:37:49.0562 9564 agp440 - ok
11:37:49.0612 9564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:37:49.0617 9564 ALG - ok
11:37:49.0652 9564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
11:37:49.0657 9564 aliide - ok
11:37:49.0687 9564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
11:37:49.0695 9564 amdide - ok
11:37:49.0730 9564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:37:49.0737 9564 AmdK8 - ok
11:37:49.0749 9564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:37:49.0756 9564 AmdPPM - ok
11:37:49.0795 9564 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
11:37:49.0801 9564 amdsata - ok
11:37:49.0835 9564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:37:49.0879 9564 amdsbs - ok
11:37:49.0895 9564 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
11:37:49.0901 9564 amdxata - ok
11:37:49.0945 9564 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
11:37:49.0957 9564 AppID - ok
11:37:49.0993 9564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:37:49.0994 9564 AppIDSvc - ok
11:37:50.0032 9564 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
11:37:50.0034 9564 Appinfo - ok
11:37:50.0173 9564 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:37:50.0193 9564 Apple Mobile Device - ok
11:37:50.0266 9564 [ DCEBADAB68650A3EC48FDC102A6D67E8 ] Application Sendori C:\Program Files (x86)\Sendori\SendoriSvc.exe
11:37:50.0267 9564 Application Sendori - ok
11:37:50.0329 9564 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:37:50.0343 9564 AppMgmt - ok
11:37:50.0376 9564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:37:50.0383 9564 arc - ok
11:37:50.0415 9564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:37:50.0422 9564 arcsas - ok
11:37:50.0766 9564 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:37:50.0864 9564 aspnet_state - ok
11:37:50.0908 9564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:37:50.0913 9564 AsyncMac - ok
11:37:50.0938 9564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
11:37:50.0939 9564 atapi - ok
11:37:51.0008 9564 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:37:51.0069 9564 AudioEndpointBuilder - ok
11:37:51.0120 9564 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:37:51.0123 9564 AudioSrv - ok
11:37:51.0217 9564 [ 4B56E4C235EDE346B6D69E3FA8A6C7E7 ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
11:37:51.0252 9564 AVKProxy - ok
11:37:51.0406 9564 [ 3A9B22E4E6A69B9C78294D88D7AA7AB9 ] AVKService C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
11:37:51.0409 9564 AVKService - ok
11:37:51.0713 9564 [ 4C5D58F9C0E9379C9FC414500254AADC ] AVKWCtl C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe
11:37:51.0731 9564 AVKWCtl - ok
11:37:51.0809 9564 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:37:51.0815 9564 AxInstSV - ok
11:37:51.0868 9564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:37:51.0907 9564 b06bdrv - ok
11:37:51.0965 9564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:37:52.0003 9564 b57nd60a - ok
11:37:52.0027 9564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:37:52.0033 9564 BDESVC - ok
11:37:52.0081 9564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:37:52.0086 9564 Beep - ok
11:37:52.0231 9564 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
11:37:52.0297 9564 BFE - ok
11:37:52.0374 9564 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
11:37:52.0413 9564 BITS - ok
11:37:52.0430 9564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:37:52.0436 9564 blbdrive - ok
11:37:52.0527 9564 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:37:52.0535 9564 bowser - ok
11:37:52.0581 9564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:37:52.0587 9564 BrFiltLo - ok
11:37:52.0622 9564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:37:52.0627 9564 BrFiltUp - ok
11:37:52.0650 9564 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:37:52.0656 9564 BridgeMP - ok
11:37:52.0719 9564 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
11:37:52.0725 9564 Browser - ok
11:37:52.0756 9564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:37:52.0772 9564 Brserid - ok
11:37:52.0820 9564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:37:52.0829 9564 BrSerWdm - ok
11:37:52.0874 9564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:37:52.0879 9564 BrUsbMdm - ok
11:37:52.0900 9564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:37:52.0906 9564 BrUsbSer - ok
11:37:52.0937 9564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:37:52.0943 9564 BTHMODEM - ok
11:37:52.0979 9564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:37:52.0985 9564 bthserv - ok
11:37:53.0013 9564 catchme - ok
11:37:53.0117 9564 [ 673D6DE6D6E9D50CD5E9C78F0C916CB8 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
11:37:53.0138 9564 ccEvtMgr - ok
11:37:53.0142 9564 [ 673D6DE6D6E9D50CD5E9C78F0C916CB8 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
11:37:53.0144 9564 ccSetMgr - ok
11:37:53.0209 9564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:37:53.0217 9564 cdfs - ok
11:37:53.0232 9564 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:37:53.0240 9564 cdrom - ok
11:37:53.0301 9564 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
11:37:53.0308 9564 CertPropSvc - ok
11:37:53.0399 9564 [ 50D450D692194AC83AE47B28DA183CDE ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed.sys
11:37:53.0410 9564 cFosSpeed - ok
11:37:53.0560 9564 [ 666B37AEBAD60751B9CF0CFA45C2F843 ] cFosSpeedS C:\Program Files\cFosSpeed\spd.exe
11:37:53.0569 9564 cFosSpeedS - ok
11:37:53.0594 9564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:37:53.0599 9564 circlass - ok
11:37:53.0740 9564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:37:53.0750 9564 CLFS - ok
11:37:53.0860 9564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:37:53.0927 9564 clr_optimization_v2.0.50727_32 - ok
11:37:54.0049 9564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:37:54.0089 9564 clr_optimization_v2.0.50727_64 - ok
11:37:54.0457 9564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:37:54.0676 9564 clr_optimization_v4.0.30319_32 - ok
11:37:54.0716 9564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:37:54.0809 9564 clr_optimization_v4.0.30319_64 - ok
11:37:54.0856 9564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:37:54.0861 9564 CmBatt - ok
11:37:54.0925 9564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
11:37:54.0931 9564 cmdide - ok
11:37:54.0996 9564 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
11:37:55.0043 9564 CNG - ok
11:37:55.0061 9564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:37:55.0067 9564 Compbatt - ok
11:37:55.0101 9564 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:37:55.0106 9564 CompositeBus - ok
11:37:55.0108 9564 COMSysApp - ok
11:37:55.0118 9564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:37:55.0156 9564 crcdisk - ok
11:37:55.0245 9564 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:37:55.0254 9564 CryptSvc - ok
11:37:55.0322 9564 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
11:37:55.0341 9564 CSC - ok
11:37:55.0484 9564 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
11:37:55.0518 9564 CscService - ok
11:37:55.0638 9564 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
11:37:55.0646 9564 DAUpdaterSvc - ok
11:37:55.0714 9564 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:37:55.0741 9564 DcomLaunch - ok
11:37:55.0811 9564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:37:55.0843 9564 defragsvc - ok
11:37:55.0910 9564 [ B14973B68E59C5730B86996C0A69818A ] DefWatch C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
11:37:55.0918 9564 DefWatch - ok
11:37:55.0958 9564 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:37:55.0965 9564 DfsC - ok
11:37:56.0039 9564 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
11:37:56.0092 9564 Dhcp - ok
11:37:56.0112 9564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:37:56.0113 9564 discache - ok
11:37:56.0161 9564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:37:56.0168 9564 Disk - ok
11:37:56.0251 9564 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:37:56.0263 9564 Dnscache - ok
11:37:56.0346 9564 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
11:37:56.0373 9564 dot3svc - ok
11:37:56.0435 9564 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
11:37:56.0443 9564 DPS - ok
11:37:56.0530 9564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:37:56.0537 9564 drmkaud - ok
11:37:56.0638 9564 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:37:56.0653 9564 DXGKrnl - ok
11:37:56.0722 9564 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
11:37:56.0728 9564 E1G60 - ok
11:37:56.0795 9564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:37:56.0801 9564 EapHost - ok
11:37:57.0145 9564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:37:57.0203 9564 ebdrv - ok
11:37:57.0296 9564 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:37:57.0303 9564 eeCtrl - ok
11:37:57.0340 9564 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
11:37:57.0341 9564 EFS - ok
11:37:57.0576 9564 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:37:57.0613 9564 ehRecvr - ok
11:37:57.0639 9564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:37:57.0647 9564 ehSched - ok
11:37:57.0679 9564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:37:57.0727 9564 elxstor - ok
11:37:57.0768 9564 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:37:57.0774 9564 EraserUtilRebootDrv - ok
11:37:57.0803 9564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
11:37:57.0808 9564 ErrDev - ok
11:37:57.0858 9564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:37:57.0866 9564 EventSystem - ok
11:37:57.0923 9564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:37:57.0929 9564 exfat - ok
11:37:58.0014 9564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:37:58.0024 9564 fastfat - ok
11:37:58.0162 9564 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
11:37:58.0166 9564 Fax - ok
11:37:58.0207 9564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:37:58.0214 9564 fdc - ok
11:37:58.0234 9564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:37:58.0240 9564 fdPHost - ok
11:37:58.0259 9564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:37:58.0265 9564 FDResPub - ok
11:37:58.0291 9564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:37:58.0297 9564 FileInfo - ok
11:37:58.0318 9564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:37:58.0323 9564 Filetrace - ok
