# Reg.dll error



## hewee (Oct 26, 2001)

Not sure how to start out here and that is why I am posting.

Got XP Pro and when I log out of the one limited user account I use all the time I get a error and I think it's Reg.dll. It flashes by to fast because it's logging off or shutting down but I think that's what it is. I hear the error beep too. 
Other wise all seems OK. 

So how can I find and fix this trouble?


----------



## 2BInformed (Feb 27, 2013)

Hi! Here's something that may help you with your problem.

What is and How to Fix Register DLL Error: http://www.wondershare.com/disk-utility/register_dll.html


----------



## hewee (Oct 26, 2001)

Don't trust a Registry program.


----------



## hewee (Oct 26, 2001)

I think this is it here



> Event Type:	Warning
> Event Source:	Userenv
> Event Category:	None
> Event ID:	1517
> ...


Wow the Event log has this same error going on as far back as the log goes 2/10/12012 so who knows how long it has been.
So why does it seem new to me? Not logging off as fast so I get to see it and hear it.

Edit: Date is 2/10/2012


----------



## 2BInformed (Feb 27, 2013)

hewee said:


> I think this is it here
> 
> Wow the Event log has this same error going on as far back as the log goes 2/10/1012 so who knows how long it has been.
> So why does it seem new to me? Not logging off as fast so I get to see it and hear it.


Gosh, you're right, hewee! If the error goes back all the way to the year 1012!! That IS Far Back!! And to think many of us thought the computer had been invented in just this last century! Ah well, let's all laugh together on that one! Good morning to you and have a great day!


----------



## hewee (Oct 26, 2001)

I edit the date typo to be 2/10/2012. But still that is as far back as the log goes so who knows how long it has been.

Have a good also.


----------



## hewee (Oct 26, 2001)

Bumping Up.


----------



## OliverTaylor (Jun 26, 2013)

Content removed.


----------



## hewee (Oct 26, 2001)

Download what file?


----------



## Cookiegal (Aug 27, 2003)

OliverTaylor,

Your post has been edited. Please do not refer users to obscure web sites that offer file downloads. This file may or may not be malware (it's not a file that's generally found on Windows XP) but even if it's a legtimate file any distribution of such files needs to be through a source authorized by Microsoft.


----------



## Cookiegal (Aug 27, 2003)

Harry,

You mentioned something about a file named reg.dll in the title of your thread. Can you confirm that is the name of the file? I suspect it's something else.

These "userenv" errors are due to some software failing to shut down properly and the way to get around that is to install the Microsoft User Profile Hive Cleanup Service so that the registry gets released safely on shutdown:

http://www.microsoft.com/en-ca/download/details.aspx?id=6676

But let's take a look at the errors from Event Viewer:

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *20* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## hewee (Oct 26, 2001)

OK here you go but I do not see a date of the last shut down on the list. It was late on the 3rd.

Can I log off and note the time and look the error up?

I think it is what I posted in the 4th post. I changed the "MyComputerName\MyUserName" part.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 05/07/2013 9:15:21 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/07/2013 6:42:54 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 10/06/2013 6:56:18 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application FileAlyzer2.exe, version 2.0.5.57, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/05/2013 7:29:26 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 14/05/2013 6:59:06 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application aswrundll.exe, version 8.0.1489.300, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x000311d9.

Log: 'Application' Date/Time: 14/05/2013 6:43:38 PM
Type: error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 03/05/2013 11:39:13 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 03/05/2013 11:39:07 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 15/04/2013 3:06:01 PM
Type: error Category: 0
Event: 11303 Source: MsiInstaller
Product: Ultra Hal Text-to-Speech Reader -- Error 1303.The installer has insufficient privileges to access this directory: C:\Program Files\Zabaware. The installation cannot continue. Log on as an administrator or contact your system administrator.

Log: 'Application' Date/Time: 15/04/2013 3:04:25 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application SpeakToWAV.exe, version 3.3.8.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 13/04/2013 9:29:49 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 29/03/2013 10:28:32 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application pip26121_ars_.exe, version 2.6.12.1, faulting module ieframe.dll, version 8.0.6001.19401, fault address 0x0014e98d.

Log: 'Application' Date/Time: 13/03/2013 12:18:19 PM
Type: error Category: 0
Event: 11303 Source: MsiInstaller
Product: PDFill PDF Editor with FREE Writer and FREE Tools -- Error 1303. The installer has insufficient privileges to access this directory: C:\Program Files\PlotSoft. The installation cannot continue. Log on as administrator or contact your system administrator.

Log: 'Application' Date/Time: 01/03/2013 3:24:35 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application palemoon.exe, version 15.3.0.4695, faulting module xul.dll, version 15.3.0.4695, fault address 0x0021089f.

Log: 'Application' Date/Time: 01/03/2013 2:44:25 PM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -859189091.

Log: 'Application' Date/Time: 01/03/2013 2:44:21 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application WinPatrol.exe, version 26.1.2013.0, faulting module WinPatrol.exe, version 26.1.2013.0, fault address 0x00015b26.

Log: 'Application' Date/Time: 01/03/2013 11:40:50 AM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -859189091.

Log: 'Application' Date/Time: 01/03/2013 11:40:42 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application winpatrol.exe, version 26.1.2013.0, faulting module winpatrol.exe, version 26.1.2013.0, fault address 0x00015b26.

Log: 'Application' Date/Time: 01/03/2013 8:35:47 AM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -859189091.

Log: 'Application' Date/Time: 01/03/2013 8:34:38 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application winpatrol.exe, version 26.1.2013.0, faulting module winpatrol.exe, version 26.1.2013.0, fault address 0x00015b26.

Log: 'Application' Date/Time: 28/02/2013 10:03:25 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application winpatrol.exe, version 26.1.2013.0, faulting module winpatrol.exe, version 26.1.2013.0, fault address 0x00015b26.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/07/2013 3:38:17 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 26/06/2013 10:02:32 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 25/06/2013 9:36:10 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 25/06/2013 9:22:51 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 25/06/2013 8:54:34 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 25/06/2013 8:00:40 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 25/06/2013 10:19:15 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 24/06/2013 11:56:06 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 21/06/2013 9:58:55 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 21/06/2013 9:58:53 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 20/06/2013 1:52:31 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 20/06/2013 1:52:14 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 20/06/2013 1:52:12 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 18/06/2013 9:47:14 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 18/06/2013 3:04:49 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 11/06/2013 8:00:18 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/06/2013 6:39:16 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/06/2013 6:39:03 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/06/2013 6:39:00 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 09/06/2013 11:18:04 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/07/2013 6:22:28 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 04/07/2013 5:26:00 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 02/07/2013 6:42:54 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.

Log: 'System' Date/Time: 28/06/2013 5:39:45 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 27/06/2013 6:51:37 PM
Type: error Category: 0
Event: 6161 Source: Print
The document The Philadelphia Church of God » The 30-Plus Program » Print owned by Hewee failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 213644. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\HEW7WSG1. Win32 error code returned by the print processor: 6 (0x6).

Log: 'System' Date/Time: 27/06/2013 8:26:22 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/06/2013 3:29:39 PM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 26/06/2013 8:41:17 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/06/2013 8:21:14 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/06/2013 9:27:30 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/06/2013 8:21:45 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/06/2013 7:45:36 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/06/2013 2:04:11 PM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 25/06/2013 8:19:46 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 22/06/2013 6:07:46 PM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 22/06/2013 7:50:33 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 21/06/2013 6:46:31 AM
Type: error Category: 0
Event: 8003 Source: MRxSmb
The master browser has received a server announcement from the computer HOWARD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E94F7E2B-1408-4A48. The master browser is stopping or an election is being forced.

Log: 'System' Date/Time: 19/06/2013 9:12:11 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 18/06/2013 1:52:12 PM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 18/06/2013 9:31:31 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/07/2013 6:20:22 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 04/07/2013 11:22:00 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 04/07/2013 8:27:38 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 03/07/2013 2:49:19 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/07/2013 7:08:34 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/07/2013 12:51:26 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 01/07/2013 7:48:47 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/06/2013 4:27:04 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/06/2013 7:28:37 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 28/06/2013 5:37:45 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 26/06/2013 3:27:39 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 25/06/2013 2:02:11 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 24/06/2013 9:14:07 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 22/06/2013 6:05:46 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 21/06/2013 7:04:57 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 19/06/2013 10:51:22 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 18/06/2013 1:50:11 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 16/06/2013 9:03:39 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 15/06/2013 7:58:07 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 14/06/2013 6:13:19 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> OK here you go but I do not see a date of the last shut down on the list. It was late on the 3rd.
> 
> *Can I log off and note the time and look the error up?*


Sure, go ahead and do that.


----------



## hewee (Oct 26, 2001)

OK See yea. 
Got to hope I get it too but can still note the time to see if I miss seeing and hearing the beep.


----------



## hewee (Oct 26, 2001)

OK...10:36 am below is it that is like post #4 with Event: 1517 Source: Userenv
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/07/2013 10:36:42 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 

-----------------------------------

I got to go some place so will be back in a couple hours at most.


----------



## Cookiegal (Aug 27, 2003)

See my post no. 11.

http://forums.techguy.org/8728352-post11.html

Did you install the Microsoft User Profile Hive Cleanup Service?


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> See my post no. 11.
> 
> http://forums.techguy.org/8728352-post11.html
> 
> Did you install the Microsoft User Profile Hive Cleanup Service?


No not yet.

Got to log off and go to other profile to be able to install a .msi file.


----------



## Cookiegal (Aug 27, 2003)

That should take care of those errors.


----------



## hewee (Oct 26, 2001)

So does it do everything on it's own with me having to do anything. 

Thank you so much for the help Cookiegal. 

Odd thing it had gone on a long time from looking at the log. "same error going on as far back as the log goes 2/10/12012" so what ever made the change so it was showing so I could see and hear the error. Maybe the newer Avast that takes longer to scan at shut down.
Who knows the error could go back to 2008.

Will let you know what happens this next week.


----------



## Cookiegal (Aug 27, 2003)

Yes, it will run as a service (you will see the process in the Task Manager) but you don't have to do anything at all.

Please post back and let us know if all is well or if you're still having problems.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> Yes, it will run as a service (you will see the process in the Task Manager) but you don't have to do anything at all.
> 
> Please post back and let us know if all is well or if you're still having problems.


I see the UPHClean.exe


----------



## hewee (Oct 26, 2001)

OK I shut down and did not see a error but got the error sound.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/07/2013 2:49:12 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified. 

Not even the same thing.


----------



## Cookiegal (Aug 27, 2003)

I saw that in the error logs. It looks like the file may be missing for that yet there's still a registry entry calling for it.

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## hewee (Oct 26, 2001)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Harry Bowers at 16:48:28 on 2013-07-05
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\KeyScrambler\keyscrambler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pale Moon\palemoon.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///D:/My_homepage.html
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080710
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [HostsMan] "c:\program files\hostsman\hm.exe" -s
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:4
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1279041134875
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341442862359
TCP: NameServer = 172.27.35.1 68.87.76.178 68.87.78.130
TCP: Interfaces\{E94F7E2B-1408-4A48-B47B-FC65C161510F} : DHCPNameServer = 172.27.35.1 68.87.76.178 68.87.78.130
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\tall emu\online armor\oaevent.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = Error!
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\harry bowers\application data\mozilla\firefox\profiles\4esjn2ww.default\
FF - prefs.js: browser.startup.homepage - file:///D:/My_homepage.html
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-05-30 04:59; [email protected]; c:\documents and settings\harry bowers\application data\mozilla\firefox\profiles\4esjn2ww.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? Diag69xp;Diag69xp
R? PSI;PSI
R? RTLVLAN;Realtek VLAN Intermediate Driver
R? Secunia PSI Agent;Secunia PSI Agent
R? Secunia Update Agent;Secunia Update Agent
R? SIVDRIVER;SIV Kernel Driver
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;aswVmm
S? avast! Antivirus;avast! Antivirus
S? HWiNFO32;HWiNFO32/64 Kernel Driver
S? KeyScrambler;KeyScrambler
S? LANPkt;Realtek LANPkt Protocol Driver
S? OAcat;Online Armor Helper Service
S? OADevice;OADriver
S? OAmon;OAmon
S? OAnet;OAnet
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SvcOnlineArmor;Online Armor
.
=============== File Associations ===============
.
FileExt: .txt: Applications\metapad.exe="c:\documents and settings\all users\documents\metapad351\metapad.exe" "%1" [UserChoice]
FileExt: .ini: - HKCR\*\Shell="c:\program files\safer networking\filealyzer 2\FileAlyzer2.exe" "%1" [default=filealyzer2 - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-07-05 19:59:53	--------	d-----w-	c:\program files\UPHClean
2013-07-03 18:21:17	2680320	----a-w-	c:\windows\system32\ImageEnXLibrary.ocx
2013-07-03 18:21:10	--------	d-----w-	C:\FreeOCR
2013-07-03 18:19:46	--------	d-----w-	c:\program files\Temp
.
==================== Find3M ====================
.
2013-06-27 19:29:03	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:29:03	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-11 16:42:04	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-11 16:42:03	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59:10	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:09	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37	41664	----a-w-	c:\windows\avastSS.scr
2013-05-07 22:30:06	920064	----a-w-	c:\windows\system32\wininet.dll
2013-05-07 22:30:05	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29	385024	----a-w-	c:\windows\system32\html.iec
2013-05-03 01:30:20	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-01 10:59:12	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 10:59:12	69632	----a-w-	c:\windows\system32\QuickTime.qts
2013-04-11 19:35:01	21664	----a-w-	c:\windows\system32\drivers\HWiNFO32.SYS
2013-04-10 01:31:19	1876352	----a-w-	c:\windows\system32\win32k.sys
2008-09-18 01:18:26	274432	----a-w-	c:\program files\stripmail.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD161HJ rev.JF100-22 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
1 ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Harddisk0\DR0[0x8AFE5AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\00000070[0x8AF876C8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8AFF9D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!! 
.
============= FINISH: 16:50:42.79 ===============


----------



## hewee (Oct 26, 2001)

.
==== Installed Programs ======================
.
7-Zip 9.20
ACDSee 32
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
AM-DeadLink 4.5
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Belarc Advisor 8.3
Bing Maps 3D
BitMeter
Browser Address Error Redirector
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 3.0
Dell Driver Reset Tool
Dell Support Center
Diagnostics Utility
Diskeeper 2009 Professional
EULAlyzer 2.1
EVEREST Home Edition v2.20
FastStone Capture 5.3
FileAlyzer 2
FileLocator Lite 2010
FreeOCR v4.2
[email protected] 3.2
High Definition Audio Driver Package - KB835221
HostsMan 4.0.95
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HWiNFO32 Version 4.16
Iconoid Version 3.8.5
Index.dat Suite
IrfanView (remove only)
KeyScrambler
MailWasher Pro
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Thunderbird (3.1.20)
MSXML 6 Service Pack 2 (KB954459)
OGA Notifier 2.0.0048.0
Online Armor 3.5
OpenExpert 1.40
Paint.NET v3.5.10
Pale Moon (3.6.32)
PDF-XChange Viewer
PDFZilla V1.2.9
PerfectDisk 10 Professional
Photo-Brush 3.02
PingPlotter Freeware
POP Peeper
QuickTime
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShellNewARE v3
Sonic CinePlayer Decoder Pack
SpywareBlaster 5.0
Super Finder 1.5.3.2 SR2
SUPERAntiSpyware
SUPERFileRecover
SWF Opener
swMSM
theWord
Tidy Start Menu
Tweak UI
Ulead PhotoImpact 8
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2264107)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.6
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Hotfix (SP1) [See Q282784 for more information]
Windows XP Service Pack 3
WinPatrol
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================

You know dellsupportcenter that came on the computer was upgraded way back in 10/2011 and I got the PC 7/2008. It never worked right.


----------



## Cookiegal (Aug 27, 2003)

I'll go over that more tomorrow but I'd like you to do this as well:

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## hewee (Oct 26, 2001)

That is OK. I will be back Sunday.

Will not do anything but save log.

Scanning now and looks like this takes a long time.

Done.

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-05 17:47:13
-----------------------------
17:47:13.687 OS Version: Windows 5.1.2600 Service Pack 3
17:47:13.687 Number of processors: 4 586 0xF0B
17:47:13.687 ComputerName: HEW7WSG1 UserName: 
17:47:31.265 Initialize success
17:47:34.156 AVAST engine defs: 13070501
17:47:47.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:47:47.000 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-22 Size: 152587MB BusType: 3
17:47:47.000 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
17:47:47.015 Disk 1 Vendor: SAMSUNG_HD161HJ JF100-22 Size: 152587MB BusType: 3
17:47:47.109 Disk 0 MBR read successfully
17:47:47.109 Disk 0 MBR scan
17:47:47.125 Disk 0 Windows XP default MBR code
17:47:47.125 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
17:47:47.125 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152523 MB offset 128520
17:47:47.140 Disk 0 scanning sectors +312496380
17:47:47.203 Disk 0 scanning C:\WINDOWS\system32\drivers
17:47:56.765 Service scanning
17:48:09.656 Modules scanning
17:48:23.296 Disk 0 trace - called modules:
17:48:23.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
17:48:23.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afe5ab8]
17:48:23.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000070[0x8af876c8]
17:48:23.328 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aff9d98]
17:48:23.796 AVAST engine scan C:\WINDOWS
17:48:49.453 AVAST engine scan C:\WINDOWS\system32
17:51:10.296 AVAST engine scan C:\WINDOWS\system32\drivers
17:51:25.281 AVAST engine scan C:\Documents and Settings\Harry Bowers
17:58:34.640 AVAST engine scan C:\Documents and Settings\All Users
18:08:32.703 Scan finished successfully
18:10:27.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Harry Bowers\Desktop\MBR.dat"
18:10:27.406 The log file has been saved successfully to "C:\Documents and Settings\Harry Bowers\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

That scan from aswmbr shows everything is fine but the earlier one in the DDS log shows some potential problems so we'll investigate that further.

But I have a question. The DDS log shows this as your homepage in Firefox:

D:/My_homepage.html

Can you tell me what your D drive is and what that file is?

Also, please do the following:

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## hewee (Oct 26, 2001)

I made my own homepage so that is it at D:/My_homepage.html so this is OK. Did this years ago and have always had the homepage on my PC. I did this so I could open my Browsers back in the dial up days without it want to get online to get to a homepage. 

I just changed to the other Admin profile. I logged off the user profile I use all the time, But this time I got that error and beep that I was getting when I shut down. So was going to run VEW again to see what the error was. But it said I did not have rights to open it. But I downloaded it again and I could run it. 

The Firefox I have is a newer install because I was using Pale Moon for years.
In the Admin account I can not download. Or can not download all file types. I got the gmer.zip but not the gmer.exe. Or could I get the dds.scr. Pale Moon download them OK. I have no trouble in the user profile I use all the time.You think I would have the rights. Firefox
I ran the reset on Firefox but that did not help. Only made me redo my setting. 
It says in the download box "This download has been blocked by your Security Zone Policy" 
So that be Avast or Online Armor but Avast is a newer upgrade that was done around the same time Firefox was installed..


I don't have any CD Emulation programs that I know of. 

Got WARNING I may have rootkit as soon as it opened up.
Only quick scan was checked. I unchecked IAT/EAT. and C: was not checked

I disabled Avast and have Online Armor in learn mode and uncheck the program guard and firewall and that should stop all pop up asking for rights that I would have to click to gave rights. Also turned off real time scanner on SUPERAntiSpyware Professional. 
And am closing Firefox to be offline,

Will post again with what happens


----------



## hewee (Oct 26, 2001)

OK I made a scan and at the end it said I have a rootkit. 

Then after I closed GMER down the computer was a slow dog. Took forever to do anything. I logged off and that took long time and logged back in but again all was so slow so rebooted and all this took about 25 min's. 
Same type of slow down I can get if I copy and paste a whole lot of files.

I think when I started the scan is what is at the end of the log file that was in red when I opened GMER and said *** hidden *** )
So is it a rootkit or something they just can't get to I don't know.

---------------------------------------------------------------------------------------------------

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-07 08:49:42
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_HD161HJ rev.JF100-22 149.01GB
Running: t5cw8zqr.exe; Driver: C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\kwdyipod.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC8B3610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAC9675FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAC8B40E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC8F7B36]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xACA95610]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC8BFF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC8BFF64]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xACAA40D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC8C00FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAC8F74EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC8BFE86]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xACA952C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xACA92580]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xACA92960]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC8BFFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC8BFECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAC8B45E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC8C00B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAC8B4E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC8B3676]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteFile [0xACAA4B50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAC8F81FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAC8F84B2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAC8B8596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC8F8067]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC8F7ED2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC9676C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC8B325E]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadKey [0xACAA3780]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC8B36DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC8B898C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC8B592C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC8BFF42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC8BFF86]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xACAA4760]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC8C0122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAC8F7846]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC8BFEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAC8B7E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAC8C0036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC8BFEF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAC8B826E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC8C00DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAC967822]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xACA96A10]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC8F7D4D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC8B57F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC8F7B9F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAC8B534E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC974744]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwReplaceKey [0xACAA3B20]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xACA96180]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC8F6B30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xACA94C90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSaveKey [0xACAA3FF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xACA959D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC8B3742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC8B37A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAC8B4D16]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetInformationFile [0xACAA4E10]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC8B32F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC8B34CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAC8F8303]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC8B345C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAC8B5066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAC8B51C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAC8B3556]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xACAF6640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAC8B4CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xAC965C42]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA99E875C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC8B380E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAC8B4142]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D14 805045FC 16 Bytes [18, FF, 8B, AC, 64, FF, 8B, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D2C 80504614 4 Bytes JMP B0AC8F74 
.text ntkrnlpa.exe!ZwCallbackReturn + 2D45 8050462D 7 Bytes [25, A9, AC, 60, 29, A9, AC]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D7C 80504664 12 Bytes [76, 36, 8B, AC, 50, 4B, AA, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E50 80504738 16 Bytes [42, FF, 8B, AC, 86, FF, 8B, ...]
.text ... 
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL AC8B5FD9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC58A 5 Bytes JMP AC97DC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C300E 5 Bytes JMP AC97F7B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB93D4000, 0x17D150, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80996D 5 Bytes JMP AC8BA284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C8C9 5 Bytes JMP AC8BA162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF81398B 5 Bytes JMP AC8BA116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E638 5 Bytes JMP AC8B8BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 197D BF820D45 5 Bytes JMP AC8B96EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82D55F 5 Bytes JMP AC8B8D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82E6DD 5 Bytes JMP AC8BA3FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 2E84 BF83906A 5 Bytes JMP AC8BA614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + B8EE BF841AD4 5 Bytes JMP AC8BA00A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + E0AA BF844290 5 Bytes JMP AC8B96CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + F626 BF84580C 5 Bytes JMP AC8B8DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 290F BF86F4AE 5 Bytes JMP AC8B97C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4BED BF87178C 5 Bytes JMP AC8B922C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4C78 BF871817 5 Bytes JMP AC8B9508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 584E BF8723ED 5 Bytes JMP AC8B8AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AC2C BF8777CB 5 Bytes JMP AC8BA1B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67E3 BF87E9EA 5 Bytes JMP AC8BA33C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CBE 5 Bytes JMP AC8B92F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4126 BF8987FB 5 Bytes JMP AC8B94C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8B58E1 5 Bytes JMP AC8B97E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8B8FFF 5 Bytes JMP AC8BA56C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 35C2 BF8C1C2F 5 Bytes JMP AC8B8F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + A58F BF8EB1A7 4 Bytes JMP AC8B970A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFC68 4 Bytes JMP AC8B89C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1E37 4 Bytes JMP AC8B9008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F20B7 5 Bytes JMP AC8B9150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A3E BF914770 5 Bytes JMP AC8B8CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1CEA BF914A1C 4 Bytes JMP AC8B988C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2612 BF915344 4 Bytes JMP AC8B8EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F93 BF917CC5 5 Bytes JMP AC8B9628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1943 BF9480DA 5 Bytes JMP AC8BA4BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
? C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the path specified. !

---- User code sections - GMER 2.1 ----

.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B50001 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] ole32.dll!CoCreateInstanceEx 774FF164 6 Bytes JMP 5F160F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] ole32.dll!CoCreateInstance 774FF1BC 6 Bytes JMP 5F130F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5F280F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!select 71AB30A8 6 Bytes JMP 5F2B0F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5F1C0F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!ioctlsocket 71AB3F50 6 Bytes JMP 5F2E0F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F1F0F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5F250F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5F3A0F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5F360F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5F3D0F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] WS2_32.dll!WSAAsyncSelect 71AC0991 6 Bytes JMP 5F310F5A 
.text C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe[212] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F190F5A 
.text C:\WINDOWS\System32\smss.exe[480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[536] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\csrss.exe[536] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[624] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\lsass.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\HostsMan\hm.exe[728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8 
.text C:\Program Files\HostsMan\hm.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HostsMan\hm.exe[728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC 
.text C:\Program Files\HostsMan\hm.exe[728] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01570001 
.text C:\Program Files\HostsMan\hm.exe[728] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\Program Files\HostsMan\hm.exe[728] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\Program Files\HostsMan\hm.exe[728] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\HostsMan\hm.exe[728] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\HostsMan\hm.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\HostsMan\hm.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\HostsMan\hm.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\HostsMan\hm.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\HostsMan\hm.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\HostsMan\hm.exe[728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\HostsMan\hm.exe[728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\HostsMan\hm.exe[728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\HostsMan\hm.exe[728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\HostsMan\hm.exe[728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\HostsMan\hm.exe[728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\HostsMan\hm.exe[728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\HostsMan\hm.exe[728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\HostsMan\hm.exe[728] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\Program Files\HostsMan\hm.exe[728] ole32.dll!CoCreateInstanceEx 774FF164 6 Bytes JMP 5F190F5A 
.text C:\Program Files\HostsMan\hm.exe[728] ole32.dll!CoCreateInstance 774FF1BC 6 Bytes JMP 5F160F5A 
.text C:\Program Files\HostsMan\hm.exe[728] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\Program Files\HostsMan\hm.exe[728] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F130F5A 
.text  C:\WINDOWS\System32\svchost.exe[744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\svchost.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\svchost.exe[744] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\System32\svchost.exe[744] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014 
.text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804 
.text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C 
.text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10 
.text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600 
.text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00420804 
.text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00420A08 
.text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00420600 
.text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004201F8 
.text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004203FC 
.text C:\WINDOWS\system32\Ati2evxx.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[844] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\Ati2evxx.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1152] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001 
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1284] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E 
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1284] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E 
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1816] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D 
.text C:\WINDOWS\system32\spoolsv.exe[1816] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1896] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2088] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2088] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe[2192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe[2192] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe[2192] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004F0804 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004F0A08 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004F0600 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004F01F8 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004F03FC 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00501014 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00500804 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00500A08 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00500C0C 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00500E10 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 005001F8 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005003FC 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 00500600 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2340] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F130F5A 
.text C:\WINDOWS\system32\svchost.exe[2476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2476] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\system32\svchost.exe[2476] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\UPHClean\uphclean.exe[2620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\UPHClean\uphclean.exe[2620] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\UPHClean\uphclean.exe[2620] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\alg.exe[3548] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\System32\alg.exe[3548] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\System32\alg.exe[3548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\System32\alg.exe[3548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\System32\alg.exe[3548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\System32\alg.exe[3548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014 
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804 
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08 
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C 
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10 
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8 
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC 
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5F220F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!select 71AB30A8 6 Bytes JMP 5F250F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5F160F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!ioctlsocket 71AB3F50 6 Bytes JMP 5F280F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F190F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5F1F0F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5F340F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5F300F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5F370F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] WS2_32.dll!WSAAsyncSelect 71AC0991 6 Bytes JMP 5F2B0F5A 
.text C:\Program Files\KeyScrambler\keyscrambler.exe[3552] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F130F5A 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\WINDOWS\system32\Ati2evxx.exe[4192] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[4208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[4208] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004F0804 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004F0A08 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004F0600 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004F01F8 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004F03FC 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00501014 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00500804 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00500A08 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00500C0C 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00500E10 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 005001F8 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005003FC 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 00500600 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[4448] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F130F5A 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01590001 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[4548] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4560] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002801F8 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002803FC 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00290804 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00290A08 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00290600 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002901F8 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002903FC 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002A1014 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002A0804 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002A0A08 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002A0C0C 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002A0E10 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002A01F8 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002A03FC 
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002A0600 
.text C:\WINDOWS\Explorer.EXE[5224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\Explorer.EXE[5224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[5224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\Explorer.EXE[5224] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001 
.text C:\WINDOWS\Explorer.EXE[5224] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\WINDOWS\Explorer.EXE[5224] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\WINDOWS\Explorer.EXE[5224] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\Explorer.EXE[5224] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[5224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014 
.text C:\WINDOWS\Explorer.EXE[5224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804 
.text C:\WINDOWS\Explorer.EXE[5224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\Explorer.EXE[5224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C 
.text C:\WINDOWS\Explorer.EXE[5224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10 
.text C:\WINDOWS\Explorer.EXE[5224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\Explorer.EXE[5224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\Explorer.EXE[5224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600 
.text C:\WINDOWS\Explorer.EXE[5224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804 
.text C:\WINDOWS\Explorer.EXE[5224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08 
.text C:\WINDOWS\Explorer.EXE[5224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600 
.text C:\WINDOWS\Explorer.EXE[5224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8 
.text C:\WINDOWS\Explorer.EXE[5224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC 
.text C:\WINDOWS\Explorer.EXE[5224] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\WINDOWS\Explorer.EXE[5224] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\WINDOWS\Explorer.EXE[5224] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F130F5A 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[5256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC 
.text C:\WINDOWS\RTHDCPL.EXE[5256] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01D00001 
.text C:\WINDOWS\RTHDCPL.EXE[5256] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\WINDOWS\RTHDCPL.EXE[5256] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\WINDOWS\RTHDCPL.EXE[5256] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\RTHDCPL.EXE[5256] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[5256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC 
.text C:\WINDOWS\RTHDCPL.EXE[5256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600 
.text C:\WINDOWS\RTHDCPL.EXE[5256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\WINDOWS\RTHDCPL.EXE[5256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\WINDOWS\RTHDCPL.EXE[5256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\WINDOWS\RTHDCPL.EXE[5256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\WINDOWS\RTHDCPL.EXE[5256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\WINDOWS\RTHDCPL.EXE[5256] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\WINDOWS\RTHDCPL.EXE[5256] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B20001 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600 
.text C:\Program Files\Windows NT\Accessories\WORDPAD.EXE[5516] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\WINDOWS\system32\wscntfy.exe[5544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[5544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001 
.text C:\WINDOWS\system32\wscntfy.exe[5544] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\WINDOWS\system32\wscntfy.exe[5544] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\WINDOWS\system32\wscntfy.exe[5544] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\system32\wscntfy.exe[5544] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[5544] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\WINDOWS\system32\wscntfy.exe[5544] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[5992] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[6112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\system32\ctfmon.exe[6112] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001 
.text C:\WINDOWS\system32\ctfmon.exe[6112] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A 
.text C:\WINDOWS\system32\ctfmon.exe[6112] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A 
.text C:\WINDOWS\system32\ctfmon.exe[6112] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D 
.text C:\WINDOWS\system32\ctfmon.exe[6112] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[6112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC 
.text C:\WINDOWS\system32\ctfmon.exe[6112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600 
.text C:\WINDOWS\system32\ctfmon.exe[6112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804 
.text C:\WINDOWS\system32\ctfmon.exe[6112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08 
.text C:\WINDOWS\system32\ctfmon.exe[6112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600 
.text C:\WINDOWS\system32\ctfmon.exe[6112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8 
.text C:\WINDOWS\system32\ctfmon.exe[6112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC 
.text C:\WINDOWS\system32\ctfmon.exe[6112] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F100F5A 
.text C:\WINDOWS\system32\ctfmon.exe[6112] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F040F5A

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp  OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Processes - GMER 2.1 ----

Process (*** hidden *** ) [4] 8B036660

---- EOF - GMER 2.1 ----


----------



## hewee (Oct 26, 2001)

Good it showed up.
I got busy message and the retry and then got blank screen and said no way but open new window here and see it got posted. The post above did that also but not the same busy bar and then went to blank page but I was able to hit back and then forward and it posted.
http://forums.techguy.org/newreply.php?do=postreply&t=1098699&503retry=1

This happens when site is busy. Just never had it happen twice in a one day. Just glad they went thru because that one post was long and I would have to redo it otherwise.

That log I do see this.

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
? C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the path specified. !

So that I guess why I got that error again but it's running because I can see it. WinPatrol also shows it here C:\PROGRAM FILES\UPHCLEAN\UPHCLEAN.EXE and running.


----------



## Cookiegal (Aug 27, 2003)

Let's see what this tool says:

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## hewee (Oct 26, 2001)

Well that was a fast and easy one.