11:37:58.0382 9564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:37:58.0388 9564 flpydisk - ok
11:37:58.0416 9564 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:37:58.0424 9564 FltMgr - ok
11:37:58.0544 9564 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
11:37:58.0574 9564 FontCache - ok
11:37:58.0660 9564 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:37:58.0666 9564 FontCache3.0.0.0 - ok
11:37:58.0693 9564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:37:58.0700 9564 FsDepends - ok
11:37:58.0764 9564 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:37:58.0770 9564 Fs_Rec - ok
11:37:58.0824 9564 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:37:58.0835 9564 fvevol - ok
11:37:58.0876 9564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:37:58.0882 9564 gagp30kx - ok
11:37:59.0079 9564 [ 8D6FAEE0FBEFA5EF199B0C7FB56D5BA9 ] GDBackupSvc C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe
11:37:59.0103 9564 GDBackupSvc - ok
11:37:59.0205 9564 [ C419F569A5FB2864631ABED41D385A23 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
11:37:59.0211 9564 GDBehave - ok
11:37:59.0632 9564 [ 458A81928BEEE84461A02BBFB33474C0 ] GDFwSvc C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe
11:37:59.0642 9564 GDFwSvc - ok
11:37:59.0735 9564 [ 75BEEC7D90E1AF541E0675B05D0FED07 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
11:37:59.0742 9564 GDMnIcpt - ok
11:37:59.0765 9564 [ 9DCEBDCA3A06D3AF83553634C04DFA53 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
11:37:59.0772 9564 GDPkIcpt - ok
11:37:59.0936 9564 [ 82AE31BEFDBFBBAB6762D4967ADBE877 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
11:37:59.0939 9564 GDScan - ok
11:38:00.0182 9564 [ 9AEC1F3E3909B08CAAF4837E5F8A047F ] GDTunerSvc C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe
11:38:00.0241 9564 GDTunerSvc - ok
11:38:00.0273 9564 [ B6B09AF9E081AAA825FE06286D43B22A ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys
11:38:00.0280 9564 gdwfpcd - ok
11:38:00.0329 9564 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:38:00.0335 9564 GEARAspiWDM - ok
11:38:00.0456 9564 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
11:38:00.0497 9564 gpsvc - ok
11:38:00.0500 9564 GRD - ok
11:38:00.0593 9564 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:38:00.0610 9564 gupdate - ok
11:38:00.0652 9564 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:38:00.0653 9564 gupdatem - ok
11:38:00.0665 9564 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:38:00.0671 9564 hcw85cir - ok
11:38:00.0708 9564 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:38:00.0719 9564 HDAudBus - ok
11:38:00.0749 9564 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:38:00.0755 9564 HidBatt - ok
11:38:00.0787 9564 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:38:00.0793 9564 HidBth - ok
11:38:00.0840 9564 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:38:00.0845 9564 HidIr - ok
11:38:00.0861 9564 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:38:00.0866 9564 hidserv - ok
11:38:00.0895 9564 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:38:00.0900 9564 HidUsb - ok
11:38:00.0937 9564 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:38:00.0939 9564 hkmsvc - ok
11:38:01.0018 9564 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:38:01.0024 9564 HomeGroupListener - ok
11:38:01.0074 9564 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:38:01.0082 9564 HomeGroupProvider - ok
11:38:01.0180 9564 [ BC986A06E4B1E03CA5BB34C7F36A86D6 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
11:38:01.0186 9564 HookCentre - ok
11:38:01.0214 9564 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
11:38:01.0221 9564 HpSAMD - ok
11:38:01.0282 9564 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:38:01.0288 9564 HTCAND64 - ok
11:38:01.0466 9564 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:38:01.0489 9564 HTTP - ok
11:38:01.0524 9564 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:38:01.0525 9564 hwpolicy - ok
11:38:01.0544 9564 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:38:01.0550 9564 i8042prt - ok
11:38:01.0673 9564 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
11:38:01.0724 9564 iaStorV - ok
11:38:01.0822 9564 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:38:01.0831 9564 IDriverT - ok
11:38:01.0965 9564 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:38:02.0033 9564 idsvc - ok
11:38:02.0087 9564 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:38:02.0119 9564 iirsp - ok
11:38:02.0309 9564 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
11:38:02.0326 9564 IKEEXT - ok
11:38:02.0407 9564 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
11:38:02.0413 9564 intelide - ok
11:38:02.0436 9564 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:38:02.0441 9564 intelppm - ok
11:38:02.0474 9564 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:38:02.0480 9564 IPBusEnum - ok
11:38:02.0510 9564 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:38:02.0515 9564 IpFilterDriver - ok
11:38:02.0678 9564 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:38:02.0711 9564 iphlpsvc - ok
11:38:02.0769 9564 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:38:02.0775 9564 IPMIDRV - ok
11:38:02.0833 9564 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:38:02.0840 9564 IPNAT - ok
11:38:03.0249 9564 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:38:03.0276 9564 iPod Service - ok
11:38:03.0304 9564 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:38:03.0309 9564 IRENUM - ok
11:38:03.0394 9564 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
11:38:03.0400 9564 isapnp - ok
11:38:03.0465 9564 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:38:03.0502 9564 iScsiPrt - ok
11:38:03.0548 9564 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:38:03.0554 9564 kbdclass - ok
11:38:03.0593 9564 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:38:03.0599 9564 kbdhid - ok
11:38:03.0634 9564 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
11:38:03.0636 9564 KeyIso - ok
11:38:03.0667 9564 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:38:03.0675 9564 KSecDD - ok
11:38:03.0720 9564 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:38:03.0728 9564 KSecPkg - ok
11:38:03.0782 9564 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:38:03.0787 9564 ksthunk - ok
11:38:03.0874 9564 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:38:03.0897 9564 KtmRm - ok
11:38:03.0946 9564 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:38:03.0953 9564 LanmanServer - ok
11:38:04.0029 9564 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:38:04.0037 9564 LanmanWorkstation - ok
11:38:04.0040 9564 Lbd - ok
11:38:04.0763 9564 [ E8A9AC5F30833CD62E3530E2FDBF81DF ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE
11:38:04.0786 9564 LiveUpdate - ok
11:38:04.0800 9564 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:38:04.0806 9564 lltdio - ok
11:38:04.0921 9564 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:38:04.0957 9564 lltdsvc - ok
11:38:05.0001 9564 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:38:05.0003 9564 lmhosts - ok
11:38:05.0524 9564 [ 7109163D8027076D2680CFC4E80E2A28 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
11:38:05.0532 9564 LMIGuardianSvc - ok
11:38:05.0789 9564 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
11:38:05.0795 9564 LMIInfo - ok
11:38:05.0992 9564 [ 8054CE1FC8B417691960D00F931516A7 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
11:38:05.0998 9564 LMIMaint - ok
11:38:06.0074 9564 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
11:38:06.0084 9564 lmimirr - ok
11:38:06.0086 9564 LMIRfsClientNP - ok
11:38:06.0151 9564 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
11:38:06.0158 9564 LMIRfsDriver - ok
11:38:06.0369 9564 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
11:38:06.0377 9564 LogMeIn - ok
11:38:06.0673 9564 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:38:06.0680 9564 LSI_FC - ok
11:38:06.0706 9564 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:38:06.0713 9564 LSI_SAS - ok
11:38:06.0871 9564 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:38:06.0877 9564 LSI_SAS2 - ok
11:38:06.0929 9564 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:38:06.0936 9564 LSI_SCSI - ok
11:38:06.0977 9564 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:38:06.0986 9564 luafv - ok
11:38:07.0163 9564 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:38:07.0169 9564 MBAMProtector - ok
11:38:07.0584 9564 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:38:07.0586 9564 MBAMScheduler - ok
11:38:07.0948 9564 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:38:07.0971 9564 MBAMService - ok
11:38:08.0062 9564 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:38:08.0103 9564 Mcx2Svc - ok
11:38:08.0241 9564 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:38:08.0247 9564 megasas - ok
11:38:08.0558 9564 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:38:08.0586 9564 MegaSR - ok
11:38:08.0672 9564 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:38:08.0678 9564 MMCSS - ok
11:38:08.0728 9564 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:38:08.0734 9564 Modem - ok
11:38:08.0896 9564 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:38:08.0903 9564 monitor - ok
11:38:09.0010 9564 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
11:38:09.0016 9564 motandroidusb - ok
11:38:09.0151 9564 [ AC9D6E3629E4388A9EA9B4172493AAEE ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
11:38:09.0169 9564 Motorola Device Manager - ok
11:38:09.0447 9564 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:38:09.0453 9564 mouclass - ok
11:38:09.0498 9564 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:38:09.0504 9564 mouhid - ok
11:38:09.0647 9564 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:38:09.0649 9564 mountmgr - ok
11:38:09.0923 9564 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:38:09.0935 9564 MozillaMaintenance - ok
11:38:09.0978 9564 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
11:38:09.0987 9564 mpio - ok
11:38:10.0037 9564 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:38:10.0044 9564 mpsdrv - ok
11:38:10.0416 9564 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:38:10.0541 9564 MpsSvc - ok
11:38:10.0605 9564 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:38:10.0611 9564 MRxDAV - ok
11:38:10.0882 9564 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:38:10.0904 9564 mrxsmb - ok
11:38:11.0028 9564 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:38:11.0036 9564 mrxsmb10 - ok
11:38:11.0264 9564 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:38:11.0270 9564 mrxsmb20 - ok
11:38:11.0399 9564 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
11:38:11.0407 9564 msahci - ok
11:38:11.0511 9564 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
11:38:11.0655 9564 MSCamSvc - ok
11:38:11.0693 9564 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
11:38:11.0702 9564 msdsm - ok
11:38:11.0758 9564 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:38:11.0765 9564 MSDTC - ok
11:38:11.0796 9564 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:38:11.0801 9564 Msfs - ok
11:38:11.0822 9564 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:38:11.0828 9564 mshidkmdf - ok
11:38:11.0880 9564 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
11:38:11.0886 9564 MSHUSBVideo - ok
11:38:11.0900 9564 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
11:38:11.0906 9564 msisadrv - ok
11:38:11.0964 9564 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:38:11.0973 9564 MSiSCSI - ok
11:38:11.0977 9564 msiserver - ok
11:38:12.0001 9564 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:38:12.0006 9564 MSKSSRV - ok
11:38:12.0018 9564 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:38:12.0024 9564 MSPCLOCK - ok
11:38:12.0051 9564 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:38:12.0058 9564 MSPQM - ok
11:38:12.0078 9564 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:38:12.0118 9564 MsRPC - ok
11:38:12.0133 9564 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:38:12.0141 9564 mssmbios - ok
11:38:12.0194 9564 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:38:12.0200 9564 MSTEE - ok
11:38:12.0237 9564 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:38:12.0242 9564 MTConfig - ok
11:38:12.0282 9564 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
11:38:12.0289 9564 MTsensor - ok
11:38:12.0350 9564 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:38:12.0362 9564 Mup - ok
11:38:12.0412 9564 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
11:38:12.0439 9564 napagent - ok
11:38:12.0453 9564 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:38:12.0513 9564 NativeWifiP - ok
11:38:12.0844 9564 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130111.003\ENG64.SYS
11:38:12.0845 9564 NAVENG - ok
11:38:13.0143 9564 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130111.003\EX64.SYS
11:38:13.0152 9564 NAVEX15 - ok
11:38:13.0287 9564 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:38:13.0354 9564 NDIS - ok
11:38:13.0372 9564 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:38:13.0380 9564 NdisCap - ok
11:38:13.0426 9564 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:38:13.0437 9564 NdisTapi - ok
11:38:13.0479 9564 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:38:13.0485 9564 Ndisuio - ok
11:38:13.0537 9564 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:38:13.0543 9564 NdisWan - ok
11:38:13.0574 9564 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:38:13.0580 9564 NDProxy - ok
11:38:13.0594 9564 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:38:13.0600 9564 NetBIOS - ok
11:38:13.0681 9564 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:38:13.0683 9564 NetBT - ok
11:38:13.0712 9564 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
11:38:13.0713 9564 Netlogon - ok
11:38:13.0774 9564 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:38:13.0824 9564 Netman - ok
11:38:13.0869 9564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:13.0947 9564 NetMsmqActivator - ok
11:38:13.0987 9564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:13.0989 9564 NetPipeActivator - ok
11:38:14.0052 9564 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:38:14.0080 9564 netprofm - ok
11:38:14.0084 9564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:14.0086 9564 NetTcpActivator - ok
11:38:14.0089 9564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:14.0091 9564 NetTcpPortSharing - ok
11:38:14.0143 9564 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:38:14.0150 9564 nfrd960 - ok
11:38:14.0199 9564 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:38:14.0244 9564 NlaSvc - ok
11:38:14.0292 9564 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:38:14.0345 9564 Npfs - ok
11:38:14.0391 9564 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:38:14.0397 9564 nsi - ok
11:38:14.0412 9564 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:38:14.0413 9564 nsiproxy - ok
11:38:14.0641 9564 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:38:14.0663 9564 Ntfs - ok
11:38:14.0709 9564 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:38:14.0714 9564 Null - ok
11:38:15.0912 9564 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:38:15.0981 9564 nvlddmkm - ok
11:38:16.0014 9564 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
11:38:16.0023 9564 nvraid - ok
11:38:16.0063 9564 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
11:38:16.0072 9564 nvstor - ok
11:38:16.0181 9564 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
11:38:16.0186 9564 nvsvc - ok
11:38:16.0428 9564 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:38:16.0484 9564 nvUpdatusService - ok
11:38:16.0500 9564 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
11:38:16.0506 9564 nv_agp - ok
11:38:16.0560 9564 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:38:16.0566 9564 ohci1394 - ok
11:38:16.0654 9564 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:38:16.0661 9564 ose - ok
11:38:16.0719 9564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:38:16.0752 9564 p2pimsvc - ok
11:38:16.0855 9564 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:38:16.0885 9564 p2psvc - ok
11:38:16.0939 9564 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:38:16.0945 9564 Parport - ok
11:38:17.0021 9564 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:38:17.0027 9564 partmgr - ok
11:38:17.0132 9564 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:38:17.0140 9564 PcaSvc - ok
11:38:17.0210 9564 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
11:38:17.0217 9564 pci - ok
11:38:17.0248 9564 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:38:17.0254 9564 pciide - ok
11:38:17.0304 9564 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:38:17.0318 9564 pcmcia - ok
11:38:17.0338 9564 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:38:17.0345 9564 pcw - ok
11:38:17.0472 9564 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:38:17.0493 9564 PEAUTH - ok
11:38:17.0623 9564 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:38:17.0668 9564 PeerDistSvc - ok
11:38:18.0325 9564 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:38:18.0335 9564 PerfHost - ok
11:38:18.0414 9564 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
11:38:18.0450 9564 pla - ok
11:38:18.0544 9564 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:38:18.0568 9564 PlugPlay - ok
11:38:18.0570 9564 PnkBstrA - ok
11:38:18.0588 9564 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:38:18.0594 9564 PNRPAutoReg - ok
11:38:18.0651 9564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:38:18.0654 9564 PNRPsvc - ok
11:38:18.0708 9564 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:38:18.0732 9564 PolicyAgent - ok
11:38:18.0795 9564 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:38:18.0798 9564 Power - ok
11:38:18.0864 9564 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:38:18.0871 9564 PptpMiniport - ok
11:38:18.0897 9564 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:38:18.0903 9564 Processor - ok
11:38:18.0924 9564 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
11:38:18.0964 9564 ProfSvc - ok
11:38:18.0994 9564 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:38:19.0002 9564 ProtectedStorage - ok
11:38:19.0030 9564 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:38:19.0031 9564 Psched - ok
11:38:19.0191 9564 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
11:38:19.0199 9564 PST Service - ok
11:38:19.0231 9564 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:38:19.0237 9564 PxHlpa64 - ok
11:38:19.0419 9564 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:38:19.0467 9564 ql2300 - ok
11:38:19.0504 9564 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:38:19.0510 9564 ql40xx - ok
11:38:19.0547 9564 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:38:19.0587 9564 QWAVE - ok
11:38:19.0626 9564 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:38:19.0632 9564 QWAVEdrv - ok
11:38:19.0650 9564 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:38:19.0660 9564 RasAcd - ok
11:38:19.0694 9564 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:38:19.0700 9564 RasAgileVpn - ok
11:38:19.0727 9564 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:38:19.0733 9564 RasAuto - ok
11:38:19.0773 9564 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:38:19.0780 9564 Rasl2tp - ok
11:38:19.0849 9564 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
11:38:19.0876 9564 RasMan - ok
11:38:19.0902 9564 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:38:19.0908 9564 RasPppoe - ok
11:38:19.0956 9564 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:38:19.0962 9564 RasSstp - ok
11:38:20.0009 9564 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:38:20.0061 9564 rdbss - ok
11:38:20.0082 9564 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:38:20.0089 9564 rdpbus - ok
11:38:20.0117 9564 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:38:20.0118 9564 RDPCDD - ok
11:38:20.0170 9564 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:38:20.0176 9564 RDPDR - ok
11:38:20.0219 9564 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:38:20.0220 9564 RDPENCDD - ok
11:38:20.0237 9564 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:38:20.0238 9564 RDPREFMP - ok
11:38:20.0308 9564 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:38:20.0317 9564 RDPWD - ok
11:38:20.0369 9564 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:38:20.0376 9564 rdyboost - ok
11:38:20.0410 9564 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:38:20.0445 9564 RemoteAccess - ok
11:38:20.0500 9564 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:38:20.0606 9564 RemoteRegistry - ok
11:38:20.0668 9564 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:38:20.0675 9564 RpcEptMapper - ok