11:48:32.0015 2796 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:48:34.0015 2796 ============================================================
11:48:34.0015 2796 Current date / time: 2013/07/07 11:48:34.0015
11:48:34.0015 2796 SystemInfo:
11:48:34.0015 2796 
11:48:34.0031 2796 OS Version: 5.1.2600 ServicePack: 3.0
11:48:34.0031 2796 Product type: Workstation
11:48:34.0031 2796 ComputerName: HEW7WSG1
11:48:34.0031 2796 UserName: Harry Bowers
11:48:34.0031 2796 Windows directory: C:\WINDOWS
11:48:34.0031 2796 System windows directory: C:\WINDOWS
11:48:34.0031 2796 Processor architecture: Intel x86
11:48:34.0031 2796 Number of processors: 4
11:48:34.0031 2796 Page size: 0x1000
11:48:34.0031 2796 Boot type: Normal boot
11:48:34.0031 2796 ============================================================
11:48:37.0796 2796 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:48:37.0812 2796 Drive \Device\Harddisk1\DR1 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:48:37.0812 2796 ============================================================
11:48:37.0812 2796 \Device\Harddisk0\DR0:
11:48:37.0812 2796 MBR partitions:
11:48:37.0812 2796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x129E5AF4
11:48:37.0812 2796 \Device\Harddisk1\DR1:
11:48:37.0812 2796 MBR partitions:
11:48:37.0812 2796 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
11:48:37.0812 2796 ============================================================
11:48:37.0843 2796 C: <-> \Device\Harddisk0\DR0\Partition1
11:48:37.0859 2796 D: <-> \Device\Harddisk1\DR1\Partition1
11:48:37.0859 2796 ============================================================
11:48:37.0859 2796 Initialize success
11:48:37.0859 2796 ============================================================
11:49:02.0843 1596 ============================================================
11:49:02.0843 1596 Scan started
11:49:02.0843 1596 Mode: Manual; 
11:49:02.0843 1596 ============================================================
11:49:03.0640 1596 ================ Scan system memory ========================
11:49:03.0640 1596 System memory - ok
11:49:03.0640 1596 ================ Scan services =============================
11:49:03.0828 1596 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:49:03.0828 1596 !SASCORE - ok
11:49:04.0062 1596 Abiosdsk - ok
11:49:04.0125 1596 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:49:04.0125 1596 abp480n5 - ok
11:49:04.0156 1596 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:49:04.0156 1596 ACPI - ok
11:49:04.0187 1596 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:49:04.0187 1596 ACPIEC - ok
11:49:04.0234 1596 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
11:49:04.0234 1596 AdobeActiveFileMonitor6.0 - ok
11:49:04.0265 1596 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:49:04.0281 1596 adpu160m - ok
11:49:04.0328 1596 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:49:04.0328 1596 aec - ok
11:49:04.0375 1596 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:49:04.0375 1596 AFD - ok
11:49:04.0390 1596 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:49:04.0390 1596 agp440 - ok
11:49:04.0406 1596 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:49:04.0406 1596 agpCPQ - ok
11:49:04.0421 1596 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:49:04.0437 1596 Aha154x - ok
11:49:04.0468 1596 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:49:04.0484 1596 aic78u2 - ok
11:49:04.0515 1596 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:49:04.0515 1596 aic78xx - ok
11:49:04.0593 1596 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:49:04.0609 1596 Alerter - ok
11:49:04.0640 1596 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:49:04.0640 1596 ALG - ok
11:49:04.0671 1596 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:49:04.0671 1596 AliIde - ok
11:49:04.0703 1596 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:49:04.0703 1596 alim1541 - ok
11:49:04.0765 1596 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:49:04.0765 1596 amdagp - ok
11:49:04.0812 1596 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
11:49:04.0812 1596 amsint - ok
11:49:04.0875 1596 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:49:04.0875 1596 AppMgmt - ok
11:49:04.0890 1596 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:49:04.0890 1596 Arp1394 - ok
11:49:04.0953 1596 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
11:49:04.0953 1596 asc - ok
11:49:04.0968 1596 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:49:04.0968 1596 asc3350p - ok
11:49:05.0015 1596 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:49:05.0015 1596 asc3550 - ok
11:49:05.0140 1596 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:49:05.0156 1596 aspnet_state - ok
11:49:05.0187 1596 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:49:05.0203 1596 aswFsBlk - ok
11:49:05.0250 1596 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
11:49:05.0250 1596 aswMonFlt - ok
11:49:05.0296 1596 [ 7B43265F92257A21CBFD88E7A651044C ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
11:49:05.0296 1596 aswRdr - ok
11:49:05.0359 1596 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
11:49:05.0359 1596 aswRvrt - ok
11:49:05.0453 1596 [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:49:05.0453 1596 aswSnx - ok
11:49:05.0515 1596 [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:49:05.0515 1596 aswSP - ok
11:49:05.0562 1596 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:49:05.0562 1596 aswTdi - ok
11:49:05.0609 1596 [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
11:49:05.0609 1596 aswVmm - ok
11:49:05.0640 1596 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:49:05.0640 1596 AsyncMac - ok
11:49:05.0703 1596 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:49:05.0703 1596 atapi - ok
11:49:05.0703 1596 Atdisk - ok
11:49:05.0781 1596 [ 09AD298196A9F2D8F89D58F88A1EA0D4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:49:05.0781 1596 Ati HotKey Poller - ok
11:49:05.0859 1596 [ 75DF4CE950DE5CAA6E68A33B36513EF6 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:49:05.0875 1596 ati2mtag - ok
11:49:05.0906 1596 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
11:49:05.0906 1596 AtiHdmiService - ok
11:49:05.0937 1596 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:49:05.0937 1596 Atmarpc - ok
11:49:05.0968 1596 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:49:05.0968 1596 AudioSrv - ok
11:49:06.0000 1596 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:49:06.0000 1596 audstub - ok
11:49:06.0078 1596 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:49:06.0078 1596 avast! Antivirus - ok
11:49:06.0125 1596 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
11:49:06.0125 1596 BANTExt - ok
11:49:06.0156 1596 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:49:06.0156 1596 Beep - ok
11:49:06.0171 1596 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:49:06.0187 1596 BITS - ok
11:49:06.0218 1596 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:49:06.0218 1596 Browser - ok
11:49:06.0234 1596 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:49:06.0234 1596 cbidf - ok
11:49:06.0234 1596 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:49:06.0234 1596 cbidf2k - ok
11:49:06.0250 1596 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:49:06.0250 1596 cd20xrnt - ok
11:49:06.0265 1596 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:49:06.0265 1596 Cdaudio - ok
11:49:06.0281 1596 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:49:06.0281 1596 Cdfs - ok
11:49:06.0296 1596 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:49:06.0296 1596 Cdrom - ok
11:49:06.0296 1596 Changer - ok
11:49:06.0328 1596 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:49:06.0343 1596 CiSvc - ok
11:49:06.0343 1596 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:49:06.0359 1596 ClipSrv - ok
11:49:06.0406 1596 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:49:06.0453 1596 clr_optimization_v2.0.50727_32 - ok
11:49:06.0484 1596 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:49:06.0500 1596 clr_optimization_v4.0.30319_32 - ok
11:49:06.0500 1596 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:49:06.0500 1596 CmdIde - ok
11:49:06.0500 1596 COMSysApp - ok
11:49:06.0531 1596 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:49:06.0531 1596 Cpqarray - ok
11:49:06.0546 1596 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:49:06.0546 1596 CryptSvc - ok
11:49:06.0562 1596 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:49:06.0562 1596 dac2w2k - ok
11:49:06.0578 1596 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:49:06.0578 1596 dac960nt - ok
11:49:06.0609 1596 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:49:06.0625 1596 DcomLaunch - ok
11:49:06.0656 1596 [ 292E9EC82DF08CBDD1CC51D963F38248 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
11:49:06.0656 1596 DefragFS - ok
11:49:06.0718 1596 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:49:06.0718 1596 Dhcp - ok
11:49:06.0734 1596 [ A22D5A027F397E412CBB2D97E8661BFF ] Diag69xp C:\WINDOWS\system32\Drivers\Diag69xp.sys
11:49:06.0734 1596 Diag69xp - ok
11:49:06.0796 1596 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:49:06.0796 1596 Disk - ok
11:49:06.0906 1596 [ CBDCA78ED494A1A25480A8DAFF8D3F52 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
11:49:06.0921 1596 Diskeeper - ok
11:49:06.0968 1596 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
11:49:06.0968 1596 DLABMFSM - ok
11:49:07.0015 1596 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
11:49:07.0015 1596 DLABOIOM - ok
11:49:07.0046 1596 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:49:07.0046 1596 DLACDBHM - ok
11:49:07.0062 1596 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
11:49:07.0062 1596 DLADResM - ok
11:49:07.0093 1596 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
11:49:07.0093 1596 DLAIFS_M - ok
11:49:07.0125 1596 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
11:49:07.0125 1596 DLAOPIOM - ok
11:49:07.0156 1596 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
11:49:07.0156 1596 DLAPoolM - ok
11:49:07.0203 1596 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
11:49:07.0203 1596 DLARTL_M - ok
11:49:07.0218 1596 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
11:49:07.0218 1596 DLAUDFAM - ok
11:49:07.0265 1596 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
11:49:07.0265 1596 DLAUDF_M - ok
11:49:07.0265 1596 dmadmin - ok
11:49:07.0312 1596 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:49:07.0328 1596 dmboot - ok
11:49:07.0375 1596 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:49:07.0390 1596 dmio - ok
11:49:07.0421 1596 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:49:07.0421 1596 dmload - ok
11:49:07.0453 1596 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:49:07.0453 1596 dmserver - ok
11:49:07.0484 1596 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:49:07.0484 1596 DMusic - ok
11:49:07.0515 1596 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:49:07.0515 1596 Dnscache - ok
11:49:07.0546 1596 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:49:07.0546 1596 Dot3svc - ok
11:49:07.0578 1596 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:49:07.0578 1596 dpti2o - ok
11:49:07.0609 1596 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:49:07.0609 1596 drmkaud - ok
11:49:07.0640 1596 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:49:07.0640 1596 DRVMCDB - ok
11:49:07.0687 1596 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:49:07.0687 1596 DRVNDDM - ok
11:49:07.0734 1596 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:49:07.0734 1596 E100B - ok
11:49:07.0750 1596 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:49:07.0765 1596 EapHost - ok
11:49:07.0796 1596 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:49:07.0796 1596 ERSvc - ok
11:49:07.0828 1596 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:49:07.0843 1596 Eventlog - ok
11:49:07.0859 1596 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:49:07.0859 1596 EventSystem - ok
11:49:07.0906 1596 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:49:07.0906 1596 Fastfat - ok
11:49:07.0937 1596 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:49:07.0953 1596 FastUserSwitchingCompatibility - ok
11:49:07.0984 1596 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:49:07.0984 1596 Fax - ok
11:49:08.0031 1596 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:49:08.0031 1596 Fdc - ok
11:49:08.0062 1596 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:49:08.0062 1596 Fips - ok
11:49:08.0109 1596 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:49:08.0109 1596 FLEXnet Licensing Service - ok
11:49:08.0125 1596 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:49:08.0125 1596 Flpydisk - ok
11:49:08.0171 1596 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:49:08.0187 1596 FltMgr - ok
11:49:08.0234 1596 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:49:08.0234 1596 FontCache3.0.0.0 - ok
11:49:08.0250 1596 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:49:08.0250 1596 Fs_Rec - ok
11:49:08.0281 1596 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:49:08.0281 1596 Ftdisk - ok
11:49:08.0312 1596 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:49:08.0312 1596 Gpc - ok
11:49:08.0359 1596 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
11:49:08.0359 1596 HdAudAddService - ok
11:49:08.0390 1596 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:49:08.0406 1596 HDAudBus - ok
11:49:08.0484 1596 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:49:08.0484 1596 helpsvc - ok
11:49:08.0484 1596 HidServ - ok
11:49:08.0531 1596 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:49:08.0531 1596 HidUsb - ok
11:49:08.0578 1596 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:49:08.0578 1596 hkmsvc - ok
11:49:08.0625 1596 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
11:49:08.0625 1596 hpn - ok
11:49:08.0671 1596 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:49:08.0671 1596 HTTP - ok
11:49:08.0734 1596 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:49:08.0734 1596 HTTPFilter - ok
11:49:08.0812 1596 [ 070E133F9D46BF83E2D36BFD208DE513 ] HWiNFO32 C:\WINDOWS\system32\drivers\HWiNFO32.SYS
11:49:08.0812 1596 HWiNFO32 - ok
11:49:08.0875 1596 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
11:49:08.0875 1596 i2omgmt - ok
11:49:08.0921 1596 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:49:08.0921 1596 i2omp - ok
11:49:08.0953 1596 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:49:08.0953 1596 i8042prt - ok
11:49:09.0015 1596 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
11:49:09.0015 1596 iaStor - ok
11:49:09.0109 1596 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:49:09.0109 1596 idsvc - ok
11:49:09.0156 1596 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:49:09.0156 1596 Imapi - ok
11:49:09.0234 1596 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:49:09.0250 1596 ImapiService - ok
11:49:09.0281 1596 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:49:09.0281 1596 ini910u - ok
11:49:09.0453 1596 [ 811B31E0E0AC7BE484EFBFFC42AFCBBE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:49:09.0500 1596 IntcAzAudAddService - ok
11:49:09.0531 1596 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:49:09.0531 1596 IntelIde - ok
11:49:09.0593 1596 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:49:09.0593 1596 intelppm - ok
11:49:09.0640 1596 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:49:09.0640 1596 Ip6Fw - ok
11:49:09.0750 1596 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:49:09.0750 1596 IpFilterDriver - ok
11:49:09.0828 1596 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:49:09.0828 1596 IpInIp - ok
11:49:09.0953 1596 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:49:09.0968 1596 IpNat - ok
11:49:10.0000 1596 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:49:10.0015 1596 IPSec - ok
11:49:10.0062 1596 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:49:10.0062 1596 IRENUM - ok
11:49:10.0125 1596 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:49:10.0125 1596 isapnp - ok
11:49:10.0187 1596 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:49:10.0187 1596 Kbdclass - ok
11:49:10.0234 1596 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:49:10.0234 1596 kbdhid - ok
11:49:10.0281 1596 [ D56C01321117CE8E073DE21C6365971E ] KeyScrambler C:\WINDOWS\system32\drivers\keyscrambler.sys
11:49:10.0281 1596 KeyScrambler - ok
11:49:10.0390 1596 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:49:10.0406 1596 kmixer - ok
11:49:10.0468 1596 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:49:10.0484 1596 KSecDD - ok
11:49:10.0578 1596 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:49:10.0578 1596 lanmanserver - ok
11:49:10.0640 1596 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:49:10.0640 1596 lanmanworkstation - ok
11:49:10.0734 1596 [ 8F5795B166CBB50966E29982F8CDB310 ] LANPkt C:\WINDOWS\system32\DRIVERS\LANPkt.sys
11:49:10.0734 1596 LANPkt - ok
11:49:10.0734 1596 lbrtfdc - ok
11:49:10.0796 1596 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:49:10.0796 1596 LmHosts - ok
11:49:10.0859 1596 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:49:10.0875 1596 Messenger - ok
11:49:10.0937 1596 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:49:10.0937 1596 mnmdd - ok
11:49:10.0968 1596 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:49:10.0968 1596 mnmsrvc - ok
11:49:11.0015 1596 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:49:11.0015 1596 Modem - ok
11:49:11.0078 1596 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:49:11.0078 1596 Mouclass - ok
11:49:11.0140 1596 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:49:11.0140 1596 mouhid - ok
11:49:11.0187 1596 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:49:11.0187 1596 MountMgr - ok
11:49:11.0234 1596 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:49:11.0234 1596 mraid35x - ok
11:49:11.0296 1596 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:49:11.0296 1596 MRxDAV - ok
11:49:11.0359 1596 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:49:11.0359 1596 MRxSmb - ok
11:49:11.0406 1596 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:49:11.0406 1596 MSDTC - ok
11:49:11.0437 1596 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:49:11.0437 1596 Msfs - ok
11:49:11.0437 1596 MSIServer - ok
11:49:11.0484 1596 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:49:11.0484 1596 MSKSSRV - ok
11:49:11.0546 1596 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:49:11.0562 1596 MSPCLOCK - ok
11:49:11.0609 1596 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:49:11.0609 1596 MSPQM - ok
11:49:11.0671 1596 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:49:11.0671 1596 mssmbios - ok
11:49:11.0734 1596 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:49:11.0734 1596 Mup - ok
11:49:11.0781 1596 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:49:11.0796 1596 napagent - ok
11:49:11.0890 1596 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:49:11.0890 1596 NDIS - ok
11:49:11.0984 1596 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:49:11.0984 1596 NdisTapi - ok
11:49:12.0031 1596 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:49:12.0031 1596 Ndisuio - ok
11:49:12.0078 1596 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:49:12.0093 1596 NdisWan - ok
11:49:12.0109 1596 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:49:12.0109 1596 NDProxy - ok
11:49:12.0140 1596 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:49:12.0140 1596 NetBIOS - ok
11:49:12.0171 1596 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:49:12.0171 1596 NetBT - ok
11:49:12.0234 1596 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:49:12.0265 1596 NetDDE - ok
11:49:12.0265 1596 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:49:12.0281 1596 NetDDEdsdm - ok
11:49:12.0328 1596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:49:12.0328 1596 Netlogon - ok
11:49:12.0359 1596 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:49:12.0359 1596 Netman - ok
11:49:12.0390 1596 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:49:12.0390 1596 NetTcpPortSharing - ok
11:49:12.0437 1596 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:49:12.0437 1596 NIC1394 - ok
11:49:12.0500 1596 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:49:12.0500 1596 Nla - ok
11:49:12.0546 1596 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:49:12.0546 1596 Npfs - ok
11:49:12.0640 1596 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:49:12.0656 1596 Ntfs - ok
11:49:12.0718 1596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:49:12.0718 1596 NtLmSsp - ok
11:49:12.0828 1596 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:49:12.0859 1596 NtmsSvc - ok
11:49:12.0890 1596 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:49:12.0890 1596 Null - ok
11:49:13.0093 1596 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:49:13.0109 1596 nv - ok
11:49:13.0140 1596 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:49:13.0140 1596 NwlnkFlt - ok
11:49:13.0187 1596 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:49:13.0187 1596 NwlnkFwd - ok
11:49:13.0406 1596 [ A58637CF999068CBDC70DCC42C730F93 ] OAcat C:\Program Files\Tall Emu\Online Armor\OAcat.exe
11:49:13.0421 1596 OAcat - ok
11:49:13.0515 1596 [ 7EB48CF2812B4B5B8EEAA1F687F63BE8 ] OADevice C:\WINDOWS\system32\drivers\OADriver.sys
11:49:13.0515 1596 OADevice - ok
11:49:13.0562 1596 [ EC102328E7154CD62865FEC9CA9BDFE7 ] OAmon C:\WINDOWS\system32\drivers\OAmon.sys
11:49:13.0562 1596 OAmon - ok
11:49:13.0609 1596 [ B7C77371119423E4D432C8F0654B4B20 ] OAnet C:\WINDOWS\system32\drivers\OAnet.sys
11:49:13.0609 1596 OAnet - ok
11:49:13.0671 1596 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:49:13.0671 1596 ohci1394 - ok
11:49:13.0703 1596 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:49:13.0703 1596 ose - ok
11:49:13.0718 1596 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:49:13.0734 1596 Parport - ok
11:49:13.0750 1596 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:49:13.0750 1596 PartMgr - ok
11:49:13.0796 1596 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:49:13.0796 1596 ParVdm - ok
11:49:13.0796 1596 PcdrNdisuio - ok
11:49:13.0859 1596 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:49:13.0859 1596 PCI - ok
11:49:13.0859 1596 PCIDump - ok
11:49:13.0906 1596 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:49:13.0906 1596 PCIIde - ok
11:49:13.0968 1596 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:49:14.0000 1596 Pcmcia - ok
11:49:14.0125 1596 [ 6ABB7315658F35E448207B0CE69025BC ] PDAgent C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
11:49:14.0125 1596 PDAgent - ok
11:49:14.0140 1596 PDCOMP - ok
11:49:14.0203 1596 [ B5838B97235014D5378B80ED05D4EF30 ] PDEngine C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
11:49:14.0218 1596 PDEngine - ok
11:49:14.0218 1596 PDFRAME - ok
11:49:14.0234 1596 PDRELI - ok
11:49:14.0234 1596 PDRFRAME - ok
11:49:14.0265 1596 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
11:49:14.0265 1596 perc2 - ok
11:49:14.0281 1596 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:49:14.0296 1596 perc2hib - ok
11:49:14.0375 1596 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:49:14.0375 1596 PlugPlay - ok
11:49:14.0421 1596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:49:14.0421 1596 PolicyAgent - ok
11:49:14.0484 1596 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:49:14.0484 1596 PptpMiniport - ok
11:49:14.0500 1596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:49:14.0500 1596 ProtectedStorage - ok
11:49:14.0562 1596 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
11:49:14.0562 1596 ProtexisLicensing - ok
11:49:14.0625 1596 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
11:49:14.0625 1596 PSI - ok
11:49:14.0687 1596 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:49:14.0703 1596 Ptilink - ok
11:49:14.0765 1596 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:49:14.0765 1596 PxHelp20 - ok
11:49:14.0796 1596 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:49:14.0796 1596 ql1080 - ok
11:49:14.0843 1596 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:49:14.0843 1596 Ql10wnt - ok
11:49:14.0890 1596 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:49:14.0890 1596 ql12160 - ok
11:49:14.0937 1596 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:49:14.0937 1596 ql1240 - ok
11:49:14.0984 1596 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:49:15.0000 1596 ql1280 - ok
11:49:15.0046 1596 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:49:15.0046 1596 RasAcd - ok
11:49:15.0125 1596 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:49:15.0125 1596 RasAuto - ok
11:49:15.0156 1596 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:49:15.0156 1596 Rasl2tp - ok
11:49:15.0250 1596 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:49:15.0265 1596 RasMan - ok
11:49:15.0312 1596 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:49:15.0312 1596 RasPppoe - ok
11:49:15.0359 1596 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:49:15.0375 1596 Raspti - ok
11:49:15.0437 1596 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:49:15.0453 1596 Rdbss - ok
11:49:15.0500 1596 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:49:15.0500 1596 RDPCDD - ok
11:49:15.0640 1596 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:49:15.0656 1596 rdpdr - ok
11:49:15.0687 1596 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:49:15.0703 1596 RDPWD - ok
11:49:15.0765 1596 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:49:15.0812 1596 RDSessMgr - ok
11:49:15.0859 1596 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:49:15.0859 1596 redbook - ok
11:49:15.0968 1596 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:49:16.0000 1596 RemoteAccess - ok
11:49:16.0078 1596 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:49:16.0078 1596 RemoteRegistry - ok
11:49:16.0125 1596 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:49:16.0140 1596 RpcLocator - ok
11:49:16.0171 1596 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:49:16.0171 1596 RpcSs - ok
11:49:16.0234 1596 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:49:16.0265 1596 RSVP - ok
11:49:16.0296 1596 [ C6D34A1874CD2B212DC3E788091C64B4 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:49:16.0296 1596 RTLE8023xp - ok
11:49:16.0343 1596 [ B9CA69921379EA2931C4450FE975BCE7 ] RTLVLAN C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
11:49:16.0343 1596 RTLVLAN - ok
11:49:16.0437 1596 SABProcEnum - ok
11:49:16.0453 1596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:49:16.0468 1596 SamSs - ok
11:49:16.0531 1596 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:49:16.0531 1596 SASDIFSV - ok
11:49:16.0593 1596 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:49:16.0593 1596 SASKUTIL - ok
11:49:16.0671 1596 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
11:49:16.0671 1596 sbp2port - ok
11:49:16.0718 1596 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:49:16.0718 1596 SCardSvr - ok
11:49:16.0765 1596 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:49:16.0765 1596 Schedule - ok
11:49:16.0859 1596 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:49:16.0859 1596 Secdrv - ok
11:49:16.0906 1596 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:49:16.0921 1596 seclogon - ok
11:49:17.0218 1596 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
11:49:17.0421 1596 Secunia PSI Agent - ok
11:49:17.0468 1596 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
11:49:17.0484 1596 Secunia Update Agent - ok
11:49:17.0515 1596 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:49:17.0515 1596 SENS - ok
11:49:17.0609 1596 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:49:17.0609 1596 serenum - ok
11:49:17.0625 1596 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:49:17.0625 1596 Serial - ok
11:49:17.0687 1596 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:49:17.0687 1596 Sfloppy - ok
11:49:17.0734 1596 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:49:17.0734 1596 SharedAccess - ok
11:49:17.0812 1596 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:49:17.0828 1596 ShellHWDetection - ok
11:49:17.0828 1596 Simbad - ok
11:49:17.0859 1596 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:49:17.0875 1596 sisagp - ok
11:49:17.0875 1596 SIVDRIVER - ok
11:49:17.0984 1596 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:49:17.0984 1596 Sparrow - ok
11:49:18.0031 1596 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:49:18.0031 1596 splitter - ok
11:49:18.0093 1596 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:49:18.0093 1596 Spooler - ok
11:49:18.0281 1596 sprtsvc_dellsupportcenter - ok
11:49:18.0296 1596 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:49:18.0296 1596 sr - ok
11:49:18.0343 1596 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:49:18.0359 1596 srservice - ok
11:49:18.0468 1596 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:49:18.0578 1596 Srv - ok
11:49:18.0609 1596 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:49:18.0609 1596 SSDPSRV - ok
11:49:18.0734 1596 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:49:18.0750 1596 stisvc - ok
11:49:18.0843 1596 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:49:18.0875 1596 stllssvr - ok
11:49:19.0343 1596 [ E6FE7057287A405CA2812BC5C8B30FCC ] SvcOnlineArmor C:\Program Files\Tall Emu\Online Armor\oasrv.exe
11:49:19.0359 1596 SvcOnlineArmor - ok
11:49:19.0406 1596 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:49:19.0406 1596 swenum - ok
11:49:19.0515 1596 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:49:19.0515 1596 swmidi - ok
11:49:19.0531 1596 SwPrv - ok
11:49:19.0562 1596 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
11:49:19.0562 1596 symc810 - ok
11:49:19.0625 1596 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:49:19.0640 1596 symc8xx - ok
11:49:19.0734 1596 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:49:19.0734 1596 sym_hi - ok
11:49:19.0781 1596 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:49:19.0781 1596 sym_u3 - ok
11:49:19.0828 1596 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:49:19.0828 1596 sysaudio - ok
11:49:19.0875 1596 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:49:19.0906 1596 SysmonLog - ok
11:49:20.0000 1596 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:49:20.0000 1596 TapiSrv - ok
11:49:20.0078 1596 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:49:20.0140 1596 Tcpip - ok
11:49:20.0234 1596 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:49:20.0234 1596 TDPIPE - ok
11:49:20.0265 1596 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:49:20.0265 1596 TDTCP - ok
11:49:20.0296 1596 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:49:20.0312 1596 TermDD - ok
11:49:20.0390 1596 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:49:20.0406 1596 TermService - ok
11:49:20.0421 1596 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:49:20.0421 1596 Themes - ok
11:49:20.0453 1596 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:49:20.0468 1596 TlntSvr - ok
11:49:20.0484 1596 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:49:20.0484 1596 TosIde - ok
11:49:20.0515 1596 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:49:20.0531 1596 TrkWks - ok
11:49:20.0578 1596 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:49:20.0578 1596 Udfs - ok
11:49:20.0609 1596 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:49:20.0609 1596 ultra - ok
11:49:20.0734 1596 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:49:20.0734 1596 Update - ok
11:49:20.0765 1596 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean C:\Program Files\UPHClean\uphclean.exe
11:49:20.0765 1596 UPHClean - ok
11:49:20.0812 1596 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:49:20.0843 1596 upnphost - ok
11:49:20.0875 1596 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:49:20.0875 1596 UPS - ok
11:49:20.0937 1596 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:49:20.0937 1596 usbehci - ok
11:49:21.0031 1596 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:49:21.0031 1596 usbhub - ok
11:49:21.0125 1596 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:49:21.0203 1596 usbscan - ok
11:49:21.0296 1596 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:49:21.0296 1596 USBSTOR - ok
11:49:21.0359 1596 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:49:21.0359 1596 usbuhci - ok
11:49:21.0390 1596 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:49:21.0406 1596 VgaSave - ok
11:49:21.0453 1596 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:49:21.0453 1596 viaagp - ok
11:49:21.0546 1596 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:49:21.0546 1596 ViaIde - ok
11:49:21.0640 1596 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:49:21.0640 1596 VolSnap - ok
11:49:21.0750 1596 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:49:21.0765 1596 VSS - ok
11:49:21.0796 1596 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
11:49:21.0796 1596 w32time - ok
11:49:21.0843 1596 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:49:21.0859 1596 Wanarp - ok
11:49:21.0859 1596 WDICA - ok
11:49:21.0921 1596 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:49:21.0953 1596 wdmaud - ok
11:49:21.0984 1596 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:49:22.0000 1596 WebClient - ok
11:49:22.0093 1596 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:49:22.0093 1596 winmgmt - ok
11:49:22.0156 1596 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
11:49:22.0250 1596 WinRM - ok
11:49:22.0343 1596 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:49:22.0359 1596 WmdmPmSN - ok
11:49:22.0531 1596 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:49:22.0546 1596 Wmi - ok
11:49:22.0609 1596 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:49:22.0609 1596 WmiApSrv - ok
11:49:22.0859 1596 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:49:22.0921 1596 WMPNetworkSvc - ok
11:49:23.0078 1596 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:49:23.0187 1596 WPFFontCache_v0400 - ok
11:49:23.0265 1596 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:49:23.0265 1596 wscsvc - ok
11:49:23.0296 1596 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:49:23.0296 1596 wuauserv - ok
11:49:23.0359 1596 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:49:23.0375 1596 WudfPf - ok
11:49:23.0406 1596 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:49:23.0437 1596 WudfRd - ok
11:49:23.0468 1596 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:49:23.0531 1596 WudfSvc - ok
11:49:23.0843 1596 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:49:23.0843 1596 WZCSVC - ok
11:49:23.0937 1596 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:49:23.0953 1596 xmlprov - ok
11:49:23.0968 1596 ================ Scan global ===============================
11:49:24.0015 1596 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:49:24.0093 1596 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:49:24.0140 1596 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:49:24.0171 1596 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:49:24.0187 1596 [Global] - ok
11:49:24.0187 1596 ================ Scan MBR ==================================
11:49:24.0218 1596 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:49:24.0546 1596 \Device\Harddisk0\DR0 - ok
11:49:24.0546 1596 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:49:24.0546 1596 \Device\Harddisk1\DR1 - ok
11:49:24.0562 1596 ================ Scan VBR ==================================
11:49:24.0593 1596 [ DC06B2DBB6A59B79634C9E052A775FBC ] \Device\Harddisk0\DR0\Partition1
11:49:24.0593 1596 \Device\Harddisk0\DR0\Partition1 - ok
11:49:24.0609 1596 [ 030D1A51433C2C56AD5784CAD5203C04 ] \Device\Harddisk1\DR1\Partition1
11:49:24.0609 1596 \Device\Harddisk1\DR1\Partition1 - ok
11:49:24.0609 1596 ============================================================
11:49:24.0609 1596 Scan finished
11:49:24.0609 1596 ============================================================
11:49:24.0640 3552 *Detected object count: 0*
11:49:24.0640 3552 *Actual detected object count: 0*


----------



## Cookiegal (Aug 27, 2003)

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## hewee (Oct 26, 2001)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Harry Bowers (administrator) on 07-07-2013 12:36:33
Running from C:\Documents and Settings\Harry Bowers\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Tall Emu) C:\Program Files\Tall Emu\Online Armor\OAcat.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Tall Emu) C:\Program Files\Tall Emu\Online Armor\oasrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
(Windows (R) Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Tall Emu) C:\Program Files\Tall Emu\Online Armor\oaui.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastUI.exe
(Tall Emu) C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\keyscrambler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
(abelhadigital.com) C:\Program Files\HostsMan\hm.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [90112 2012-02-14] ()
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" [6390256 2009-10-16] (Tall Emu)
HKLM\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a [534160 2013-03-26] (QFX Software Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-15] (SUPERAntiSpyware.com)
HKCU\...\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
HKCU\...\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s [6761472 2013-05-02] (abelhadigital.com)
HKU\Administrator\...\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s [ 2013-05-02] (abelhadigital.com)
HKU\Administrator\...\Run: [HostsServer] "C:\Program Files\HostsMan\hostssrv.exe" --start [x]
HKU\Administrator\...\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min [ 2010-09-09] (Mortal Universe)
HKU\Administrator\...\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups [ 2009-01-30] (Microsoft Corporation)
HKU\Default User\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2006-09-11] (Macrovision Corporation)
HKU\Hewee\...\Run: [HostsMan] C:\Program Files\HostsMan\hm.exe -s [ 2013-05-02] (abelhadigital.com)
HKU\Hewee\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [ 2013-05-15] (SUPERAntiSpyware.com)
HKU\Hewee\...\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot [ 2013-04-26] (BillP Studios)
HKU\Hewee\...\Run: [F.lux] "C:\Documents and Settings\Hewee\Local Settings\Apps\F.lux\flux.exe" /noshow [ 2009-08-28] ()
Lsa: [Notification Packages] :\WINDOW
Startup: C:\Documents and Settings\Hewee\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
BootExecute: autocheck PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/My_homepage.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080710
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1279041134875
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - No File
Handler: ipp - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - No File
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [849904 2009-10-16] (Tall Emu)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 172.27.35.1 68.87.76.178 68.87.78.130

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Documents and Settings\Harry Bowers\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Program Files\Java\jre6\lib\deploy\jqs\ff

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
S3 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [1349912 2009-04-17] (Diskeeper Corporation)
R2 OAcat; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [1241584 2009-10-16] (Tall Emu)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [939272 2010-01-26] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [1033480 2010-01-26] (Raxco Software, Inc.)
S4 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-04-18] (Secunia)
S3 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-04-18] (Secunia)
R2 SvcOnlineArmor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [3314160 2009-10-16] (Tall Emu)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows (R) Codename Longhorn DDK provider)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2847744 2008-02-28] (ATI Technologies Inc.)
R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2011-08-09] ()
R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [73232 2009-08-20] (Raxco Software, Inc.)
S3 Diag69xp; C:\Windows\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation)
R2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
S3 HdAudAddService; C:\Windows\System32\drivers\AtiHdAud.sys [84992 2008-02-28] (ATI Research Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [21664 2013-04-11] (REALiX(tm))
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209304 2013-03-26] (QFX Software Corporation)
R2 LANPkt; C:\Windows\System32\DRIVERS\LANPkt.sys [8960 2007-11-19] (Realtek Semiconductor Corporation)
R1 OADevice; C:\WINDOWS\system32\drivers\OADriver.sys [198008 2009-10-16] (Tall Emu)
R1 OAmon; C:\WINDOWS\system32\drivers\OAmon.sys [21880 2009-10-16] (Tall Emu)
R1 OAnet; C:\WINDOWS\system32\drivers\OAnet.sys [27000 2009-10-16] (Tall Emu Pty Ltd)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [234392 2010-07-06] (Realtek Semiconductor Corporation )
S3 RTLVLAN; C:\Windows\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-19] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x]
S3 SABProcEnum; \??\C:\Program Files\Mozilla Firefox\SABProcEnum.sys [x]
S3 SIVDRIVER; \??\C:\WINDOWS\system32\Drivers\SIVX32.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-07 12:36 - 2013-07-07 12:36 - 00000000 ____D C:\FRST
2013-07-07 12:35 - 2013-07-07 12:35 - 01373373 ____A (Farbar) C:\Documents and Settings\Harry Bowers\Desktop\FRST.exe
2013-07-07 12:12 - 2013-07-07 12:32 - 695250219 ____A C:\Documents and Settings\Harry Bowers\Desktop\Burzynski Cancer Is Serious Business, Part I.mp4
2013-07-07 11:48 - 2013-07-07 11:48 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Harry Bowers\Desktop\tdsskiller.exe
2013-07-07 11:45 - 2013-07-07 11:45 - 00000069 ____A C:\Windows\dcenhance.INI
2013-07-07 11:03 - 2013-07-07 11:03 - 00000111 ____A C:\Documents and Settings\Harry Bowers\Desktop\The Best Browser Extensions that Protect Your Privacy.URL
2013-07-07 10:54 - 2013-07-07 10:54 - 00000101 ____A C:\Documents and Settings\Harry Bowers\Desktop\Google Plus Is Like Frankenstein's Monster TechCrunch.URL
2013-07-07 08:49 - 2013-07-07 09:59 - 00094966 ____A C:\Documents and Settings\Harry Bowers\Desktop\ark.txt
2013-07-07 08:10 - 2013-07-07 08:10 - 00377856 ____A C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe
2013-07-07 07:49 - 2013-07-07 07:49 - 00368554 ____A C:\Documents and Settings\Harry Bowers\Desktop\gmer.zip
2013-07-07 07:24 - 2013-07-07 11:14 - 00000524 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d1ae5883-a393-4c4a-9f36-8104ba81b2a9.job
2013-07-06 07:19 - 2013-07-06 07:19 - 00000133 ____A C:\Documents and Settings\Hewee\Desktop\Some Advice That Will Really Make Your Day - theTrumpet.com.URL
2013-07-05 22:22 - 2013-07-05 22:22 - 00000068 ____A C:\Documents and Settings\Hewee\Desktop\Tractor Square Dancing - YouTube.URL
2013-07-05 22:18 - 2013-07-05 22:18 - 00000068 ____A C:\Documents and Settings\Hewee\Desktop\Tractor music - YouTube.URL
2013-07-05 22:14 - 2013-07-05 22:14 - 00000085 ____A C:\Documents and Settings\Hewee\Desktop\GoD And DoG by Wendy J Francisco - YouTube.URL
2013-07-05 18:10 - 2013-07-05 18:10 - 00002210 ____A C:\Documents and Settings\Harry Bowers\Desktop\aswMBR.txt
2013-07-05 18:10 - 2013-07-05 18:10 - 00000512 ____A C:\Documents and Settings\Harry Bowers\Desktop\MBR.dat
2013-07-05 17:46 - 2013-07-05 17:46 - 04745728 ____A (AVAST Software) C:\Documents and Settings\Harry Bowers\Desktop\aswMBR.exe
2013-07-05 17:40 - 2013-07-05 17:40 - 00000076 ____A C:\Documents and Settings\Harry Bowers\Desktop\Can't download anything Firefox Support Forum Mozilla Support.URL
2013-07-05 17:14 - 2013-07-05 17:14 - 00000000 ____D C:\Documents and Settings\Harry Bowers\Desktop\Old Firefox Data
2013-07-05 16:51 - 2013-07-05 16:51 - 00020566 ____A C:\Documents and Settings\Harry Bowers\Desktop\attach.txt
2013-07-05 16:51 - 2013-07-05 16:50 - 00009125 ____A C:\Documents and Settings\Harry Bowers\Desktop\dds.txt
2013-07-05 12:59 - 2013-07-05 12:59 - 00000000 ____D C:\Program Files\UPHClean
2013-07-05 09:30 - 2013-07-05 09:30 - 00430080 ____A C:\Documents and Settings\All Users\Documents\UPHClean-Setup.msi
2013-07-05 09:30 - 2013-07-05 09:30 - 00024810 ____A C:\Documents and Settings\All Users\Documents\UPHClean v1.6g readme.txt
2013-07-05 09:01 - 2013-07-07 07:46 - 00036338 ____A C:\VEW.txt
2013-07-05 07:39 - 2013-07-07 07:37 - 00061440 ____A ( ) C:\Documents and Settings\All Users\Documents\VEW.exe
2013-07-04 20:45 - 2013-07-04 20:45 - 00248525 ____A C:\Documents and Settings\Hewee\My Documents\Faces of the American revolution Amazing early photographs which document some of the heroes of the War for Independence in their later years.htm
2013-07-04 20:45 - 2013-07-04 20:45 - 00000000 ____D C:\Documents and Settings\Hewee\My Documents\Faces of the American revolution Amazing early photographs which document some of the heroes of the War for Independence in their later years_files
2013-07-03 11:32 - 2013-07-03 11:32 - 00000000 ____D C:\Documents and Settings\Hewee\Local Settings\Application Data\FreeOCR
2013-07-03 11:21 - 2013-07-03 11:32 - 00000000 ____D C:\FreeOCR
2013-07-03 11:21 - 2007-03-10 09:11 - 02680320 ____A (HiComponents) C:\Windows\System32\ImageEnXLibrary.ocx
2013-06-27 12:29 - 2013-06-27 12:29 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-26 16:08 - 2013-06-27 12:29 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 16:08 - 2013-06-27 12:29 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-25 09:20 - 2013-06-25 09:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-17 16:52 - 2013-06-17 17:19 - 00000229 ____A C:\Documents and Settings\Hewee\My Documents\Amazon.txt
2013-06-17 11:14 - 2013-06-17 11:15 - 00000187 ____A C:\Documents and Settings\Hewee\My Documents\Get a Free Vehicle History Report Before You Buy a Car.URL
2013-06-14 12:20 - 2013-06-14 19:17 - 00000267 ____A C:\Documents and Settings\Hewee\My Documents\Hyatt Gold Passport.txt
2013-06-13 21:28 - 2013-06-13 21:28 - 00000000 ____D C:\Documents and Settings\Hewee\Application Data\enchant
2013-06-11 18:47 - 2013-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-11 18:45 - 2013-06-11 18:47 - 00012519 ____A C:\Windows\KB2838727-IE8.log
2013-06-11 18:44 - 2013-06-11 18:47 - 00015657 ____A C:\Windows\KB2839229.log
2013-06-11 17:23 - 2013-06-22 08:00 - 00000000 ____D C:\Documents and Settings\Hewee\My Documents\Blendtec

==================== One Month Modified Files and Folders ========

2013-07-07 12:36 - 2013-07-07 12:36 - 00000000 ____D C:\FRST
2013-07-07 12:35 - 2013-07-07 12:35 - 01373373 ____A (Farbar) C:\Documents and Settings\Harry Bowers\Desktop\FRST.exe
2013-07-07 12:32 - 2013-07-07 12:12 - 695250219 ____A C:\Documents and Settings\Harry Bowers\Desktop\Burzynski Cancer Is Serious Business, Part I.mp4
2013-07-07 11:48 - 2013-07-07 11:48 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Harry Bowers\Desktop\tdsskiller.exe
2013-07-07 11:45 - 2013-07-07 11:45 - 00000069 ____A C:\Windows\dcenhance.INI
2013-07-07 11:14 - 2013-07-07 07:24 - 00000524 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d1ae5883-a393-4c4a-9f36-8104ba81b2a9.job
2013-07-07 11:03 - 2013-07-07 11:03 - 00000111 ____A C:\Documents and Settings\Harry Bowers\Desktop\The Best Browser Extensions that Protect Your Privacy.URL
2013-07-07 10:54 - 2013-07-07 10:54 - 00000101 ____A C:\Documents and Settings\Harry Bowers\Desktop\Google Plus Is Like Frankenstein's Monster TechCrunch.URL
2013-07-07 10:00 - 2013-03-29 10:32 - 00000000 ____D C:\Documents and Settings\Harry Bowers\Local Settings\Application Data\CutePDF Writer
2013-07-07 09:59 - 2013-07-07 08:49 - 00094966 ____A C:\Documents and Settings\Harry Bowers\Desktop\ark.txt
2013-07-07 09:24 - 2013-01-31 22:43 - 00000366 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-07-07 09:19 - 2008-07-10 00:27 - 00000528 ____A C:\RTHDCPL_Dump.txt
2013-07-07 09:18 - 2004-08-11 15:13 - 01995727 ____A C:\Windows\WindowsUpdate.log
2013-07-07 09:18 - 2004-08-11 15:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-07-07 09:17 - 2013-02-01 15:34 - 00000062 __ASH C:\Documents and Settings\Harry Bowers\Local Settings\desktop.ini
2013-07-07 09:17 - 2013-02-01 14:56 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-07-07 09:17 - 2013-02-01 14:56 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-07-07 09:17 - 2004-08-11 15:20 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 09:17 - 2004-08-11 15:09 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-07 09:17 - 2004-08-11 15:09 - 00000048 ____A C:\Windows\wiaservc.log
2013-07-07 09:15 - 2008-07-30 11:20 - 00000178 ___SH C:\Documents and Settings\Harry Bowers\ntuser.ini
2013-07-07 09:15 - 2008-07-10 00:27 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
2013-07-07 09:15 - 2004-08-11 15:20 - 00032434 ____A C:\Windows\SchedLgU.Txt
2013-07-07 08:10 - 2013-07-07 08:10 - 00377856 ____A C:\Documents and Settings\Harry Bowers\Desktop\t5cw8zqr.exe
2013-07-07 07:49 - 2013-07-07 07:49 - 00368554 ____A C:\Documents and Settings\Harry Bowers\Desktop\gmer.zip
2013-07-07 07:46 - 2013-07-05 09:01 - 00036338 ____A C:\VEW.txt
2013-07-07 07:37 - 2013-07-05 07:39 - 00061440 ____A ( ) C:\Documents and Settings\All Users\Documents\VEW.exe
2013-07-07 07:23 - 2010-06-01 13:25 - 00000000 ____D C:\Documents and Settings\Hewee\Application Data\MailWasherPro
2013-07-07 07:23 - 2009-09-05 18:27 - 00000000 ____D C:\Documents and Settings\Hewee\Application Data\The Word
2013-07-07 07:23 - 2008-07-29 19:52 - 00000178 __ASH C:\Documents and Settings\Hewee\ntuser.ini
2013-07-06 19:50 - 2010-03-12 17:39 - 00000468 ____A C:\Documents and Settings\Hewee\My Documents\spider.sav
2013-07-06 07:19 - 2013-07-06 07:19 - 00000133 ____A C:\Documents and Settings\Hewee\Desktop\Some Advice That Will Really Make Your Day - theTrumpet.com.URL
2013-07-05 22:22 - 2013-07-05 22:22 - 00000068 ____A C:\Documents and Settings\Hewee\Desktop\Tractor Square Dancing - YouTube.URL
2013-07-05 22:18 - 2013-07-05 22:18 - 00000068 ____A C:\Documents and Settings\Hewee\Desktop\Tractor music - YouTube.URL
2013-07-05 22:14 - 2013-07-05 22:14 - 00000085 ____A C:\Documents and Settings\Hewee\Desktop\GoD And DoG by Wendy J Francisco - YouTube.URL
2013-07-05 22:06 - 2012-03-23 16:05 - 00000000 ____D C:\Documents and Settings\Hewee\Desktop\Philadelphia Church of God
2013-07-05 19:44 - 2013-02-01 14:57 - 00000062 __ASH C:\Documents and Settings\Hewee\Local Settings\desktop.ini
2013-07-05 19:33 - 2010-02-06 15:54 - 00000000 ____D C:\Documents and Settings\All Users\Documents\HostsMan Backups
2013-07-05 19:32 - 2004-08-11 15:00 - 07010406 ____A C:\Windows\System32\Drivers\etc\HOSTS.ehm
2013-07-05 18:10 - 2013-07-05 18:10 - 00002210 ____A C:\Documents and Settings\Harry Bowers\Desktop\aswMBR.txt
2013-07-05 18:10 - 2013-07-05 18:10 - 00000512 ____A C:\Documents and Settings\Harry Bowers\Desktop\MBR.dat
2013-07-05 17:46 - 2013-07-05 17:46 - 04745728 ____A (AVAST Software) C:\Documents and Settings\Harry Bowers\Desktop\aswMBR.exe
2013-07-05 17:40 - 2013-07-05 17:40 - 00000076 ____A C:\Documents and Settings\Harry Bowers\Desktop\Can't download anything Firefox Support Forum Mozilla Support.URL
2013-07-05 17:39 - 2009-02-05 19:01 - 00000000 ___RD C:\Documents and Settings\Hewee\Desktop\health
2013-07-05 17:14 - 2013-07-05 17:14 - 00000000 ____D C:\Documents and Settings\Harry Bowers\Desktop\Old Firefox Data
2013-07-05 16:51 - 2013-07-05 16:51 - 00020566 ____A C:\Documents and Settings\Harry Bowers\Desktop\attach.txt
2013-07-05 16:50 - 2013-07-05 16:51 - 00009125 ____A C:\Documents and Settings\Harry Bowers\Desktop\dds.txt
2013-07-05 15:09 - 2004-08-11 15:20 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-07-05 15:02 - 2013-02-01 16:11 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-07-05 12:59 - 2013-07-05 12:59 - 00000000 ____D C:\Program Files\UPHClean
2013-07-05 09:30 - 2013-07-05 09:30 - 00430080 ____A C:\Documents and Settings\All Users\Documents\UPHClean-Setup.msi
2013-07-05 09:30 - 2013-07-05 09:30 - 00024810 ____A C:\Documents and Settings\All Users\Documents\UPHClean v1.6g readme.txt
2013-07-04 20:45 - 2013-07-04 20:45 - 00248525 ____A C:\Documents and Settings\Hewee\My Documents\Faces of the American revolution Amazing early photographs which document some of the heroes of the War for Independence in their later years.htm
2013-07-04 20:45 - 2013-07-04 20:45 - 00000000 ____D C:\Documents and Settings\Hewee\My Documents\Faces of the American revolution Amazing early photographs which document some of the heroes of the War for Independence in their later years_files
2013-07-04 20:44 - 2013-03-29 10:40 - 00000000 ____D C:\Documents and Settings\Hewee\Local Settings\Application Data\CutePDF Writer
2013-07-04 19:32 - 2013-06-06 16:06 - 00000000 ____D C:\Documents and Settings\Hewee\My Documents\Raley's Service Center
2013-07-03 11:32 - 2013-07-03 11:32 - 00000000 ____D C:\Documents and Settings\Hewee\Local Settings\Application Data\FreeOCR
2013-07-03 11:32 - 2013-07-03 11:21 - 00000000 ____D C:\FreeOCR
2013-07-03 11:14 - 2008-07-29 19:52 - 00052440 ____A C:\Documents and Settings\Hewee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-07-01 12:17 - 2013-01-23 02:06 - 00000000 ____D C:\Documents and Settings\Harry Bowers\Application Data\Mozilla
2013-07-01 12:09 - 2013-01-23 01:54 - 00000000 ____D C:\Documents and Settings\Hewee\Application Data\Mozilla
2013-06-30 07:37 - 2008-07-30 01:23 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-06-27 12:29 - 2013-06-27 12:29 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 12:29 - 2013-06-26 16:08 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 12:29 - 2013-06-26 16:08 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 12:29 - 2013-03-19 16:42 - 00175176 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 12:29 - 2011-02-23 13:29 - 00770344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 12:29 - 2010-01-21 01:55 - 00369584 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 08:42 - 2013-05-31 18:35 - 00000000 ___RD C:\Documents and Settings\Hewee\Desktop\Window 7
2013-06-25 21:35 - 2011-06-05 16:06 - 00000372 ____A C:\Documents and Settings\Harry Bowers\My Documents\spider.sav
2013-06-25 21:29 - 2008-07-30 11:20 - 00052440 ____A C:\Documents and Settings\Harry Bowers\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-25 21:26 - 2004-08-11 15:06 - 00212080 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-25 21:24 - 2004-08-11 15:00 - 00000227 ____A C:\Windows\system.ini
2013-06-25 20:53 - 2010-06-01 11:52 - 04595524 ____A C:\Windows\System32\Drivers\etc\hosts.idx
2013-06-25 20:53 - 2004-08-11 15:00 - 06922477 ____A C:\Windows\System32\Drivers\etc\HOSTS.ehm.bak
2013-06-25 20:06 - 2008-07-29 23:51 - 06619729 ____A C:\Windows\System32\Drivers\etc\HOSTS.bak
2013-06-25 12:05 - 2013-02-25 00:53 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Firefox setting
2013-06-25 09:21 - 2013-06-25 09:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-22 08:00 - 2013-06-11 17:23 - 00000000 ____D C:\Documents and Settings\Hewee\My Documents\Blendtec
2013-06-20 00:08 - 2013-01-25 23:12 - 00000000 ____D C:\Documents and Settings\Hewee\Application Data\vlc
2013-06-17 19:04 - 2010-02-19 19:33 - 00000000 ____D C:\Documents and Settings\All Users\Documents\PDF-XChange Viewer Settings
2013-06-17 17:19 - 2013-06-17 16:52 - 00000229 ____A C:\Documents and Settings\Hewee\My Documents\Amazon.txt
2013-06-17 11:15 - 2013-06-17 11:14 - 00000187 ____A C:\Documents and Settings\Hewee\My Documents\Get a Free Vehicle History Report Before You Buy a Car.URL
2013-06-14 19:17 - 2013-06-14 12:20 - 00000267 ____A C:\Documents and Settings\Hewee\My Documents\Hyatt Gold Passport.txt
2013-06-13 21:28 - 2013-06-13 21:28 - 00000000 ____D C:\Documents and Settings\Hewee\Application Data\enchant
2013-06-13 19:10 - 2011-05-17 13:39 - 00000000 ____D C:\Documents and Settings\Hewee\Desktop\UPS
2013-06-11 18:47 - 2013-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-11 18:47 - 2013-06-11 18:45 - 00012519 ____A C:\Windows\KB2838727-IE8.log
2013-06-11 18:47 - 2013-06-11 18:44 - 00015657 ____A C:\Windows\KB2839229.log
2013-06-11 18:47 - 2008-07-30 21:42 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 18:47 - 2008-07-10 00:11 - 01068571 ____A C:\Windows\updspapi.log
2013-06-11 18:47 - 2004-08-11 15:07 - 03439563 ____A C:\Windows\FaxSetup.log
2013-06-11 18:47 - 2004-08-11 15:07 - 01742310 ____A C:\Windows\iis6.log
2013-06-11 18:47 - 2004-08-11 15:07 - 01706885 ____A C:\Windows\ocgen.log
2013-06-11 18:47 - 2004-08-11 15:07 - 01597433 ____A C:\Windows\tsoc.log
2013-06-11 18:47 - 2004-08-11 15:07 - 01055572 ____A C:\Windows\msmqinst.log
2013-06-11 18:47 - 2004-08-11 15:07 - 01005847 ____A C:\Windows\comsetup.log
2013-06-11 18:47 - 2004-08-11 15:07 - 00616608 ____A C:\Windows\ntdtcsetup.log
2013-06-11 18:47 - 2004-08-11 15:07 - 00605975 ____A C:\Windows\netfxocm.log
2013-06-11 18:47 - 2004-08-11 15:07 - 00241124 ____A C:\Windows\MedCtrOC.log
2013-06-11 18:47 - 2004-08-11 15:07 - 00173039 ____A C:\Windows\msgsocm.log
2013-06-11 18:47 - 2004-08-11 15:07 - 00170634 ____A C:\Windows\tabletoc.log
2013-06-11 18:47 - 2004-08-11 15:07 - 00166536 ____A C:\Windows\ocmsn.log
2013-06-11 18:47 - 2004-08-11 15:07 - 00001374 ____A C:\Windows\imsins.log
2013-06-11 18:47 - 2004-08-11 15:07 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-11 18:46 - 2009-04-28 14:26 - 00000000 ____D C:\Windows\ie8updates
2013-06-11 09:42 - 2012-07-11 07:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 09:42 - 2012-07-11 07:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-09 09:33 - 2013-06-01 18:39 - 00000000 ____D C:\Documents and Settings\Hewee\Desktop\Court

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


----------



## hewee (Oct 26, 2001)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Harry Bowers at 2013-07-07 12:37:13
Running from C:\Documents and Settings\Harry Bowers\desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

7-Zip 9.20
ACDSee 32
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop Elements 6.0 (Version: 6.0)
AM-DeadLink 4.5 (Version: 4.5)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 1.2.2735.37383)
ATI Display Driver (Version: 8.455.1.1-080221a-060104C-Dell)
avast! Free Antivirus (Version: 8.0.1489.0)
Belarc Advisor 8.3 (Version: 8.3.0.0)
Bing Maps 3D (Version: 4.0.903.16005)
BitMeter
Browser Address Error Redirector (Version: 1.00.0000)
ClearType Tuning Control Panel Applet (Version: 1.01.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 3.0 (Version: 3.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support Center (Version: 3.1.5830.17)
Diagnostics Utility (Version: 1.00.0000)
Diskeeper 2009 Professional (Version: 13.0.844.32)
EULAlyzer 2.1 (Version: 2.1.0)
EVEREST Home Edition v2.20 (Version: 2.20)
FastStone Capture 5.3 (Version: 5.3)
FileAlyzer 2 (Version: 2.0.5.57)
FileLocator Lite 2010
FreeOCR v4.2
[email protected] 3.2 (Version: 3.2.320)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HostsMan 4.0.95 (Version: 4.0.95.0)
HWiNFO32 Version 4.16 (Version: 4.16)
Iconoid Version 3.8.5
Index.dat Suite (Version: 2.10.1)
IrfanView (remove only) (Version: 4.35)
KeyScrambler (Version: 3.1.0.0)
MailWasher Pro
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Thunderbird (3.1.20) (Version: 3.1.20 (en-US))
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Online Armor 3.5
OpenExpert 1.40 (Version: 1.40)
Paint.NET v3.5.10 (Version: 3.60.0)
Pale Moon (3.6.32) (Version: 3.6.32 (en-US))
PDF-XChange Viewer (Version: 2.5.209.0)
PDFZilla V1.2.9
PerfectDisk 10 Professional (Version: 10.0.129)
Photo-Brush 3.02
PingPlotter Freeware (Version: 1.30.0.11)
POP Peeper
QuickTime (Version: 7.74.80.86)
Real Alternative 1.9.0 (Version: 1.9.0)
Realtek High Definition Audio Driver
Revo Uninstaller 1.94 (Version: 1.94)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Secunia PSI (2.0.0.3003)
ShellNewARE v3
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
SpywareBlaster 5.0 (Version: 5.0.0)
Super Finder 1.5.3.2 SR2
SUPERAntiSpyware (Version: 5.6.1010)
SUPERFileRecover (Version: 3.1.0.1000)
SWF Opener (Version: 1.3)
swMSM (Version: 12.0.0.1)
theWord (Version: 4.0.0.1342)
Tidy Start Menu
Tweak UI
Ulead PhotoImpact 8 (Version: 8.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2264107) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
User Profile Hive Cleanup Service (Version: 1.6.36)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.0.6 (Version: 2.0.6)
WebFldrs XP (Version: 9.50.7523)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Hotfix (SP1) [See Q282784 for more information]
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 26.1.2013.0)
WinPatrol (Version: 28.1.2013.0)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==================== Restore Points =========================

24-04-2013 21:05:09 System Checkpoint
26-04-2013 19:34:18 System Checkpoint
29-04-2013 02:59:05 System Checkpoint
30-04-2013 03:36:46 System Checkpoint
01-05-2013 17:06:58 System Checkpoint
02-05-2013 17:34:29 System Checkpoint
04-05-2013 00:34:55 System Checkpoint
05-05-2013 00:37:25 System Checkpoint
06-05-2013 03:32:30 System Checkpoint
07-05-2013 03:52:47 System Checkpoint
09-05-2013 01:23:03 System Checkpoint
10-05-2013 04:21:24 System Checkpoint
11-05-2013 14:13:02 System Checkpoint
12-05-2013 19:10:06 System Checkpoint
14-05-2013 03:55:34 System Checkpoint
14-05-2013 23:37:49 Software Distribution Service 3.0
15-05-2013 00:01:27 Software Distribution Service 3.0
15-05-2013 23:39:35 Removed [email protected] 3.2
16-05-2013 23:43:26 System Checkpoint
18-05-2013 00:26:46 System Checkpoint
20-05-2013 17:42:20 System Checkpoint
21-05-2013 23:11:53 System Checkpoint
23-05-2013 03:21:23 System Checkpoint
24-05-2013 19:56:48 System Checkpoint
26-05-2013 04:18:28 System Checkpoint
28-05-2013 20:12:03 System Checkpoint
30-05-2013 00:32:50 System Checkpoint
30-05-2013 10:50:30 Fire_hewee_screwUp
30-05-2013 10:59:49 Restore Operation
31-05-2013 20:51:13 System Checkpoint
04-06-2013 00:15:54 System Checkpoint
05-06-2013 03:46:30 System Checkpoint
06-06-2013 04:30:23 System Checkpoint
07-06-2013 14:17:30 System Checkpoint
08-06-2013 14:54:07 System Checkpoint
09-06-2013 21:17:59 System Checkpoint
10-06-2013 22:37:26 System Checkpoint
12-06-2013 01:45:19 Software Distribution Service 3.0
13-06-2013 18:08:39 System Checkpoint
14-06-2013 19:13:04 System Checkpoint
17-06-2013 00:12:02 System Checkpoint
18-06-2013 03:12:17 System Checkpoint
20-06-2013 02:19:24 System Checkpoint
21-06-2013 04:01:50 System Checkpoint
22-06-2013 16:51:06 System Checkpoint
24-06-2013 04:02:07 System Checkpoint
26-06-2013 17:49:20 System Checkpoint
27-06-2013 21:15:14 System Checkpoint
29-06-2013 00:29:54 System Checkpoint
30-06-2013 04:16:15 System Checkpoint
01-07-2013 17:04:11 System Checkpoint
03-07-2013 14:06:37 System Checkpoint
04-07-2013 18:05:28 System Checkpoint
05-07-2013 19:59:52 Installed User Profile Hive Cleanup Service
07-07-2013 01:49:11 System Checkpoint

==================== Hosts content: ==========================

2004-08-11 15:00 - 2013-06-27 10:47 - 00000056 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d1ae5883-a393-4c4a-9f36-8104ba81b2a9.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2013 05:48:21 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/05/2013 05:48:21 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/02/2013 06:42:54 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/10/2013 06:56:18 PM) (Source: Application Hang) (User: )
Description: Hanging application FileAlyzer2.exe, version 2.0.5.57, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/16/2013 07:29:26 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (05/14/2013 06:59:06 PM) (Source: Application Error) (User: )
Description: Faulting application aswrundll.exe, version 8.0.1489.300, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x000311d9.
Processing media-specific event for [aswrundll.exe!ws!]

Error: (05/14/2013 06:43:38 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/03/2013 11:39:13 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/03/2013 11:39:07 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/15/2013 03:06:01 PM) (Source: MsiInstaller) (User: HEW7WSG1)
Description: Product: Ultra Hal Text-to-Speech Reader -- Error 1303.The installer has insufficient privileges to access this directory: C:\Program Files\Zabaware. The installation cannot continue. Log on as an administrator or contact your system administrator.

System errors:
=============
Error: (07/07/2013 10:00:20 AM) (Source: Print) (User: HEW7WSG1)
Description: The document C:\Documents and Settings\Harry Bowers\desktop\ark.txt owned by Harry Bowers failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 697732. Number of bytes printed: 0. Total number of pages in the document: 18. Number of pages printed: 0. Client machine: \\HEW7WSG1. Win32 error code returned by the print processor: C:\Documents and Settings\Harry Bowers\desktop\ark.txt0. C:\Documents and Settings\Harry Bowers\desktop\ark.txt1

Error: (07/07/2013 09:59:40 AM) (Source: Print) (User: HEW7WSG1)
Description: The document C:\Documents and Settings\Harry Bowers\desktop\ark.txt owned by Harry Bowers failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 715792. Number of bytes printed: 0. Total number of pages in the document: 18. Number of pages printed: 0. Client machine: \\HEW7WSG1. Win32 error code returned by the print processor: C:\Documents and Settings\Harry Bowers\desktop\ark.txt0. C:\Documents and Settings\Harry Bowers\desktop\ark.txt1

Error: (07/07/2013 09:17:46 AM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: 
%%2

Error: (07/07/2013 08:42:23 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (07/07/2013 08:39:25 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (07/06/2013 05:40:39 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}.
The backup browser is stopping.

Error: (07/05/2013 02:49:12 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: 
%%2

Error: (07/05/2013 00:51:52 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: 
%%2

Error: (07/05/2013 00:24:52 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}.
The backup browser is stopping.

Error: (07/05/2013 10:39:01 AM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: 
%%2

Microsoft Office Sessions:
=========================
Error: (07/05/2013 05:48:21 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/05/2013 05:48:21 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/02/2013 06:42:54 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/10/2013 06:56:18 PM) (Source: Application Hang)(User: )
Description: FileAlyzer2.exe2.0.5.57hungapp0.0.0.000000000

Error: (05/16/2013 07:29:26 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (05/14/2013 06:59:06 PM) (Source: Application Error)(User: )
Description: aswrundll.exe8.0.1489.300msvcr90.dll9.0.30729.6161000311d9

Error: (05/14/2013 06:43:38 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/03/2013 11:39:13 AM) (Source: Application Hang)(User: )
Description: firefox.exe20.0.1.4847hungapp0.0.0.000000000

Error: (05/03/2013 11:39:07 AM) (Source: Application Hang)(User: )
Description: firefox.exe20.0.1.4847hungapp0.0.0.000000000

Error: (04/15/2013 03:06:01 PM) (Source: MsiInstaller)(User: HEW7WSG1)
Description: Product: Ultra Hal Text-to-Speech Reader -- Error 1303.The installer has insufficient privileges to access this directory: C:\Program Files\Zabaware. The installation cannot continue. Log on as an administrator or contact your system administrator.(NULL)(NULL)(NULL)

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3070.1 MB
Available physical RAM: 1658 MB
Total Pagefile: 7000.91 MB
Available Pagefile: 5650.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:82.46 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:149.01 GB) (Free:38.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 00000081)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ===========================


----------



## hewee (Oct 26, 2001)

Cookiegal,

Look at this thread and my post.
System info says "activation pending" (30 days remainig) for non-admin account

It may be nothing


----------



## Cookiegal (Aug 27, 2003)

I don't know about the account thing but there are some problems with your computer. I don't think there's a rootkit but something is amiss. We'll need to export a couple of registry keys.

Please go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.

Then do a second export as follows:

Please go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look2.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"* This report will be C:\look2.txt. Please post that one as well.

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*WS2IFSL*
*8B036660*
:regfind
WS2IFSL
8B036660
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Also, go to *Start *- *Run *- type in *services.msc* and click OK. Then scroll down the list of services to locate the following:

*SupportSoft Sprocket Service*

Double-click to open it and change the startup type from "automatic" to "manual" then click "Apply" and OK. On your next reboot you shouldn't see that Dell Support error.