11:38:20.0714 9564 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:38:20.0720 9564 RpcLocator - ok
11:38:20.0768 9564 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
11:38:20.0772 9564 RpcSs - ok
11:38:20.0818 9564 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:38:20.0825 9564 rspndr - ok
11:38:20.0866 9564 [ 0BEB0E6E780207BAE4CC944033B1B61F ] rt70x64 C:\Windows\system32\DRIVERS\netr7064.sys
11:38:20.0912 9564 rt70x64 - ok
11:38:20.0965 9564 [ 9F248EF4D204ADE0B18DD50E26095CD5 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
11:38:20.0996 9564 RTL8169 - ok
11:38:21.0159 9564 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
11:38:21.0168 9564 RTL8192su - ok
11:38:21.0211 9564 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
11:38:21.0217 9564 s3cap - ok
11:38:21.0300 9564 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
11:38:21.0301 9564 SamSs - ok
11:38:21.0420 9564 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:38:21.0425 9564 SASDIFSV - ok
11:38:21.0476 9564 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:38:21.0481 9564 SASKUTIL - ok
11:38:21.0498 9564 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
11:38:21.0505 9564 sbp2port - ok
11:38:21.0697 9564 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:38:21.0714 9564 SBSDWSCService - ok
11:38:21.0778 9564 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:38:21.0791 9564 SCardSvr - ok
11:38:21.0859 9564 [ 46942B6980B35FFDA6AFA40A8328938C ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
11:38:21.0866 9564 SCDEmu - ok
11:38:21.0915 9564 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:38:21.0923 9564 scfilter - ok
11:38:22.0062 9564 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
11:38:22.0112 9564 Schedule - ok
11:38:22.0153 9564 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:38:22.0155 9564 SCPolicySvc - ok
11:38:22.0230 9564 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:38:22.0237 9564 SDRSVC - ok
11:38:22.0267 9564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:38:22.0272 9564 secdrv - ok
11:38:22.0291 9564 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
11:38:22.0298 9564 seclogon - ok
11:38:22.0342 9564 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:38:22.0371 9564 SENS - ok
11:38:22.0396 9564 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:38:22.0403 9564 SensrSvc - ok
11:38:22.0430 9564 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:38:22.0435 9564 Serenum - ok
11:38:22.0452 9564 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:38:22.0458 9564 Serial - ok
11:38:22.0490 9564 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:38:22.0496 9564 sermouse - ok
11:38:22.0553 9564 [ B8080082E50653121591885E43A33250 ] Service Sendori C:\Program Files (x86)\Sendori\Sendori.Service.exe
11:38:22.0555 9564 Service Sendori - ok
11:38:22.0588 9564 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
11:38:22.0597 9564 SessionEnv - ok
11:38:22.0619 9564 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:38:22.0624 9564 sffdisk - ok
11:38:22.0675 9564 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:38:22.0680 9564 sffp_mmc - ok
11:38:22.0694 9564 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:38:22.0700 9564 sffp_sd - ok
11:38:22.0728 9564 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:38:22.0734 9564 sfloppy - ok
11:38:22.0823 9564 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:38:22.0863 9564 SharedAccess - ok
11:38:22.0925 9564 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:38:22.0934 9564 ShellHWDetection - ok
11:38:22.0968 9564 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:38:22.0977 9564 SiSRaid2 - ok
11:38:23.0065 9564 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:38:23.0071 9564 SiSRaid4 - ok
11:38:23.0728 9564 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:38:23.0755 9564 Skype C2C Service - ok
11:38:23.0841 9564 [ 94A221B95F4FB4FAAB6A56A683D6FDF3 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:38:23.0944 9564 SkypeUpdate - ok
11:38:23.0963 9564 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:38:23.0969 9564 Smb - ok
11:38:24.0569 9564 [ 51630E657E104487AD3897A7A6047B94 ] sndappv2 C:\Program Files (x86)\Sendori\sndappv2.exe
11:38:24.0592 9564 sndappv2 - ok
11:38:24.0626 9564 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:38:24.0632 9564 SNMPTRAP - ok
11:38:24.0709 9564 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:38:24.0715 9564 spldr - ok
11:38:24.0807 9564 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
11:38:24.0820 9564 Spooler - ok
11:38:25.0445 9564 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
11:38:25.0499 9564 sppsvc - ok
11:38:25.0552 9564 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:38:25.0560 9564 sppuinotify - ok
11:38:25.0710 9564 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
11:38:25.0923 9564 sptd - ok
11:38:26.0084 9564 [ 569F8D9768A00AB9A5166997C88EFE42 ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
11:38:26.0094 9564 SRTSP - ok
11:38:26.0193 9564 [ FB283AE148CC4C5A4954DAEFBB9DFFF0 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
11:38:26.0281 9564 SRTSPL - ok
11:38:26.0301 9564 [ C9ECA0A26CEBADE5134BA01FD8EF86A6 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
11:38:26.0308 9564 SRTSPX - ok
11:38:26.0387 9564 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:38:26.0414 9564 srv - ok
11:38:26.0457 9564 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:38:26.0467 9564 srv2 - ok
11:38:26.0517 9564 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:38:26.0526 9564 srvnet - ok
11:38:26.0573 9564 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:38:26.0582 9564 SSDPSRV - ok
11:38:26.0618 9564 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:38:26.0620 9564 SstpSvc - ok
11:38:26.0783 9564 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:38:26.0785 9564 Stereo Service - ok
11:38:26.0837 9564 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:38:26.0847 9564 stexstor - ok
11:38:26.0883 9564 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:38:26.0890 9564 StillCam - ok
11:38:26.0999 9564 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
11:38:27.0295 9564 stisvc - ok
11:38:27.0384 9564 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
11:38:27.0392 9564 storflt - ok
11:38:27.0505 9564 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
11:38:27.0512 9564 storvsc - ok
11:38:27.0772 9564 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:38:27.0781 9564 swenum - ok
11:38:28.0149 9564 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:38:28.0255 9564 SwitchBoard - ok
11:38:28.0462 9564 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:38:28.0531 9564 swprv - ok
11:38:29.0652 9564 [ 5CB8F41094F54FCE1DF77C47CB5781D7 ] Symantec AntiVirus C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
11:38:29.0661 9564 Symantec AntiVirus - ok
11:38:29.0883 9564 [ 70C8D165063EB76F1A373B74456D2AAB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:38:29.0892 9564 SymEvent - ok
11:38:30.0354 9564 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
11:38:30.0380 9564 SysMain - ok
11:38:30.0499 9564 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:38:30.0506 9564 TabletInputService - ok
11:38:30.0645 9564 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
11:38:30.0658 9564 TapiSrv - ok
11:38:30.0727 9564 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:38:30.0733 9564 TBS - ok
11:38:31.0380 9564 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:38:31.0406 9564 Tcpip - ok
11:38:31.0786 9564 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:38:31.0795 9564 TCPIP6 - ok
11:38:31.0880 9564 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:38:31.0888 9564 tcpipreg - ok
11:38:32.0016 9564 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:38:32.0021 9564 TDPIPE - ok
11:38:32.0097 9564 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:38:32.0102 9564 TDTCP - ok
11:38:32.0221 9564 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:38:32.0227 9564 tdx - ok
11:38:32.0283 9564 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:38:32.0289 9564 TermDD - ok
11:38:32.0552 9564 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
11:38:32.0578 9564 TermService - ok
11:38:32.0619 9564 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:38:32.0626 9564 Themes - ok
11:38:32.0823 9564 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:38:32.0825 9564 THREADORDER - ok
11:38:32.0917 9564 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:38:32.0925 9564 TrkWks - ok
11:38:33.0222 9564 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:38:33.0228 9564 TrustedInstaller - ok
11:38:33.0347 9564 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:38:33.0348 9564 tssecsrv - ok
11:38:33.0759 9564 [ B66983B129D26C8D13E4055DB5134BE5 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
11:38:33.0796 9564 TuneUp.Defrag - ok
11:38:33.0980 9564 [ 8938C187B7457518E0C1475E039DC305 ] TuneUp.ProgramStatisticsSvc C:\Windows\System32\TUProgSt.exe
11:38:34.0022 9564 TuneUp.ProgramStatisticsSvc - ok
11:38:34.0321 9564 [ 06057242AE20DE851DFCBB6863F1C9BC ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
11:38:34.0328 9564 TuneUp.UtilitiesSvc - ok
11:38:34.0378 9564 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
11:38:34.0383 9564 TuneUpUtilitiesDrv - ok
11:38:34.0411 9564 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:38:34.0418 9564 tunnel - ok
11:38:34.0488 9564 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:38:34.0495 9564 uagp35 - ok
11:38:34.0560 9564 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:38:34.0661 9564 udfs - ok
11:38:34.0693 9564 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:38:34.0699 9564 UI0Detect - ok
11:38:34.0759 9564 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
11:38:34.0780 9564 uliagpkx - ok
11:38:34.0797 9564 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:38:34.0803 9564 umbus - ok
11:38:34.0848 9564 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:38:34.0854 9564 UmPass - ok
11:38:34.0924 9564 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
11:38:34.0932 9564 UmRdpService - ok
11:38:34.0996 9564 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:38:35.0011 9564 upnphost - ok
11:38:35.0175 9564 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:38:35.0181 9564 USBAAPL64 - ok
11:38:35.0277 9564 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:38:35.0283 9564 usbaudio - ok