----------



## hewee (Oct 26, 2001)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,50,00,44,00,42,00,6f,00,6f,00,74,00,2e,00,65,00,78,00,65,00,00,00,61,00,\
75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,00,61,00,75,00,74,00,6f,\
00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
"CriticalSectionTimeout"=dword:00278d00
"EnableMCA"=dword:00000001
"EnableMCE"=dword:00000000
"ExcludeFromKnownDlls"=hex(7):00,00
"GlobalFlag"=dword:00000000
"HeapDeCommitFreeBlockThreshold"=dword:00000000
"HeapDeCommitTotalFreeThreshold"=dword:00000000
"HeapSegmentCommit"=dword:00000000
"HeapSegmentReserve"=dword:00000000
"ObjectDirectories"=hex(7):5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,\
00,5c,00,52,00,50,00,43,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,\
00,00,00,00
"ProtectionMode"=dword:00000001
"ResourceTimeoutCount"=dword:0009e340
"ProcessorControl"=dword:00000002
"RegisteredProcessors"=dword:00000002
"LicensedProcessors"=dword:00000002
"AutoChkTimeOut"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility]
"AppCompatCache"=hex:ef,be,ad,de,60,00,00,00,60,00,00,00,00,00,00,00,5f,00,00,\
00,12,00,00,00,45,00,00,00,14,00,00,00,1e,00,00,00,2e,00,00,00,2b,00,00,00,\
0f,00,00,00,0e,00,00,00,02,00,00,00,16,00,00,00,0d,00,00,00,5b,00,00,00,1c,\
00,00,00,3c,00,00,00,00,00,00,00,54,00,00,00,09,00,00,00,3e,00,00,00,28,00,\
00,00,27,00,00,00,46,00,00,00,55,00,00,00,4c,00,00,00,07,00,00,00,50,00,00,\
00,4e,00,00,00,1f,00,00,00,29,00,00,00,5c,00,00,00,59,00,00,00,1b,00,00,00,\
25,00,00,00,2f,00,00,00,17,00,00,00,18,00,00,00,37,00,00,00,21,00,00,00,3b,\
00,00,00,2c,00,00,00,4b,00,00,00,53,00,00,00,19,00,00,00,20,00,00,00,40,00,\
00,00,05,00,00,00,32,00,00,00,22,00,00,00,0c,00,00,00,5a,00,00,00,36,00,00,\
00,39,00,00,00,13,00,00,00,30,00,00,00,26,00,00,00,4a,00,00,00,3f,00,00,00,\
15,00,00,00,11,00,00,00,10,00,00,00,34,00,00,00,44,00,00,00,47,00,00,00,3d,\
00,00,00,03,00,00,00,49,00,00,00,41,00,00,00,56,00,00,00,0a,00,00,00,43,00,\
00,00,31,00,00,00,08,00,00,00,33,00,00,00,48,00,00,00,4d,00,00,00,5e,00,00,\
00,52,00,00,00,01,00,00,00,57,00,00,00,1d,00,00,00,38,00,00,00,2a,00,00,00,\
24,00,00,00,3a,00,00,00,2d,00,00,00,35,00,00,00,5d,00,00,00,51,00,00,00,04,\
00,00,00,42,00,00,00,0b,00,00,00,06,00,00,00,4f,00,00,00,23,00,00,00,1a,00,\
00,00,58,00,00,00,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,\
00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,50,00,\
61,00,6c,00,65,00,20,00,4d,00,6f,00,6f,00,6e,00,5c,00,70,00,61,00,6c,00,65,\
00,6d,00,6f,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,6f,00,63,00,61,00,\
6c,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,\
00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,\
74,00,61,00,5c,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,5c,00,46,00,69,\
00,72,00,65,00,66,00,6f,00,78,00,5c,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,\
61,00,20,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,5c,00,75,00,70,00,64,\
00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,\
65,00,72,00,2e,00,65,00,78,00,65,00,00,00,78,00,65,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,70,c1,a0,9b,cc,41,cd,01,00,aa,03,00,00,00,00,00,\
c0,4c,27,4b,2b,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,\
00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,\
54,00,61,00,6c,00,6c,00,20,00,45,00,6d,00,75,00,5c,00,4f,00,6e,00,6c,00,69,\
00,6e,00,65,00,20,00,41,00,72,00,6d,00,6f,00,72,00,5c,00,6f,00,61,00,73,00,\
72,00,76,00,2e,00,65,00,78,00,65,00,00,00,2e,00,31,00,2e,00,32,00,30,00,31,\
00,33,00,5c,00,57,00,69,00,6e,00,50,00,61,00,74,00,72,00,6f,00,6c,00,20,00,\
32,00,30,00,31,00,33,00,20,00,76,00,32,00,36,00,2e,00,31,00,2e,00,32,00,30,\
00,31,00,33,00,2e,00,65,00,78,00,65,00,00,00,6c,00,77,00,61,00,72,00,65,00,\
5c,00,6d,00,62,00,61,00,6d,00,2d,00,73,00,65,00,74,00,75,00,70,00,2e,00,65,\
00,78,00,65,00,00,00,6f,00,74,00,6f,00,2d,00,42,00,72,00,75,00,73,00,68,00,\
20,00,35,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,28,86,1b,44,4e,ca,01,f0,91,32,00,00,00,\
00,00,4e,31,4b,68,c9,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,\
00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,\
6d,00,33,00,32,00,5c,00,76,00,65,00,72,00,63,00,6c,00,73,00,69,00,64,00,2e,\
00,65,00,78,00,65,00,00,00,72,00,73,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,\
65,00,6e,00,74,00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,20,00,72,\
00,65,00,71,00,75,00,69,00,72,00,65,00,6d,00,65,00,6e,00,74,00,73,00,20,00,\
66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,57,\
00,69,00,6e,00,64,00,6f,00,77,00,73,00,37,00,55,00,70,00,67,00,72,00,61,00,\
64,00,65,00,41,00,64,00,76,00,69,00,73,00,6f,00,72,00,53,00,65,00,74,00,75,\
00,70,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,5f,3a,3f,c4,9d,c8,01,00,70,00,00,\
00,00,00,00,e4,63,a9,32,2c,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,\
00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,\
64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,61,\
00,72,00,72,00,79,00,20,00,42,00,6f,00,77,00,65,00,72,00,73,00,5c,00,64,00,\
65,00,73,00,6b,00,74,00,6f,00,70,00,5c,00,61,00,73,00,77,00,4d,00,42,00,52,\
00,2e,00,65,00,78,00,65,00,00,00,66,00,6c,00,75,00,78,00,2e,00,65,00,78,00,\
65,00,00,00,65,00,00,00,74,00,61,00,62,00,6c,00,65,00,2d,00,31,00,35,00,2e,\
00,33,00,5c,00,50,00,41,00,4c,00,45,00,4d,00,4f,00,4f,00,4e,00,2d,00,50,00,\
4f,00,52,00,54,00,41,00,42,00,4c,00,45,00,2e,00,45,00,58,00,45,00,00,00,65,\
00,00,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,86,c8,37,e2,79,ce,01,00,6a,\
48,00,00,00,00,00,c6,c1,be,5a,e2,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,\
00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,\
65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,35,00,5c,00,\
53,00,65,00,74,00,75,00,70,00,5c,00,34,00,34,00,30,00,39,00,62,00,30,00,62,\
00,63,00,2d,00,66,00,33,00,63,00,62,00,2d,00,34,00,65,00,66,00,63,00,2d,00,\
61,00,61,00,37,00,37,00,2d,00,38,00,37,00,35,00,38,00,64,00,33,00,61,00,39,\
00,32,00,32,00,30,00,65,00,2e,00,65,00,78,00,65,00,00,00,6e,00,63,00,68,00,\
5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,00,43,00,6f,00,6e,00,76,00,65,00,72,\
00,74,00,2e,00,65,00,78,00,65,00,00,00,65,00,73,00,5c,00,30,00,5c,00,75,00,\
70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,ca,95,ff,c6,78,ce,01,\
38,05,01,00,00,00,00,00,3a,f1,9c,ff,c6,78,ce,01,5c,00,3f,00,3f,00,5c,00,43,\
00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,52,00,54,00,\
48,00,44,00,43,00,50,00,4c,00,2e,00,45,00,58,00,45,00,00,00,53,00,74,00,75,\
00,64,00,69,00,6f,00,73,00,5c,00,57,00,69,00,6e,00,50,00,61,00,74,00,72,00,\
6f,00,6c,00,5c,00,77,00,69,00,6e,00,70,00,61,00,74,00,72,00,6f,00,6c,00,2e,\
00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,9a,25,5b,3e,64,\
c8,01,00,46,01,01,00,00,00,00,e2,16,5f,ad,1d,7b,ce,01,5c,00,3f,00,3f,00,5c,\
00,43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,\
20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,\
00,5c,00,48,00,65,00,77,00,65,00,65,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,\
63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,5c,00,47,00,72,00,61,00,70,00,74,\
00,78,00,74,00,5c,00,47,00,72,00,61,00,70,00,74,00,78,00,74,00,2e,00,65,00,\
78,00,65,00,00,00,78,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a5,d1,e5,\
be,f6,c8,01,00,20,01,00,00,00,00,00,e8,8d,ce,92,5d,78,ce,01,5c,00,3f,00,3f,\
00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,\
73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,72,00,79,00,70,\
00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00,65,00,61,00,64,00,\
20,00,50,00,68,00,6f,00,74,00,6f,00,49,00,6d,00,70,00,61,00,63,00,74,00,20,\
00,38,00,5c,00,41,00,6e,00,79,00,47,00,69,00,66,00,5c,00,67,00,61,00,5f,00,\
6d,00,61,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,00,30,00,65,00,37,00,63,\
00,65,00,63,00,32,00,32,00,33,00,37,00,36,00,2e,00,65,00,78,00,65,00,00,00,\
6f,00,6e,00,2d,00,50,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,2e,00,65,\
00,78,00,65,00,00,00,5c,00,70,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,\
5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,\
00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,80,bd,\
36,23,c4,9d,c8,01,00,d2,00,00,00,00,00,00,82,cb,02,39,26,7b,ce,01,5c,00,3f,\
00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,55,00,50,00,48,00,43,00,6c,00,65,\
00,61,00,6e,00,5c,00,75,00,70,00,68,00,63,00,6c,00,65,00,61,00,6e,00,2e,00,\
65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,00,78,00,65,00,00,00,77,00,6b,\
00,73,00,2e,00,64,00,6c,00,6c,00,00,00,00,00,6e,00,63,00,68,00,65,00,72,00,\
2e,00,65,00,78,00,65,00,00,00,65,00,63,00,6b,00,65,00,72,00,2e,00,65,00,78,\
00,65,00,00,00,70,00,64,00,61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,\
74,00,65,00,2e,00,65,00,78,00,65,00,00,00,65,00,00,00,6e,00,64,00,65,00,72,\
00,62,00,69,00,72,00,64,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,\
5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,\
00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,a2,3b,4d,b9,53,cb,01,00,1a,06,00,00,00,00,00,1c,0a,4a,7c,c9,79,ce,01,5c,\
00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,6f,00,7a,00,69,00,6c,\
00,6c,00,61,00,20,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,5c,00,66,00,\
69,00,72,00,65,00,66,00,6f,00,78,00,2e,00,65,00,78,00,65,00,00,00,00,00,65,\
00,72,00,5c,00,44,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,2e,00,\
65,00,78,00,65,00,00,00,78,00,65,00,00,00,5f,00,76,00,31,00,5f,00,36,00,5f,\
00,31,00,5c,00,4a,00,50,00,45,00,47,00,73,00,6e,00,6f,00,6f,00,70,00,2e,00,\
65,00,78,00,65,00,00,00,69,00,6c,00,2e,00,65,00,78,00,65,00,00,00,4c,00,45,\
00,2e,00,45,00,58,00,45,00,00,00,5c,00,41,00,70,00,70,00,5c,00,46,00,69,00,\
72,00,65,00,66,00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,\
00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,\
78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,aa,c7,83,ef,bf,71,ce,01,98,0b,0e,00,00,00,00,00,96,b3,e7,db,29,7b,ce,\
01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,\
65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,\
00,69,00,6e,00,67,00,73,00,5c,00,48,00,61,00,72,00,72,00,79,00,20,00,42,00,\
6f,00,77,00,65,00,72,00,73,00,5c,00,64,00,65,00,73,00,6b,00,74,00,6f,00,70,\
00,5c,00,64,00,64,00,73,00,2e,00,73,00,63,00,72,00,00,00,00,00,77,00,65,00,\
72,00,5f,00,64,00,35,00,30,00,32,00,33,00,33,00,37,00,37,00,2e,00,65,00,78,\
00,65,00,00,00,70,00,2e,00,65,00,78,00,65,00,00,00,65,00,5c,00,75,00,70,00,\
64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00,6f,00,6c,00,73,00,5c,\
00,43,00,6f,00,6e,00,76,00,65,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,f6,ec,84,f6,d9,79,ce,01,60,83,0a,00,00,00,00,00,fe,30,6f,01,da,\
79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,\
6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,65,00,77,00,65,00,65,00,5c,00,\
4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,5c,\
00,55,00,44,00,50,00,69,00,78,00,65,00,6c,00,32,00,32,00,5c,00,55,00,44,00,\
50,00,69,00,78,00,65,00,6c,00,2e,00,65,00,78,00,65,00,00,00,39,00,33,00,63,\
00,32,00,33,00,34,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,5c,00,75,00,\
70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00,5c,00,70,00,61,\
00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,50,00,\
68,00,6f,00,74,00,6f,00,2d,00,42,00,72,00,75,00,73,00,68,00,20,00,35,00,2e,\
00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,b7,e1,9b,ce,5b,c7,01,00,20,01,00,00,00,00,00,e6,2e,38,\
d5,5d,78,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,\
67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,61,\
00,73,00,74,00,53,00,74,00,6f,00,6e,00,65,00,20,00,43,00,61,00,70,00,74,00,\
75,00,72,00,65,00,5c,00,46,00,53,00,43,00,61,00,70,00,74,00,75,00,72,00,65,\
00,2e,00,65,00,78,00,65,00,00,00,31,00,32,00,5c,00,6d,00,73,00,6f,00,2e,00,\
64,00,6c,00,6c,00,00,00,2e,00,34,00,30,00,39,00,33,00,20,00,50,00,6f,00,72,\
00,74,00,61,00,62,00,6c,00,65,00,5c,00,43,00,43,00,6c,00,65,00,61,00,6e,00,\
65,00,72,00,2e,00,65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,00,00,00,61,\
00,62,00,6c,00,65,00,2e,00,65,00,78,00,65,00,00,00,75,00,74,00,6f,00,72,00,\
69,00,61,00,6c,00,5c,00,70,00,6f,00,77,00,65,00,72,00,2d,00,70,00,69,00,2d,\
00,75,00,6c,00,65,00,61,00,64,00,2d,00,64,00,65,00,6d,00,6f,00,2e,00,65,00,\
78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,03,98,4b,06,4f,c7,01,00,f6,10,00,00,00,00,00,76,\
4e,b3,a3,1b,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,\
4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,\
00,32,00,5c,00,63,00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,bd,36,23,c4,9d,c8,01,00,fc,04,00,00,00,00,\
00,c0,66,6b,32,2c,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,\
52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,5c,00,54,00,41,00,4c,00,4c,00,45,\
00,4d,00,7e,00,31,00,5c,00,4f,00,4e,00,4c,00,49,00,4e,00,45,00,7e,00,31,00,\
5c,00,6f,00,61,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,55,b7,1c,44,4e,ca,01,f0,f7,0c,00,00,\
00,00,00,84,89,cf,32,2c,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,53,00,55,00,50,00,45,00,52,00,41,00,6e,00,74,00,69,00,53,00,70,00,\
79,00,77,00,61,00,72,00,65,00,5c,00,53,00,41,00,53,00,53,00,45,00,48,00,2e,\
00,44,00,4c,00,4c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,e9,9c,1b,20,a7,45,cc,01,80,b9,01,\
00,00,00,00,00,38,4e,d4,32,2c,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,46,00,69,00,72,00,65,00,54,00,72,00,75,00,73,00,74,00,5c,00,\
4d,00,61,00,69,00,6c,00,57,00,61,00,73,00,68,00,65,00,72,00,20,00,50,00,72,\
00,6f,00,5c,00,4d,00,61,00,69,00,6c,00,57,00,61,00,73,00,68,00,65,00,72,00,\
2e,00,65,00,78,00,65,00,00,00,5c,00,55,00,6c,00,74,00,72,00,61,00,53,00,65,\
00,61,00,72,00,63,00,68,00,2e,00,65,00,78,00,65,00,00,00,75,00,70,00,64,00,\
61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,\
00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c2,3d,16,26,0b,cb,01,18,\
c7,27,01,00,00,00,00,b4,ec,31,be,f2,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,\
3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,\
00,65,00,73,00,5c,00,54,00,68,00,65,00,20,00,57,00,6f,00,72,00,64,00,5c,00,\
74,00,68,00,65,00,77,00,6f,00,72,00,64,00,2e,00,65,00,78,00,65,00,00,00,31,\
00,36,00,33,00,5c,00,77,00,72,00,69,00,74,00,65,00,74,00,79,00,70,00,65,00,\
2d,00,70,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,5c,00,65,00,73,00,70,\
00,65,00,61,00,6b,00,5c,00,65,00,73,00,70,00,65,00,61,00,6b,00,2e,00,65,00,\
78,00,65,00,00,00,61,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,6d,\
00,6f,00,6f,00,6e,00,5c,00,70,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,\
2e,00,65,00,78,00,65,00,00,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,\
00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,\
61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,6c,de,7c,ca,cd,\
01,00,82,c6,00,00,00,00,00,a0,58,eb,0a,f4,79,ce,01,5c,00,3f,00,3f,00,5c,00,\
43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,\
00,6c,00,65,00,73,00,5c,00,54,00,72,00,61,00,63,00,6b,00,65,00,72,00,20,00,\
53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,53,00,68,00,65,00,6c,\
00,6c,00,20,00,45,00,78,00,74,00,65,00,6e,00,73,00,69,00,6f,00,6e,00,73,00,\
5c,00,58,00,43,00,53,00,68,00,49,00,6e,00,66,00,6f,00,2e,00,64,00,6c,00,6c,\
00,00,00,35,00,20,00,2d,00,20,00,50,00,6f,00,72,00,74,00,61,00,62,00,6c,00,\
65,00,5c,00,43,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,00,2e,00,65,00,78,\
00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,40,76,4a,1e,\
07,ce,01,20,86,5c,00,00,00,00,00,06,83,6c,a1,2c,7b,ce,01,5c,00,3f,00,3f,00,\
5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,\
00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,\
6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,\
00,35,00,5c,00,53,00,65,00,74,00,75,00,70,00,5c,00,61,00,76,00,61,00,73,00,\
74,00,2e,00,73,00,65,00,74,00,75,00,70,00,00,00,65,00,6c,00,70,00,65,00,72,\
00,2e,00,65,00,78,00,65,00,00,00,61,00,74,00,61,00,5c,00,4d,00,6f,00,7a,00,\
69,00,6c,00,6c,00,61,00,5c,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,5c,\
00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,50,00,6f,00,72,00,74,00,61,00,\
62,00,6c,00,65,00,5c,00,41,00,70,00,70,00,5c,00,46,00,69,00,72,00,65,00,66,\
00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,\
5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7c,1e,\
65,42,4d,ce,01,70,75,64,00,00,00,00,00,8c,21,20,91,14,7b,ce,01,5c,00,3f,00,\
3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\
00,46,00,69,00,6c,00,65,00,73,00,5c,00,52,00,6f,00,78,00,69,00,6f,00,5c,00,\
44,00,72,00,61,00,67,00,2d,00,74,00,6f,00,2d,00,44,00,69,00,73,00,63,00,5c,\
00,53,00,68,00,65,00,6c,00,6c,00,65,00,78,00,2e,00,64,00,6c,00,6c,00,00,00,\
45,00,57,00,2e,00,45,00,58,00,45,00,00,00,37,00,33,00,30,00,61,00,31,00,33,\
00,37,00,38,00,33,00,33,00,32,00,64,00,37,00,65,00,30,00,64,00,32,00,38,00,\
5c,00,75,00,70,00,64,00,61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,\
00,65,00,2e,00,65,00,78,00,65,00,00,00,5c,00,70,00,6c,00,75,00,67,00,69,00,\
6e,00,2d,00,63,00,6f,00,6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,65,\
00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
ac,90,d1,57,d0,c7,01,f0,99,05,00,00,00,00,00,6a,cc,7b,35,2c,7b,ce,01,5c,00,\
3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,7a,00,69,00,\
70,00,66,00,6c,00,64,00,72,00,2e,00,64,00,6c,00,6c,00,00,00,2e,00,65,00,78,\
00,65,00,00,00,20,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,5c,00,65,00,\
76,00,65,00,72,00,65,00,73,00,74,00,2e,00,65,00,78,00,65,00,00,00,2d,00,34,\
00,31,00,39,00,30,00,2d,00,39,00,34,00,30,00,36,00,2d,00,38,00,66,00,66,00,\
36,00,38,00,35,00,37,00,32,00,30,00,33,00,66,00,35,00,2e,00,65,00,78,00,65,\
00,00,00,6f,00,6e,00,2d,00,50,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,\
2e,00,65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,80,7f,22,2f,c4,9d,c8,01,00,2a,05,00,00,00,00,00,38,7c,79,b7,07,7a,ce,01,\
5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,\
65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,80,94,f6,6b,72,4b,ce,01,00,92,a9,00,00,00,00,00,ba,ee,93,32,2c,7b,\
ce,01,63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,4e,00,45,00,54,00,\
5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,72,00,6b,00,5c,00,76,00,31,\
00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,5c,00,6d,00,73,00,63,00,6f,00,\
72,00,77,00,6b,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,64,00,6c,00,6c,00,00,\
00,65,00,74,00,61,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,00,00,00,52,00,\
61,00,2d,00,32,00,2e,00,31,00,5c,00,4a,00,61,00,76,00,61,00,52,00,61,00,5c,\
00,4a,00,61,00,76,00,61,00,52,00,61,00,2e,00,65,00,78,00,65,00,00,00,62,00,\
6c,00,65,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,86,b5,a0,c9,\
1d,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,\
00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,54,00,\
49,00,20,00,54,00,65,00,63,00,68,00,6e,00,6f,00,6c,00,6f,00,67,00,69,00,65,\
00,73,00,5c,00,41,00,54,00,49,00,2e,00,41,00,43,00,45,00,5c,00,43,00,4c,00,\
49,00,2e,00,65,00,78,00,65,00,00,00,78,00,65,00,00,00,58,00,45,00,00,00,32,\
00,31,00,2d,00,34,00,31,00,37,00,34,00,2d,00,61,00,61,00,36,00,66,00,2d,00,\
61,00,33,00,63,00,35,00,34,00,33,00,39,00,61,00,38,00,35,00,64,00,62,00,2e,\
00,65,00,78,00,65,00,00,00,65,00,2e,00,65,00,78,00,65,00,00,00,5c,00,70,00,\
6c,00,75,00,67,00,69,00,6e,00,2d,00,63,00,6f,00,6e,00,74,00,61,00,69,00,6e,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,3a,05,9d,ac,e0,c6,01,00,b0,00,00,00,00,00,00,c4,c9,\
94,c9,1d,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,\
00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4b,00,\
65,00,79,00,53,00,63,00,72,00,61,00,6d,00,62,00,6c,00,65,00,72,00,5c,00,6b,\
00,65,00,79,00,73,00,63,00,72,00,61,00,6d,00,62,00,6c,00,65,00,72,00,2e,00,\
65,00,78,00,65,00,00,00,50,00,44,00,46,00,5c,00,41,00,64,00,6f,00,6c,00,69,\
00,78,00,53,00,70,00,6c,00,69,00,74,00,61,00,6e,00,64,00,4d,00,65,00,72,00,\
67,00,65,00,50,00,44,00,46,00,2e,00,65,00,78,00,65,00,00,00,65,00,00,00,2e,\
00,65,00,78,00,65,00,00,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00,6f,00,\
42,00,72,00,75,00,73,00,68,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,b7,44,30,6b,2a,ce,01,90,26,08,00,00,00,00,00,\
3c,3b,4d,b9,1d,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,\
00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,\
46,00,53,00,4c,00,5c,00,53,00,75,00,70,00,65,00,72,00,46,00,69,00,6e,00,64,\
00,65,00,72,00,5c,00,53,00,75,00,70,00,65,00,72,00,46,00,69,00,6e,00,64,00,\
65,00,72,00,2e,00,65,00,78,00,65,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,5c,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,\
20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,51,00,75,00,69,\
00,63,00,6b,00,20,00,4c,00,61,00,75,00,6e,00,63,00,68,00,5c,00,54,00,6f,00,\
6f,00,6c,00,73,00,5c,00,43,00,6f,00,6e,00,76,00,65,00,72,00,74,00,2e,00,65,\
00,78,00,65,00,00,00,6f,00,6f,00,6e,00,5c,00,75,00,70,00,64,00,61,00,74,00,\
65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,\
00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,8d,02,bb,5b,a2,c9,01,00,58,0c,00,00,00,\
00,00,5e,99,ee,66,1a,78,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,\
00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,\
5c,00,57,00,69,00,6e,00,52,00,41,00,52,00,5c,00,57,00,69,00,6e,00,52,00,41,\
00,52,00,2e,00,65,00,78,00,65,00,00,00,68,00,2e,00,65,00,78,00,65,00,00,00,\
65,00,62,00,36,00,30,00,30,00,62,00,30,00,61,00,30,00,33,00,38,00,65,00,34,\
00,64,00,30,00,62,00,32,00,32,00,63,00,37,00,63,00,62,00,33,00,36,00,37,00,\
39,00,32,00,61,00,33,00,39,00,31,00,32,00,5c,00,75,00,70,00,64,00,61,00,74,\
00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,\
00,00,74,00,61,00,62,00,6c,00,65,00,2e,00,65,00,78,00,65,00,00,00,74,00,2e,\
00,65,00,78,00,65,00,00,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,\
61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,3b,45,2a,8b,cb,c5,01,00,74,0d,00,\
00,00,00,00,a0,27,f2,23,22,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,\
00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,\
65,00,6d,00,33,00,32,00,5c,00,57,00,67,00,61,00,54,00,72,00,61,00,79,00,2e,\
00,65,00,78,00,65,00,00,00,41,00,76,00,61,00,73,00,74,00,35,00,5c,00,41,00,\
76,00,61,00,73,00,74,00,55,00,49,00,2e,00,65,00,78,00,65,00,00,00,72,00,2e,\
00,65,00,78,00,65,00,00,00,33,00,63,00,32,00,64,00,61,00,36,00,61,00,64,00,\
37,00,35,00,38,00,38,00,37,00,33,00,35,00,34,00,5c,00,75,00,70,00,64,00,61,\
00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,\
65,00,00,00,5c,00,70,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,2e,00,65,\
00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2f,11,c7,08,a2,c9,01,88,43,\
0e,00,00,00,00,00,5e,55,39,32,2c,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,\
00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,\
74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,73,00,68,00,72,00,75,00,69,\
00,2e,00,64,00,6c,00,6c,00,00,00,65,00,65,00,77,00,61,00,72,00,65,00,5c,00,\
50,00,69,00,6e,00,67,00,50,00,6c,00,6f,00,74,00,74,00,65,00,72,00,2e,00,65,\
00,78,00,65,00,00,00,78,00,65,00,00,00,69,00,72,00,65,00,66,00,6f,00,78,00,\
5c,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,34,00,31,00,61,\
00,72,00,75,00,61,00,36,00,68,00,2e,00,64,00,65,00,66,00,61,00,75,00,6c,00,\
74,00,5c,00,65,00,78,00,74,00,65,00,6e,00,73,00,69,00,6f,00,6e,00,73,00,5c,\
00,66,00,6f,00,78,00,76,00,6f,00,78,00,40,00,77,00,6f,00,72,00,64,00,69,00,\
74,00,2e,00,63,00,6f,00,6d,00,5c,00,77,00,76,00,5f,00,70,00,6c,00,61,00,79,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,35,c5,29,c4,9d,c8,01,\
00,30,02,00,00,00,00,00,66,8b,40,95,c6,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,\
00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,79,00,64,00,6f,00,63,00,73,\
00,2e,00,64,00,6c,00,6c,00,00,00,69,00,62,00,69,00,6e,00,73,00,6f,00,66,00,\
74,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,67,00,75,00,5f,00,73,\
00,68,00,65,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00,34,00,31,00,65,00,\
66,00,62,00,65,00,36,00,64,00,66,00,38,00,30,00,62,00,65,00,5c,00,75,00,70,\
00,64,00,61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,\
65,00,78,00,65,00,00,00,5c,00,50,00,61,00,6c,00,65,00,20,00,4d,00,6f,00,6f,\
00,6e,00,5c,00,70,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,5c,00,75,00,\
70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,\
00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,80,9e,2c,29,c4,9d,\
c8,01,00,62,01,00,00,00,00,00,10,6a,79,35,2c,7b,ce,01,5c,00,3f,00,3f,00,5c,\
00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,\
79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4f,00,70,00,65,00,6e,00,45,\
00,78,00,70,00,65,00,72,00,74,00,2e,00,64,00,6c,00,6c,00,00,00,62,00,6c,00,\
65,00,2d,00,33,00,2e,00,36,00,2e,00,31,00,35,00,61,00,5c,00,42,00,69,00,6e,\
00,5c,00,50,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,5c,00,70,00,61,00,\
6c,00,65,00,6d,00,6f,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,6c,00,65,\
00,6d,00,6f,00,6f,00,6e,00,2d,00,50,00,6f,00,72,00,74,00,61,00,62,00,6c,00,\
65,00,2e,00,65,00,78,00,65,00,00,00,61,00,20,00,46,00,69,00,72,00,65,00,66,\
00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,\
5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,\
00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,cb,41,c9,\
85,08,c2,01,00,da,01,00,00,00,00,00,46,c1,35,38,26,7b,ce,01,5c,00,3f,00,3f,\
00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,\
00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,\
74,00,35,00,5c,00,41,00,76,00,61,00,73,00,74,00,55,00,49,00,2e,00,65,00,78,\
00,65,00,00,00,72,00,2e,00,65,00,78,00,65,00,00,00,32,00,34,00,35,00,36,00,\
36,00,38,00,61,00,61,00,66,00,39,00,37,00,66,00,38,00,39,00,32,00,63,00,5c,\
00,75,00,70,00,64,00,61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,\
65,00,2e,00,65,00,78,00,65,00,00,00,5c,00,70,00,61,00,6c,00,65,00,6d,00,6f,\
00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,5c,00,46,00,69,00,72,00,65,00,\
66,00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,\
00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,bf,\
4e,60,93,4c,ce,01,58,24,4a,00,00,00,00,00,92,2f,9f,b8,1d,7b,ce,01,5c,00,3f,\
00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,55,00,50,00,45,00,52,00,41,\
00,6e,00,74,00,69,00,53,00,70,00,79,00,77,00,61,00,72,00,65,00,5c,00,53,00,\
53,00,55,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00,5c,\
00,66,00,75,00,73,00,68,00,2e,00,64,00,6c,00,6c,00,00,00,65,00,78,00,65,00,\
00,00,78,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
f8,4a,a4,32,b5,d0,cc,01,80,e7,05,00,00,00,00,00,8e,dd,3c,c6,1d,7b,ce,01,5c,\
00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,\
53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,74,\
00,69,00,32,00,65,00,76,00,78,00,78,00,2e,00,65,00,78,00,65,00,00,00,6b,00,\
5c,00,76,00,34,00,2e,00,30,00,2e,00,33,00,30,00,33,00,31,00,39,00,5c,00,6d,\
00,73,00,63,00,6f,00,72,00,73,00,76,00,77,00,2e,00,65,00,78,00,65,00,00,00,\
61,00,5f,00,6d,00,61,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,00,5c,00,42,\
00,69,00,6e,00,5c,00,50,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,5c,00,\
70,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,\
00,68,00,2e,00,65,00,78,00,65,00,00,00,41,00,70,00,70,00,5c,00,46,00,69,00,\
72,00,65,00,66,00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,\
00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,\
78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,62,a1,75,42,7a,c8,01,00,d0,07,00,00,00,00,00,b4,52,a3,a6,1d,7b,ce,\
01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,46,00,72,00,65,00,65,00,4f,00,\
43,00,52,00,5c,00,46,00,72,00,65,00,65,00,4f,00,43,00,52,00,2e,00,65,00,78,\
00,65,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,\
76,00,61,00,73,00,74,00,35,00,5c,00,53,00,65,00,74,00,75,00,70,00,5c,00,64,\
00,30,00,34,00,62,00,36,00,63,00,32,00,62,00,2d,00,30,00,30,00,64,00,39,00,\
2d,00,34,00,35,00,64,00,36,00,2d,00,61,00,63,00,34,00,63,00,2d,00,37,00,37,\
00,34,00,33,00,34,00,64,00,37,00,32,00,32,00,30,00,30,00,35,00,2e,00,65,00,\
78,00,65,00,00,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,2e,00,65,00,78,00,65,\
00,00,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,45,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,57,e5,03,79,81,cd,01,00,ee,03,00,00,00,00,00,54,bd,4c,ee,1a,\
78,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,\
72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,43,00,44,\
00,53,00,65,00,65,00,33,00,32,00,5c,00,41,00,43,00,44,00,53,00,65,00,65,00,\
33,00,32,00,2e,00,65,00,78,00,65,00,00,00,6c,00,2d,00,20,00,76,00,20,00,30,\
00,2e,00,39,00,39,00,6f,00,2e,00,65,00,78,00,65,00,00,00,53,00,50,00,32,00,\
2d,00,4b,00,42,00,32,00,38,00,30,00,34,00,35,00,37,00,37,00,2d,00,78,00,38,\
00,36,00,2e,00,65,00,78,00,65,00,00,00,35,00,2e,00,33,00,5c,00,50,00,41,00,\
4c,00,45,00,4d,00,4f,00,4f,00,4e,00,2d,00,50,00,4f,00,52,00,54,00,41,00,42,\
00,4c,00,45,00,2d,00,2e,00,45,00,58,00,45,00,00,00,69,00,65,00,77,00,2e,00,\
65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,43,8e,e9,46,3e,be,01,00,c0,14,00,00,00,00,00,86,27,66,\
22,3f,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,6f,00,63,00,\
75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,6c,00,6c,00,20,00,55,00,\
73,00,65,00,72,00,73,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,\
00,73,00,5c,00,56,00,45,00,57,00,2e,00,65,00,78,00,65,00,00,00,78,00,65,00,\
00,00,32,00,2e,00,65,00,78,00,65,00,00,00,74,00,79,00,43,00,68,00,65,00,63,\
00,6b,00,2e,00,65,00,78,00,65,00,00,00,31,00,35,00,2e,00,30,00,5c,00,44,00,\
6f,00,77,00,6e,00,6c,00,6f,00,61,00,64,00,73,00,5c,00,46,00,6f,00,74,00,6f,\
00,53,00,6b,00,65,00,74,00,63,00,68,00,65,00,72,00,5f,00,32,00,32,00,35,00,\
2e,00,65,00,78,00,65,00,00,00,6e,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,\
00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,\
65,00,78,00,65,00,00,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,06,11,80,1f,7b,ce,01,00,f0,00,00,00,00,00,00,ee,\
eb,cb,c5,20,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,\
6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,\
00,79,00,74,00,68,00,69,00,63,00,73,00,6f,00,66,00,74,00,5c,00,46,00,69,00,\
6c,00,65,00,4c,00,6f,00,63,00,61,00,74,00,6f,00,72,00,20,00,4c,00,69,00,74,\
00,65,00,5c,00,53,00,68,00,65,00,6c,00,6c,00,45,00,78,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00,00,00,31,00,2e,00,34,00,30,00,39,00,33,00,20,00,50,00,6f,\
00,72,00,74,00,61,00,62,00,6c,00,65,00,5c,00,43,00,43,00,6c,00,65,00,61,00,\
6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,9f,5d,18,81,cf,ca,01,a8,7f,06,00,00,00,00,\
00,b0,b6,78,ee,b9,7a,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,\
49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,\
00,33,00,32,00,5c,00,77,00,70,00,64,00,73,00,68,00,65,00,78,00,74,00,2e,00,\
64,00,6c,00,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,49,3b,05,55,83,c9,01,00,b8,27,00,00,\
00,00,00,90,36,1d,98,29,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,\
57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,33,00,32,00,5c,00,73,00,68,00,67,00,69,00,6e,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,80,f8,8e,2b,c4,9d,c8,01,00,0a,01,\
00,00,00,00,00,ea,98,1f,98,29,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,53,00,55,00,50,00,45,00,52,00,41,00,6e,00,74,00,69,00,53,00,\
70,00,79,00,77,00,61,00,72,00,65,00,5c,00,53,00,41,00,53,00,43,00,54,00,58,\
00,4d,00,4e,00,2e,00,44,00,4c,00,4c,00,00,00,2e,00,65,00,78,00,65,00,00,00,\
00,00,6e,00,2d,00,50,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,2d,00,31,\
00,39,00,2e,00,30,00,2e,00,31,00,5c,00,42,00,69,00,6e,00,5c,00,50,00,61,00,\
6c,00,65,00,6d,00,6f,00,6f,00,6e,00,5c,00,70,00,61,00,6c,00,65,00,6d,00,6f,\
00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,6f,00,74,00,2e,00,65,00,78,00,\
65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,99,20,36,ef,a7,45,cc,01,80,\
29,02,00,00,00,00,00,92,fc,30,38,26,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,\
3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,\
00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,\
48,00,65,00,77,00,65,00,65,00,5c,00,64,00,65,00,73,00,6b,00,74,00,6f,00,70,\
00,5c,00,56,00,45,00,57,00,2e,00,65,00,78,00,65,00,00,00,72,00,2e,00,65,00,\
78,00,65,00,00,00,2e,00,65,00,78,00,65,00,00,00,38,00,38,00,39,00,30,00,61,\
00,66,00,35,00,63,00,37,00,31,00,37,00,64,00,37,00,66,00,5c,00,75,00,70,00,\
64,00,61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,\
00,78,00,65,00,00,00,6f,00,78,00,50,00,6f,00,72,00,74,00,61,00,62,00,6c,00,\
65,00,5c,00,41,00,70,00,70,00,5c,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,\
00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,\
70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,86,f8,97,76,8d,79,ce,\
01,00,f0,00,00,00,00,00,00,00,9a,5c,04,a7,79,ce,01,5c,00,3f,00,3f,00,5c,00,\
43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,6d,00,63,00,73,00,68,00,\
65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00,70,00,63,00,2d,00,68,00,63,\
00,2e,00,65,00,78,00,65,00,00,00,6f,00,72,00,2e,00,65,00,78,00,65,00,00,00,\
6d,00,6d,00,75,00,6e,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,46,\
00,6f,00,75,00,6e,00,64,00,61,00,74,00,69,00,6f,00,6e,00,5c,00,69,00,6e,00,\
66,00,6f,00,63,00,61,00,72,00,64,00,2e,00,65,00,78,00,65,00,00,00,6c,00,65,\
00,6d,00,6f,00,6f,00,6e,00,5c,00,70,00,6c,00,75,00,67,00,69,00,6e,00,2d,00,\
63,00,6f,00,6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,80,44,ca,26,c4,\
9d,c8,01,00,f0,00,00,00,00,00,00,32,d6,fc,32,2c,7b,ce,01,5c,00,3f,00,3f,00,\
5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,\
00,69,00,6c,00,65,00,73,00,5c,00,42,00,69,00,6c,00,6c,00,50,00,20,00,53,00,\
74,00,75,00,64,00,69,00,6f,00,73,00,5c,00,57,00,69,00,6e,00,50,00,61,00,74,\
00,72,00,6f,00,6c,00,5c,00,77,00,69,00,6e,00,70,00,61,00,74,00,72,00,6f,00,\
6c,00,2e,00,65,00,78,00,65,00,00,00,65,00,00,00,75,00,70,00,2e,00,65,00,78,\
00,65,00,00,00,31,00,30,00,35,00,5c,00,70,00,61,00,74,00,63,00,68,00,2d,00,\
6a,00,72,00,65,00,31,00,2e,00,36,00,2e,00,30,00,2e,00,62,00,31,00,30,00,35,\
00,5c,00,7a,00,69,00,70,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,\
62,00,6c,00,65,00,5c,00,41,00,70,00,70,00,5c,00,46,00,69,00,72,00,65,00,66,\
00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,\
5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,88,51,34,\
d9,cc,42,ce,01,e8,74,06,00,00,00,00,00,04,80,26,bf,1d,7b,ce,01,5c,00,3f,00,\
3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\
00,46,00,69,00,6c,00,65,00,73,00,5c,00,47,00,50,00,4c,00,47,00,53,00,5c,00,\
67,00,73,00,77,00,69,00,6e,00,33,00,32,00,63,00,2e,00,65,00,78,00,65,00,00,\
00,70,00,65,00,6e,00,65,00,72,00,5c,00,53,00,57,00,46,00,4f,00,70,00,65,00,\
6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,4c,00,69,00,74,00,65,00,2e,\
00,65,00,78,00,65,00,00,00,5c,00,4d,00,61,00,6c,00,77,00,61,00,72,00,65,00,\
62,00,79,00,74,00,65,00,73,00,27,00,20,00,41,00,6e,00,74,00,69,00,2d,00,4d,\
00,61,00,6c,00,77,00,61,00,72,00,65,00,5c,00,6d,00,62,00,61,00,6d,00,2d,00,\
73,00,65,00,74,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00,72,00,2e,00,65,\
00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
20,19,81,21,a4,c4,01,00,f0,01,00,00,00,00,00,be,99,1e,f0,31,79,ce,01,5c,00,\
3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,5c,00,4f,\
00,46,00,46,00,49,00,43,00,45,00,31,00,31,00,5c,00,6d,00,73,00,6f,00,68,00,\
65,00,76,00,2e,00,64,00,6c,00,6c,00,00,00,78,00,65,00,00,00,74,00,5c,00,49,\
00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,\
6f,00,72,00,65,00,72,00,5c,00,51,00,75,00,69,00,63,00,6b,00,20,00,4c,00,61,\
00,75,00,6e,00,63,00,68,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,00,43,00,\
6f,00,6e,00,76,00,65,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,d9,ca,57,95,4a,c3,01,38,06,01,00,00,00,00,00,4e,24,0b,33,2c,7b,ce,01,\
5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,69,00,6d,00,67,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00,41,00,76,\
00,61,00,73,00,74,00,35,00,5c,00,41,00,76,00,61,00,73,00,74,00,55,00,49,00,\
2e,00,65,00,78,00,65,00,00,00,73,00,65,00,74,00,75,00,70,00,00,00,6f,00,6e,\
00,5c,00,75,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,5c,00,68,00,\
65,00,6c,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,6e,00,65,00,72,\
00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,80,38,d3,b9,79,b9,cb,01,00,b4,06,00,00,00,00,00,ca,d9,0f,f1,1e,7b,\
ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,50,00,43,00,\
20,00,48,00,6f,00,6d,00,65,00,43,00,69,00,6e,00,65,00,6d,00,61,00,5c,00,6d,\
00,70,00,63,00,2d,00,68,00,63,00,2e,00,65,00,78,00,65,00,00,00,68,00,2e,00,\
65,00,78,00,65,00,00,00,38,00,5c,00,53,00,63,00,61,00,70,00,58,00,2e,00,65,\
00,78,00,65,00,00,00,66,00,2d,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00,\
65,00,00,00,32,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,5c,00,75,00,70,\
00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00,36,00,38,00,37,00,\
5c,00,76,00,6c,00,63,00,2d,00,32,00,2e,00,30,00,2e,00,31,00,2d,00,77,00,69,\
00,6e,00,33,00,32,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,77,72,ca,d1,26,ca,01,00,6e,65,00,00,00,00,00,c6,31,4f,ec,\
bd,7a,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,\
00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,52,00,61,00,\
78,00,63,00,6f,00,5c,00,50,00,65,00,72,00,66,00,65,00,63,00,74,00,44,00,69,\
00,73,00,6b,00,31,00,30,00,5c,00,50,00,44,00,45,00,6e,00,67,00,69,00,6e,00,\
65,00,2e,00,65,00,78,00,65,00,00,00,72,00,61,00,67,00,6f,00,6e,00,5c,00,43,\
00,6f,00,6d,00,6f,00,64,00,6f,00,5c,00,49,00,63,00,65,00,44,00,72,00,61,00,\
67,00,6f,00,6e,00,5c,00,70,00,6c,00,75,00,67,00,69,00,6e,00,2d,00,63,00,6f,\
00,6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,\
50,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,5c,00,41,00,70,00,70,00,5c,\
00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,\
74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,\
00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,dc,b9,9a,c8,9e,ca,01,08,c5,0f,00,00,00,00,00,70,21,\
a6,7d,c9,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,\
00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,\
54,00,49,00,20,00,54,00,65,00,63,00,68,00,6e,00,6f,00,6c,00,6f,00,67,00,69,\
00,65,00,73,00,5c,00,41,00,54,00,49,00,2e,00,41,00,43,00,45,00,5c,00,43,00,\
4c,00,49,00,53,00,54,00,41,00,52,00,54,00,2e,00,45,00,58,00,45,00,00,00,5c,\
00,43,00,6f,00,6d,00,6f,00,64,00,6f,00,5c,00,49,00,63,00,65,00,44,00,72,00,\
61,00,67,00,6f,00,6e,00,5c,00,69,00,63,00,65,00,64,00,72,00,61,00,67,00,6f,\
00,6e,00,2e,00,65,00,78,00,65,00,00,00,2e,00,65,00,78,00,65,00,00,00,6f,00,\
6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,69,\
00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,5c,00,75,00,70,00,64,00,\
61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,\
00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,9e,d9,fb,6e,90,eb,cc,01,00,60,01,00,00,00,00,00,\
9c,cc,a7,a9,1d,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,\
00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,\
52,00,61,00,78,00,63,00,6f,00,5c,00,50,00,65,00,72,00,66,00,65,00,63,00,74,\
00,44,00,69,00,73,00,6b,00,31,00,30,00,5c,00,50,00,44,00,41,00,67,00,65,00,\
6e,00,74,00,2e,00,65,00,78,00,65,00,00,00,70,00,73,00,5c,00,46,00,2e,00,6c,\
00,75,00,78,00,5c,00,66,00,6c,00,75,00,78,00,2e,00,65,00,78,00,65,00,00,00,\
69,00,64,00,2e,00,65,00,78,00,65,00,00,00,6c,00,74,00,61,00,2e,00,65,00,78,\
00,65,00,00,00,62,00,6c,00,75,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,\
62,00,69,00,74,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,af,88,99,c8,9e,ca,01,08,55,0e,00,00,00,\
00,00,40,ad,25,7a,c9,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,\
00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,\
20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,65,00,77,\
00,65,00,65,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,00,\
74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,73,00,5c,00,46,00,2e,\
00,6c,00,75,00,78,00,5c,00,66,00,6c,00,75,00,78,00,2e,00,65,00,78,00,65,00,\
00,00,37,00,2d,00,36,00,39,00,62,00,63,00,63,00,61,00,37,00,63,00,33,00,65,\
00,33,00,34,00,2e,00,65,00,78,00,65,00,00,00,65,00,2e,00,65,00,78,00,65,00,\
00,00,74,00,2e,00,65,00,78,00,65,00,00,00,4d,00,6f,00,6f,00,6e,00,5c,00,50,\
00,61,00,6c,00,65,00,20,00,4d,00,6f,00,6f,00,6e,00,5c,00,75,00,70,00,64,00,\
61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,\
00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,be,8c,f8,6d,28,ca,01,00,c0,0e,00,\
00,00,00,00,20,8a,89,bc,f2,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,41,00,63,00,72,00,6f,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,\
00,72,00,65,00,5c,00,43,00,75,00,74,00,65,00,50,00,44,00,46,00,20,00,57,00,\
72,00,69,00,74,00,65,00,72,00,5c,00,43,00,50,00,57,00,53,00,61,00,76,00,65,\
00,2e,00,65,00,78,00,65,00,00,00,6f,00,78,00,69,00,74,00,52,00,65,00,61,00,\
64,00,65,00,72,00,33,00,30,00,5f,00,65,00,6e,00,75,00,5c,00,46,00,6f,00,78,\
00,69,00,74,00,20,00,52,00,65,00,61,00,64,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,08,4c,e2,86,cd,01,70,aa,\
03,00,00,00,00,00,0c,3c,5f,dd,31,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,\
00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,\
65,00,73,00,5c,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,20,00,46,00,69,\
00,72,00,65,00,66,00,6f,00,78,00,5c,00,70,00,6c,00,75,00,67,00,69,00,6e,00,\
2d,00,63,00,6f,00,6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,65,00,78,\
00,65,00,00,00,6f,00,72,00,4c,00,69,00,74,00,65,00,2e,00,65,00,78,00,65,00,\
00,00,64,00,34,00,62,00,61,00,36,00,31,00,32,00,33,00,5c,00,75,00,70,00,64,\
00,61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,\
78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,98,05,9b,ed,bf,71,ce,01,\
98,43,00,00,00,00,00,00,e0,3b,92,e0,16,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,\
00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,64,00,6f,00,63,00,76,\
00,77,00,2e,00,64,00,6c,00,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,80,f8,8e,2b,c4,9d,\
c8,01,00,e0,16,00,00,00,00,00,38,43,4d,c9,1d,7b,ce,01,5c,00,3f,00,3f,00,5c,\
00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,\
79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,46,00,6c,00,61,00,73,00,68,\
00,50,00,6c,00,61,00,79,00,65,00,72,00,41,00,70,00,70,00,2e,00,65,00,78,00,\
65,00,00,00,61,00,72,00,74,00,4d,00,65,00,6e,00,75,00,2e,00,65,00,78,00,65,\
00,00,00,32,00,36,00,2d,00,30,00,38,00,66,00,37,00,2d,00,34,00,62,00,34,00,\
37,00,2d,00,62,00,37,00,39,00,33,00,2d,00,66,00,34,00,65,00,64,00,32,00,32,\
00,63,00,34,00,35,00,64,00,62,00,30,00,2e,00,65,00,78,00,65,00,00,00,65,00,\
00,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,d0,28,73,9a,\
c2,66,ce,01,88,8f,0a,00,00,00,00,00,8e,15,39,90,c6,79,ce,01,5c,00,3f,00,3f,\
00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,\
00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,\
74,00,35,00,5c,00,41,00,76,00,42,00,75,00,67,00,52,00,65,00,70,00,6f,00,72,\
00,74,00,2e,00,65,00,78,00,65,00,00,00,63,00,61,00,74,00,69,00,6f,00,6e,00,\
20,00,46,00,6f,00,75,00,6e,00,64,00,61,00,74,00,69,00,6f,00,6e,00,5c,00,69,\
00,6e,00,66,00,6f,00,63,00,61,00,72,00,64,00,2e,00,65,00,78,00,65,00,00,00,\
65,00,2e,00,65,00,78,00,65,00,00,00,61,00,77,00,6c,00,65,00,72,00,2e,00,65,\
00,78,00,65,00,00,00,74,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ec,\
7f,61,93,4c,ce,01,18,4a,08,00,00,00,00,00,52,7b,dc,91,14,7b,ce,01,5c,00,3f,\
00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,63,00,72,\
00,6e,00,73,00,61,00,76,00,65,00,2e,00,73,00,63,00,72,00,00,00,6b,00,31,00,\
30,00,5c,00,50,00,44,00,41,00,67,00,65,00,6e,00,74,00,53,00,31,00,2e,00,65,\
00,78,00,65,00,00,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,\
61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,5c,00,41,00,70,\
00,70,00,6c,00,65,00,5c,00,41,00,70,00,70,00,6c,00,65,00,20,00,53,00,6f,00,\
66,00,74,00,77,00,61,00,72,00,65,00,20,00,55,00,70,00,64,00,61,00,74,00,65,\
00,5c,00,51,00,75,00,69,00,63,00,6b,00,54,00,69,00,6d,00,65,00,49,00,6e,00,\
73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,41,00,64,00,6d,00,69,00,6e,00,2e,\
00,65,00,78,00,65,00,00,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
80,4f,35,42,c4,9d,c8,01,00,24,00,00,00,00,00,00,c8,69,92,a5,3d,79,ce,01,5c,\
00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,48,00,6f,00,73,00,74,00,73,\
00,4d,00,61,00,6e,00,5c,00,68,00,6d,00,2e,00,65,00,78,00,65,00,00,00,2e,00,\
65,00,78,00,65,00,00,00,70,00,5c,00,50,00,79,00,72,00,61,00,6d,00,69,00,64,\
00,53,00,6f,00,6c,00,69,00,74,00,61,00,69,00,72,00,65,00,2e,00,65,00,78,00,\
65,00,00,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,\
00,6f,00,72,00,65,00,72,00,5c,00,51,00,75,00,69,00,63,00,6b,00,20,00,4c,00,\
61,00,75,00,6e,00,63,00,68,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,00,43,\
00,6f,00,6e,00,76,00,65,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,68,00,\
65,00,72,00,5f,00,32,00,32,00,35,00,2e,00,65,00,78,00,65,00,00,00,2e,00,65,\
00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,8c,19,4d,87,47,ce,01,00,2c,67,00,00,00,00,00,4a,9d,ac,c1,1d,7b,ce,\
01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,\
00,6c,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,\
76,00,61,00,73,00,74,00,35,00,5c,00,41,00,76,00,61,00,73,00,74,00,45,00,6d,\
00,55,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00,65,00,\
6c,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,\
00,6c,00,6f,00,72,00,65,00,72,00,5c,00,51,00,75,00,69,00,63,00,6b,00,20,00,\
4c,00,61,00,75,00,6e,00,63,00,68,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,\
00,43,00,6f,00,6e,00,76,00,65,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,\
69,00,72,00,65,00,66,00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,\
00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,\
65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,bf,4e,60,93,4c,ce,01,88,d7,03,00,00,00,00,00,50,2e,32,32,2c,\
7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,\
72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,61,00,66,\
00,65,00,72,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,69,00,6e,00,\
67,00,5c,00,46,00,69,00,6c,00,65,00,41,00,6c,00,79,00,7a,00,65,00,72,00,20,\
00,32,00,5c,00,46,00,69,00,6c,00,65,00,41,00,6c,00,79,00,7a,00,65,00,72,00,\
32,00,2e,00,65,00,78,00,65,00,00,00,2e,00,65,00,78,00,65,00,00,00,2d,00,78,\
00,38,00,36,00,2e,00,65,00,78,00,65,00,00,00,43,00,6c,00,65,00,61,00,6e,00,\
65,00,72,00,2e,00,65,00,78,00,65,00,00,00,34,00,33,00,35,00,64,00,66,00,33,\
00,33,00,36,00,38,00,37,00,5c,00,69,00,76,00,69,00,65,00,77,00,34,00,33,00,\
35,00,5f,00,73,00,65,00,74,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,84,e8,0a,2b,85,cc,01,68,2d,9f,00,00,00,00,00,ae,f1,45,\
4e,e6,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,41,00,75,00,64,00,69,00,6f,00,64,00,65,00,76,00,2e,00,64,00,6c,00,\
6c,00,00,00,74,00,61,00,62,00,6c,00,65,00,2d,00,33,00,2e,00,36,00,2e,00,31,\
00,35,00,61,00,5c,00,44,00,6f,00,77,00,6e,00,6c,00,6f,00,61,00,64,00,73,00,\
5c,00,4b,00,65,00,79,00,53,00,63,00,72,00,61,00,6d,00,62,00,6c,00,65,00,72,\
00,5f,00,53,00,65,00,74,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00,30,00,\
30,00,30,00,30,00,30,00,31,00,5f,00,44,00,49,00,52,00,2e,00,65,00,78,00,65,\
00,00,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,5c,00,41,00,70,00,70,00,\
5c,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,\
00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,\
72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,a1,66,af,54,83,c9,01,00,3a,04,00,00,00,00,00,9e,\
5d,24,98,29,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,\
6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,54,\
00,72,00,61,00,63,00,6b,00,65,00,72,00,20,00,53,00,6f,00,66,00,74,00,77,00,\
61,00,72,00,65,00,5c,00,50,00,44,00,46,00,20,00,56,00,69,00,65,00,77,00,65,\
00,72,00,5c,00,50,00,44,00,46,00,58,00,43,00,76,00,69,00,65,00,77,00,2e,00,\
65,00,78,00,65,00,00,00,6f,00,64,00,6f,00,5c,00,49,00,63,00,65,00,44,00,72,\
00,61,00,67,00,6f,00,6e,00,5c,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,\
6c,00,6c,00,5c,00,68,00,65,00,6c,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,\
00,00,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,5c,00,68,00,65,00,\
6c,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,69,00,6e,00,33,00,32,\
00,2e,00,65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,d8,ec,40,1e,07,ce,01,20,4a,ce,00,00,00,00,\
00,8e,80,83,78,0a,7a,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,\
72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,\
00,54,00,61,00,6c,00,6c,00,20,00,45,00,6d,00,75,00,5c,00,4f,00,6e,00,6c,00,\
69,00,6e,00,65,00,20,00,41,00,72,00,6d,00,6f,00,72,00,5c,00,6f,00,61,00,75,\
00,69,00,2e,00,65,00,78,00,65,00,00,00,70,00,70,00,73,00,5c,00,46,00,2e,00,\
6c,00,75,00,78,00,5c,00,66,00,6c,00,75,00,78,00,2e,00,65,00,78,00,65,00,00,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,2d,00,31,00,35,00,2e,00,30,00,\
5c,00,50,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,2d,00,50,00,6f,00,72,\
00,74,00,61,00,62,00,6c,00,65,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,28,86,1b,44,4e,ca,01,f0,81,61,00,00,\
00,00,00,00,04,4f,b7,1d,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,20,00,46,00,69,00,72,00,\
65,00,66,00,6f,00,78,00,5c,00,75,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,\
00,6c,00,5c,00,68,00,65,00,6c,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,00,\
00,00,78,00,65,00,00,00,30,00,63,00,38,00,62,00,37,00,31,00,35,00,30,00,33,\
00,30,00,34,00,30,00,64,00,61,00,38,00,31,00,5c,00,75,00,70,00,64,00,61,00,\
74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,\
00,00,00,74,00,2e,00,65,00,78,00,65,00,00,00,74,00,2e,00,65,00,78,00,65,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,d4,e2,36,ed,bf,71,ce,01,00,3b,0d,\
00,00,00,00,00,7e,6f,63,eb,dd,79,ce,01,63,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,2e,00,4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,\
6f,00,72,00,6b,00,5c,00,76,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,\
00,37,00,5c,00,6d,00,73,00,63,00,6f,00,72,00,77,00,6b,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00,76,00,69,00,63,00,65,00,2e,00,65,00,78,00,65,00,00,00,2e,\
00,65,00,78,00,65,00,00,00,64,00,63,00,32,00,33,00,5c,00,75,00,70,00,64,00,\
61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,\
00,65,00,00,00,5c,00,70,00,6c,00,75,00,67,00,69,00,6e,00,2d,00,63,00,6f,00,\
6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,c4,68,52,d5,5d,78,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,\
3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,\
00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,\
41,00,6c,00,6c,00,20,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,6f,00,63,\
00,75,00,6d,00,65,00,6e,00,74,00,73,00,5c,00,64,00,64,00,73,00,2e,00,73,00,\
63,00,72,00,00,00,72,00,74,00,61,00,62,00,6c,00,65,00,5c,00,62,00,69,00,6e,\
00,5c,00,77,00,72,00,69,00,74,00,65,00,74,00,79,00,70,00,65,00,2e,00,65,00,\
78,00,65,00,00,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,5c,00,4d,00,6f,\
00,7a,00,69,00,6c,00,6c,00,61,00,20,00,46,00,69,00,72,00,65,00,66,00,6f,00,\
78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,\
00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,28,87,4d,d6,d8,79,ce,\
01,60,83,0a,00,00,00,00,00,b2,a3,93,fd,d8,79,ce,01,5c,00,3f,00,3f,00,5c,00,\
43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,\
00,6c,00,65,00,73,00,5c,00,50,00,61,00,6c,00,65,00,20,00,4d,00,6f,00,6f,00,\
6e,00,5c,00,75,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,5c,00,68,\
00,65,00,6c,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,2e,00,65,00,\
78,00,65,00,00,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,00,00,65,00,62,\
00,6c,00,75,00,72,00,2e,00,65,00,78,00,65,00,00,00,62,00,6c,00,65,00,2d,00,\
31,00,35,00,2e,00,30,00,5c,00,42,00,69,00,6e,00,5c,00,50,00,61,00,6c,00,65,\
00,6d,00,6f,00,6f,00,6e,00,5c,00,75,00,6e,00,69,00,6e,00,73,00,74,00,61,00,\
6c,00,6c,00,5c,00,68,00,65,00,6c,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,\
00,00,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,\
75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,ca,32,9e,cc,\
41,cd,01,8c,51,08,00,00,00,00,00,f6,30,68,68,f0,79,ce,01,5c,00,3f,00,3f,00,\
5c,00,43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,\
00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,\
73,00,5c,00,41,00,6c,00,6c,00,20,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,\
00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,5c,00,6d,00,65,00,74,00,\
61,00,70,00,61,00,64,00,33,00,35,00,31,00,5c,00,6d,00,65,00,74,00,61,00,70,\
00,61,00,64,00,2e,00,65,00,78,00,65,00,00,00,31,00,5c,00,50,00,61,00,6c,00,\
65,00,6d,00,6f,00,6f,00,6e,00,2d,00,50,00,6f,00,72,00,74,00,61,00,62,00,6c,\
00,65,00,2e,00,65,00,78,00,65,00,00,00,61,00,73,00,68,00,47,00,6f,00,74,00,\
2e,00,65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4f,38,\
f5,cd,19,cc,01,00,f8,02,00,00,00,00,00,92,ed,65,93,2c,7b,ce,01,5c,00,3f,00,\
3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,73,00,63,00,\
6e,00,74,00,66,00,79,00,2e,00,65,00,78,00,65,00,00,00,5c,00,46,00,69,00,72,\
00,65,00,66,00,6f,00,78,00,50,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,\
2e,00,65,00,78,00,65,00,00,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,\
00,31,00,64,00,64,00,39,00,64,00,66,00,32,00,36,00,62,00,35,00,62,00,37,00,\
5c,00,75,00,70,00,64,00,61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,\
00,65,00,2e,00,65,00,78,00,65,00,00,00,5c,00,6d,00,62,00,61,00,6d,00,2d,00,\
73,00,65,00,74,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00,4d,00,6f,00,6f,\
00,6e,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,\
75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,80,\
22,04,41,c4,9d,c8,01,00,36,00,00,00,00,00,00,c6,37,3f,ab,26,7b,ce,01,5c,00,\
3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,75,00,\
61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,00,00,6c,00,00,00,70,00,70,00,2e,\
00,65,00,78,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,5c,00,66,00,35,00,\
39,00,35,00,31,00,32,00,65,00,36,00,2d,00,38,00,64,00,35,00,39,00,2d,00,34,\
00,61,00,65,00,30,00,2d,00,62,00,65,00,30,00,65,00,2d,00,64,00,37,00,61,00,\
34,00,30,00,62,00,38,00,62,00,39,00,36,00,62,00,35,00,2e,00,65,00,78,00,65,\
00,00,00,6c,00,65,00,2e,00,65,00,78,00,65,00,00,00,75,00,61,00,36,00,68,00,\
2e,00,64,00,65,00,66,00,61,00,75,00,6c,00,74,00,5c,00,73,00,68,00,6f,00,72,\
00,74,00,63,00,75,00,74,00,43,00,61,00,63,00,68,00,65,00,5c,00,46,00,69,00,\
78,00,46,00,46,00,69,00,63,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,78,\
00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,7e,dc,c3,0d,41,cd,01,18,ce,08,00,00,00,00,00,70,e2,ac,1b,f0,79,ce,01,\
5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,44,00,69,00,73,00,6b,00,\
65,00,65,00,70,00,65,00,72,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,00,61,\
00,74,00,69,00,6f,00,6e,00,5c,00,44,00,69,00,73,00,6b,00,65,00,65,00,70,00,\
65,00,72,00,5c,00,44,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,2e,\
00,65,00,78,00,65,00,00,00,00,00,5c,00,4a,00,61,00,76,00,61,00,52,00,61,00,\
2e,00,65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,00,69,00,72,00,65,00,66,\
00,6f,00,78,00,5c,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,50,00,6f,00,\
72,00,74,00,61,00,62,00,6c,00,65,00,5c,00,41,00,70,00,70,00,5c,00,46,00,69,\
00,72,00,65,00,66,00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,\
73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,\
00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,72,5c,f0,a1,bf,c9,01,18,99,14,00,00,00,00,00,62,73,0b,7a,c9,79,\
ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,\
00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,66,00,73,00,73,00,68,00,6c,00,65,00,78,00,2e,00,64,00,6c,00,6c,00,00,\
00,72,00,69,00,70,00,6d,00,61,00,69,00,6c,00,2d,00,20,00,76,00,20,00,30,00,\
2e,00,39,00,39,00,6f,00,2e,00,65,00,78,00,65,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,\
5c,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,5c,00,46,00,69,00,72,00,65,\
00,66,00,6f,00,78,00,5c,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,20,00,\
46,00,69,00,72,00,65,00,66,00,6f,00,78,00,5c,00,75,00,70,00,64,00,61,00,74,\
00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,\
2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,80,bd,36,23,c4,9d,c8,01,00,70,00,00,00,00,00,00,e6,62,5a,7e,\
df,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,\
00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,6f,00,\
7a,00,69,00,6c,00,6c,00,61,00,20,00,54,00,68,00,75,00,6e,00,64,00,65,00,72,\
00,62,00,69,00,72,00,64,00,5c,00,74,00,68,00,75,00,6e,00,64,00,65,00,72,00,\
62,00,69,00,72,00,64,00,2e,00,65,00,78,00,65,00,00,00,6c,00,6c,00,2e,00,64,\
00,6c,00,6c,00,00,00,2e,00,34,00,30,00,36,00,34,00,20,00,50,00,6f,00,72,00,\
74,00,61,00,62,00,6c,00,65,00,5c,00,43,00,43,00,6c,00,65,00,61,00,6e,00,65,\
00,72,00,2e,00,65,00,78,00,65,00,00,00,6c,00,74,00,5c,00,65,00,78,00,74,00,\
65,00,6e,00,73,00,69,00,6f,00,6e,00,73,00,5c,00,66,00,6f,00,78,00,76,00,6f,\
00,78,00,40,00,77,00,6f,00,72,00,64,00,69,00,74,00,2e,00,63,00,6f,00,6d,00,\
5c,00,6d,00,62,00,72,00,6f,00,6c,00,61,00,2e,00,65,00,78,00,65,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,26,a7,38,7e,24,06,cd,01,98,44,c0,00,00,00,00,00,8a,fc,\
c6,db,45,7a,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,\
00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,\
55,00,50,00,45,00,52,00,41,00,6e,00,74,00,69,00,53,00,70,00,79,00,77,00,61,\
00,72,00,65,00,5c,00,53,00,55,00,50,00,45,00,52,00,41,00,4e,00,54,00,49,00,\
53,00,50,00,59,00,57,00,41,00,52,00,45,00,2e,00,45,00,58,00,45,00,00,00,65,\
00,2e,00,65,00,78,00,65,00,00,00,61,00,6c,00,6c,00,5f,00,66,00,6c,00,61,00,\
73,00,68,00,5f,00,70,00,6c,00,61,00,79,00,65,00,72,00,5f,00,31,00,31,00,5f,\
00,70,00,6c,00,75,00,67,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,00,68,00,\
75,00,6e,00,64,00,65,00,72,00,62,00,69,00,72,00,64,00,5c,00,75,00,70,00,64,\
00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,\
65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,64,8d,05,0a,bf,51,ce,01,f0,a4,48,00,00,00,00,00,\
e4,69,05,bc,1d,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,\
00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
33,00,32,00,5c,00,64,00,6f,00,63,00,70,00,72,00,6f,00,70,00,32,00,2e,00,64,\
00,6c,00,6c,00,00,00,65,00,00,00,73,00,74,00,75,00,62,00,2e,00,65,00,78,00,\
65,00,00,00,67,00,53,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,00,43,00,6f,\
00,6d,00,70,00,72,00,65,00,73,00,73,00,6f,00,72,00,5c,00,63,00,6f,00,6d,00,\
70,00,72,00,65,00,73,00,73,00,6f,00,72,00,2e,00,65,00,78,00,65,00,00,00,5c,\
00,42,00,69,00,6e,00,5c,00,50,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,\
5c,00,70,00,6c,00,75,00,67,00,69,00,6e,00,2d,00,63,00,6f,00,6e,00,74,00,61,\
00,69,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,5c,00,75,00,70,00,\
64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,54,cf,23,c4,9d,c8,01,00,bc,00,00,00,00,\
00,00,ea,54,0c,39,26,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,\
00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,2e,00,4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,\
00,65,00,77,00,6f,00,72,00,6b,00,5c,00,76,00,34,00,2e,00,30,00,2e,00,33,00,\
30,00,33,00,31,00,39,00,5c,00,6d,00,73,00,63,00,6f,00,72,00,73,00,76,00,77,\
00,2e,00,65,00,78,00,65,00,00,00,6c,00,6c,00,00,00,78,00,65,00,00,00,32,00,\
30,00,31,00,31,00,2e,00,30,00,37,00,2e,00,30,00,37,00,2e,00,65,00,78,00,65,\
00,00,00,00,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,f6,0f,e4,d7,c6,ca,01,50,fd,01,00,\
00,00,00,00,a0,87,ff,79,c9,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,57,00,69,00,6e,00,52,00,41,00,52,00,5c,00,72,00,61,00,72,00,65,\
00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00,68,00,2e,00,65,00,78,00,65,00,\
00,00,2e,00,65,00,78,00,65,00,00,00,72,00,64,00,2e,00,65,00,78,00,65,00,00,\
00,65,00,78,00,65,00,00,00,00,00,64,00,6c,00,6c,00,00,00,00,00,63,00,6f,00,\
6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,78,\
00,65,00,00,00,00,00,6b,00,20,00,4c,00,61,00,75,00,6e,00,63,00,68,00,5c,00,\
54,00,6f,00,6f,00,6c,00,73,00,5c,00,43,00,6f,00,6e,00,76,00,65,00,72,00,74,\
00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,de,26,3c,8b,cb,c5,01,00,ea,\
01,00,00,00,00,00,fa,85,3a,38,26,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,\
00,5c,00,46,00,72,00,65,00,65,00,4f,00,43,00,52,00,5c,00,74,00,65,00,73,00,\
73,00,65,00,72,00,61,00,63,00,74,00,2e,00,65,00,78,00,65,00,00,00,5c,00,4f,\
00,6e,00,6c,00,69,00,6e,00,65,00,20,00,41,00,72,00,6d,00,6f,00,72,00,5c,00,\
6f,00,61,00,63,00,61,00,74,00,2e,00,65,00,78,00,65,00,00,00,73,00,2e,00,64,\
00,6c,00,6c,00,00,00,00,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,2d,00,\
31,00,39,00,2e,00,30,00,2e,00,31,00,5c,00,42,00,69,00,6e,00,5c,00,50,00,61,\
00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,5c,00,75,00,6e,00,69,00,6e,00,73,00,\
74,00,61,00,6c,00,6c,00,5c,00,68,00,65,00,6c,00,70,00,65,00,72,00,2e,00,65,\
00,78,00,65,00,00,00,70,00,5c,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,\
5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,\
00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,13,bb,c7,dd,90,cc,01,\
00,5a,1e,00,00,00,00,00,72,db,db,a9,1b,78,ce,01,5c,00,3f,00,3f,00,5c,00,43,\
00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,\
6c,00,65,00,73,00,5c,00,37,00,2d,00,5a,00,69,00,70,00,5c,00,37,00,2d,00,7a,\
00,69,00,70,00,2e,00,64,00,6c,00,6c,00,00,00,61,00,72,00,74,00,2e,00,65,00,\
78,00,65,00,00,00,6f,00,72,00,64,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,\
00,00,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,49,00,6e,00,74,00,65,00,\
72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,\
00,5c,00,51,00,75,00,69,00,63,00,6b,00,20,00,4c,00,61,00,75,00,6e,00,63,00,\
68,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,00,43,00,6f,00,6e,00,76,00,65,\
00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,4d,00,6f,00,6f,00,6e,00,5c,00,\
75,00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,\
00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7e,8f,cc,3a,87,\
cb,01,00,da,00,00,00,00,00,00,7e,5d,52,38,26,7b,ce,01,5c,00,3f,00,3f,00,5c,\
00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,5c,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,20,\
00,46,00,69,00,72,00,65,00,66,00,6f,00,78,00,5c,00,63,00,72,00,61,00,73,00,\
68,00,72,00,65,00,70,00,6f,00,72,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,\
00,00,00,64,00,6c,00,6c,00,00,00,65,00,00,00,65,00,2e,00,65,00,78,00,65,00,\
00,00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,\
00,72,00,5c,00,51,00,75,00,69,00,63,00,6b,00,20,00,4c,00,61,00,75,00,6e,00,\
63,00,68,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,00,43,00,6f,00,6e,00,76,\
00,65,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,65,00,72,00,2e,00,65,00,\
78,00,65,00,00,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,\
00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c6,15,92,ef,\
bf,71,ce,01,98,c5,01,00,00,00,00,00,f0,30,cf,4a,d6,78,ce,01,5c,00,3f,00,3f,\
00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,\
00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,\
74,00,35,00,5c,00,41,00,76,00,61,00,73,00,74,00,53,00,76,00,63,00,2e,00,65,\
00,78,00,65,00,00,00,65,00,78,00,65,00,00,00,61,00,6c,00,6c,00,5c,00,75,00,\
6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,2e,00,65,00,78,\
00,65,00,00,00,64,00,61,00,74,00,65,00,5c,00,75,00,70,00,64,00,61,00,74,00,\
65,00,2e,00,65,00,78,00,65,00,00,00,54,00,68,00,75,00,6e,00,64,00,65,00,72,\
00,62,00,69,00,72,00,64,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,\
5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,\
00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,bf,\
4e,60,93,4c,ce,01,d8,b6,00,00,00,00,00,00,f0,7c,e6,75,c9,79,ce,01,5c,00,3f,\
00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,54,00,61,00,6c,00,6c,00,20,00,45,\
00,6d,00,75,00,5c,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,20,00,41,00,72,00,\
6d,00,6f,00,72,00,5c,00,6f,00,61,00,68,00,6c,00,70,00,2e,00,65,00,78,00,65,\
00,00,00,65,00,6d,00,6f,00,6f,00,6e,00,2d,00,50,00,6f,00,72,00,74,00,61,00,\
62,00,6c,00,65,00,2d,00,31,00,39,00,2e,00,30,00,2e,00,31,00,5c,00,42,00,69,\
00,6e,00,5c,00,50,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,5c,00,70,00,\
61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,69,\
00,6e,00,2d,00,63,00,6f,00,6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,\
65,00,78,00,65,00,00,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,\
00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,55,b7,1c,44,4e,ca,01,f0,13,2c,00,00,00,00,00,14,2a,c1,ba,1d,7b,ce,01,5c,\
00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,4e,00,54,00,5c,00,41,00,63,00,63,00,65,00,73,00,73,00,\
6f,00,72,00,69,00,65,00,73,00,5c,00,77,00,6f,00,72,00,64,00,70,00,61,00,64,\
00,2e,00,65,00,78,00,65,00,00,00,75,00,73,00,68,00,20,00,74,00,6f,00,20,00,\
69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,64,00,20,00,76,00,65,00,72,\
00,73,00,69,00,6f,00,6e,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,42,00,72,00,\
75,00,73,00,68,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,42,00,72,00,75,00,73,\
00,68,00,2e,00,65,00,78,00,65,00,00,00,6c,00,74,00,5c,00,73,00,68,00,6f,00,\
72,00,74,00,63,00,75,00,74,00,43,00,61,00,63,00,68,00,65,00,5c,00,6e,00,63,\
00,6f,00,6e,00,76,00,65,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,80,ad,b0,71,c1,21,cb,01,00,54,03,00,00,00,00,00,78,2b,c5,ef,29,7b,ce,\
01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\
57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,\
00,77,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00,6f,00,74,00,6f,00,\
42,00,72,00,75,00,73,00,68,00,2e,00,65,00,78,00,65,00,00,00,70,00,2e,00,65,\
00,78,00,65,00,00,00,31,00,65,00,63,00,37,00,2d,00,34,00,61,00,35,00,34,00,\
2d,00,34,00,33,00,36,00,34,00,2d,00,39,00,34,00,64,00,36,00,2d,00,32,00,63,\
00,33,00,62,00,63,00,63,00,31,00,38,00,64,00,35,00,37,00,66,00,2e,00,65,00,\
78,00,65,00,00,00,6e,00,63,00,68,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,\
00,43,00,6f,00,6e,00,76,00,65,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,\
65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,\
00,65,00,78,00,65,00,00,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,\
65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,80,25,c0,2c,c4,9d,c8,01,00,e2,00,00,00,00,00,00,9e,19,11,39,26,\
7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,\
72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,42,00,69,00,6c,\
00,6c,00,50,00,20,00,53,00,74,00,75,00,64,00,69,00,6f,00,73,00,5c,00,57,00,\
69,00,6e,00,50,00,61,00,74,00,72,00,6f,00,6c,00,5c,00,57,00,69,00,6e,00,50,\
00,61,00,74,00,72,00,6f,00,6c,00,45,00,78,00,2e,00,65,00,78,00,65,00,00,00,\
00,00,78,00,65,00,00,00,35,00,37,00,36,00,2d,00,78,00,38,00,36,00,2e,00,65,\
00,78,00,65,00,00,00,65,00,00,00,31,00,35,00,2e,00,30,00,5c,00,42,00,69,00,\
6e,00,5c,00,50,00,61,00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,5c,00,70,00,61,\
00,6c,00,65,00,6d,00,6f,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,6e,00,\
65,00,72,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,64,44,4d,db,cc,42,ce,01,e8,20,0c,00,00,00,00,00,bc,42,2d,\
a9,db,79,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,\
67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,54,00,61,\
00,6c,00,6c,00,20,00,45,00,6d,00,75,00,5c,00,4f,00,6e,00,6c,00,69,00,6e,00,\
65,00,20,00,41,00,72,00,6d,00,6f,00,72,00,5c,00,6f,00,61,00,63,00,61,00,74,\
00,2e,00,65,00,78,00,65,00,00,00,44,00,6b,00,53,00,65,00,72,00,76,00,69,00,\
63,00,65,00,2e,00,65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,65,00,\
78,00,65,00,00,00,65,00,66,00,61,00,75,00,6c,00,74,00,5c,00,46,00,6c,00,61,\
00,73,00,68,00,47,00,6f,00,74,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,28,86,1b,44,4e,ca,01,f0,f1,12,00,00,00,00,00,16,\
95,2e,68,c9,79,ce,01,5c,00,3f,00,3f,00,5c,00,44,00,3a,00,5c,00,44,00,6f,00,\
77,00,6e,00,6c,00,6f,00,61,00,64,00,20,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,73,00,5c,00,66,00,72,00,65,00,65,00,6f,00,63,00,72,00,2e,00,65,00,\
78,00,65,00,00,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,5c,00,6d,00,73,\
00,63,00,6f,00,72,00,77,00,6b,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,73,00,\
6f,00,66,00,74,00,5c,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,\
00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,51,00,75,00,69,00,\
63,00,6b,00,20,00,4c,00,61,00,75,00,6e,00,63,00,68,00,5c,00,54,00,6f,00,6f,\
00,6c,00,73,00,5c,00,43,00,6f,00,6e,00,76,00,65,00,72,00,74,00,2e,00,65,00,\
78,00,65,00,00,00,6f,00,6f,00,6e,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,\
00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,61,00,74,00,65,00,72,00,2e,00,\
65,00,78,00,65,00,00,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,74,3e,86,b5,19,78,ce,01,a1,53,06,00,00,00,00,\
00,16,3e,e6,c7,19,78,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,\
6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,\
00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,61,00,72,00,\
72,00,79,00,20,00,42,00,6f,00,77,00,65,00,72,00,73,00,5c,00,64,00,65,00,73,\
00,6b,00,74,00,6f,00,70,00,5c,00,74,00,35,00,63,00,77,00,38,00,7a,00,71,00,\
72,00,2e,00,65,00,78,00,65,00,00,00,61,00,74,00,65,00,43,00,68,00,65,00,63,\
00,6b,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,74,00,61,00,2e,00,65,00,\
78,00,65,00,00,00,74,00,69,00,2d,00,4d,00,61,00,6c,00,77,00,61,00,72,00,65,\
00,5c,00,6d,00,62,00,61,00,6d,00,2d,00,73,00,65,00,74,00,75,00,70,00,2e,00,\
65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,82,1c,d7,15,24,7b,ce,01,00,c4,05,00,00,\
00,00,00,96,04,35,25,24,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,53,00,55,00,50,00,45,00,52,00,41,00,6e,00,74,00,69,00,53,00,70,00,\
79,00,77,00,61,00,72,00,65,00,5c,00,53,00,41,00,53,00,54,00,61,00,73,00,6b,\
00,2e,00,65,00,78,00,65,00,00,00,6e,00,67,00,65,00,6e,00,2e,00,65,00,78,00,\
65,00,00,00,69,00,63,00,65,00,2e,00,65,00,78,00,65,00,00,00,2d,00,31,00,39,\
00,2e,00,30,00,2e,00,31,00,5c,00,44,00,6f,00,77,00,6e,00,6c,00,6f,00,61,00,\
64,00,73,00,5c,00,73,00,71,00,6c,00,69,00,74,00,65,00,62,00,72,00,6f,00,77,\
00,73,00,65,00,72,00,5f,00,32,00,30,00,30,00,5f,00,62,00,31,00,5f,00,77,00,\
69,00,6e,00,5c,00,73,00,71,00,6c,00,69,00,74,00,65,00,62,00,72,00,6f,00,77,\
00,73,00,65,00,72,00,5f,00,32,00,30,00,30,00,5f,00,62,00,31,00,5f,00,77,00,\
69,00,6e,00,5c,00,53,00,51,00,4c,00,69,00,74,00,65,00,20,00,44,00,61,00,74,\
00,61,00,62,00,61,00,73,00,65,00,20,00,42,00,72,00,6f,00,77,00,73,00,65,00,\
72,00,20,00,32,00,2e,00,30,00,20,00,62,00,31,00,2e,00,65,00,78,00,65,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,a5,da,8c,09,84,0a,cc,01,80,b5,00,\
00,00,00,00,00,54,aa,39,27,19,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,35,00,5c,00,61,\
00,73,00,68,00,53,00,68,00,65,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,84,f6,57,93,4c,ce,01,70,\
dc,01,00,00,00,00,00,66,04,69,32,2c,7b,ce,01,5c,00,3f,00,3f,00,5c,00,43,00,\
3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,\
00,65,00,73,00,5c,00,4d,00,61,00,6c,00,77,00,61,00,72,00,65,00,62,00,79,00,\
74,00,65,00,73,00,27,00,20,00,41,00,6e,00,74,00,69,00,2d,00,4d,00,61,00,6c,\
00,77,00,61,00,72,00,65,00,5c,00,6d,00,62,00,61,00,6d,00,65,00,78,00,74,00,\
2e,00,64,00,6c,00,6c,00,00,00,63,00,65,00,2e,00,65,00,78,00,65,00,00,00,32,\
00,2d,00,78,00,38,00,36,00,2e,00,65,00,78,00,65,00,00,00,65,00,2d,00,31,00,\
35,00,2e,00,30,00,5c,00,42,00,69,00,6e,00,5c,00,50,00,61,00,6c,00,65,00,6d,\
00,6f,00,6f,00,6e,00,5c,00,75,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,5c,00,68,00,65,00,6c,00,70,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,\
00,70,00,64,00,61,00,74,00,65,00,73,00,5c,00,30,00,5c,00,75,00,70,00,64,00,\
61,00,74,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,65,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1c,37,09,5e,da,cd,\
01,68,35,01,00,00,00,00,00,2a,73,27,38,26,7b,ce,01,5c,00,3f,00,3f,00,5c,00,\
43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,\
00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,6d,00,65,00,64,00,\
69,00,61,00,2e,00,64,00,6c,00,6c,00,00,00,6c,00,65,00,61,00,64,00,20,00,50,\
00,68,00,6f,00,74,00,6f,00,49,00,6d,00,70,00,61,00,63,00,74,00,20,00,38,00,\
5c,00,76,00,6f,00,65,00,2e,00,65,00,78,00,65,00,00,00,65,00,78,00,65,00,00,\
00,65,00,78,00,65,00,00,00,6f,00,72,00,74,00,61,00,62,00,6c,00,65,00,2d,00,\
31,00,35,00,2e,00,33,00,5c,00,42,00,69,00,6e,00,5c,00,50,00,61,00,6c,00,65,\
00,6d,00,6f,00,6f,00,6e,00,5c,00,70,00,6c,00,75,00,67,00,69,00,6e,00,2d,00,\
63,00,6f,00,6e,00,74,00,61,00,69,00,6e,00,65,00,72,00,2e,00,65,00,78,00,65,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,80,f8,8e,2b,c4,\
9d,c8,01,00,52,02,00,00,00,00,00,c0,be,79,af,27,79,ce,01,5c,00,3f,00,3f,00,\
5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,\
00,69,00,6c,00,65,00,73,00,5c,00,53,00,55,00,50,00,45,00,52,00,41,00,6e,00,\
74,00,69,00,53,00,70,00,79,00,77,00,61,00,72,00,65,00,5c,00,53,00,41,00,53,\
00,43,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,00,00,2e,00,65,00,78,00,\
65,00,00,00,65,00,78,00,65,00,00,00,73,00,5c,00,74,00,68,00,65,00,77,00,6f,\
00,72,00,64,00,2d,00,73,00,65,00,74,00,75,00,70,00,2d,00,64,00,79,00,6e,00,\
61,00,2e,00,65,00,78,00,65,00,00,00,2e,00,65,00,78,00,65,00,00,00,74,00,65,\
00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,87,c4,ae,\
a5,96,5f,cd,01,80,c7,01,00,00,00,00,00,ec,c2,fa,79,c9,79,ce,01,43,00,3a,00,\
5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,\
00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,63,00,6f,00,72,00,65,00,65,00,\
2e,00,64,00,6c,00,6c,00,00,00,2e,00,64,00,6c,00,6c,00,00,00,5c,00,41,00,54,\
00,49,00,2e,00,41,00,43,00,45,00,5c,00,43,00,4c,00,49,00,2e,00,65,00,78,00,\
65,00,00,00,30,00,31,00,5c,00,53,00,66,00,2e,00,62,00,69,00,6e,00,00,00,74,\
00,61,00,6c,00,6c,00,5f,00,66,00,6c,00,61,00,73,00,68,00,5f,00,70,00,6c,00,\
61,00,79,00,65,00,72,00,5f,00,31,00,31,00,5f,00,61,00,63,00,74,00,69,00,76,\
00,65,00,5f,00,78,00,5f,00,33,00,32,00,62,00,69,00,74,00,2e,00,65,00,78,00,\
65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,10,60,c0,de,2c,7b,ce,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\CWD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\CWD\ff060102423da0000407108e0500]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\CWD\ff060102423da0000407108e0500\1]
"Add1"=hex:02,15,40,a0,10,1e,b8,23,00,8e,d8,8b,0e,14,07,81,e1,00,02,1f,c3
"Change1"=hex:01,1d,50,48,0c,55,8b,ec,b8,00,00,9c,59,81,e1,00,02,55,8b,ec,b8,\
00,00,e8,e7,57,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI01\ff06010242935100040720730500]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI01\ff06010242935100040720730500\1]
"Change1"=hex:01,49,d0,18,22,45,55,8b,ec,1e,b4,43,32,c0,c5,56,06,cd,21,1f,72,\
0a,c4,5e,0a,26,89,0f,33,c0,eb,04,50,e8,fa,02,5d,4d,cb,55,8b,ec,1e,b8,00,43,\
c5,56,06,cd,21,1f,72,0d,c4,5e,0a,80,e1,1f,26,89,0f,33,c0,eb,04,50,e8,fa,02,\
5d,cb

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI02]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI02\ff06010242468300040790c80400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI02\ff06010242468300040790c80400\1]
"Change1"=hex:01,51,12,46,26,45,55,8b,ec,56,57,1e,b4,43,32,c0,c5,56,06,cd,21,\
1f,72,0a,c4,5e,0a,26,89,0f,33,c0,eb,04,50,e8,4b,03,5f,5e,5d,4d,cb,45,55,8b,\
ec,1e,b4,43,32,c0,c5,56,06,cd,21,1f,72,0a,c4,5e,0a,80,e1,1f,26,89,0f,33,c0,\
eb,04,50,e8,4b,03,5d,4d,cb,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBIN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBIN\ff0601024cab7b000407b0ea0400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBIN\ff0601024cab7b000407b0ea0400\2]
"Change1"=hex:01,15,f0,3b,08,3d,03,5f,74,03,e9,06,00,3d,03,5f,90,90,e9,06,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTSCR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTSCR\ff060102c47b1f00040750db0100]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTSCR\ff060102c47b1f00040750db0100\e]
"Change1"=hex:01,13,84,1e,07,45,55,8b,ec,68,00,20,45,55,8b,ec,68,02,20

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\LTSPRINT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\LTSPRINT\ff060102424f3f000306706600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\LTSPRINT\ff060102424f3f000306706600\1]
"Change1"=hex:01,0b,9c,1c,03,3d,00,01,3d,00,06

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\MYST]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\MYST\ff060102423bab000407102e0600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\MYST\ff060102423bab000407102e0600\1]
"Add1"=hex:02,15,40,ab,10,1e,b8,23,00,8e,d8,8b,0e,14,07,81,e1,00,02,1f,c3
"Change1"=hex:01,1d,50,49,0c,55,8b,ec,b8,00,00,9c,59,81,e1,00,02,55,8b,ec,b8,\
00,00,e8,e7,61,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\OUTPOST]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\OUTPOST\ff06010242410f000306801500]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\OUTPOST\ff06010242410f000306801500\1]
"Change1"=hex:01,0f,09,0a,05,9a,73,05,ff,01,b8,03,0a,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\PALED40]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\PALED40\ff060102420032000407401b0100]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\PALED40\ff060102420032000407401b0100\1]
"Change1"=hex:01,07,b7,21,01,d8,0c

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024211e100040750e50700]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024211e100040750e50700\1]
"Change1"=hex:01,1d,3f,e0,0c,8b,46,e8,8b,56,ea,2b,46,fa,1b,56,fc,b8,50,01,ba,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024237e6000407d00e0800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024237e6000407d00e0800\1]
"Change1"=hex:01,1d,65,e5,0c,8b,46,e8,8b,56,ea,2b,46,fa,1b,56,fc,b8,50,01,ba,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102428203000306401600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102428203000306401600\1]
"Change1"=hex:01,0f,28,03,05,33,ed,55,9a,13,b8,00,4c,cd,21

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025621ef000407f07a0700]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025621ef000407f07a0700\3]
"Change1"=hex:01,1d,f3,45,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025642ea00040750550700]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025642ea00040750550700\3]
"Change1"=hex:01,1d,b7,41,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700\3]
"Change1"=hex:01,15,7c,35,08,66,8b,46,fc,66,2b,46,f0,66,b8,50,01,00,00,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102565ce5000407d0600700]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102565ce5000407d0600700\3]
"Change1"=hex:01,1d,fd,34,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025674e6000407704d0700]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025674e6000407704d0700\3]
"Change1"=hex:01,1d,cf,3d,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256b1dd00040760ef0b00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256b1dd00040760ef0b00\3]
"Change1"=hex:01,15,2c,3b,08,66,8b,46,f0,66,2b,46,f4,66,b8,50,01,00,00,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256c1ef00040770fb0600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256c1ef00040770fb0600\3]
"Change1"=hex:01,1d,fd,38,0c,8b,46,f0,8b,56,f2,2b,46,f4,1b,56,f6,b8,50,01,ba,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256e2e400040750600700]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256e2e400040750600700\3]
"Change1"=hex:01,1d,fd,34,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256eae500040710640700]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256eae500040710640700\3]
"Change1"=hex:01,1d,fd,34,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256faef00040710c50600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256faef00040710c50600\3]
"Change1"=hex:01,1d,b7,33,0c,8b,46,f0,8b,56,f2,2b,46,f4,1b,56,f6,b8,50,01,ba,\
00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP16]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP16\ff0601024cd875000407a0db0100]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP16\ff0601024cd875000407a0db0100\2]
"Change1"=hex:01,23,17,42,0f,8b,c8,8b,d0,8b,5e,0e,2a,e4,89,07,8a,cd,2a,ed,b9,\
0a,00,ba,03,0a,8b,5e,0e,2a,e4,90,90,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\USA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\USA\ff06010242059b00040710780600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\USA\ff06010242059b00040710780600\1]
"Change1"=hex:01,1d,95,44,0c,55,8b,ec,b8,00,00,9c,59,81,e1,00,02,55,8b,ec,b8,\
00,00,e8,67,56,90,90,90
"Change2"=hex:01,25,05,9b,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
1e,b8,23,00,8e,d8,8b,0e,14,07,81,e1,00,02,1f,c3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB\ff060102ec353f00040780c81300]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB\ff060102ec353f00040780c81300\12]
"Change1"=hex:01,11,1b,03,06,81,3e,ba,31,34,03,81,3e,ba,31,09,03

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB40016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB40016\ff0702021401ee3e000407d0460e00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB40016\ff0702021401ee3e000407d0460e00\16]
"Change1"=hex:01,11,6d,2a,06,81,3e,6e,36,34,03,81,3e,6e,36,09,03