11:38:35.0347 9564 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:38:35.0354 9564 usbccgp - ok
11:38:35.0384 9564 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:38:35.0392 9564 usbcir - ok
11:38:35.0443 9564 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:38:35.0449 9564 usbehci - ok
11:38:35.0528 9564 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:38:35.0541 9564 usbhub - ok
11:38:35.0586 9564 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:38:35.0592 9564 usbohci - ok
11:38:35.0615 9564 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:38:35.0620 9564 usbprint - ok
11:38:35.0677 9564 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:38:35.0683 9564 usbscan - ok
11:38:35.0725 9564 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:38:35.0731 9564 USBSTOR - ok
11:38:35.0743 9564 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:38:35.0751 9564 usbuhci - ok
11:38:35.0812 9564 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:38:35.0850 9564 usbvideo - ok
11:38:35.0888 9564 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:38:35.0890 9564 UxSms - ok
11:38:35.0960 9564 [ DCC46AA99A1DB65296D1FE5B30CFE0CF ] UxTuneUp C:\Windows\System32\uxtuneup.dll
11:38:35.0967 9564 UxTuneUp - ok
11:38:35.0988 9564 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
11:38:35.0989 9564 VaultSvc - ok
11:38:36.0032 9564 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
11:38:36.0038 9564 vdrvroot - ok
11:38:36.0116 9564 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
11:38:36.0161 9564 vds - ok
11:38:36.0184 9564 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:38:36.0190 9564 vga - ok
11:38:36.0239 9564 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:38:36.0245 9564 VgaSave - ok
11:38:36.0290 9564 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
11:38:36.0300 9564 vhdmp - ok
11:38:36.0327 9564 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
11:38:36.0333 9564 viaide - ok
11:38:36.0384 9564 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
11:38:36.0392 9564 vmbus - ok
11:38:36.0417 9564 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
11:38:36.0422 9564 VMBusHID - ok
11:38:36.0434 9564 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
11:38:36.0440 9564 volmgr - ok
11:38:36.0494 9564 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:38:36.0536 9564 volmgrx - ok
11:38:36.0559 9564 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
11:38:36.0606 9564 volsnap - ok
11:38:36.0656 9564 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:38:36.0687 9564 vsmraid - ok
11:38:36.0844 9564 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
11:38:36.0856 9564 VSS - ok
11:38:36.0909 9564 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:38:36.0917 9564 vwifibus - ok
11:38:36.0934 9564 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:38:36.0940 9564 vwififlt - ok
11:38:37.0088 9564 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:38:37.0202 9564 W32Time - ok
11:38:37.0224 9564 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:38:37.0232 9564 WacomPen - ok
11:38:37.0345 9564 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
11:38:37.0368 9564 WajamUpdater - ok
11:38:37.0383 9564 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:38:37.0389 9564 WANARP - ok
11:38:37.0408 9564 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:38:37.0409 9564 Wanarpv6 - ok
11:38:37.0626 9564 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:38:37.0657 9564 WatAdminSvc - ok
11:38:37.0781 9564 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
11:38:37.0828 9564 wbengine - ok
11:38:37.0881 9564 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:38:37.0915 9564 WbioSrvc - ok
11:38:37.0927 9564 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:38:37.0959 9564 wcncsvc - ok
11:38:37.0982 9564 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:38:37.0988 9564 WcsPlugInService - ok
11:38:38.0018 9564 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:38:38.0024 9564 Wd - ok
11:38:38.0078 9564 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
11:38:38.0083 9564 WDC_SAM - ok
11:38:38.0147 9564 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:38:38.0165 9564 Wdf01000 - ok
11:38:38.0210 9564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:38:38.0217 9564 WdiServiceHost - ok
11:38:38.0221 9564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:38:38.0223 9564 WdiSystemHost - ok
11:38:38.0294 9564 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
11:38:38.0307 9564 WebClient - ok
11:38:38.0340 9564 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:38:38.0362 9564 Wecsvc - ok
11:38:38.0396 9564 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:38:38.0398 9564 wercplsupport - ok
11:38:38.0437 9564 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:38:38.0443 9564 WerSvc - ok
11:38:38.0492 9564 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:38:38.0497 9564 WfpLwf - ok
11:38:38.0514 9564 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:38:38.0540 9564 WIMMount - ok
11:38:38.0586 9564 WinDefend - ok
11:38:38.0744 9564 [ 97C7F30787A30CFA760B0247631A5463 ] WindowBlinds C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
11:38:38.0746 9564 WindowBlinds - ok
11:38:38.0751 9564 WinHttpAutoProxySvc - ok
11:38:38.0836 9564 [ BC67C1E4B36063968E54C3B2E4DB8978 ] WinisoCDBus C:\Windows\system32\drivers\WinisoCDBus.sys
11:38:38.0842 9564 WinisoCDBus - ok
11:38:39.0343 9564 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:38:39.0345 9564 Winmgmt - ok
11:38:39.0595 9564 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
11:38:39.0683 9564 WinRM - ok
11:38:39.0739 9564 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:38:39.0744 9564 WinUsb - ok
11:38:39.0845 9564 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:38:39.0856 9564 Wlansvc - ok
11:38:39.0869 9564 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:38:39.0874 9564 WmiAcpi - ok
11:38:39.0916 9564 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:38:39.0943 9564 wmiApSrv - ok
11:38:39.0981 9564 WMPNetworkSvc - ok
11:38:40.0039 9564 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:38:40.0045 9564 WPCSvc - ok
11:38:40.0101 9564 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:38:40.0108 9564 WPDBusEnum - ok
11:38:40.0148 9564 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:38:40.0153 9564 ws2ifsl - ok
11:38:40.0174 9564 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:38:40.0177 9564 wscsvc - ok
11:38:40.0179 9564 WSearch - ok
11:38:40.0389 9564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:38:40.0453 9564 wuauserv - ok
11:38:40.0496 9564 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:38:40.0503 9564 WudfPf - ok
11:38:40.0563 9564 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:38:40.0569 9564 WUDFRd - ok
11:38:40.0614 9564 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:38:40.0620 9564 wudfsvc - ok
11:38:40.0689 9564 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:38:40.0697 9564 WwanSvc - ok
11:38:40.0770 9564 [ C6B289A70A2D36242A2CCAA2715E1747 ] X5XSEx_Pr143 C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys
11:38:40.0776 9564 X5XSEx_Pr143 - ok
11:38:40.0831 9564 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
11:38:40.0837 9564 xusb21 - ok
11:38:40.0843 9564 ================ Scan global ===============================
11:38:40.0897 9564 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:38:40.0948 9564 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
11:38:41.0109 9564 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
11:38:41.0145 9564 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:38:41.0228 9564 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:38:41.0236 9564 [Global] - ok
11:38:41.0236 9564 ================ Scan MBR ==================================
11:38:41.0259 9564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:38:43.0643 9564 \Device\Harddisk0\DR0 - ok
11:38:43.0646 9564 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk11\DR11
11:38:43.0756 9564 \Device\Harddisk11\DR11 - ok
11:38:43.0759 9564 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
11:38:43.0863 9564 \Device\Harddisk6\DR6 - ok
11:38:43.0864 9564 ================ Scan VBR ==================================
11:38:43.0870 9564 [ 0D33D51A90FF4273BA069662E30F3BFB ] \Device\Harddisk0\DR0\Partition1
11:38:43.0871 9564 \Device\Harddisk0\DR0\Partition1 - ok
11:38:43.0894 9564 [ D0C9C006C55AFBE29B043C232C01B1AD ] \Device\Harddisk11\DR11\Partition1
11:38:43.0896 9564 \Device\Harddisk11\DR11\Partition1 - ok
11:38:43.0898 9564 [ DC5ED450318B2849603A32305ED4C526 ] \Device\Harddisk6\DR6\Partition1
11:38:43.0899 9564 \Device\Harddisk6\DR6\Partition1 - ok
11:38:43.0899 9564 ============================================================
11:38:43.0899 9564 Scan finished
11:38:43.0899 9564 ============================================================
11:38:43.0908 9556 Detected object count: 0
11:38:43.0908 9556 Actual detected object count: 0

#8 Scott Wyllie

Scott Wyllie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 12 January 2013 - 12:06 PM

This is the junkware log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Ultimate x64
Ran by Core on Sat 01/12/2013 at 11:41:59.10
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-628688775-3673737984-2390678477-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-628688775-3673737984-2390678477-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-628688775-3673737984-2390678477-1000\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-628688775-3673737984-2390678477-1000\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-628688775-3673737984-2390678477-1000\software\microsoft\internet explorer\search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dttoolbar.toolbandobj
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dttoolbar.toolbandobj.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.downloadargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.linktopromoteargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.rawdataargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.tinyurlargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.virallinkargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.clientcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.contractbase
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.cleancachecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.gameovercallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getcreditcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariableresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.installationcontextresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logincommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logoutcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.myaccountcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.playcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.postcontentcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.setvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.warmupcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.welcomecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.servercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.serverresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lightcontent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lighturi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.mediatorserviceproxy
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021804.BHO
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021804.Sandbox
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021804.Sandbox.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3072253
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Core\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Core\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Core\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\Core\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Core\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"
Successfully deleted: [Folder] "C:\Program Files (x86)\savevalet"
Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"
Successfully deleted: [Folder] "C:\Users\Core\AppData\Roaming\microsoft\windows\start menu\programs\wajam"



~~~ FireFox

Successfully deleted: [File] C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\user.js
Successfully deleted: [File] "C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\extensions\505263926b093@505263926b0cb.com.xpi"
Successfully deleted: [File] C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
Successfully deleted: [Folder] C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\extensions\LogMeInClient@logmein.com
Successfully deleted: [Folder] C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\extensions\plugin@selectionlinks.com
Successfully deleted: [Folder] C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\extensions\plugin@yontoo.com
Successfully deleted: [Folder] C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Folder] C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\extensions\{c9b68337-e93a-44ea-94dc-cb300ec06444}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\webbooster@iminent.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\prefs.js

user_pref("CT3072253..clientLogIsEnabled", false);
user_pref("CT3072253..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT3072253..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT3072253.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
user_pref("CT3072253.CTID", "CT3072253");
user_pref("CT3072253.CurrentServerDate", "6-1-2013");
user_pref("CT3072253.DSInstall", false);
user_pref("CT3072253.DialogsAlignMode", "LTR");
user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Jan 05 2013 09:30:37 GMT-0500 (Eastern Standard Time)");
user_pref("CT3072253.DownloadReferralCookieData", "");
user_pref("CT3072253.FirstServerDate", "26-6-2012");
user_pref("CT3072253.FirstTime", true);
user_pref("CT3072253.FirstTimeFF3", true);
user_pref("CT3072253.FirstTimeHiddenVer", true);
user_pref("CT3072253.FixPageNotFoundErrors", true);
user_pref("CT3072253.GroupingServerCheckInterval", 1440);
user_pref("CT3072253.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT3072253.HPInstall", false);
user_pref("CT3072253.HasUserGlobalKeys", true);
user_pref("CT3072253.Initialize", true);
user_pref("CT3072253.InitializeCommonPrefs", true);
user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
user_pref("CT3072253.InstallationId", "fftCDF9.tmp.exe");
user_pref("CT3072253.InstallationType", "XPE");
user_pref("CT3072253.InstalledDate", "Mon Jun 25 2012 19:32:36 GMT-0400 (Eastern Daylight Time)");
user_pref("CT3072253.IsGrouping", false);
user_pref("CT3072253.IsInitSetupIni", true);
user_pref("CT3072253.IsMulticommunity", false);
user_pref("CT3072253.IsOpenThankYouPage", true);
user_pref("CT3072253.IsOpenUninstallPage", false);
user_pref("CT3072253.LanguagePackLastCheckTime", "Sun Jan 06 2013 15:46:23 GMT-0500 (Eastern Standard Time)");
user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
user_pref("CT3072253.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 08:40:40 GMT-0400 (Eastern Daylight Time)");
user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Aug 28 2012 16:28:57 GMT-0400 (Eastern Daylight Time)");
user_pref("CT3072253.LastLogin_3.15.1.0", "Wed Jan 02 2013 08:30:14 GMT-0500 (Eastern Standard Time)");
user_pref("CT3072253.LastLogin_3.16.0.3", "Sun Jan 06 2013 15:46:23 GMT-0500 (Eastern Standard Time)");
user_pref("CT3072253.LatestVersion", "3.16.0.3");
user_pref("CT3072253.Locale", "en");
user_pref("CT3072253.MCDetectTooltipHeight", "83");
user_pref("CT3072253.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT3072253.MCDetectTooltipWidth", "295");
user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
user_pref("CT3072253.SearchFromAddressBarIsInit", true);
user_pref("CT3072253.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
user_pref("CT3072253.SearchInNewTabEnabled", true);
user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sun Jan 06 2013 15:46:04 GMT-0500 (Eastern Standard Time)");
user_pref("CT3072253.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT3072253.SendProtectorDataViaLogin", true);
user_pref("CT3072253.ServiceMapLastCheckTime", "Sun Jan 06 2013 15:46:23 GMT-0500 (Eastern Standard Time)");
user_pref("CT3072253.SettingsLastCheckTime", "Sun Jan 06 2013 15:46:03 GMT-0500 (Eastern Standard Time)");
user_pref("CT3072253.SettingsLastUpdate", "1357481498");
user_pref("CT3072253.TBHomePageUrl", "http://search.conduit.com/?ctid=CT3072253&SearchSource=13");
user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Mon Jun 25 2012 19:32:35 GMT-0400 (Eastern Daylight Time)");
user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
user_pref("CT3072253.TrusteLinkUrl", "http://trust.conduit.com/CT3072253");
user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT3072253.UserID", "UN79586593830029446");
user_pref("CT3072253.alertChannelId", "1463702");
user_pref("CT3072253.autoDisableScopes", 14);
user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204A756E20323520323031322031393A33323A333920474D542D3034303020284561737465726E204461796C696768742054696D6529");
user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon Jun 25 2012 19:32:36 GMT-0400 (Eastern Daylight Time)");
user_pref("CT3072253.homepageProtectorEnableByLogin", true);
user_pref("CT3072253.initDone", true);
user_pref("CT3072253.isAppTrackingManagerOn", true);
user_pref("CT3072253.myStuffEnabled", true);
user_pref("CT3072253.myStuffPublihserMinWidth", 400);
user_pref("CT3072253.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
user_pref("CT3072253.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT3072253.navigateToUrlOnSearch", false);
user_pref("CT3072253.revertSettingsEnabled", false);
user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
user_pref("CT3072253.searchProtectorEnableByLogin", true);
user_pref("CT3072253.testingCtid", "");
user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sun Jan 06 2013 15:46:04 GMT-0500 (Eastern Standard Time)");
user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Jun 25 2012 19:32:37 GMT-0400 (Eastern Daylight Time)");
user_pref("CT3072253.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"5babfb9bc140a1c496d96f22ff91c6863\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1336063965\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14f1\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:15a3\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"b0247494cf7d18dd5da86e5d578c7bdb\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"7182cb073d635cfdc07e30346b4a0d59\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Core\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\2fcbfal9.default\\conduitCommon\\modules\\3.13.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
user_pref("CommunityToolbar.globalUserId", "9708022b-34bb-4efa-a33e-d60696522180");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 25 2012 19:32:41 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.alertEnabled", false);
user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jun 25 2012 19:32:36 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "470a1c82-deb9-4caa-bd9c-7c59c9d147bd");
user_pref("CommunityToolbar.originalHomepage", "about:home");
user_pref("CommunityToolbar.originalSearchEngine", "Google");
user_pref("browser.startup.homepage", "http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=bbc1c165-1fb2-4185-8f4e-e3e45321caa1&searchtype=hp");
user_pref("extensions.505263926b138.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear
user_pref("extensions.helperbar.SmartbarDisabled", true);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");
user_pref("extentions.y2layers.installId", "a455d5d4-21f3-47b2-922e-3773cdec0177");
user_pref("extentions.y2layers.lastDnsTest", 372068);
user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Emptied folder: C:\Users\Core\AppData\Roaming\mozilla\firefox\profiles\2fcbfal9.default\minidumps [57 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/12/2013 at 11:54:37.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9 Scott Wyllie

Scott Wyllie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 12 January 2013 - 12:26 PM

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.12.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Core :: THECORE [administrator]

Protection: Enabled

1/12/2013 12:19:48 PM
mbam-log-2013-01-12 (12-19-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241239
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 PM

Posted 12 January 2013 - 01:50 PM

were you able to complete the ESET online scan?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Scott Wyllie

Scott Wyllie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 13 January 2013 - 09:22 AM

Yes got that finished just now. Took a really long time.