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\WISE0001]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\WISE0001\ff0601024cf4ef000407604e0100]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\WISE0001\ff0601024cf4ef000407604e0100\2]
"Change1"=hex:01,0f,8e,00,05,9a,4b,00,0f,02,b8,0c,29,90,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices]
"AUX"="\\DosDevices\\COM1"
"MAILSLOT"="\\Device\\MailSlot"
"NUL"="\\Device\\Null"
"PIPE"="\\Device\\NamedPipe"
"PRN"="\\DosDevices\\LPT1"
"UNC"="\\Device\\Mup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,6d,00,64,00,2e,00,65,00,78,00,65,00,00,00
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,3b,00,25,00,\
53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,3b,00,25,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\
53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,62,00,65,00,6d,\
00,3b,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,54,00,49,00,20,00,54,00,65,00,63,\
00,68,00,6e,00,6f,00,6c,00,6f,00,67,00,69,00,65,00,73,00,5c,00,41,00,54,00,\
49,00,2e,00,41,00,43,00,45,00,5c,00,3b,00,43,00,3a,00,5c,00,50,00,72,00,6f,\
00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,\
6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,52,\
00,6f,00,78,00,69,00,6f,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
44,00,4c,00,4c,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,3b,00,43,00,3a,\
00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,\
65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,\
00,65,00,73,00,5c,00,52,00,6f,00,78,00,69,00,6f,00,20,00,53,00,68,00,61,00,\
72,00,65,00,64,00,5c,00,39,00,2e,00,30,00,5c,00,44,00,4c,00,4c,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,3b,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,50,00,6f,00,77,00,65,00,\
72,00,53,00,68,00,65,00,6c,00,6c,00,5c,00,76,00,31,00,2e,00,30,00,3b,00,43,\
00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,5c,00,44,00,\
49,00,53,00,4b,00,45,00,45,00,7e,00,31,00,5c,00,44,00,49,00,53,00,4b,00,45,\
00,45,00,7e,00,31,00,5c,00,3b,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,\
4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,50,00,6f,00,77,00,65,00,72,00,\
53,00,68,00,65,00,6c,00,6c,00,5c,00,76,00,31,00,2e,00,30,00,3b,00,43,00,3a,\
00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,\
65,00,73,00,5c,00,51,00,75,00,69,00,63,00,6b,00,54,00,69,00,6d,00,65,00,5c,\
00,51,00,54,00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,00,00
"windir"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,00,00
"FP_NO_HOST_CHECK"="NO"
"OS"="Windows_NT"
"PROCESSOR_ARCHITECTURE"="x86"
"PROCESSOR_LEVEL"="6"
"PROCESSOR_IDENTIFIER"="x86 Family 6 Model 15 Stepping 11, GenuineIntel"
"PROCESSOR_REVISION"="0f0b"
"NUMBER_OF_PROCESSORS"="4"
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1;.PSC1"
"TEMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,54,00,45,00,4d,00,50,00,00,00
"TMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,54,00,45,00,4d,00,50,00,00,00
"RoxioCentral"="C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\Roxio Central33\\"
"Devmgr_Show_Details"="0"
"Devmgr_Show_Nonpresent_Devices"="0"
"PSModulePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,69,00,\
6e,00,64,00,6f,00,77,00,73,00,50,00,6f,00,77,00,65,00,72,00,53,00,68,00,65,\
00,6c,00,6c,00,5c,00,76,00,31,00,2e,00,30,00,5c,00,4d,00,6f,00,64,00,75,00,\
6c,00,65,00,73,00,5c,00,00,00
"CLASSPATH"=".;C:\\Program Files\\Java\\jre6\\lib\\ext\\QTJava.zip;C:\\Program Files\\QuickTime\\QTSystem\\QTJava.zip"
"QTJAVA"="C:\\Program Files\\QuickTime\\QTSystem\\QTJava.zip"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive]
"AdditionalCriticalWorkerThreads"=dword:00000000
"AdditionalDelayedWorkerThreads"=dword:00000000
"PriorityQuantumMatrix"=hex:76,19,aa,43,00,00,00,00,ef,f1,c8,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"ObUnsecureGlobalNames"=hex(7):6e,00,65,00,74,00,66,00,78,00,63,00,75,00,73,00,\
74,00,6f,00,6d,00,70,00,65,00,72,00,66,00,63,00,6f,00,75,00,6e,00,74,00,65,\
00,72,00,73,00,2e,00,31,00,2e,00,30,00,00,00,53,00,68,00,61,00,72,00,65,00,\
64,00,50,00,65,00,72,00,66,00,49,00,50,00,43,00,42,00,6c,00,6f,00,63,00,6b,\
00,00,00,43,00,6f,00,72,00,5f,00,50,00,72,00,69,00,76,00,61,00,74,00,65,00,\
5f,00,49,00,50,00,43,00,42,00,6c,00,6f,00,63,00,6b,00,00,00,43,00,6f,00,72,\
00,5f,00,50,00,75,00,62,00,6c,00,69,00,63,00,5f,00,49,00,50,00,43,00,42,00,\
6c,00,6f,00,63,00,6b,00,5f,00,00,00,00,00
"obcaseinsensitive"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
"advapi32"="advapi32.dll"
"comdlg32"="comdlg32.dll"
"DllDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,00,00
"gdi32"="gdi32.dll"
"imagehlp"="imagehlp.dll"
"kernel32"="kernel32.dll"
"lz32"="lz32.dll"
"ole32"="ole32.dll"
"oleaut32"="oleaut32.dll"
"olecli32"="olecli32.dll"
"olecnv32"="olecnv32.dll"
"olesvr32"="olesvr32.dll"
"olethk32"="olethk32.dll"
"rpcrt4"="rpcrt4.dll"
"shell32"="shell32.dll"
"url"="url.dll"
"urlmon"="urlmon.dll"
"user32"="user32.dll"
"version"="version.dll"
"wininet"="wininet.dll"
"wldap32"="wldap32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000000
"DisablePagingExecutive"=dword:00000000
"LargeSystemCache"=dword:00000000
"NonPagedPoolQuota"=dword:00000000
"NonPagedPoolSize"=dword:00000000
"PagedPoolQuota"=dword:00000000
"PagedPoolSize"=dword:00000000
"SecondLevelDataCache"=dword:00000000
"SystemPages"=dword:00303000
"PagingFiles"=hex(7):43,00,3a,00,5c,00,70,00,61,00,67,00,65,00,66,00,69,00,6c,\
00,65,00,2e,00,73,00,79,00,73,00,20,00,34,00,30,00,39,00,32,00,20,00,34,00,\
30,00,39,00,32,00,00,00,00,00
"PhysicalAddressExtension"=dword:00000001
"SessionImageSize"=dword:00000010
"SessionViewSize"=dword:00000030
"SessionPoolSize"=dword:00000004
"WriteWatch"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:000009b4
"EnablePrefetcher"=dword:00000003
"AppLaunchMaxNumPages"=dword:00000fa0
"AppLaunchMaxNumSections"=dword:000000aa
"AppLaunchTimerPeriod"=hex:80,69,67,ff,ff,ff,ff,ff
"BootMaxNumPages"=dword:0001f400
"BootMaxNumSections"=dword:00000ff0
"BootTimerPeriod"=hex:00,f2,d8,f8,ff,ff,ff,ff
"MaxNumActiveTraces"=dword:00000008
"MaxNumSavedTraces"=dword:00000008
"RootDirPath"="Prefetch"
"HostingAppList"="DLLHOST.EXE,MMC.EXE,RUNDLL32.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PDUnmovableFiles]
"safeboot.fs"="C:\\safeboot.fs"
"safeboot.csc"="C:\\safeboot.csc"
"safeboot.rsv"="C:\\safeboot.rsv"
"$ISRBIN"="C:\\$ISR\\0\\$ISRBIN"
"pgpwde01"="C:\\pgpwde01"
"x.bin"="C:\\BOOTWIZ\\x.bin"
"SECURDSK"="C:\\SECURDSK"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"AcProcessorPolicy"=hex:01,00,00,00,03,00,00,00,00,00,00,00,03,00,00,00,a0,86,\
01,00,a0,86,01,00,a0,86,01,00,28,32,00,00,02,00,00,00,a0,86,01,00,a0,86,01,\
00,a0,86,01,00,28,3c,00,00,03,00,00,00,a0,86,01,00,a0,86,01,00,a0,86,01,00,\
28,50,00,00,01,00,00,00
"DcProcessorPolicy"=hex:01,00,00,00,03,00,00,00,00,00,00,00,03,00,00,00,a0,86,\
01,00,a0,86,01,00,a0,86,01,00,0a,14,00,00,02,00,00,00,a0,86,01,00,a0,86,01,\
00,a0,86,01,00,14,28,00,00,03,00,00,00,a0,86,01,00,a0,86,01,00,a0,86,01,00,\
14,46,00,00,01,00,00,00
"AcPolicy"=hex:01,00,00,00,00,00,00,00,03,00,00,00,08,00,00,00,02,00,00,00,03,\
00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,\
00,00,02,00,00,00,01,00,00,00,00,00,00,00,b0,04,00,00,32,03,00,00,04,00,00,\
00,04,00,00,00,04,00,00,00,01,00,00,00,00,00,26,00,00,00,00,00,03,00,00,00,\
01,00,00,00,03,00,00,00,02,00,00,00,04,00,00,c0,01,00,00,00,04,00,00,00,01,\
00,00,00,0a,00,00,00,00,00,00,00,03,00,00,00,01,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,\
61,f6,90,7c,e8,f1,06,00,6e,d9,90,7c,a8,f2,06,00,00,00,00,00,00,64,64,00,00,\
00,00,00,04,00,00,c0,00,00,00,00
"DcPolicy"=hex:01,00,00,00,00,00,00,00,03,00,00,00,08,00,00,00,02,00,00,00,03,\
00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,\
00,00,02,00,00,00,00,00,00,00,00,00,00,00,2c,01,00,00,32,03,2d,00,04,00,00,\
00,04,00,00,00,04,00,00,00,01,00,00,00,35,00,37,00,00,00,00,00,03,00,00,00,\
01,00,00,00,03,00,00,00,02,00,00,00,04,00,00,c0,01,00,00,00,04,00,00,00,01,\
00,00,00,0a,00,00,00,00,00,00,00,03,00,00,00,01,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,00,00,2c,01,00,00,\
01,00,37,00,39,00,34,00,31,00,33,00,39,00,35,00,84,03,00,00,01,64,64,00,00,\
00,00,00,04,00,00,c0,00,00,00,00
"Heuristics"=hex:05,00,00,00,00,01,00,00,8f,9d,0e,00,f0,00,00,00,a4,0f,00,00
"HiberElapsedTime"=dword:00002011
"HiberIoTime"=dword:000002b2
"HiberCopyTime"=dword:0000008d
"HiberCopyBytes"=dword:2d26fe88
"HiberPagesWritten"=dword:0000e166
"HiberPagesProcessed"=dword:00027c0d
"HiberDumpCount"=dword:0000e166
"HiberFileRuns"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC]
"ProgramFilesDir"="C:\\Program Files"
"CommonFilesDir"="C:\\Program Files\\Common Files"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=hex(2):00,00
"Kmode"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,\
69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00
"Optional"=hex(7):50,00,6f,00,73,00,69,00,78,00,00,00,00,00
"Posix"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,00,\
73,00,78,00,73,00,73,00,2e,00,65,00,78,00,65,00,00,00
"Required"=hex(7):44,00,65,00,62,00,75,00,67,00,00,00,57,00,69,00,6e,00,64,00,\
6f,00,77,00,73,00,00,00,00,00
"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\
65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\
00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\
72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\
00,32,00,34,00,2c,00,33,00,30,00,37,00,32,00,2c,00,35,00,31,00,32,00,20,00,\
57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,00,75,\
00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,3d,00,\
57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,00,65,\
00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,76,00,\
2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,\
00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,53,00,\
65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,\
00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,20,00,\
53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,00,6e,\
00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,65,00,\
72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,00,7a,\
00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,50,00,72,00,6f,00,66,00,\
69,00,6c,00,65,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,\
00,66,00,20,00,4d,00,61,00,78,00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,\
54,00,68,00,72,00,65,00,61,00,64,00,73,00,3d,00,31,00,36,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase"=dword:7f6f0000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\Key-4F3B2RFXKC9C637882MBM]
"ProductID"="76487-OEM-0011903-00102"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,38,37,2d,4f,45,4d,2d,\
30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2d,00,00,00,41,32,32,2d,30,30,30,\
30,31,00,00,00,00,00,00,00,4c,98,2f,0e,d5,0c,91,cc,a1,4a,a1,e1,d2,eb,03,00,\
00,00,00,00,03,91,8f,48,38,38,10,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,33,31,35,32,30,00,00,00,00,00,00,00,7a,0d,\
00,00,8c,4e,21,14,00,08,00,00,8c,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,d0,5f,76,37,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\Key-CJ27J3P2XV9J9JCPB4DVT]
"ProductID"="76487-OEM-0011903-00102"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,38,37,2d,4f,45,4d,2d,\
30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2d,00,00,00,41,32,32,2d,30,30,30,\
30,31,00,00,00,00,00,00,00,4c,98,2f,0e,d5,0c,91,cc,a1,4a,a1,e1,d2,eb,03,00,\
00,00,00,00,51,52,1a,41,69,d1,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,33,37,33,32,34,00,00,00,00,00,00,00,18,18,\
00,00,92,ef,32,b8,ff,00,00,00,40,30,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,be,92,ff,63,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\MediaCenter]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\PnP]
"seed"=dword:ef20a804

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\SigningHash-6KCM6KFTX6MD62]
"SigningHashData"=hex:6e,68,17,37,47,c5,b3,35,7b,93,63,30,db,f1,8f,d7,7b,a7,c6,\
77,ea,f2,40,1b,d7,33,23,4b,cf,31,09,51,a8,54,b7,e7,86,ca,29,45,33,39,2d,30,\
a7,42,ea,12,d6,ee,b6,f0,aa,00,1f,11

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\SigningHash-V44KQMCFXKQCTQ]
"SigningHashData"=hex:ba,f1,00,97,bd,d7,2f,9f,b0,17,50,0e,af,65,ff,df,8b,f7,5d,\
83,1d,10,82,9c,35,da,9a,bb,f7,0a,f7,5c,73,e2,d3,bb,b8,64,92,20,60,13,19,66,\
e1,fc,48,7e,55,28,30,67,4c,73,c4,45

*============================================================*

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,00,\
00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:00000270
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):00,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\
57,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\
54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\
00,69,00,64,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:c3,11,ba,16,3f,a2,be,54,d1,1b,34,81,2e,a9,2a,9c,32,63,30,34,36,\
65,32,39,00,00,00,00,c5,0c,00,00,18,ca,06,00,99,d0,bf,71,04,ca,06,00,10,00,\
00,00,00,00,00,00,ff,db,cd,ca,b3,1b,04,6d,93,75,00,2c

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:ed,9f,f3,74,a2,fc,12,57,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:c0,ba,52,f1,7d,f0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:8c,ff,22,ca,d2,1e,c7,93,09,03,8b,e5,00,df,4a,02

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:54,30,0d,17,1f,f9,c9,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,54,cf,23,c4,9d,c8,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,db,62,27,c4,9d,c8,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,08,94,28,c4,9d,c8,01
"Type"=dword:00000031


----------



## hewee (Oct 26, 2001)

SystemLook 04.09.10 by jpshortstuff
Log created at 16:12 on 07/07/2013 by Harry Bowers
Administrator - Elevation successful

========== filefind ==========

Searching for "*WS2IFSL*"
C:\i386\ws2ifsl.sys	------- 12032 bytes	[16:41 30/07/2008]	[10:00 04/08/2004] 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\WINDOWS\system32\drivers\ws2ifsl.sys	--a---- 12032 bytes	[22:00 11/08/2004]	[10:00 04/08/2004] 6ABE6E225ADB5A751622A9CC3BC19CE8

Searching for "*8B036660*"
No files found.

========== regfind ==========

Searching for "WS2IFSL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\WS2IFSL]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL]

*Searching for "8B036660"
No data found.*

-= EOF =-

*=================================================================*



> Also, go to Start - Run - type in services.msc and click OK. Then scroll down the list of services to locate the following:
> 
> SupportSoft Sprocket Service
> 
> Double-click to open it and change the startup type from "automatic" to "manual" then click "Apply" and OK. On your next reboot you shouldn't see that Dell Support error.


*Where will I see the error?*


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> *Where will I see the error?*


It's the error that keeps repeating in the Event Viewer but I also though you were getting some sort of message about it not being found.

I'll post further instructions tomorrow.


----------



## hewee (Oct 26, 2001)

I found this in WinPatrol Service tap.
Under the "Company" column it says "File Does Not Exist"

The info I have is this here below.

*------------------------------------------------------------*

# sprtsvc.exe /service /p dellsupportcenter

Path: C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
SupportSoft Sprocket Service
Created:
Accessed:
Written:
File Size: Bytes
Click for Plus Info

*------------------------------------------------------------*

SPRTSVC.EXE is not on my computer.

I do have a sprtsvc.RPT in...
C:\Program Files\Dell Support Center\bin\sprtsvc.RPT

Also have "C:\WINDOWS\SYSTEM32\HIDSERV.DLL" that is disabled but the file HIDSERV.DLL is not there.
I have HIDSERV.DLL in "C:\WINDOWS\ServicePackFiles\i386\hidserv.dll"

I changed the setting from disable to auto and will reboot to see if the file comes back.

______________________________________________

OK you have a good night.

Time for me also to eat and rest.


----------



## Cookiegal (Aug 27, 2003)

Please run SystemLook again with the following script and post the new log:


```
:filefind
*hidserv*
```
Also, I'm attaching a FixHarry.zip file to this post. Please download it and save it to your desktop. Then unzip it (extract the file) and double-click on the FixHarry.reg file and allow it to merge into the registry.

Then reboot the machine after you've done that.


----------



## hewee (Oct 26, 2001)

SystemLook 04.09.10 by jpshortstuff
Log created at 08:25 on 08/07/2013 by Harry Bowers
Administrator - Elevation successful

========== filefind ==========

Searching for "*hidserv*"
C:\i386\hidserv.inf	------- 4433 bytes	[16:37 30/07/2008]	[10:00 04/08/2004] 5C5A804D06B394EF246DE2D04B193C5F
C:\WINDOWS\$NtServicePackUninstall$\hidserv.inf	-----c- 4433 bytes	[00:46 30/06/2009]	[10:00 04/08/2004] 5C5A804D06B394EF246DE2D04B193C5F
C:\WINDOWS\inf\hidserv.inf	--a---- 4433 bytes	[22:00 11/08/2004]	[16:28 13/04/2008] 891A5A1F3BDB9E893DD2B00176E37099
C:\WINDOWS\inf\hidserv.PNF	--a---- 12720 bytes	[07:05 10/07/2008]	[09:45 24/01/2010] CE4DEAEDEE09F467FBE1F1F786EFA3E9
C:\WINDOWS\ServicePackFiles\i386\hidserv.dll	------- 21504 bytes	[00:43 30/06/2009]	[00:11 14/04/2008] DEB04DA35CC871B6D309B77E1443C796
C:\WINDOWS\ServicePackFiles\i386\hidserv.inf	------- 4433 bytes	[00:43 30/06/2009]	[16:28 13/04/2008] 891A5A1F3BDB9E893DD2B00176E37099

-= EOF =-

Will run FixHarry and reboot now.


----------



## Cookiegal (Aug 27, 2003)

We'll fix the hidserv issue using another program so let's do this please.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Also, you need to disable your security programs temporarily while running ComboFix so they don't interfere with it.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> We'll fix the hidserv issue using another program so let's do this please.
> 
> Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.
> 
> ...


So what is getting fixed by ComboFix?

Will Disable Avast and put Online Armor in Learning mode.

Not worried about autorun because I hate that and they are already disabled.

Wow so much to read there


----------



## hewee (Oct 26, 2001)

Box came up that Online "OAwatch" was trying to attack. So I disabled the firewall and program guard also and then clicked OK on the ComboFix pop up.
Now I got another one bit it wants to reboot and waiting for me to click OK to to deal with rootkit "OAwatch"
So not it's dealing with the firewall. 

Windows taskbar is gone and only Firefox is running and FastStone Capture I had already had open. 

So guess I will see you on the reboot. 

Only thing Avast was disabled till reboot.


----------



## Cookiegal (Aug 27, 2003)

Yes you need to disable all security programs even the firewall.


----------



## hewee (Oct 26, 2001)

So do I need to redo all this.
Avast was running after reboot.Also I could not change anything on Avast or OA after the ComboFix started.

On reboot I got also pop-ups from WinPatrol that I forgot about asking on changes and I had to click pass them.

After ComboFix log was made I got Suspicious file found that may be malware in the temp folder.
See image. Do I delete this?

IE homepage change from ComboFix came up on bootup and I let it fix it. 
But after log was made I open IE and got this here in image below.
I could not get pass this point no matter what I clicked on for it to do. Look and it points to Pale Moon that is my default and when I let it open or download Pale Moon would open. Each time I open IE this would happen again. Then I clicked on Microsoft Update link from the start menu and IE did open OK or to the right page but if I clicked homepage it could not find it. So I go to the settings and it was pointing to My_homepage on the D: drive that was right. Anyhow I changed it to blank for now. 
*
============================================================*

ComboFix 13-07-08.03 - Harry Bowers 07/08/2013 10:26:19.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2596 [GMT -7:00]
Running from: c:\documents and settings\Harry Bowers\Desktop\puppy.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
The following files were disabled during the run:
c:\program files\Tall Emu\Online Armor\OAwatch.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Harry Bowers\Local Settings\Application Data\assembly\tmp
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\~GLH0002.TMP
c:\windows\system32\components
c:\windows\system32\components\browser.xpt
c:\windows\system32\components\browserdirprovider.dll
c:\windows\system32\components\brwsrcmp.dll
c:\windows\system32\components\components.list
c:\windows\system32\components\FeedConverter.js
c:\windows\system32\components\FeedProcessor.js
c:\windows\system32\components\FeedWriter.js
c:\windows\system32\components\fuelApplication.js
c:\windows\system32\components\GPSDGeolocationProvider.js
c:\windows\system32\components\jsconsole-clhandler.js
c:\windows\system32\components\NetworkGeolocationProvider.js
c:\windows\system32\components\nsAddonRepository.js
c:\windows\system32\components\nsBadCertHandler.js
c:\windows\system32\components\nsBlocklistService.js
c:\windows\system32\components\nsBrowserContentHandler.js
c:\windows\system32\components\nsBrowserGlue.js
c:\windows\system32\components\nsContentDispatchChooser.js
c:\windows\system32\components\nsContentPrefService.js
c:\windows\system32\components\nsDefaultCLH.js
c:\windows\system32\components\nsDownloadManagerUI.js
c:\windows\system32\components\nsExtensionManager.js
c:\windows\system32\components\nsFormAutoComplete.js
c:\windows\system32\components\nsHandlerService.js
c:\windows\system32\components\nsHelperAppDlg.js
c:\windows\system32\components\nsINIProcessor.js
c:\windows\system32\components\nsLivemarkService.js
c:\windows\system32\components\nsLoginInfo.js
c:\windows\system32\components\nsLoginManager.js
c:\windows\system32\components\nsLoginManagerPrompter.js
c:\windows\system32\components\nsMicrosummaryService.js
c:\windows\system32\components\nsPlacesAutoComplete.js
c:\windows\system32\components\nsPlacesDBFlush.js
c:\windows\system32\components\nsPlacesTransactionsService.js
c:\windows\system32\components\nsPrivateBrowsingService.js
c:\windows\system32\components\nsProxyAutoConfig.js
c:\windows\system32\components\nsSafebrowsingApplication.js
c:\windows\system32\components\nsSearchService.js
c:\windows\system32\components\nsSearchSuggestions.js
c:\windows\system32\components\nsSessionStartup.js
c:\windows\system32\components\nsSessionStore.js
c:\windows\system32\components\nsSetDefaultBrowser.js
c:\windows\system32\components\nsSidebar.js
c:\windows\system32\components\nsTaggingService.js
c:\windows\system32\components\nsTryToClose.js
c:\windows\system32\components\nsUpdateService.js
c:\windows\system32\components\nsUpdateServiceStub.js
c:\windows\system32\components\nsUpdateTimerManager.js
c:\windows\system32\components\nsUrlClassifierLib.js
c:\windows\system32\components\nsUrlClassifierListManager.js
c:\windows\system32\components\nsURLFormatter.js
c:\windows\system32\components\nsWebHandlerApp.js
c:\windows\system32\components\pluginGlue.js
c:\windows\system32\components\storage-Legacy.js
c:\windows\system32\components\storage-mozStorage.js
c:\windows\system32\components\txEXSLTRegExFunctions.js
c:\windows\system32\components\WebContentConverter.js
c:\windows\system32\ReadMe.txt
c:\windows\system32\res
c:\windows\system32\res\arrow.gif
c:\windows\system32\res\arrowd.gif
c:\windows\system32\res\broken-image.png
c:\windows\system32\res\charsetalias.properties
c:\windows\system32\res\charsetData.properties
c:\windows\system32\res\contenteditable.css
c:\windows\system32\res\designmode.css
c:\windows\system32\res\dtd\mathml.dtd
c:\windows\system32\res\dtd\xhtml11.dtd
c:\windows\system32\res\EditorOverride.css
c:\windows\system32\res\entityTables\html40Latin1.properties
c:\windows\system32\res\entityTables\html40Special.properties
c:\windows\system32\res\entityTables\html40Symbols.properties
c:\windows\system32\res\entityTables\htmlEntityVersions.properties
c:\windows\system32\res\entityTables\mathml20.properties
c:\windows\system32\res\entityTables\transliterate.properties
c:\windows\system32\res\fonts\mathfont.properties
c:\windows\system32\res\fonts\mathfontStandardSymbolsL.properties
c:\windows\system32\res\fonts\mathfontSTIXNonUnicode.properties
c:\windows\system32\res\fonts\mathfontSTIXSize1.properties
c:\windows\system32\res\fonts\mathfontSymbol.properties
c:\windows\system32\res\fonts\mathfontUnicode.properties
c:\windows\system32\res\forms.css
c:\windows\system32\res\grabber.gif
c:\windows\system32\res\hiddenWindow.html
c:\windows\system32\res\html.css
c:\windows\system32\res\html\folder.png
c:\windows\system32\res\langGroups.properties
c:\windows\system32\res\language.properties
c:\windows\system32\res\loading-image.png
c:\windows\system32\res\mathml.css
c:\windows\system32\res\quirk.css
c:\windows\system32\res\svg.css
c:\windows\system32\res\table-add-column-after-active.gif
c:\windows\system32\res\table-add-column-after-hover.gif
c:\windows\system32\res\table-add-column-after.gif
c:\windows\system32\res\table-add-column-before-active.gif
c:\windows\system32\res\table-add-column-before-hover.gif
c:\windows\system32\res\table-add-column-before.gif
c:\windows\system32\res\table-add-row-after-active.gif
c:\windows\system32\res\table-add-row-after-hover.gif
c:\windows\system32\res\table-add-row-after.gif
c:\windows\system32\res\table-add-row-before-active.gif
c:\windows\system32\res\table-add-row-before-hover.gif
c:\windows\system32\res\table-add-row-before.gif
c:\windows\system32\res\table-remove-column-active.gif
c:\windows\system32\res\table-remove-column-hover.gif
c:\windows\system32\res\table-remove-column.gif
c:\windows\system32\res\table-remove-row-active.gif
c:\windows\system32\res\table-remove-row-hover.gif
c:\windows\system32\res\table-remove-row.gif
c:\windows\system32\res\ua.css
c:\windows\system32\res\viewsource.css
c:\windows\system32\res\wincharset.properties
c:\windows\system32\updater.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-06-08 to 2013-07-08 )))))))))))))))))))))))))))))))
.
.
2013-07-07 19:36 . 2013-07-07 19:36	--------	d-----w-	C:\FRST
2013-07-05 19:59 . 2013-07-05 19:59	--------	d-----w-	c:\program files\UPHClean
2013-07-03 18:21 . 2007-03-10 16:11	2680320	----a-w-	c:\windows\system32\ImageEnXLibrary.ocx
2013-07-03 18:21 . 2013-07-03 18:32	--------	d-----w-	C:\FreeOCR
2013-07-03 18:19 . 2013-07-03 18:19	--------	d-----w-	c:\program files\Temp
.
.ComboFix 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 19:29 . 2013-03-19 23:42	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:29 . 2011-02-23 20:29	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:29 . 2010-01-21 08:55	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-11 16:42 . 2012-07-11 14:49	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-11 16:42 . 2012-07-11 14:49	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-03-19 23:42	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2010-01-21 08:55	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-28 17:42	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2010-01-21 08:55	49760	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2010-01-21 08:55	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2010-06-29 22:08	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2010-01-21 08:54	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-07 22:30 . 2004-08-11 22:00	920064	----a-w-	c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-11 22:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-11 22:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-11 22:00	385024	----a-w-	c:\windows\system32\html.iec
2013-05-03 01:30 . 2009-06-09 16:28	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2009-06-09 16:28	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-01 10:59 . 2013-05-01 10:59	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59	69632	----a-w-	c:\windows\system32\QuickTime.qts
2013-04-11 19:35 . 2013-04-11 19:35	21664	----a-w-	c:\windows\system32\drivers\HWiNFO32.SYS
2013-04-10 01:31 . 2009-06-09 16:28	1876352	----a-w-	c:\windows\system32\win32k.sys
2008-09-18 01:18 . 2008-09-18 01:18	274432	----a-w-	c:\program files\stripmail.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
"HostsMan"="c:\program files\HostsMan\hm.exe" [2013-05-02 6761472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2012-02-15 90112]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-31 16860672]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-10-16 6390256]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-10-16 849904]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Secunia Update Agent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/19/2013 4:42 PM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/19/2013 4:42 PM 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/23/2011 1:29 PM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2010 1:55 AM 369584]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [4/11/2013 12:35 PM 21664]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/1/2010 11:51 AM 198008]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/1/2010 11:51 AM 21880]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/1/2010 11:51 AM 27000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 11:54 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2010 1:55 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2/28/2013 10:42 AM 66336]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [7/10/2008 12:16 AM 8960]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/1/2010 11:51 AM 1241584]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/1/2010 11:51 AM 3314160]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [3/28/2009 2:13 PM 209304]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [7/10/2008 12:17 AM 11264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [7/10/2008 12:16 AM 16640]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416]
S3 SIVDRIVER;SIV Kernel Driver;\??\c:\windows\system32\Drivers\SIVX32.sys --> c:\windows\system32\Drivers\SIVX32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-29 08:58]
.
2013-07-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d1ae5883-a393-4c4a-9f36-8104ba81b2a9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///D:/My_homepage.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: secunia.com\psi
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 172.27.35.1 68.87.76.178 68.87.78.130
FF - ProfilePath - c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\
FF - prefs.js: browser.startup.homepage - file:///D:/My_homepage.html
FF - ExtSQL: 2013-05-30 05:21; [email protected]; c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\extensions\[email protected]
FF - ExtSQL: 2013-07-07 11:10; [email protected]; c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-08 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD161HJ rev.JF100-22 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3745757714-3295662-1287941395-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\windows\system32\OpenExpert.dll
c:\program files\WinRAR\rarext.dll
c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll
c:\program files\7-Zip\7-zip.dll
c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2013-07-08 10:41:42 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-08 17:41
.
Pre-Run: 88,258,764,800 bytes free
Post-Run: 88,229,007,360 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B0110A47A3DE364A62115BDE9541BAA8
8F558EB6672622401DA993E1E865C861


----------



## Cookiegal (Aug 27, 2003)

Because you hadn't disabled the Online Armor Firewall, the file got deleted so let's restore it.

Please copy and paste the contents of the following file:

C:\Qoobox\ComboFix-quarantined files.txt


----------



## hewee (Oct 26, 2001)

I was thinkinking it was still there but did a search on OAwatch and it's gone. 
I see a OAwatch in C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor folder. It's called OAwatch.dll.vir

After doing all this I still don't know if I had anything bad on the PC. 

*=========================================================*

2013-07-08 17:30:12 . 2013-07-08 17:30:12 6,265 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-07-08 17:06:43 . 2013-07-08 17:06:43 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-07-08 17:01:39 . 2013-07-08 17:15:50 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-02-23 23:12:11 . 2012-04-20 15:40:23 238,592 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\updater.exe.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 2,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\wincharset.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 835 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-column-active.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 841 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-column-hover.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 841 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-column.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 835 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-row-active.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 841 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-row-hover.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 841 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-row.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 6,436 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\ua.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 3,062 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\viewsource.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 826 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-after.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 57 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-before-active.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 825 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-before-hover.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 825 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-before.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 826 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-after.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 57 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-before-active.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 825 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-before-hover.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 825 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-before.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 57 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-after-active.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:20 826 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-after-hover.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 268 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\loading-image.png.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 14,682 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\mathml.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 11,356 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\quirk.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 2,313 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\svg.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 58 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-after-active.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 826 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-after-hover.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 6,079 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\langGroups.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 5,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\language.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 619 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\html\folder.png.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 12,063 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\html.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 858 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\grabber.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 117 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\hiddenWindow.html.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 16,134 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\forms.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 3,902 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontStandardSymbolsL.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:18 5,493 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontSTIXNonUnicode.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:18 3,033 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontSTIXSize1.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 3,954 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontSymbol.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:19 6,719 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontUnicode.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:18 56,411 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfont.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:17 2,396 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\html40Special.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:17 4,090 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\html40Symbols.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:17 1,967 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\htmlEntityVersions.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:18 30,004 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\mathml20.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:18 39,989 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\transliterate.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16  1,861 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\designmode.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 63,788 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\dtd\mathml.dtd.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 8,427 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\dtd\xhtml11.dtd.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 3,690 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\html40Latin1.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 56 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\arrow.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 59 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\arrowd.gif.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 253 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\broken-image.png.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 11,223 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\charsetalias.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 9,292 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\charsetData.properties.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 11,637 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\contenteditable.css.vir
2012-02-23 23:12:09 . 2012-04-20 15:40:16 10,740 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\res\EditorOverride.css.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 6,667 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\txEXSLTRegExFunctions.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 6,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsWebHandlerApp.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 2,777 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\pluginGlue.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 53,655 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\storage-Legacy.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 57,277 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\storage-mozStorage.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 7,288 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUpdateTimerManager.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 50,659 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUrlClassifierLib.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 19,925 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUrlClassifierListManager.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 93,708 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUpdateService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 1,996 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUpdateServiceStub.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 21,229 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsTaggingService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 3,268 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsTryToClose.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 3,076 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsURLFormatter.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 2,854 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSetDefaultBrowser.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:02 12,349 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSidebar.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 111,331 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSessionStore.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 24,315 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSearchSuggestions.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 9,123 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSessionStartup.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 23,878 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSafebrowsingApplication.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 129,847 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSearchService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 22,991 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsPrivateBrowsingService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 13,682 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsProxyAutoConfig.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 19,657 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsPlacesDBFlush.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 42,772 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsPlacesTransactionsService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 38,091 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsPlacesAutoComplete.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 51,241 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsLoginManagerPrompter.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 77,859 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsMicrosummaryService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 51,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsLoginManager.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 7,090 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsINIProcessor.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 36,852 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsLivemarkService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 4,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsLoginInfo.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 43,843 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsHelperAppDlg.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 19,431 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsFormAutoComplete.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 53,725 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsHandlerService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 6,323 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsDefaultCLH.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 5,737 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsDownloadManagerUI.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 318,088 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsExtensionManager.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 33,766 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsContentPrefService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 32,775 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsBrowserContentHandler.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 46,899 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsBrowserGlue.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 5,089 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsContentDispatchChooser.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:00 1,475 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\jsconsole-clhandler.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:00 11,815 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsAddonRepository.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 3,104 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsBadCertHandler.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:01 33,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsBlocklistService.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:00 1,167 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\components.list.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:00 39,516 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\fuelApplication.js.vir
2012-02-23 23:11:56 . 2012-04-20 15:40:00 170,496 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\brwsrcmp.dll.vir
2012-02-23 23:11:51 . 2012-04-20 15:39:56 18,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\browserdirprovider.dll.vir
2012-02-23 23:11:36 . 2012-04-20 15:39:45 351,573 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\browser.xpt.vir
2012-02-23 23:11:36 . 2012-04-20 15:39:45 8,542 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\GPSDGeolocationProvider.js.vir
2012-02-23 23:11:36 . 2012-04-20 15:39:45 11,861 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\NetworkGeolocationProvider.js.vir
2012-02-23 23:11:36 . 2012-04-20 15:39:45 33,859 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\WebContentConverter.js.vir
2012-02-23 23:11:36 . 2012-04-20 15:39:45 65,927 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\FeedProcessor.js.vir
2012-02-23 23:11:36 . 2012-04-20 15:39:45 49,197 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\FeedWriter.js.vir
2012-02-23 23:11:35 . 2012-04-20 15:39:45 25,107 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\FeedConverter.js.vir
2012-02-23 23:11:34 . 2012-04-20 15:39:42 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ReadMe.txt.vir
2010-06-05 05:34:03 . 2005-06-15 10:00:00 102,400 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\~GLH0002.TMP.vir
2010-06-01 18:51:57 . 2009-10-16 09:36:18 878,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir
2008-08-23 10:19:18 . 2008-08-23 10:35:48 12 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt.vir
2008-07-10 07:20:23 . 2008-07-10 07:20:24 234 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wininit.ini.vir


----------



## Cookiegal (Aug 27, 2003)

I've not seen any malware yet but definitely things out of sorts that we're fixing.

This time be sure to disable the firewall, WinPatrol, your anti-virus and any other security programs you have before running the fix.