C:\downloads\FreeYouTubeToMp3Converter.exe Win32/OpenCandy application
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\Patch WindowBlinds 7.exe a variant of Win32/HackTool.Patcher.T application
C:\Qoobox\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\CoUPon companion plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application
C:\Users\Core\Desktop\Assassins.Creed.II-SKIDROW\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\Core\Desktop\Assassins.Creed.III.Proper-RELOADED\rld-aiii.iso a variant of Win32/Packed.VMProtect.AAD trojan
C:\Users\Core\Desktop\Downloads\7zip_bimo_d154539.exe probably a variant of Win32/InstallIQ application
C:\Users\Core\Desktop\Downloads\7zip_installer_d793198.exe probably a variant of Win32/InstallIQ application
C:\Users\Core\Desktop\Downloads\downloadmanager_Setup.exe a variant of Win32/Adware.iBryte.D application
C:\Users\Core\Desktop\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application
C:\Users\Core\Desktop\Downloads\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application
K:\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Keygen.And.Patch.WORKING -DI\crack\Keygen.exe a variant of Win32/Keygen.AR application
K:\Stardock WindowsBlinds 7.3\Patch WindowBlinds 7\Patch\Patch WindowBlinds 7.exe a variant of Win32/HackTool.Patcher.T application

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 PM

Posted 13 January 2013 - 10:59 AM

yes, it can take hours, it is very thorough

please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\downloads\FreeYouTubeToMp3Converter.exe 
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\Patch WindowBlinds 7.exe 
C:\Users\Core\Desktop\Assassins.Creed.II-SKIDROW\sr-acii.iso 
C:\Users\Core\Desktop\Assassins.Creed.III.Proper-RELOADED\rld-aiii.iso 
C:\Users\Core\Desktop\Downloads\7zip_bimo_d154539.exe 
C:\Users\Core\Desktop\Downloads\7zip_installer_d793198.exe 
C:\Users\Core\Desktop\Downloads\downloadmanager_Setup.exe 
C:\Users\Core\Desktop\Downloads\FreeYouTubeToMP3Converter.exe 
C:\Users\Core\Desktop\Downloads\mplayer_Setup.exe 
K:\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Keygen.And.Patch.WORKING -DI\crack\Keygen.exe 
K:\Stardock WindowsBlinds 7.3\Patch WindowBlinds 7\Patch\Patch WindowBlinds 7.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u10
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Leave these two Checked

    Trace and Log Files
    Cached Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
[/list]

NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Scott Wyllie

Scott Wyllie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 13 January 2013 - 01:42 PM

Combofix did not make me restart but upon restarting before I did the java script stuff I am still getting death wave. I will update after I restart right as soon as I post this.

ComboFix 13-01-13.01 - Core 01/13/2013 12:54:45.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.24567.19388 [GMT -5:00]
Running from: C:\Users\Core\Desktop\ComboFix.exe
Command switches used :: C:\Users\Core\Desktop\CFScript.txt
AV: Ad-Aware Total Security *Disabled/Outdated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: Ad-Aware Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Ad-Aware Total Security *Disabled/Outdated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"C:\downloads\FreeYouTubeToMp3Converter.exe"
"C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\Patch WindowBlinds 7.exe"
"C:\Users\Core\Desktop\Assassins.Creed.II-SKIDROW\sr-acii.iso"
"C:\Users\Core\Desktop\Assassins.Creed.III.Proper-RELOADED\rld-aiii.iso"
"C:\Users\Core\Desktop\Downloads\7zip_bimo_d154539.exe"
"C:\Users\Core\Desktop\Downloads\7zip_installer_d793198.exe"
"C:\Users\Core\Desktop\Downloads\downloadmanager_Setup.exe"
"C:\Users\Core\Desktop\Downloads\FreeYouTubeToMP3Converter.exe"
"C:\Users\Core\Desktop\Downloads\mplayer_Setup.exe"
"K:\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Keygen.And.Patch.WORKING -DI\crack\Keygen.exe"
"K:\Stardock WindowsBlinds 7.3\Patch WindowBlinds 7\Patch\Patch WindowBlinds 7.exe"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\downloads\FreeYouTubeToMp3Converter.exe
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\Patch WindowBlinds 7.exe
C:\Users\Core\Desktop\Assassins.Creed.II-SKIDROW\sr-acii.iso
C:\Users\Core\Desktop\Assassins.Creed.III.Proper-RELOADED\rld-aiii.iso
C:\Users\Core\Desktop\Downloads\7zip_bimo_d154539.exe
C:\Users\Core\Desktop\Downloads\7zip_installer_d793198.exe
C:\Users\Core\Desktop\Downloads\downloadmanager_Setup.exe
C:\Users\Core\Desktop\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Core\Desktop\Downloads\mplayer_Setup.exe
K:\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Keygen.And.Patch.WORKING -DI\crack\Keygen.exe
K:\Stardock WindowsBlinds 7.3\Patch WindowBlinds 7\Patch\Patch WindowBlinds 7.exe


((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))


2013-01-13 18:12:37 . 2013-01-13 18:12:37 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-01-13 18:12:37 . 2013-01-13 18:12:37 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-01-12 17:37:49 . 2013-01-12 17:37:49 -------- d-----w- C:\Program Files (x86)\ESET
2013-01-12 16:41:53 . 2013-01-12 16:41:53 -------- d-----w- C:\Windows\ERUNT
2013-01-12 16:41:42 . 2013-01-12 16:41:42 -------- d-----w- C:\JRT
2013-01-09 15:36:43 . 2013-01-09 15:36:52 -------- d-----w- C:\FRST
2013-01-09 15:20:50 . 2013-01-10 01:11:46 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird
2013-01-08 14:48:44 . 2013-01-08 14:48:44 -------- d-----w- C:\Remote Programs
2013-01-08 14:48:41 . 2013-01-08 14:48:46 -------- d-----w- C:\ProgramData\Free Ride Games
2013-01-08 14:48:38 . 2013-01-08 14:51:05 -------- d-----w- C:\Program Files (x86)\Free Ride Games
2013-01-08 14:48:38 . 2012-12-04 21:48:50 57824 ------w- C:\Windows\ExentInfo.exe
2013-01-08 14:47:09 . 2013-01-08 14:47:09 -------- d-----w- C:\Users\Core\AppData\Local\Coupon Companion Plugin
2013-01-08 14:47:05 . 2013-01-11 12:34:24 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin
2013-01-05 20:30:26 . 2013-01-05 20:30:26 -------- d-----w- C:\Users\Core\AppData\Local\G DATA
2013-01-04 12:38:19 . 2013-01-04 12:38:19 -------- d-----w- C:\Users\Core\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 12:37:57 . 2013-01-05 20:28:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-01-04 12:37:57 . 2013-01-04 12:37:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-01-04 12:37:27 . 2013-01-04 12:37:27 -------- d-----w- C:\Users\Core\AppData\Roaming\Malwarebytes
2013-01-04 12:36:43 . 2013-01-04 12:36:43 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-04 12:36:41 . 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-01-04 12:36:40 . 2013-01-05 14:14:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-03 14:06:48 . 2013-01-03 14:07:45 -------- d-----w- C:\Program Files\CCleaner
2013-01-02 12:07:39 . 2013-01-02 12:07:39 188 ---ha-w- C:\aaw7boot.cmd
2013-01-01 23:36:10 . 2013-01-11 12:13:20 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys
2013-01-01 23:28:57 . 2013-01-01 23:28:57 40392 ----a-w- C:\Windows\system32\drivers\GDBehave.sys
2013-01-01 23:28:44 . 2013-01-01 23:28:44 57288 ----a-w- C:\Windows\system32\drivers\PktIcpt.sys
2013-01-01 23:28:30 . 2013-01-01 23:17:22 15880 ----a-w- C:\Windows\SysWow64\lsdelete.exe
2013-01-01 23:28:24 . 2010-05-11 09:19:10 137288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\Components\AvkWebFilterFF.dll
2013-01-01 23:28:18 . 2013-01-01 23:28:18 49096 ----a-w- C:\Windows\system32\drivers\HookCentre.sys
2013-01-01 23:28:17 . 2013-01-01 23:28:17 85960 ----a-w- C:\Windows\system32\drivers\MiniIcpt.sys
2013-01-01 23:28:16 . 2013-01-01 23:28:16 48584 ----a-w- C:\Windows\system32\drivers\gdwfpcd64.sys
2013-01-01 23:27:31 . 2013-01-11 03:13:43 -------- d-----w- C:\ProgramData\G DATA
2013-01-01 23:27:31 . 2013-01-01 23:27:32 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
2012-12-22 18:10:32 . 2012-12-22 18:17:08 281392 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-22 18:10:29 . 2012-12-22 18:10:29 -------- d-----w- C:\Users\Core\AppData\Local\PunkBuster
2012-12-22 18:09:54 . 2012-12-22 18:09:54 -------- d-----w- C:\ProgramData\Orbit
2012-12-22 17:34:58 . 2012-11-21 04:32:40 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-01-09 01:40:29 . 2012-07-05 15:48:31 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:40:29 . 2012-07-05 15:48:31 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 01:40:02 . 2012-10-09 00:37:58 16369160 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-12-22 18:17:08 . 2012-12-03 13:14:32 281392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-22 18:10:38 . 2012-12-03 13:14:29 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-22 18:10:32 . 2012-12-03 13:14:32 281392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-10 23:01:54 . 2012-09-05 23:02:14 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll
2012-12-08 14:47:13 . 2012-12-08 14:47:29 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-08 14:47:13 . 2010-07-19 12:38:31 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-10 03:02:02 . 2011-01-20 13:27:44 88008 ----a-w- C:\Windows\system32\LMIRfsClientNP.dll