Open Notepad and copy and paste the text in the code box below into it:


```
Dequarantine::
2010-06-01 18:51:57 . 2009-10-16 09:36:18 878,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir

FCopy::
C:\WINDOWS\ServicePackFiles\i386\hidserv.dll | C:\WINDOWS\system32\hidserv.dll

DirLook::
c:\program files\Temp
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe (or the renamed puppy.exe if you were asked to rename it).










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## hewee (Oct 26, 2001)

Good to know all is clean. 

OK all is disabled and also taken out of startup. 

My the way I can not change IE homepage back to "file:///D:/My_homepage.html with it doing what I posted above and what is in the image posted. 

Going to redo this this now with drag and blow up with "commando assault" or maybe just "puppy love"


----------



## hewee (Oct 26, 2001)

OK no reboot this time.
*
==================================================================*

ComboFix 13-07-08.04 - Harry Bowers 07/08/2013 13:58:57.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2315 [GMT -7:00]
Running from: c:\documents and settings\Harry Bowers\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Harry Bowers\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\hidserv.dll --> c:\windows\system32\hidserv.dll
.
((((((((((((((((((((((((( Files Created from 2013-06-08 to 2013-07-08 )))))))))))))))))))))))))))))))
.
.
2013-07-08 20:58 . 2008-04-14 00:11	21504	----a-w-	c:\windows\system32\hidserv.dll
2013-07-08 20:58 . 2008-04-14 00:11	21504	----a-w-	c:\windows\system32\dllcache\hidserv.dll
2013-07-08 17:01 . 2013-07-08 17:41	--------	d-----w-	C:\puppy
2013-07-07 19:36 . 2013-07-07 19:36	--------	d-----w-	C:\FRST
2013-07-05 19:59 . 2013-07-05 19:59	--------	d-----w-	c:\program files\UPHClean
2013-07-03 18:21 . 2007-03-10 16:11	2680320	----a-w-	c:\windows\system32\ImageEnXLibrary.ocx
2013-07-03 18:21 . 2013-07-03 18:32	--------	d-----w-	C:\FreeOCR
2013-07-03 18:19 . 2013-07-03 18:19	--------	d-----w-	c:\program files\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 19:29 . 2013-03-19 23:42	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:29 . 2011-02-23 20:29	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:29 . 2010-01-21 08:55	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-11 16:42 . 2012-07-11 14:49	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-11 16:42 . 2012-07-11 14:49	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-03-19 23:42	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2010-01-21 08:55	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-28 17:42	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2010-01-21 08:55	49760	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2010-01-21 08:55	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2010-06-29 22:08	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2010-01-21 08:54	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-07 22:30 . 2004-08-11 22:00	920064	----a-w-	c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-11 22:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-11 22:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-11 22:00	385024	----a-w-	c:\windows\system32\html.iec
2013-05-03 01:30 . 2009-06-09 16:28	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2009-06-09 16:28	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-01 10:59 . 2013-05-01 10:59	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59	69632	----a-w-	c:\windows\system32\QuickTime.qts
2013-04-11 19:35 . 2013-04-11 19:35	21664	----a-w-	c:\windows\system32\drivers\HWiNFO32.SYS
2013-04-10 01:31 . 2009-06-09 16:28	1876352	----a-w-	c:\windows\system32\win32k.sys
2008-09-18 01:18 . 2008-09-18 01:18	274432	----a-w-	c:\program files\stripmail.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Temp ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostsMan"="c:\program files\HostsMan\hm.exe" [2013-05-02 6761472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2012-02-15 90112]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-31 16860672]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-10-16 6390256]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-10-16 849904]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Secunia Update Agent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/19/2013 4:42 PM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/19/2013 4:42 PM 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/23/2011 1:29 PM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2010 1:55 AM 369584]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [4/11/2013 12:35 PM 21664]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/1/2010 11:51 AM 198008]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/1/2010 11:51 AM 21880]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/1/2010 11:51 AM 27000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 11:54 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2010 1:55 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2/28/2013 10:42 AM 66336]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [7/10/2008 12:16 AM 8960]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/1/2010 11:51 AM 1241584]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/1/2010 11:51 AM 3314160]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [3/28/2009 2:13 PM 209304]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [7/10/2008 12:17 AM 11264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [7/10/2008 12:16 AM 16640]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416]
S3 SIVDRIVER;SIV Kernel Driver;\??\c:\windows\system32\Drivers\SIVX32.sys --> c:\windows\system32\Drivers\SIVX32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-29 08:58]
.
2013-07-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d1ae5883-a393-4c4a-9f36-8104ba81b2a9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: secunia.com\psi
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 172.27.35.1 68.87.76.178 68.87.78.130
FF - ProfilePath - c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\
FF - prefs.js: browser.startup.homepage - file:///D:/My_homepage.html
FF - ExtSQL: 2013-05-30 05:21; [email protected]; c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\extensions\[email protected]
FF - ExtSQL: 2013-07-07 11:10; [email protected]; c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-08 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD161HJ rev.JF100-22 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3745757714-3295662-1287941395-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2368)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-07-08 14:08:13
ComboFix-quarantined-files.txt 2013-07-08 21:08
ComboFix2.txt 2013-07-08 17:41
.
Pre-Run: 88,101,388,288 bytes free
Post-Run: 88,082,739,200 bytes free
.
- - End Of File - - 5EC64103729557557750FDC178496667
8F558EB6672622401DA993E1E865C861


----------



## Cookiegal (Aug 27, 2003)

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## hewee (Oct 26, 2001)

Do I need to disable the firewall, WinPatrol etc?


----------



## Cookiegal (Aug 27, 2003)

No, not for this one.


----------



## hewee (Oct 26, 2001)

# AdwCleaner v2.304 - Logfile created 07/08/2013 at 15:19:22
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Harry Bowers - HEW7WSG1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Hewee\Application Data\Mozilla\Firefox\Profiles\41arua6h.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f0f1mxuy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1071 octets] - [11/03/2013 10:34:24]
AdwCleaner[R2].txt - [1132 octets] - [11/03/2013 10:40:12]
AdwCleaner[R3].txt - [1313 octets] - [08/07/2013 15:19:22]

########## EOF - C:\AdwCleaner[R3].txt - [1373 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run it again and this time select "delete" and post the resulting log.


----------



## hewee (Oct 26, 2001)

So what was Deleted?

*==============================*

# AdwCleaner v2.304 - Logfile created 07/08/2013 at 15:30:14
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Harry Bowers - HEW7WSG1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Hewee\Application Data\Mozilla\Firefox\Profiles\41arua6h.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f0f1mxuy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1071 octets] - [11/03/2013 10:34:24]
AdwCleaner[R2].txt - [1132 octets] - [11/03/2013 10:40:12]
AdwCleaner[R3].txt - [1442 octets] - [08/07/2013 15:19:22]
AdwCleaner[S1].txt - [1381 octets] - [08/07/2013 15:30:14]

########## EOF - C:\AdwCleaner[S1].txt - [1441 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Exactly what you see there, a folder and three registry keys created by adware.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## hewee (Oct 26, 2001)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.0 (07.08.2013:4)
OS: Microsoft Windows XP x86
Ran by Harry Bowers on Mon 07/08/2013 at 16:02:32.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] "C:\Documents and Settings\Harry Bowers\Application Data\mozilla\firefox\profiles\sqji4yoy.default-1373069652609\extensions\[email protected]"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/08/2013 at 16:05:23.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*=========================================================================*

What is wrong with Menu Icons Plus

Also have [email protected] in other Pale Moon and Firefox profiles.


----------



## Cookiegal (Aug 27, 2003)

If it was targeted then it's probably adware. If you really want it then you can install it again.


Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## hewee (Oct 26, 2001)

Has good rating and said to be 100% CLEAN
http://www.softpedia.com/get/Intern...dons/Mozilla-Extensions/Menu-Icons-Plus.shtml

If it is adware then why did it not get the others on the computer?

Good thing I got room on my desktop for all these profiles and files and the rest is in the C: folder.


----------



## hewee (Oct 26, 2001)

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Harry Bowers [Admin rights]
Mode : Scan -- Date : 07/08/2013 17:09:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161HJ +++++
--- User ---
[MBR] 6ab1a780120358c154aa7b57db37449a
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 152523 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD161HJ +++++
--- User ---
[MBR] 0e19a94679c8a1cb0634baba3b7656b0
[BSP] abfc3abf055fbccce55e8b4123c286f6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07082013_170945.txt >>


----------



## Cookiegal (Aug 27, 2003)

I would guess it's probably because the extension is hidden so it's seen as malicious but not the program itself.

There's nothing bad on the last scan. 

How are things with the computer now?


----------



## hewee (Oct 26, 2001)

Every thing is the as when I started but that error at shut down is now at log off.

IE will not let me make may own home page.

IE open minimize and I can not keep it so it open maximize.

I got to go now. 

Want to thank you for all you have done and will see what other computer profile is like and what logging off and shut does.

You have a good night. 

I am going out to work in the yard to help an older man do something.


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## hewee (Oct 26, 2001)

I had gotten some popup box with error I think when I logged off but it went by so fast because I logged off I could not even see it. No error beep It was about 9:49 am.


----------



## Cookiegal (Aug 27, 2003)

According to the OTS log your start page in Firefox hasn't changed. It's still shown as 

browser.startup.homepage -> "file:///D:/My_homepage.html" 

What are the error messages you're getting now and when?


----------



## hewee (Oct 26, 2001)

I know, It's the start page on IE in the Harry profile that will not let me have "file:///D:/My_homepage.html". In the hewee profile IE has the "file:///D:/My_homepage.html" for the home page and it opens OK
.
But I use the Harry IE profile with Admin rights to get MS Updates and I got a whole today. 16 MS updates and most are all "Microsoft .NET Framework". I hate getting them because they take forever and I got to put firewall in learning mode or I get asked for rights over and over.

The message I got I am not sure because when I log off it flashes by so fast I can not see anything but what looks like a gray box.

I can look if you tell me what to do.

You want me to hold off on the MS Updates?


----------



## Cookiegal (Aug 27, 2003)

I would go ahead and download the updates.

Can you run VEW again and post the new log showing new errors please?


----------



## hewee (Oct 26, 2001)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/07/2013 2:16:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/07/2013 5:48:21 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 05/07/2013 5:48:21 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 02/07/2013 6:42:54 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 10/06/2013 6:56:18 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application FileAlyzer2.exe, version 2.0.5.57, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/05/2013 7:29:26 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 14/05/2013 6:59:06 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application aswrundll.exe, version 8.0.1489.300, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x000311d9.

Log: 'Application' Date/Time: 14/05/2013 6:43:38 PM
Type: error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 03/05/2013 11:39:13 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 03/05/2013 11:39:07 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 15/04/2013 3:06:01 PM
Type: error Category: 0
Event: 11303 Source: MsiInstaller
Product: Ultra Hal Text-to-Speech Reader -- Error 1303.The installer has insufficient privileges to access this directory: C:\Program Files\Zabaware. The installation cannot continue. Log on as an administrator or contact your system administrator.

Log: 'Application' Date/Time: 15/04/2013 3:04:25 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application SpeakToWAV.exe, version 3.3.8.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 13/04/2013 9:29:49 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 29/03/2013 10:28:32 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application pip26121_ars_.exe, version 2.6.12.1, faulting module ieframe.dll, version 8.0.6001.19401, fault address 0x0014e98d.

Log: 'Application' Date/Time: 13/03/2013 12:18:19 PM
Type: error Category: 0
Event: 11303 Source: MsiInstaller
Product: PDFill PDF Editor with FREE Writer and FREE Tools -- Error 1303. The installer has insufficient privileges to access this directory: C:\Program Files\PlotSoft. The installation cannot continue. Log on as administrator or contact your system administrator.

Log: 'Application' Date/Time: 01/03/2013 3:24:35 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application palemoon.exe, version 15.3.0.4695, faulting module xul.dll, version 15.3.0.4695, fault address 0x0021089f.

Log: 'Application' Date/Time: 01/03/2013 2:44:25 PM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -859189091.

Log: 'Application' Date/Time: 01/03/2013 2:44:21 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application WinPatrol.exe, version 26.1.2013.0, faulting module WinPatrol.exe, version 26.1.2013.0, fault address 0x00015b26.

Log: 'Application' Date/Time: 01/03/2013 11:40:50 AM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -859189091.

Log: 'Application' Date/Time: 01/03/2013 11:40:42 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application winpatrol.exe, version 26.1.2013.0, faulting module winpatrol.exe, version 26.1.2013.0, fault address 0x00015b26.

Log: 'Application' Date/Time: 01/03/2013 8:35:47 AM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -859189091.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/07/2013 4:22:30 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 07/07/2013 9:07:09 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 07/07/2013 9:07:07 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 05/07/2013 12:50:03 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 05/07/2013 10:36:42 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 04/07/2013 3:38:17 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 26/06/2013 10:02:32 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 25/06/2013 9:36:10 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 25/06/2013 9:22:51 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 25/06/2013 8:54:34 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 25/06/2013 8:00:40 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 25/06/2013 10:19:15 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 24/06/2013 11:56:06 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 21/06/2013 9:58:55 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 21/06/2013 9:58:53 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 20/06/2013 1:52:31 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 20/06/2013 1:52:14 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 20/06/2013 1:52:12 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 18/06/2013 9:47:14 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Hewee registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 18/06/2013 3:04:49 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2013 7:42:01 PM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 08/07/2013 3:01:20 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.

Log: 'System' Date/Time: 08/07/2013 10:34:30 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Human Interface Device Access service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 08/07/2013 10:16:22 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Human Interface Device Access service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 08/07/2013 8:40:04 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Human Interface Device Access service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 07/07/2013 5:22:38 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Human Interface Device Access service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 07/07/2013 4:25:26 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {E433A430-6353-4E11-8484-45F98CE62D44} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 07/07/2013 3:50:42 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/07/2013 10:00:20 AM
Type: error Category: 0
Event: 6161 Source: Print
The document C:\Documents and Settings\Harry Bowers\desktop\ark.txt owned by Harry Bowers failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 697732. Number of bytes printed: 0. Total number of pages in the document: 18. Number of pages printed: 0. Client machine: \\HEW7WSG1. Win32 error code returned by the print processor: 6 (0x6).

Log: 'System' Date/Time: 07/07/2013 9:59:40 AM
Type: error Category: 0
Event: 6161 Source: Print
The document C:\Documents and Settings\Harry Bowers\desktop\ark.txt owned by Harry Bowers failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 715792. Number of bytes printed: 0. Total number of pages in the document: 18. Number of pages printed: 0. Client machine: \\HEW7WSG1. Win32 error code returned by the print processor: 6 (0x6).

Log: 'System' Date/Time: 07/07/2013 9:17:46 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 07/07/2013 8:42:23 AM
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Log: 'System' Date/Time: 07/07/2013 8:39:25 AM
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Log: 'System' Date/Time: 06/07/2013 5:40:39 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 05/07/2013 2:49:12 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 05/07/2013 12:51:52 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 05/07/2013 12:24:52 PM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 05/07/2013 10:39:01 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 05/07/2013 6:22:28 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 04/07/2013 5:26:00 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2013 6:18:01 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 05/07/2013 12:22:52 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 05/07/2013 6:20:22 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 04/07/2013 11:22:00 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 04/07/2013 8:27:38 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 03/07/2013 2:49:19 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/07/2013 7:08:34 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/07/2013 12:51:26 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 01/07/2013 7:48:47 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/06/2013 4:27:04 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/06/2013 7:28:37 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 28/06/2013 5:37:45 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 26/06/2013 3:27:39 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 25/06/2013 2:02:11 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 24/06/2013 9:14:07 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 22/06/2013 6:05:46 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 21/06/2013 7:04:57 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 19/06/2013 10:51:22 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 18/06/2013 1:50:11 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 16/06/2013 9:03:39 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

*===========================================*

Don't know if it's there. Maybe something was just closing and a box came up but all happen so fast I was thinking it was that error box. Remember I did not get the error sound on this.

Will off for the long MS Update.


----------



## Cookiegal (Aug 27, 2003)

You will have to reboot after the updates are installed so let me know if you still have the same problem.


----------



## hewee (Oct 26, 2001)

I got no problem after the Update. 

But most times I use the limited user "hewee" account so not sure yet because I have been it the other Admin profile most of the time the pass two days keeping you busy. 

I see you took off to cook one of your great meals or already ate it.


----------



## Cookiegal (Aug 27, 2003)

Yup, already ate. 

Let me know what problems remain when you can test both accounts.


----------



## hewee (Oct 26, 2001)

I knew it. 

OK I will let you know after testing on that error I started this thread with.

Got that IE homepage trouble trouble in the Harry profile only that started after that one scan. Plus IE will not open up all the way maximize Or does open maximize from the IE shortcut but does not from the "Microsoft Update" or "Windows Update" that seems odd.

The "C:\WINDOWS\SYSTEM32\HIDSERV.DLL" that WinPatrol said "File does not Exist" came back and now works.

This one C:\PROGRAM FILES\DELL SUPPORT CENTER\BIN\SPRTSVC.EXE also says "File does not Exist" 
http://www.winpatrol.com/db/pluscloud/sprtsvc.html?sprtsvc.exe&0&0&0&0&0&1&827&2910&949

I know I did a upgrade to a newer DELL SUPPORT CENTER that added lots of thing and it never worked right. 
Now I see WinPatrol has it listed as Manual start. So many if I change it to Auto will fix it.

Going to reboot now and see what happens.


----------



## hewee (Oct 26, 2001)

Will a reboot did not help. The SPRTSVC.EXE is not there.
I click on Dell Support Center and got error and then it closed down.
Got the same thing when I started "PC Checkup" and got the same thing

Is this the same thing?
http://www.dell.com/support/Diagnostics/us/en/19
Or
http://www.dell.com/support/content...dgebase/software-and-downloads/support-center
That is from...
http://www.dell.com/support/content...-support-Knowledgebase/software-and-downloads


----------



## hewee (Oct 26, 2001)

Can I post my Dell ServiceTag page?

Has 3 Recommended Drivers & Downloads.
Dell Support Center, v.Patch 1.0, A05

PLDS DH-16A6S SATA HH DVDRW, v.YD12, A01

AMD Radeon HD 3650(256MB PCI-Express X16(DVI/DP/HDMI) RV635), v.8.455.1.1WHQL-080221a-060104C-Dell_XP3264, A00


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> The "C:\WINDOWS\SYSTEM32\HIDSERV.DLL" that WinPatrol said "File does not Exist" came back and now works.


It didn't just come back, I copied the file from the i386 folder to replace the missing file.



> I know I did a upgrade to a newer DELL SUPPORT CENTER that added lots of thing and it never worked right.
> Now I see WinPatrol has it listed as Manual start. So many if I change it to Auto will fix it.
> 
> Going to reboot now and see what happens.


I had you change that to manual because I thought the automatic start was causing the problem. Other than that, we haven't done anything to affect this. If the file is missing then something may have deleted in before like an anti-virus program.

I'll look this over more and post again tomorrow to see what we're going to do.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> It didn't just come back, I copied the file from the i386 folder to replace the missing file.


That's right it was in the FixHarry.



> I had you change that to manual because I thought the automatic start was causing the problem. Other than that, we haven't done anything to affect this. If the file is missing then something may have deleted in before like an anti-virus program.
> 
> I'll look this over more and post again tomorrow to see what we're going to do.


No this has been this way on Dell Support Center a long time.

What can I do?
Or what order should I install the 3 Recommended downloads in post above?

Odd thing in the date Release Date of 5/30/2008 and the Dell Support Center I have now that does not work was installed October 06, 2011 and last Modified June 21, 2011 and guess that was when it stopped working.
Hard to remember back then with that heart attack and the meds.

Someone once said my ATI Radeon HD 3650 needs update that it was why I got a memory dump or something like that but then I never heard back from the person.

On Dell Support Center, v.Patch 1.0, A05 under the *Important Information* it says how to find your version but..."About Dell Support Center" to display the version is *NOT there* to look at. 
In Add/Remove it list version 3.1.5830.17. for Dell Support Center.
All the files in the Dell Support Center "pcdlauncher" for Dell Support Center is version 6.0.5830.12 and by PC-Doctor, Inc
and it's all version 6.0.5830.xx http://www.pc-doctor.com/ .
I know the one time I used this newer version it was so slow I stopped using it but when I went to use it again it did not work.

This what FileHippo_v1.040-UpdateChecker shows.
AMD Catalyst Drivers 13.4 XP
Installed Version: 8.2
C:\WINDOWS\system32


----------



## Cookiegal (Aug 27, 2003)

Do you actually use the Dell Support Center?

As a test, let's try disabling the Dell SupportSoft Sprocket Service:

Also, go to *Start *- *Run *- type in *services.msc* and click OK. Then scroll down the list of services to locate the following:

*SupportSoft Sprocket Service *

Double-click to open it and change the startup type from "automatic" to "disabled" then click "Apply" and OK. Then reboot the computer twice and let me know if the error still flashes on the second shutdown please


----------



## hewee (Oct 26, 2001)

OK I had shut down OK but started in limited profile and just now at 6:48 I logged off and did not see a error box but got the error sound or "Critical Stop" sound.

This is part of VEW.that has the time 6:48
===================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - *information Type*
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/07/2013 6:48:32 AM
Type: information Category: 0
Event: 1201 Source: UPHClean
The following handles in user profile hive S-1-5-21-3745757714-3295662-1287941395-1006 (S-1-5-21-3745757714-3295662-1287941395-1006) have been closed because they were preventing the profile from unloading successfully: DkService.exe (356) HKCU\Software\Microsoft\SystemCertificates\My (0x58c) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness (0x660)

Log: 'Application' Date/Time: 10/07/2013 6:48:32 AM
Type: information Category: 0
Event: 1412 Source: UPHClean
Setup for handle remapping for process DkService.exe (356) failed. Reverting to closing handle.
===================================================

DkService.exe is my Diskeeper 2009.

Well I did use it to check on things but after the change to newer version I only used it once and part way another time.

OK rebooting.

================
EDIT:
Two reboots and no error.

Got to go right now and shower and shave because I got some workers coming over in the next hour.


----------



## Cookiegal (Aug 27, 2003)

So no more errors? Everything is working fine now?


----------



## hewee (Oct 26, 2001)

I think all is OK or is so far.

So you think it's best to get the Dell Updates?


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> I think all is OK or is so far.
> 
> So you think it's best to get the Dell Updates?


If you mean for the Dell Support Center I really couldn't say. If it doesn't work and you want to use it then perhaps you could try or even uninstall and reinstall it.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> If you mean for the Dell Support Center I really couldn't say. If it doesn't work and you want to use it then perhaps you could try or even uninstall and reinstall it.


Talking about all 3 in this post above.
http://forums.techguy.org/8731639-post79.html

I do not know what version Dell Support Center so it would have to be a uninstall.

Anyhow not going to do anything today. Been up in the attic that was maybe 130 and I bet I lost 5 pounds. So need to rest up and get lots of water or coconut water and water melon.


----------



## hewee (Oct 26, 2001)

I can not use the Run-As to get MS updates now now from limited user account and IE opens blank page and it does not open to the Maximize and I can not change it to stay at Maximize each time I open IE.
Now this happens from the shortcuts for Windows Update and Microsoft Update but not the Launch Internet Explorer Browser shortcut.

What is it talking about Downloading? The webpage?


----------



## Cookiegal (Aug 27, 2003)

In IE go to Tools - Internet Options - Security Tab and highlight the Internet Zone. Do you have custom settings there? If not what level indicated (high, medium, low)?


----------



## hewee (Oct 26, 2001)

I have custom settings there. They work in the Harry profile but in the hewee profile I can not use the run-as or I get what you see in the image above. Now both profiles they open to that size. Why has IE not fix fixed this right because this goes back to 95 days on getting IE to keep you size setting.


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> I have custom settings there. They work in the Harry profile but in the hewee profile I can not use the run-as or I get what you see in the image above. Now both profiles they open to that size. Why has IE not fix fixed this right because *this goes back to 95 days on getting IE to keep you size setting*.


I have no idea what the bolded part means. 

Anyway, go to Tools - Internet Settings - Security Tab - Internet Zone - Custom Leveal - scroll down to Downloads and be sure " File Download" has "enabled" selected. If not then change it. Let me know what the setting was please.


----------



## hewee (Oct 26, 2001)

The bold means the IE open Minimize and not remembering the size setting you had. 

Now I said also this does this from the run-as in hewee limited account and not Harry Admin account. So would not the setting be the same?

" File Download" has "enabled" selected but the one above it is disabled for "Automatic prompting for file download.


----------



## Cookiegal (Aug 27, 2003)

It was the 95 days I didn't understand.

Generally limited accounts can't download things. What tweaks had you done to enable that?

If you drag the IE window to the size you want then close it, it should open that way the next time.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> It was the 95 days I didn't understand.


Windows 95 day. 



> Generally limited accounts can't download things. What tweaks had you done to enable that?


I always could before. I made no changes



> If you drag the IE window to the size you want then close it, it should open that way the next time.


I know this but it changes back.


----------



## hewee (Oct 26, 2001)

OK they all 3 open all the way in hewee profile that is the limited account.

I can use the Run-as on* IE shortcut* but the *Microsoft Update* and *Windows Update* using the Run-as I get what I posted here in post #88 and you see in the screen shot and they will not even work.

In the Harry Admin Profile *Microsoft Update* and *Windows Update* they work but don't remember the screen setting.


----------



## Cookiegal (Aug 27, 2003)

What are you clicking on to try to get the "Run As Administrator" option for Windows Updates?


----------



## hewee (Oct 26, 2001)

Microsoft Update and Windows Update I used to be able to click on and "Run As Administrator" but now I can't. 

Got to go do some shopping and running around taking someone to the doctor etc so will be gone for who knows how long so see yea later.


----------



## Cookiegal (Aug 27, 2003)

Where do you click though and is "Run As Administrator" still there but grayed out or not there at all?


----------



## hewee (Oct 26, 2001)

You right click on Microsoft Update or Windows Update and click "Run as..." and then I pick "Harry...." and type the password and I get whay you see in post #88.


----------



## hewee (Oct 26, 2001)

Log off and got this error and the error sound.

This is from VEW.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/07/2013 10:55:43 PM
Type: information Category: 0
Event: 26 Source: Application Popup
Application popup: regedit.exe - DLL Initialization Failed : The application failed to initialize because the window station is shutting down.


----------



## Cookiegal (Aug 27, 2003)

It seems MailWasher may be causing that error. Try shutting down mailwasher before shutting down the computer and let me know if you still get that error.

I'm still looking into the Run As Administrator issue on the Limited account.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> It seems MailWasher may be causing that error. Try shutting down mailwasher before shutting down the computer and let me know if you still get that error.
> 
> I'm still looking into the Run As Administrator issue on the Limited account.


Odd the error changed from shut down to log off. So it seems to be MailWasher. Can a newer version of MailWasher help? I got newer version but never installed it.

So you know I only have MailWasher setup to run in the hewee account and it only loads in that account.

MailWasher 6.5.4 installed and newer one is ??? Got key for Mailwasher Pro *2010* but maybe can get newer version. I won it at Calendar of Updates back in Nov 5, 2010 1:05:03 AM or that is when I got key from Firetrust Limited. But if like the 6.5.4 and earlier version the same key was good for all version up 6.5.4. So I should be able to install I have downloaded

Looks like I can have both from bottom of page here. http://www.firetrust.com/en/products/mailwasher-pro/quick-start-guide
Was big change and also the key changed from a super long code to a short one.

Then once newer version is going I just not even use older version to see what happen?

What do you think?

Or just close this version first to rule it out.


----------



## Cookiegal (Aug 27, 2003)

Perhaps a newer version would not have the bug this one does but I can't know for sure.

I'm wondering if WinPatrol may be interfering with your Limited Account. If you shut WinPatrol off can you use "Run As Administrator" for Windows updates from that account?


----------



## hewee (Oct 26, 2001)

Who knows but I would get a newer version of MailWasher. I have used Mailwasher from day one and even got a backup of the old free version that let you have more then one email account that did not stay around because they took it away and made the Pro version you had to buy.

You know WinPatrol I was thinking was it because I open IE "Run As Administrator" that pop up alert here http://forums.techguy.org/8732364-post88.html
But I started WinPatrol and it still opens so maybe it fixed itself. I did shut down last night.

Now it still opens part way and I can not get it to open Maximize using the "Run As Administrator".
I can try again after I go to the Admin account to see if I can change it and get it to remember.

Anyhow the download alert part fixed itself in my sleep last night or it has from the limited user account.


----------



## hewee (Oct 26, 2001)

OK got the IE opening fixed or the best you can ever do with IE in all the from 95 to 98 to XP and W7.
I resize the window like it says here. I keep doing this but was holding the Shift and not the Ctrl.
I did this here. http://www.lockergnome.com/windows/...rnet-explorer-from-opening-in-a-small-window/


----------



## Cookiegal (Aug 27, 2003)

So what problems remain Harry?


----------



## hewee (Oct 26, 2001)

The same one. 
Forgot to shutdown MailWasher so got the error when I logged user off.

So let me play around a week to see what happens to try and rule this out because I got no malware.
Will get newer MailWasher installed also and play with it.


----------



## hewee (Oct 26, 2001)

OK it came back.

Just logged back to limited user account andI open IE "Run As Administrator" that pop up alert here
http://forums.techguy.org/8732364-post88.html

Now IE open in the new larger window setting but that download alert is back.

So this keeps coming and going on it's own.

--------------

Also the Reg.dll error I did not see when MailWasher was closed and twice I did see. One with also the error sound and one without the sound. 
So it looks like your right on that error.

Now what's up with IE?

Going back to Admin account and back to limited account now that IE is again gone.

OK you say my PC is clean and I would say your right.

I got the download error trouble with the Admin account in IE. 
Also it you remember Firefox in the Admin account I said I could not down load some file types. Why? I do not know because it Firefox profile is the very same profile so the rights are the same.
Never have I ever had this happen with Firefox or Netscape.

You think Online Armor somehow does not remember the rights?
If all is clean then I can run the "Safety Check Wizard" and it will say what is allowed and trusted.


----------



## hewee (Oct 26, 2001)

Now I can download in Firefox from the Admin account. 

I did not change anything but the "change to show hidden files and folder" that was hidden after we did something because I always had them showing. 

This is good because I really do not want to "Safety Check Wizard" of Online Armor after all this time because it takes a long time to do.


----------



## hewee (Oct 26, 2001)

Got to wait on email reply for MailWasher because they say my key is no good for the newer version. It was years ago I got the key and I got all emails and .pdf file on the Transaction ID etc. so I guess I will get a new key and had better register it and not wait because this was back on Nov 5, 2010 1:05:03 AM.


----------



## Cookiegal (Aug 27, 2003)

OK I'm getting confused because things are working then they're not then they are and new things crop up. 

Please give me the current status of what problems exist.


----------



## hewee (Oct 26, 2001)

OK from limited user account when I open IE "Run As Administrator" that pop up alert here goes away and then comes back and I don't know why.
http://forums.techguy.org/8732364-post88.html
So I'm getting confused on this one too.
Seems to change after I logout or shut down.

I know some setting were changed after we did all those scans because files and folder were hidden and then I got this error pop up last night and I never seen that type of pop up before. Said to send later but how to check on this error now I don't know either.

MailWasher seems or I think it is why I get that Reg.dll error that was only at shut down but now at log off after we did what ever.

I installed New Mailwasher but key is not any good and can even go to "https://secure.firetrust.com/user/management/products" that shows I have with the very same key but says "Expired Key" I did not even know I had this page so they made it when they send me the key because they use your email address.

So hope to get key to newer MailWasher taken care of.

Firefox download fixed

Was told I have gotten memory dumps because of my ATI that I need to update the driver on long ago but the person that was helping me stopped showing up and no one knows what happen to the person. 
That may help on some things.


----------



## hewee (Oct 26, 2001)

Cookiegal,

This is only a guess.

I have the same setting on IE as I always had but now on and off I get that error I post at top of post above. Why it says download I don't know but is it the download of the web page?

Now in the limit user account I have IE setting even higher and I can not even do a scan for updates.
I get this here.



> To continue, you must first add this website to your trusted sites in Internet Explorer.
> The site cannot determine which updates apply to your computer or display those updates unless you change your security settings to allow ActiveX controls and active scripting. The best way to do this without lowering your security settings is to make this site a trusted website. Your security settings will continue to block potentially harmful ActiveX controls and scripting from other sites but you will be able to get updates.
> 
> To make this site a trusted website:
> ...


So you think some how the setting from the limited account is getting mixed up when I open IE "Run As Administrator"?

Also in the Admin account I can not make D:\My_homepage.html my IE home page


----------



## Cookiegal (Aug 27, 2003)

Perhaps this key wasn't repair properly so let's check it again.

Please go to *Start *- *Run *and copy and paste the following then click OK:

regedit /e C:\look3.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"

A report will be created called C:\look3.txt. Please open it in Notepad and copy/paste it here.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> Perhaps this key wasn't repair properly so let's check it again.
> 
> Please go to *Start *- *Run *and copy and paste the following then click OK:
> 
> ...


Who knows because now it changed again and works but it has a mind of it's own that changes I think after each log off.

You know I had Firefox shortcut reg files that would work in the Admin profile but not the limited profile and I could add the reg file yo the limited user account.
Then I changed the "limited user account" to an Admin account and added the reg file.

So you think I should do this twice (Once in each profile) with Admin rights?


----------



## Cookiegal (Aug 27, 2003)

You only need to do it once using the account with admin privileges.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> You only need to do it once using the account with admin privileges.


OK I will do that.

============================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,00,\
00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:00000278
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\
54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\
00,69,00,64,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:c3,11,ba,16,3f,a2,be,54,d1,1b,34,81,2e,a9,2a,9c,32,63,30,34,36,\
65,32,39,00,00,00,00,c5,0c,00,00,18,ca,06,00,99,d0,bf,71,04,ca,06,00,10,00,\
00,00,00,00,00,00,ff,db,cd,ca,b3,1b,04,6d,93,75,00,2c

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:ed,9f,f3,74,a2,fc,12,57,90

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:c0,ba,52,f1,7d,f0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:8c,ff,22,ca,d2,1e,c7,93,09,03,8b,e5,00,df,4a,02

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:54,30,0d,17,1f,f9,c9,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,54,cf,23,c4,9d,c8,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,db,62,27,c4,9d,c8,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,08,94,28,c4,9d,c8,01
"Type"=dword:00000031

============================

The new MailWasher is now NO GOOD because it was on a yearly fee unlike the older version I have. To get a lifetime one you need $99.00 big ones.
Also I like the simple older look of the old version. 
What a pain getting info because they used your email but I gave another name and Firetrust also changed sites so it had me both places and too about 12 emails to get a account to go with the ticket so I could see the reply.

So got mailwasher stopped from loading at startup and will try to remember to close it before log off and shut down.

You got the error that made you say it was MailWasher the made the reg.dll error so I can report it to them?


----------



## hewee (Oct 26, 2001)

Got email from Firetrust.


> Hi again,
> Yes, try this version instead:
> 
> http://www.firetrust.com/download/MailWasher_Pro_6.3.exe
> ...


So waiting to hear back if I can install over or if I need to uninstall and install 6.3 in place of 6.4.5
http://www.firetrust.com/en/products/mailwasher-pro/change-log


----------



## hewee (Oct 26, 2001)

Got MailWasher 6.3 install so will see if it works. They want to hear back if it works or not.

If you can please show me where you think it was MailWasher I can tell them.


----------



## Cookiegal (Aug 27, 2003)

Sorry Harry, I can't find the link any more. But if you're shutting down MailWasher and not getting the error then getting it when you don't shut it down that should be proof enough.


----------



## hewee (Oct 26, 2001)

Well was going to keep MailWasher open to see if this version does not give an reg.dll error. Firetrust also wants to hear back if this version works OK.


----------



## Cookiegal (Aug 27, 2003)

I don't know what else to tell you Harry.


----------



## hewee (Oct 26, 2001)

So was the key in post #117 OK?

Well IE works if I don't use the Run-As. I only used IE that way to check on updates each month because IE setting are in limited user account are to high to even load the page.

I guess I can redo the settings to see if this IE bug gets unstuck because it should not keep changing.

OK what all files and folder can I clean up and delete from from all the programs I download for the scans?

So is it OK for me to get the Dell Updates listed here in post #79?
Or
http://www.dell.com/support/drivers/us/en/555/ServiceTag/BD7WSG1


----------



## Cookiegal (Aug 27, 2003)

Yes, the key was fine.

I don't know about the Dell updates.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there.









Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## hewee (Oct 26, 2001)

I has trouble twice at boot up this week. Both had to do with Online Armor. 

I wonder if I should do a system restore back before we got started because I still have the trouble but now got it at log off and got the IE run-as Admin trouble and a lot slower boot up time. On the limited profile I have one folder that moves to the bottom left space on my desktop about 2 out of 3 times I login.

We did the cleanup program and the recover program I see at boot and I think that was it. 
Got User Profile Hive Cleanup Service, windows recovery console and all of the MS Updates.

The trouble today may be a Avast bug. Online Armor pop-up about ICMP I give rights too but now see it was blocked. I could not get anything to open because all was busy. Then get Avast Pop-up on I think OAUI.EXE as maybe malware but then says it was OK. But then Online Armor did not load all the way and part of the program worked so I had to log off and back on.

So let me keep my restore for now and see what happens in the days ahead and how the PC works.


----------



## Cookiegal (Aug 27, 2003)

OK, let me know how things are.


----------



## hewee (Oct 26, 2001)

Shut down last night and boot up was OK this morning or I think it was. I started PC and then went to the kitchen so did not watch boot up but I know I did not get any pop up.

Let me ask you this. The longer login time when I change user. It use to be faster because I already booted PC and everything loaded so changing user was a faster load time.
Now it's slower. Is that because all has to reload because of the "User Profile Hive Cleanup Service" that runs?


----------



## Cookiegal (Aug 27, 2003)

I don't really know why it's slower Harry.

Let's try another scan.


Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## hewee (Oct 26, 2001)

Only slow at boot and login when I change users.

OK will change profiles and run RogueKiller.

The log on was faster this time.

Remember IE Updates were made. 
I got newer KeyScrambler version and think I will trash it because after they changed from a plug-in to loading at start up a lot of times it shows as disabled when it is not so the newer 3.x version is worse then the older vesion. 
New Win Patrol version.
Change to older MailWasher that I need to change back to version 6.5.4. Going to keep this a long time with the newer fee base versions you got to pay each year.
Avast def updates are made at each boot, login and other times in the day. Yesterday I think it was Avast or it started that way and that then got to Online Armor. So that makes Avast at fault. Have had slow downs before that come and go after Updates when they fix the defs.

Unless I miss something this RogueKiller looks the same as the one done by RogueKiller V8.6.2 [Jul 5 2013] but the very last line is not on last one on Jul 5 2013

===========================================
RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Harry Bowers [Admin rights]
Mode : Scan -- Date : 07/18/2013 14:55:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161HJ +++++
--- User ---
[MBR] 6ab1a780120358c154aa7b57db37449a
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 152523 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD161HJ +++++
--- User ---
[MBR] 0e19a94679c8a1cb0634baba3b7656b0
[BSP] abfc3abf055fbccce55e8b4123c286f6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07182013_145522.txt >>
RKreport[0]_S_07082013_170945.txt


----------



## hewee (Oct 26, 2001)

It did it again this morning coming out of "standby" into limited account. Had Online Armor pop up on "ICMP". I could not do anything else. I clicked on the popup and it close. I waited 5 minutes and then did a CAD to log off. Logged back and everything loaded but that took a total of about 7 minutes.
Then logged off and into Admin account and it loads along with this popup attached with the other screenshots and I *made a copy* of the *WERddfd.dir00 folder* that has the other files in it because once clock send or don't send it deletes the folder. Also ran VEW.

Here is short version of *VEW* that has *todays date only*.

=============================================

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/07/2013 7:23:01 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/07/2013 6:51:28 AM
Type: error Category: 100
Event: 1004 Source: Application Error
Faulting application oasrv.exe, version 3.5.0.51, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Log: 'Application' Date/Time: 19/07/2013 6:43:04 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application oasrv.exe, version 3.5.0.51, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/07/2013 6:50:40 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 19/07/2013 6:49:01 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Online Armor service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2013 6:49:00 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2013 6:45:31 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.

Log: 'System' Date/Time: 19/07/2013 6:45:01 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 19/07/2013 6:44:31 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the HidServ service.

Log: 'System' Date/Time: 19/07/2013 6:44:01 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

Log: 'System' Date/Time: 19/07/2013 6:43:31 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.

Log: 'System' Date/Time: 19/07/2013 6:43:01 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.

Log: 'System' Date/Time: 19/07/2013 6:42:31 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.

Log: 'System' Date/Time: 19/07/2013 6:41:34 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.

Log: 'System' Date/Time: 19/07/2013 6:41:04 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

Log: 'System' Date/Time: 19/07/2013 6:40:33 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/07/2013 6:54:05 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The WMI Performance Adapter service entered the stopped state.

Log: 'System' Date/Time: 19/07/2013 6:51:55 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The WMI Performance Adapter service was successfully sent a start control.

Log: 'System' Date/Time: 19/07/2013 6:51:55 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The WMI Performance Adapter service entered the running state.

Log: 'System' Date/Time: 19/07/2013 6:51:03 AM
Type: information Category: 0
Event: 26 Source: Application Popup
Application popup: regedit.exe - DLL Initialization Failed : The application failed to initialize because the window station is shutting down.

Log: 'System' Date/Time: 19/07/2013 6:49:45 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 19/07/2013 6:49:38 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 19/07/2013 6:49:38 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 19/07/2013 6:49:29 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Online Armor service entered the running state.

Log: 'System' Date/Time: 19/07/2013 6:49:08 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Online Armor service was successfully sent a start control.

Log: 'System' Date/Time: 19/07/2013 6:49:04 AM
Type: information Category: 0
Event: 26 Source: Application Popup
Application popup: FSCapture.exe - DLL Initialization Failed : The application failed to initialize because the window station is shutting down.

Log: 'System' Date/Time: 19/07/2013 6:48:18 AM
Type: information Category: 0
Event: 26 Source: Application Popup
Application popup: regedit.exe - DLL Initialization Failed : The application failed to initialize because the window station is shutting down.

Log: 'System' Date/Time: 19/07/2013 6:40:34 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Image Acquisition (WIA) service entered the running state.

Log: 'System' Date/Time: 19/07/2013 6:40:03 AM
Type: information Category: 0
Event: 4201 Source: Tcpip
The system detected that network adapter Realtek PCIe GBE Family Controller was connected to the network, and has initiated normal operation over the network adapter.

Log: 'System' Date/Time: 19/07/2013 12:34:08 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 19/07/2013 12:34:01 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 19/07/2013 12:34:01 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 19/07/2013 12:31:28 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The WMI Performance Adapter service entered the stopped state.

Log: 'System' Date/Time: 19/07/2013 12:29:00 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The WMI Performance Adapter service was successfully sent a start control.

Log: 'System' Date/Time: 19/07/2013 12:29:00 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The WMI Performance Adapter service entered the running state.

Log: 'System' Date/Time: 19/07/2013 12:27:30 AM
Type: information Category: 0
Event: 26 Source: Application Popup
Application popup: regedit.exe - DLL Initialization Failed : The application failed to initialize because the window station is shutting down.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/07/2013 6:40:02 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.


----------



## Cookiegal (Aug 27, 2003)

It looks like Online Armor is causing problems. If you uninstall it and use the Windows firewall as a test do things run properly?


----------



## hewee (Oct 26, 2001)

Windows firewall is junk.

Not going to uninstall it till I find the installer and key to reinstall it.

This only started after that one thing you had me do. Why is it doing this now when I only started with that one .reg.dll error that was at shut down but other wise all worked OK and now I got many things acting up. 

Can it be fixed or would a system restore be better?


----------



## Cookiegal (Aug 27, 2003)

Before doing a system restore, can you tell me precisely when it started acting up? After which program we ran?


----------



## hewee (Oct 26, 2001)

Do not know just when but after we were doing all those scans and the one did do something to Online Armor and we fixed it.
Trouble started here http://forums.techguy.org/8730815-post49.html
Was restored in next post but the trouble comes and goes on this and IE etc.

OK in talks with Online Armor. 
http://support.emsisoft.com/topic/11908-online-armor-35051/ and see post #130.

He is going to check my keys. I may be able to even get newer 6.x version.


----------



## Cookiegal (Aug 27, 2003)

If we try a system restore we probably should restore everything removed by ComboFix. There are some things it removed I want to check so please don't try doing a system restore yet. I may have to check with the developer on some things.

Please go to *VirusTotal* and upload the following file for scanning.

Click *Choose File*
Navigate to the following file then click *Open* 