2012-11-10 03:02:01 . 2011-01-20 13:27:44 35240 ----a-w- C:\Windows\system32\LMIport.dll
2012-11-10 03:02:01 . 2011-01-20 13:27:40 83880 ----a-w- C:\Windows\system32\LMIinit.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}]
C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe" [2008-07-07 15:46:45 416768]
"HP Photosmart 5510d series (NET)"="C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 17:21:20 2676584]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17:16:42 17888944]
"HLBackupScheduler"="C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 08:18:20 7065224]
"MusicManager"="C:\Users\Core\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-12-10 19:11:50 7416320]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-01-05 20:28:50 5629312]
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe" [2012-12-10 12:37:52 969104]
"Exetender"="C:\Program Files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 21:48:56 4936152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 05:25:38 115560]
"vptray"="C:\PROGRA~2\SYMANT~1\VPTray.exe" [2008-10-23 19:46:26 136080]
"Mobile Connectivity Suite"="C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 22:19:48 598016]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 17:04:58 2904984]
"Sendori Tray"="C:\Program Files (x86)\Sendori\SendoriTray.exe" [2012-12-10 23:01:54 82792]
"SoundMAXPnP"="C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-04-16 18:09:36 1310720]
"LifeCam"="C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 19:26:26 119152]
"G Data AntiVirus Tray Application"="C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-16 18:41:40 979968]
"GDFirewallTray"="C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-16 18:44:20 1550576]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 01:43:34 926896]

C:\Users\Core\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - C:\Windows\system32\RunDll32.exe [2009-7-13 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2011-09-26 18:10:54 500016 ----a-w- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys [x]
R1 GRD;G Data Rootkit Detector Driver;C:\Windows\system32\drivers\GRD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 19:26:20 3290896]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 20:33:26 160944]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 11:43:14 25832]
R3 GDBackupSvc;Ad-Aware Backup Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-06-16 18:35:52 911976]
R3 GDTunerSvc;Ad-Aware Tuner Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-06-16 18:35:44 1234896]
R3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 00:16:50 33736]
R3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys [2009-07-10 19:06:50 31744]
R3 rt70x64;Conceptronic 54Mbps RT2500 USB adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7064.sys [2007-10-09 17:54:40 371200]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 17:37:14 517096]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 15:01:50 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-09 20:50:09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 20:06:00 14464]
R4 sptd;sptd;C:\Windows\system32\Drivers\sptd.sys [2010-01-15 14:45:53 834544]
S0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys [2013-01-01 23:28:57 40392]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 07:01:00 56208]
S1 GDMnIcpt;GDMnIcpt;C:\Windows\system32\drivers\MiniIcpt.sys [2013-01-01 23:28:17 85960]
S1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys [2013-01-01 23:28:16 48584]
S1 HookCentre;HookCentre;C:\Windows\system32\drivers\HookCentre.sys [2013-01-01 23:28:18 49096]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 18:54:58 140672]
S2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 23:01:54 118632]
S2 AVKProxy;Ad-Aware Total Security Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-06-16 18:43:44 1081384]
S2 AVKService;Ad-Aware Scheduler;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-06-16 18:43:48 412944]
S2 AVKWCtl;Ad-Aware Filesystem Monitor;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-06-14 21:05:56 2160960]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 03:02:01 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 20:40:06 15928]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 21:49:28 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 21:49:28 682344]
S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 22:58:52 120728]
S2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 21:06:38 65657]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 20:31:10 1153368]
S2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 23:01:54 14696]
S2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 23:01:54 3569512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 14:40:00 382312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 20:08:24 1353544]
S2 WinisoCDBus;WinISO Virtual CD Drive;C:\Windows\system32\drivers\WinisoCDBus.sys [2012-05-17 12:04:56 204032]
S2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 19:57:30 56136]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-01 00:34:25 138912]
S3 GDFwSvc;Ad-Aware Personal Firewall;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-06-15 16:15:36 1954472]
S3 GDPkIcpt;GDPkIcpt;C:\Windows\system32\drivers\PktIcpt.sys [2013-01-01 23:28:44 57288]
S3 GDScan;Ad-Aware Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-06-17 15:26:42 624064]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-12-14 21:49:28 24176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys [2010-05-20 19:26:28 36720]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 18:59:16 694888]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 12:24:44 11856]


Contents of the 'Scheduled Tasks' folder

2013-01-13 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 15:48:31 . 2013-01-09 01:40:31]

2013-01-13 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 19:39:01 . 2012-07-19 19:38:58]

2013-01-13 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 19:39:01 . 2012-07-19 19:38:58]

2013-01-12 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-628688775-3673737984-2390678477-1000Core.job
- C:\Users\Core\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 00:39:29 . 2012-05-10 00:39:28]

2013-01-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-628688775-3673737984-2390678477-1000UA.job
- C:\Users\Core\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 00:39:29 . 2012-05-10 00:39:28]

2013-01-13 C:\Windows\Tasks\HP Photo Creations Messager.job
- C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11:00 . 2011-02-15 10:11:00]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\Topos\cFosSpeed\cFosSpeed.exe" [2009-02-11 16:33:26 1225432]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 10:09:46 446392]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*
uSearchAssistant = hxxp://www.google.com
mSearchAssistant =
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Core\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E13CA507-B55E-401C-8B3F-B15592FAC173}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
FF - ProfilePath - C:\Users\Core\AppData\Roaming\Mozilla\Firefox\Profiles\2fcbfal9.default\
FF - ExtSQL: 2012-12-10 10:54; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-20 08:24; plugin@selectionlinks.com; C:\Users\Core\AppData\Roaming\Mozilla\Firefox\Profiles\2fcbfal9.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-01-01 18:28; {9AA46F4F-4DC7-4c06-97AF-5035170633FE}; C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - ExtSQL: 2013-01-08 07:23; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-08 09:47; extension21804@extension21804.com; C:\Users\Core\AppData\Roaming\Mozilla\Firefox\Profiles\2fcbfal9.default\extensions\extension21804@extension21804.com

- - - - ORPHANS REMOVED - - - -

BHO-{F6222CB7-E738-4DA5-B305-28E5F1ED8B1E} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - C:\Program Files (x86)\Coupons\uninstall.exe
AddRemove-DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc.exe

#14 Scott Wyllie

Scott Wyllie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 13 January 2013 - 01:58 PM

First of all thank you for all your help, great directions, and quick responses. After restarting when all of the stuff you told me to do with Java was finished (I restarted after only because upon my restart from the uninstall process the phenomenon was still occurring) essentially the same thing kept happening. Right as windows is booting in to my desktop the auto-protect window opens and the spawn begins. Interesting now I am picking up not only Trojan.gen but also Trojan Horse. It triggers nearly once every few seconds. Hope you still have some tricks up your sleeve.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 PM

Posted 13 January 2013 - 03:48 PM

Please try the following:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.
Verify that your system is now functioning normally.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users