```
C:\Qoobox\Quarantine\C\WINDOWS\system32\updater.exe.vir
```

Click *Scan It*
If you get a message saying the file has already been analyzed click *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## hewee (Oct 26, 2001)

OK here you go.

https://www.virustotal.com/en/file/...e0c45f2981b0f5875cd911d8/analysis/1374277717/

It's clean.

May have to put the rest off till Sunday or Monday so you have a good weekend

You know what?
More on Online Armor.
In Post #52 http://forums.techguy.org/8730887-post52.html was that not a *restore* of *OAwatch.dll*?

I just did a search on OAwatch.dll and it's only in one place here at *C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir* so it was *never restored*.


----------



## hewee (Oct 26, 2001)

Also a scan on *OAwatch.dll*

https://www.virustotal.com/en/file/...05b0fb544ecafe872ca33c0d/analysis/1374279745/


----------



## Cookiegal (Aug 27, 2003)

OK I'm going to check with the developer of ComboFix on some things. But let's do this to check for that file. It should have been restored by ComboFix:

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*OAwatch*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Cookiegal (Aug 27, 2003)

Also the updater.exe file that was removed is the Pale Moon updater.


----------



## hewee (Oct 26, 2001)

OK here it is and it was not restored.

==========================================
SystemLook 04.09.10 by jpshortstuff
Log created at 19:03 on 19/07/2013 by Harry Bowers
Administrator - Elevation successful

========== filefind ==========

Searching for "*OAwatch*"
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_OAwatch2A6967FD	--a---- 50847 bytes	[04:17 03/03/2011]	[04:17 03/03/2011] EA4640FE8BBA8F9827C8A1A8E72D55C3
C:\Documents and Settings\Harry Bowers\desktop\OAwatch.jpg	--a---- 24935 bytes	[17:04 08/07/2013]	[17:04 08/07/2013] A98EE5740D882F370C7ED11FA99EBBAD
C:\Documents and Settings\Harry Bowers\Recent\OAwatch.lnk	--a---- 497 bytes	[00:14 16/07/2013]	[00:14 16/07/2013] 1AA36F0CEA89B1B7565F05246FF5AC51
C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir	--a---- 878576 bytes	[18:51 01/06/2010]	[09:36 16/10/2009] 717A3C16F64E9B6CDE2E16314FD64D03

-= EOF =-

==========================================

What was wrong with the updater.exe for Pale Moon? I still have updater.exe in the Pale Moon folder. 
But no lost on that one because the install version is 3.6.32 and there are no more Updates.
Other version is the Pale Moon Portable version 19.x so no lost there either.


----------



## hewee (Oct 26, 2001)

Was in standby and went to get dinner and come back and come out of standby and again got that pop up from Online Armor on ICMP but this time it was GREEN so is trusted. I clicked on like every other time and said no not again and wonder how long it would take to log out and back in but right after I clicked the pop up everything loaded by the clock and all is working.
So guess what ever got redone when I ran the Online Armor, "Safety Check Wizard" yesterday. Why it has not up again before now I don't know. Can't remember the first time if it was from standby or not but these last two times it was from coming out of standby. 

Firewall: System incoming ICMP allowed. 

So should it be allowed? 

I installed the new Online Armor on the other Windows 7 PC but it's Emsisoft Online Armor 6.x version. Some what the same but also lots was changed. Also my older version looks so much better. Not sure if it would look that way on XP but is very plain and flat looking and all the color is gone. 
It took my key for it but still says Free Version so the key did not work. 
I would guess the free version is still better then Windows 7 Firewall or is it? I know even with the changes I would know my way around it because I know nothing about Windows 7 Firewall. I had to also disabled it. You think Online Armor would of done so for me or I so something wrong on Windows 7 because it's so new to me.


----------



## Cookiegal (Aug 27, 2003)

So are you saying the file that ComboFix deleted and didn't get restored has been recreated by Online Armor? Did you do a new SystemLook to check?

As far as ICMP is concerned, you can take a look in the Firewall rules and it should show which program was asking for permission when you clicked on "Allow". See this page for instructions:

http://www.emsisoft.com/en/info/oa/Firewall.shtml


----------



## hewee (Oct 26, 2001)

OAwatch.dll was never restored. See post #140 and it's not restored. I looked in the C:\Program Files\Tall Emu\Online Armor folder and it's not there. 
This is the only place I have the OAwatch.dll 
C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir

Does not show what used ICMP in the firewall log.

Does seem to load better now because the ICMP is running.

What is the Raw? *I made bold the Raw and icmp*.

Here is the History log.

=============================================================
Type,Date/Time,Action,Description
System boot,7/20/2013 8:38:48 PM,None,System boot at: 7/20/2013 8:38:11 PM
Service started,7/20/2013 8:38:48 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/20/2013 10:18:50 AM,None,System shutdown at: 7/20/2013 10:18:50 AM
System boot,7/20/2013 7:26:25 AM,None,System boot at: 7/20/2013 7:25:41 AM
Service started,7/20/2013 7:26:25 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/19/2013 9:46:34 PM,None,System shutdown at: 7/19/2013 9:46:34 PM
Firewall: User decision,7/19/2013 8:26:11 PM,Allowed,"System, Incoming *ICMP* access *allowed*"
Program Guard,7/19/2013 7:04:30 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\SystemLook.exe(3680) wants to start C:\WINDOWS\notepad.exe
Program Guard,7/19/2013 7:02:58 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\SystemLook.exe
Program Guard,7/19/2013 12:04:47 PM,Allowed,D:\Download Programs\Software Key Revealer\SoftKeyRevealer\SoftKeyRevealer.exe
Program Guard,7/19/2013 12:03:22 PM,Allowed,D:\Download Programs\Software Key Revealer\ProduKey v1.42\ProduKey.exe
Program Guard,7/19/2013 12:03:08 PM,Allowed,D:\Download Programs\Software Key Revealer\produkey\ProduKey.exe
Program Guard,7/19/2013 12:00:30 PM,Allowed,D:\Download Programs\Software Key Revealer\licensecrawler\LicenseCrawler.exe
Program Guard,7/19/2013 11:59:43 AM,Allowed,D:\Download Programs\Software Key Revealer\Keyfinder.2.0.1\keyfinder.exe
Automatic Update failed,7/19/2013 10:15:41 AM,None,"Subscription for Online Armor updates is expired, Please check your network connection and firewall rules"
Learning mode exited,7/19/2013 7:03:10 AM,None,
Program Guard,7/19/2013 6:49:41 AM,Allowed,C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
Service started,7/19/2013 6:49:16 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/19/2013 6:49:16 AM,None,System boot at: 7/18/2013 7:59:45 AM
Program Guard,7/18/2013 3:17:14 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\RogueKiller.exe(1048) wants to terminate C:\WINDOWS\system32\TrueSight.sys
Program Guard,7/18/2013 2:55:22 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\RogueKiller.exe wants to access hard disk directly using device \??\PhysicalDrive0
Firewall: User decision,7/18/2013 2:52:13 PM,Allowed,"C:\Documents and Settings\Harry Bowers\desktop\RogueKiller.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Program Guard,7/18/2013 2:52:07 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\RogueKiller.exe(1048) wants to write memory in System(4)
Program Guard,7/18/2013 2:52:02 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\RogueKiller.exe(1048) wants to start C:\WINDOWS\system32\TrueSight.sys
Autorun Detected,7/18/2013 2:51:54 PM,Allowed,C:\WINDOWS\system32\TrueSight.sys
Program Guard,7/18/2013 2:51:39 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\RogueKiller.exe wants to create executable file C:\WINDOWS\system32\TrueSight.sys
Program Guard,7/18/2013 2:51:27 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\RogueKiller.exe
Firewall: Automatic decision,7/18/2013 8:01:12 AM,Blocked,"System, Incoming *ICMP* access blocked"
System boot,7/18/2013 8:00:32 AM,None,System boot at: 7/18/2013 7:59:52 AM
Service started,7/18/2013 8:00:32 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/17/2013 11:53:07 PM,None,System shutdown at: 7/17/2013 11:53:07 PM
Firewall: Automatic decision,7/17/2013 4:07:19 PM,Blocked,"System, *Outgoing RAW access blocked*"
Service started,7/17/2013 7:28:30 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Firewall: Automatic decision,7/17/2013 12:04:05 AM,Blocked,"System, Incoming *ICMP* access blocked"
Service started,7/17/2013 12:03:38 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/17/2013 12:03:38 AM,None,System boot at: 7/17/2013 12:03:00 AM
Service started,7/17/2013 12:00:43 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/17/2013 12:00:43 AM,None,System boot at: 7/17/2013 12:00:02 AM
Service stopped,7/16/2013 11:13:04 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/16/2013 11:12:48 PM,None,System shutdown at: 7/16/2013 11:12:47 PM
Firewall: Automatic decision,7/16/2013 12:44:48 PM,Allowed,C:\Program Files\KeyScrambler\KeyScrambler.exe - Program you have trusted has changed.
Firewall: Automatic decision,7/16/2013 12:42:57 PM,Blocked,"System, Incoming *ICMP* access blocked"
Service started,7/16/2013 12:42:31 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/16/2013 12:42:31 PM,None,System boot at: 7/16/2013 12:41:51 PM
System shutdown,7/16/2013 12:41:16 PM,None,System shutdown at: 7/16/2013 12:41:16 PM
Program Guard,7/16/2013 12:13:07 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns32.tmp(1584) wants to start C:\WINDOWS\system32\regsvr32.exe
Program Guard,7/16/2013 12:13:04 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns32.tmp
Program Guard,7/16/2013 12:13:00 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns31.tmp(3228) wants to start C:\Program Files\KeyScrambler\DriverInstaller.exe
Program Guard,7/16/2013 12:12:57 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns31.tmp
Program Guard,7/16/2013 12:12:54 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns30.tmp(4056) wants to start C:\Program Files\KeyScrambler\DriverInstaller.exe
Program Guard,7/16/2013 12:12:47 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns30.tmp
Program Guard,7/16/2013 12:12:43 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns2F.tmp(3976) wants to start C:\WINDOWS\system32\regsvr32.exe
Program Guard,7/16/2013 12:12:40 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns2F.tmp
Program Guard,7/16/2013 12:12:34 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns2E.tmp(2364) wants to start C:\Program Files\KeyScrambler\DriverInstaller.exe
Program Guard,7/16/2013 12:12:31 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns2E.tmp
Program Guard,7/16/2013 12:12:19 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns2D.tmp(3892) wants to start C:\Program Files\KeyScrambler\DriverInstaller.exe
Program Guard,7/16/2013 12:12:15 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\temp\nsk2C.tmp\ns2D.tmp
Firewall: User decision,7/16/2013 12:11:48 PM,Allowed,"D:\Download Programs\Palemoon-Portable-3.6.15a\Downloads\KeyScrambler 3.2_Setup.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Program Guard,7/16/2013 11:36:32 AM,Allowed,D:\Download Programs\xsearch\XSearch.exe(4840) wants to remotely control C:\WINDOWS\explorer.exe(4636)
Program Guard,7/16/2013 7:42:22 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\VEW.exe(3056) wants to start C:\WINDOWS\system32\notepad.exe
Program Guard,7/16/2013 7:42:14 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\VEW.exe(3056) wants to remotely control C:\WINDOWS\system32\svchost.exe(988)
Program Guard,7/16/2013 7:42:11 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\VEW.exe(3056) wants to remotely control C:\WINDOWS\system32\svchost.exe(908)
Program Guard,7/16/2013 7:41:55 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\VEW.exe
Program Guard,7/16/2013 7:32:55 AM,Allowed,C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
Program Guard,7/16/2013 7:32:33 AM,Allowed,D:\Download Programs\MailWasher Pro\MailWasher_Pro_6.3.exe(1484) wants to start C:\Documents and Settings\Harry Bowers\Local Settings\temp\is-JOI9G.tmp\MailWasher_Pro_6.3.tmp
Program Guard,7/16/2013 7:32:26 AM,Allowed,D:\Download Programs\MailWasher Pro\MailWasher_Pro_6.3.exe
Program Guard,7/16/2013 7:26:06 AM,Blocked,C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
Firewall: Automatic decision,7/16/2013 7:25:36 AM,Blocked,"System, Incoming *ICMP* access blocked"
Service started,7/16/2013 7:25:05 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/16/2013 7:25:05 AM,None,System boot at: 7/16/2013 7:24:23 AM
Firewall: Automatic decision,7/12/2013 6:12:35 PM,Allowed,"C:\Program Files\Belarc\Advisor\BelarcAdvisor.exe, Incoming UDP access allowed to: 192.168.1.101:3826"
Firewall: User decision,7/12/2013 2:05:28 PM,Allowed,"C:\Documents and Settings\Harry Bowers\Local Settings\Apps\F.lux\flux.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Program Guard,7/12/2013 7:37:17 AM,Allowed,C:\Documents and Settings\Hewee\Local Settings\Apps\F.lux\flux.exe(1748) wants to remotely control C:\Program Files\Pale Moon\palemoon.exe(3944)
Program Guard,7/12/2013 7:37:01 AM,Allowed,C:\Documents and Settings\Hewee\Local Settings\Apps\F.lux\flux.exe(1748) wants to start C:\Program Files\Pale Moon\palemoon.exe
Firewall: User decision,7/12/2013 6:59:12 AM,Allowed,"C:\Documents and Settings\Hewee\Local Settings\Apps\F.lux\flux.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
System boot,7/12/2013 6:54:25 AM,None,System boot at: 7/12/2013 6:53:45 AM
Service started,7/12/2013 6:54:25 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Program Guard,7/10/2013 9:37:34 PM,Allowed,D:\Download Programs\MyUninstaller\MyUninstaller v1.74\myuninst.exe(1028) wants to remotely control C:\WINDOWS\explorer.exe(2736)
System boot,7/10/2013 7:14:50 AM,None,System boot at: 7/10/2013 7:14:13 AM
Service started,7/10/2013 7:14:50 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/10/2013 7:13:44 AM,None,System shutdown at: 7/10/2013 7:13:44 AM
System boot,7/10/2013 7:07:59 AM,None,System boot at: 7/10/2013 7:07:20 AM
Service started,7/10/2013 7:07:59 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/10/2013 7:06:49 AM,None,System shutdown at: 7/10/2013 7:06:49 AM
Program Guard,7/10/2013 6:59:02 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\VEW.exe(3960) wants to start C:\WINDOWS\system32\notepad.exe
Program Guard,7/10/2013 6:58:56 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\VEW.exe(3960) wants to remotely control C:\WINDOWS\system32\svchost.exe(932)
Program Guard,7/10/2013 6:58:34 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\VEW.exe
System boot,7/10/2013 6:04:38 AM,None,System boot at: 7/10/2013 6:03:58 AM
Service started,7/10/2013 6:04:38 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Firewall: Automatic decision,7/9/2013 8:28:42 PM,Allowed,"C:\Program Files\Mozilla Firefox\firefox.exe, Outgoing TCP access allowed to: 143.166.147.12:57268"
Firewall: Automatic decision,7/9/2013 8:28:24 PM,Allowed,"C:\Program Files\Mozilla Firefox\firefox.exe, Outgoing TCP access allowed to: 143.166.147.12:57252"
System boot,7/9/2013 5:35:01 PM,None,System boot at: 7/9/2013 5:34:20 PM
Service started,7/9/2013 5:35:01 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/9/2013 5:33:49 PM,None,System shutdown at: 7/9/2013 5:33:49 PM
Learning mode exited,7/9/2013 3:49:29 PM,None,
Program Guard,7/9/2013 3:46:06 PM,Allowed,C:\WINDOWS\system32\MRT.exe
Program Guard,7/9/2013 3:45:53 PM,Allowed,C:\4c9889099849f697bfeb3394f6\mrtstub.exe
Program Guard,7/9/2013 3:39:38 PM,Allowed,C:\be6f7563c7cf3dcb4aeb63206ffd3d\Setup.exe
Service started,7/9/2013 3:27:06 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/9/2013 3:27:06 PM,None,System boot at: 7/9/2013 3:26:19 PM
Learning mode exited,7/8/2013 3:58:17 PM,None,
System boot,7/8/2013 3:33:46 PM,None,System boot at: 7/8/2013 3:33:06 PM
Service started,7/8/2013 3:33:46 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Service stopped,7/8/2013 3:32:33 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/8/2013 3:32:23 PM,None,System shutdown at: 7/8/2013 3:32:23 PM
Program Guard,7/8/2013 3:32:14 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe wants to shutdown system
Autorun Detected,7/8/2013 3:32:12 PM,Allowed,C:\AdwCleaner[S1].txt
Program Guard,7/8/2013 3:30:27 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\Documents and Settings\All Users\Documents\metapad351\metapad.exe(1552)
Program Guard,7/8/2013 3:30:27 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\Program Files\Mozilla Firefox\firefox.exe(2808)
Program Guard,7/8/2013 3:30:26 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\WINDOWS\system32\ctfmon.exe(1524)
Program Guard,7/8/2013 3:30:25 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\Program Files\HostsMan\hm.exe(1580)
Program Guard,7/8/2013 3:30:25 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe(496)
Program Guard,7/8/2013 3:30:24 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\Program Files\KeyScrambler\KeyScrambler.exe(2616)
Program Guard,7/8/2013 3:30:23 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\Program Files\Alwil Software\Avast5\AvastUI.exe(3804)
Program Guard,7/8/2013 3:30:22 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\WINDOWS\RTHDCPL.EXE(2440)
Program Guard,7/8/2013 3:30:22 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe(2332) wants to terminate C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe(3524)
Firewall: User decision,7/8/2013 3:19:02 PM,Allowed,"C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Learning mode entered,7/8/2013 3:18:58 PM,None,
Program Guard,7/8/2013 3:18:52 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\AdwCleaner.exe
Program Guard,7/8/2013 3:03:55 PM,Blocked,C:\Program Files\UPHClean\uphclean.exe(2336) wants to resume thread in C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe(1460)
Learning mode exited,7/8/2013 3:01:40 PM,None,
System boot,7/8/2013 2:16:51 PM,None,System boot at: 7/8/2013 2:16:15 PM
Service started,7/8/2013 2:16:51 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Service stopped,7/8/2013 2:15:44 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/8/2013 2:15:31 PM,None,System shutdown at: 7/8/2013 2:15:31 PM
Firewall: User decision,7/8/2013 1:57:47 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\puppy.exe - Program you have trusted has changed.
Learning mode entered,7/8/2013 1:43:04 PM,None,
Program Guard,7/8/2013 12:10:06 PM,Allowed,C:\WINDOWS\system32\inetcpl.cpl
Learning mode exited,7/8/2013 12:08:54 PM,None,
System boot,7/8/2013 10:33:56 AM,None,System boot at: 7/8/2013 10:33:18 AM
Service started,7/8/2013 10:33:56 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Service started,7/8/2013 10:15:46 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/8/2013 10:15:46 AM,None,System boot at: 7/8/2013 10:15:06 AM
System shutdown,7/8/2013 10:14:38 AM,None,System shutdown at: 7/8/2013 10:14:38 AM
Program Guard,7/8/2013 10:01:44 AM,Allowed,C:\puppy\NirCmd.3XE
Program Guard,7/8/2013 10:01:42 AM,Allowed,C:\puppy\PV.3XE
Program Guard,7/8/2013 10:01:41 AM,Allowed,C:\puppy\swxcacls.3XE
Program Guard,7/8/2013 10:01:40 AM,Allowed,C:\puppy\NirCmdC.3XE
Program Guard,7/8/2013 10:01:39 AM,Allowed,C:\puppy\grep.3XE
Program Guard,7/8/2013 10:01:37 AM,Allowed,C:\puppy\sed.3XE
Program Guard,7/8/2013 10:01:37 AM,Allowed,C:\puppy\swreg.3XE
Program Guard,7/8/2013 10:01:36 AM,Allowed,C:\puppy\pev.3XE
Program Guard,7/8/2013 10:01:32 AM,Allowed,C:\puppy\CF832.3XE
Autorun Detected,7/8/2013 10:01:11 AM,Allowed,C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Program Guard,7/8/2013 10:01:10 AM,Allowed,C:\32788R22FWJFW\handle.3XE
Program Guard,7/8/2013 10:01:09 AM,Allowed,C:\32788R22FWJFW\rmbr.3XE(3588) wants to terminate C:\WINDOWS\system32\Drivers\mbr.sys
Program Guard,7/8/2013 10:01:09 AM,Allowed,C:\32788R22FWJFW\rmbr.3XE
Program Guard,7/8/2013 10:01:08 AM,Allowed,C:\32788R22FWJFW\swsc.3XE
Program Guard,7/8/2013 10:01:07 AM,Allowed,C:\WINDOWS\system32\chcp.com
Program Guard,7/8/2013 10:01:05 AM,Allowed,C:\32788R22FWJFW\sed.3XE
Program Guard,7/8/2013 10:01:03 AM,Allowed,C:\32788R22FWJFW\pev.3XE(1852) wants to terminate C:\32788R22FWJFW\NirCmd.3XE(1812)
Program Guard,7/8/2013 10:00:58 AM,Allowed,C:\32788R22FWJFW\NirCmd.3XE(2244) wants to send WM_CLOSE message to C:\Program Files\KeyScrambler\KeyScrambler.exe(3216)
Program Guard,7/8/2013 10:00:56 AM,Allowed,C:\32788R22FWJFW\cmd.3XE
Program Guard,7/8/2013 10:00:55 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\puppy.exe(2384) wants to terminate C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsn6.tmp\ns9.tmp(2416)
Autorun Detected,7/8/2013 10:00:52 AM,Allowed,C:\WINDOWS\System32\hidserv.dll
Program Guard,7/8/2013 10:00:51 AM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsn6.tmp\ns9.tmp
Program Guard,7/8/2013 10:00:50 AM,Allowed,C:\32788R22FWJFW\Hidec.3XE
Program Guard,7/8/2013 10:00:50 AM,Allowed,C:\32788R22FWJFW\NirCmd.3XE
Program Guard,7/8/2013 10:00:50 AM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsn6.tmp\ns8.tmp
Program Guard,7/8/2013 10:00:47 AM,Allowed,C:\32788R22FWJFW\grep.3XE
Program Guard,7/8/2013 10:00:44 AM,Allowed,C:\32788R22FWJFW\swreg.3XE
Program Guard,7/8/2013 10:00:44 AM,Allowed,C:\32788R22FWJFW\gsar.3XE
Program Guard,7/8/2013 10:00:44 AM,Allowed,C:\32788R22FWJFW\swxcacls.3XE
Program Guard,7/8/2013 10:00:44 AM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\puppy.exe(2384) wants to remotely control C:\WINDOWS\system32\cmd.exe(2408)
Program Guard,7/8/2013 10:00:43 AM,Allowed,C:\32788R22FWJFW\fl0.bat
Program Guard,7/8/2013 10:00:42 AM,Allowed,C:\32788R22FWJFW\License\iexplore.exe
Program Guard,7/8/2013 10:00:41 AM,Allowed,C:\32788R22FWJFW\iexplore.exe(3120) wants to send WM_CLOSE message to C:\32788R22FWJFW\pev.3XE(2108)
Program Guard,7/8/2013 10:00:41 AM,Allowed,C:\32788R22FWJFW\iexplore.exe
Program Guard,7/8/2013 10:00:40 AM,Allowed,C:\32788R22FWJFW\EN-US\iexplore.exe
Program Guard,7/8/2013 10:00:40 AM,Allowed,C:\32788R22FWJFW\PEV.3XE
Program Guard,7/8/2013 10:00:39 AM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsn6.tmp\ns7.tmp
Program Guard,7/8/2013 10:00:33 AM,Allowed,C:\32788R22FWJFW\ERUNT.3XE
Firewall: Automatic decision,7/8/2013 10:00:32 AM,Allowed,"C:\Documents and Settings\Harry Bowers\desktop\puppy.exe, Outgoing TCP access allowed to: 208.43.120.24:80"
Firewall: Automatic decision,7/8/2013 10:00:32 AM,Allowed,"C:\Documents and Settings\Harry Bowers\desktop\puppy.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Autorun Detected,7/8/2013 10:00:23 AM,Allowed,%1 %*
Program Guard,7/8/2013 10:00:04 AM,Allowed,C:\Documents and Settings\Harry Bowers\Desktop\puppy.exe
System boot,7/8/2013 8:39:41 AM,None,System boot at: 7/8/2013 8:39:04 AM
Service started,7/8/2013 8:39:41 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/7/2013 5:22:19 PM,None,System boot at: 7/7/2013 5:21:39 PM
Service started,7/7/2013 5:22:19 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/7/2013 5:21:11 PM,None,System shutdown at: 7/7/2013 5:21:11 PM
Learning mode exited,7/7/2013 4:35:15 PM,None,
System boot,7/7/2013 4:32:27 PM,None,System boot at: 7/7/2013 4:31:48 PM
Service started,7/7/2013 4:32:27 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Program Guard,7/7/2013 4:30:05 PM,Allowed,C:\Program Files\UPHClean\uphclean.exe(2356) wants to terminate C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
System shutdown,7/7/2013 4:30:04 PM,None,System shutdown at: 7/7/2013 4:30:03 PM
System boot,7/7/2013 4:23:43 PM,None,System boot at: 7/7/2013 4:23:05 PM
Service started,7/7/2013 4:23:43 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/7/2013 4:22:33 PM,None,System shutdown at: 7/7/2013 4:22:33 PM
Key Logger detected,7/7/2013 4:04:33 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\SystemLook.exe
Program Guard,7/7/2013 4:04:10 PM,Allowed,C:\Documents and Settings\Harry Bowers\Desktop\SystemLook.exe
Learning mode entered,7/7/2013 4:04:07 PM,None,
Learning mode exited,7/7/2013 1:23:35 PM,None,
Program Guard,7/7/2013 12:37:23 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\FRST.exe wants to access hard disk directly using device \??\PhysicalDrive0
Program Guard,7/7/2013 12:37:09 PM,Allowed,C:\windows\md5deep.exe
Program Guard,7/7/2013 12:37:09 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\FRST.exe wants to create executable file C:\windows\md5deep.exe
Program Guard,7/7/2013 12:36:30 PM,Allowed,C:\WINDOWS\ERUNT.exe wants to create executable file C:\FRST\HIVES\ERDNT.EXE
Program Guard,7/7/2013 12:36:24 PM,Allowed,C:\WINDOWS\ERUNT.exe
Program Guard,7/7/2013 12:36:22 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\FRST.exe wants to create executable file C:\windows\ERUNT.exe
Program Guard,7/7/2013 12:36:07 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\FRST.exe wants to create executable file C:\Documents and Settings\Harry Bowers\Local Settings\Temporary Internet Files\Content.IE5\1UZHOTOU\FRST[1].exe
Firewall: Automatic decision,7/7/2013 12:36:05 PM,Allowed,"C:\Documents and Settings\Harry Bowers\desktop\FRST.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Program Guard,7/7/2013 12:36:04 PM,Allowed,C:\Documents and Settings\Harry Bowers\Desktop\FRST.exe
Learning mode entered,7/7/2013 12:36:00 PM,None,
Learning mode exited,7/7/2013 11:54:20 AM,None,
Firewall: User decision,7/7/2013 11:48:46 AM,Allowed,"C:\Documents and Settings\Harry Bowers\desktop\tdsskiller.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Learning mode entered,7/7/2013 11:48:42 AM,None,
System boot,7/7/2013 9:17:27 AM,None,System boot at: 7/7/2013 9:16:44 AM
Service started,7/7/2013 9:17:27 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Program Guard,7/5/2013 6:16:40 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\aswMBR.exe(2232) wants to change window attributes in C:\WINDOWS\system32\csrss.exe(536)
Firewall: User decision,7/5/2013 5:48:20 PM,Allowed,"C:\Documents and Settings\Harry Bowers\desktop\aswMBR.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Program Guard,7/5/2013 5:47:30 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\aswMBR.exe wants to access hard disk directly using device \??\PHYSICALDRIVE0
Program Guard,7/5/2013 5:47:27 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\aswMBR.exe(2232) wants to start C:\Documents and Settings\Harry Bowers\Local Settings\Temp\aswMBR.sys
Autorun Detected,7/5/2013 5:47:24 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\aswMBR.sys
Program Guard,7/5/2013 5:47:17 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\aswMBR.exe wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\aswMBR.sys
Program Guard,7/5/2013 5:47:12 PM,Allowed,C:\Documents and Settings\Harry Bowers\Desktop\aswMBR.exe
Learning mode exited,7/5/2013 5:10:24 PM,None,
Learning mode entered,7/5/2013 5:09:24 PM,None,
Program Guard,7/5/2013 4:51:13 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr(2804) wants to start C:\Documents and Settings\All Users\Documents\metapad351\metapad.exe
Program Guard,7/5/2013 4:51:05 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\ns14.tmp(952) wants to start C:\WINDOWS\system32\cmd.exe
Program Guard,7/5/2013 4:50:59 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\ns14.tmp
Program Guard,7/5/2013 4:50:54 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\ns13.tmp(2480) wants to start C:\WINDOWS\system32\cscript.exe
Program Guard,7/5/2013 4:50:49 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\ns13.tmp
Program Guard,7/5/2013 4:50:42 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\MBR.DAT wants to access hard disk directly using device \??\PHYSICALDRIVE0
Autorun Detected,7/5/2013 4:50:18 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\mbr.sys
Program Guard,7/5/2013 4:50:15 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\MBR.DAT wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\mbr.sys
Program Guard,7/5/2013 4:50:06 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\MBR.DAT
Program Guard,7/5/2013 4:50:00 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\sqlite3.DAT
Program Guard,7/5/2013 4:48:58 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\PEV.DAT
Program Guard,7/5/2013 4:48:54 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\SED.DAT
Program Guard,7/5/2013 4:48:49 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\dds.cmd wants to start C:\WINDOWS\system32\findstr.exe(0)
Program Guard,7/5/2013 4:48:45 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\dds.cmd wants to start C:\WINDOWS\System32\cscript.exe(0)
Program Guard,7/5/2013 4:48:43 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\dds.cmd
Program Guard,7/5/2013 4:48:41 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\ns12.tmp(3300) wants to start C:\WINDOWS\system32\cmd.exe
Program Guard,7/5/2013 4:48:35 PM,Allowed,C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\nsExec.dll(2804) wants to start C:\Documents and Settings\Harry Bowers\Local Settings\Temp\nsm11.tmp\ns12.tmp
Program Guard,7/5/2013 4:48:27 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\SvcWhtDDSVista.dll
Program Guard,7/5/2013 4:48:23 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\SvcWhtDDS.dll
Program Guard,7/5/2013 4:48:21 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\ffext.dll
Program Guard,7/5/2013 4:48:19 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\Policies.exe
Program Guard,7/5/2013 4:48:17 PM,Blocked,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\osidDDS.vbs
Program Guard,7/5/2013 4:48:17 PM,Blocked,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\OsProp.vbs
Program Guard,7/5/2013 4:48:16 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\MSClsid.exe
Program Guard,7/5/2013 4:48:14 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\dds.cmd
Key Logger detected,7/5/2013 4:48:10 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr
Program Guard,7/5/2013 4:48:01 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\Banner.dll
Program Guard,7/5/2013 4:47:52 PM,Allowed,C:\Documents and Settings\Harry Bowers\Desktop\dds.scr(2804) wants to start C:\WINDOWS\system32\REGSVR32.exe
Program Guard,7/5/2013 4:47:43 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\UserInfo.dll
Program Guard,7/5/2013 4:47:31 PM,Allowed,C:\Documents and Settings\Harry Bowers\desktop\dds.scr wants to create executable file C:\DOCUME~1\HARRYB~1\LOCALS~1\Temp\nsm11.tmp\System.dll
Program Guard,7/5/2013 4:47:27 PM,Allowed,C:\Documents and Settings\Harry Bowers\Desktop\dds.scr
Program Guard,7/5/2013 4:40:15 PM,Allowed,C:\Documents and Settings\All Users\Documents\dds.scr wants to create executable file C:\DOCUME~1\Hewee\LOCALS~1\Temp\nsgD.tmp\System.dll
Program Guard,7/5/2013 4:40:11 PM,Allowed,C:\Documents and Settings\All Users\Documents\dds.scr
Program Guard,7/5/2013 3:03:17 PM,Allowed,C:\Documents and Settings\All Users\Documents\VEW.exe(3720) wants to start notepad C:\VEW.txt
Program Guard,7/5/2013 3:02:49 PM,Allowed,C:\Documents and Settings\All Users\Documents\VEW.exe
System boot,7/5/2013 2:48:53 PM,None,System boot at: 7/5/2013 2:48:06 PM
Service started,7/5/2013 2:48:53 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/5/2013 2:47:23 PM,None,System shutdown at: 7/5/2013 2:47:23 PM
Program Guard,7/5/2013 1:00:17 PM,Allowed,C:\Program Files\UPHClean\uphclean.exe(3908) wants to start C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Autorun Detected,7/5/2013 1:00:15 PM,Allowed,C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Autorun Detected,7/5/2013 1:00:09 PM,Allowed,C:\Program Files\UPHClean\uphclean.exe
Program Guard,7/5/2013 1:00:05 PM,Allowed,C:\Program Files\UPHClean\uphclean.exe
Program Guard,7/5/2013 12:58:43 PM,Allowed,C:\Documents and Settings\All Users\Documents\UPHClean-Setup.msi wants to remotely control C:\WINDOWS\system32\msiexec.exe(3876)
Program Guard,7/5/2013 12:58:42 PM,Allowed,C:\Documents and Settings\All Users\Documents\UPHClean-Setup.msi wants to remotely control C:\WINDOWS\system32\svchost.exe(928)
Program Guard,7/5/2013 12:58:41 PM,Allowed,C:\Documents and Settings\All Users\Documents\UPHClean-Setup.msi
System boot,7/5/2013 12:51:34 PM,None,System boot at: 7/5/2013 12:50:54 PM
Service started,7/5/2013 12:51:34 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,7/5/2013 12:50:06 PM,None,System shutdown at: 7/5/2013 12:50:06 PM
Program Guard,7/5/2013 12:48:53 PM,Allowed,C:\Documents and Settings\Hewee\Desktop\UPHClean-Setup.msi wants to remotely control C:\WINDOWS\system32\msiexec.exe(1768)
Program Guard,7/5/2013 12:48:53 PM,Allowed,C:\Documents and Settings\Hewee\Desktop\UPHClean-Setup.msi wants to remotely control C:\WINDOWS\system32\svchost.exe(928)
Program Guard,7/5/2013 12:48:52 PM,Allowed,C:\Documents and Settings\Hewee\Desktop\UPHClean-Setup.msi
Service started,7/5/2013 10:38:41 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/5/2013 10:38:41 AM,None,System boot at: 7/5/2013 10:38:00 AM
System boot,7/4/2013 5:25:40 PM,None,System boot at: 7/4/2013 5:24:57 PM
Service started,7/4/2013 5:25:40 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Service started,6/27/2013 8:25:57 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,6/27/2013 8:25:57 AM,None,System boot at: 6/27/2013 8:25:18 AM
Service started,6/26/2013 10:04:07 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,6/26/2013 10:04:07 PM,None,System boot at: 6/26/2013 10:03:29 PM
System shutdown,6/26/2013 10:02:44 PM,None,System shutdown at: 6/26/2013 10:02:44 PM
Firewall: Automatic decision,6/26/2013 11:37:12 AM,Allowed,C:\Program Files\Mozilla Firefox\plugin-container.exe - Program you have trusted has changed.
System boot,6/26/2013 8:40:41 AM,None,System boot at: 6/26/2013 8:40:01 AM
Service started,6/26/2013 8:40:41 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,6/26/2013 8:39:26 AM,None,System boot at: 6/26/2013 8:38:41 AM
Service started,6/26/2013 8:39:26 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System shutdown,6/26/2013 8:23:53 AM,None,System shutdown at: 6/26/2013 8:23:53 AM
System boot,6/26/2013 8:20:50 AM,None,System boot at: 6/26/2013 8:20:04 AM
Service started,6/26/2013 8:20:50 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Service started,6/25/2013 9:27:06 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,6/25/2013 9:27:06 PM,None,System boot at: 6/25/2013 9:26:21 PM
System shutdown,6/25/2013 9:25:00 PM,None,System shutdown at: 6/25/2013 9:25:00 PM
New Host Entry Detected,6/25/2013 8:53:50 PM,Allowed,127.0.0.1 07botting.org
Service started,6/25/2013 8:20:51 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,6/25/2013 8:20:51 PM,None,System boot at: 6/25/2013 8:20:01 PM
System shutdown,6/25/2013 8:06:47 PM,None,System shutdown at: 6/25/2013 8:06:47 PM
Service started,6/25/2013 7:45:08 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,6/25/2013 7:45:08 PM,None,System boot at: 6/25/2013 7:44:22 PM
System shutdown,6/25/2013 7:43:50 PM,None,System shutdown at: 6/25/2013 7:43:50 PM
Firewall: Automatic decision,6/25/2013 11:24:21 AM,Allowed,"C:\Program Files\Mozilla Firefox\firefox.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Firewall: Automatic decision,6/25/2013 11:21:37 AM,Allowed,"C:\Documents and Settings\Hewee\Local Settings\Temp\FirefoxPortable\program\firefox.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Firewall: Automatic decision,6/25/2013 9:52:23 AM,Allowed,"C:\Program Files\Mozilla Firefox\firefox.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Firewall: Automatic decision,6/25/2013 9:47:33 AM,Allowed,"C:\Documents and Settings\Hewee\Local Settings\Temp\FirefoxPortable\program\firefox.exe, Outgoing TCP access allowed to: 54.225.130.114:443"
Firewall: User decision,6/25/2013 9:47:33 AM,Allowed,"C:\Documents and Settings\Hewee\Local Settings\Temp\FirefoxPortable\program\firefox.exe, Outgoing UDP access allowed to: 172.27.35.1:53"
Firewall: Automatic decision,6/25/2013 9:20:50 AM,Allowed,C:\Program Files\Mozilla Firefox\firefox.exe - Program you have trusted has changed.
Service started,6/25/2013 8:19:27 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,6/25/2013 8:19:27 AM,None,System boot at: 6/25/2013 8:18:45 AM
Service started,6/22/2013 7:50:15 AM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,6/22/2013 7:50:15 AM,None,System boot at: 6/22/2013 7:49:33 AM

===================================================

You said look here at http://www.emsisoft.com/en/info/oa/Firewall.shtml but I have older version. Note they show a ICMP and Raw column but I don't have that.

Found this http://support.emsisoft.com/topic/3474-need-help-about-out-going-raw-message/ and http://www.emsisoft.com/en/info/oa/Protocols.shtml

This I guess when it started.

Firewall: Automatic decision,7/16/2013 12:42:57 PM,Blocked,"System, Incoming ICMP access blocked"
Service started,7/16/2013 12:42:31 PM,None,C:\Program Files\Tall Emu\Online Armor\oasrv.exe
System boot,7/16/2013 12:42:31 PM,None,*System boot* at: 7/16/2013 12:41:51 PM


----------



## Cookiegal (Aug 27, 2003)

I haven't heard back from the developer of ComboFix but let's try restoring most of what ComboFix deleted and see if that makes any difference.

Open Notepad and copy and paste the text in the code box below into it:


```
DEQUARANTINE::
C:\Qoobox\Quarantine\C\WINDOWS\system32\updater.exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\res
C:\Qoobox\Quarantine\C\WINDOWS\system32\components
C:\Qoobox\Quarantine\C\WINDOWS\system32\ReadMe.txt.vir
C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt.vir
QUIT::
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe (or the renamed puppy.exe if you were asked to rename it).










This will start ComboFix again but it will not run a full scan. It will only restore the files and then stop. Please post the contents of Combofix.txt in your next reply.


----------



## hewee (Oct 26, 2001)

So is the ICMP AND RAW ok in the above posts?

I know it seem to help with it or the ICMP running.

*So what's new?* I have not heard back from support for Online Armor either.

*Goofed UP*

When ComboFix started it said a new version is out so I clicked YES.

It ran the full scan and this is it here.

Did not run the CFScript.txt because of the scan.

Avast was disabled but for 10 minutes but scan lasted longer and it closed Firefox and all I could see was the scan and desktop wall paper so could not do anything but click pass lots of Avast pop up.

============================================================

ComboFix 13-07-24.03 - Harry Bowers 07/24/2013 13:06:00.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2274 [GMT -7:00]
Running from: c:\documents and settings\Harry Bowers\Desktop\puppy.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\default_user_class.dat.LOG
.
.
((((((((((((((((((((((((( Files Created from 2013-06-24 to 2013-07-24 )))))))))))))))))))))))))))))))
.
.
2013-07-16 04:09 . 2013-07-16 04:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallMate
2013-07-15 03:14 . 2013-07-15 22:55	--------	d-----w-	c:\documents and settings\Harry Bowers\Application Data\Firetrust
2013-07-09 22:46 . 2013-07-09 22:48	--------	d-----w-	c:\windows\system32\MRT
2013-07-08 23:02 . 2013-07-08 23:02	--------	d-----w-	c:\windows\ERUNT
2013-07-08 20:58 . 2008-04-14 00:11	21504	----a-w-	c:\windows\system32\hidserv.dll
2013-07-08 20:58 . 2008-04-14 00:11	21504	----a-w-	c:\windows\system32\dllcache\hidserv.dll
2013-07-08 17:01 . 2013-07-08 17:41	--------	d-----w-	C:\puppy
2013-07-07 19:36 . 2013-07-07 19:36	--------	d-----w-	C:\FRST
2013-07-05 19:59 . 2013-07-05 19:59	--------	d-----w-	c:\program files\UPHClean
2013-07-03 18:21 . 2007-03-10 16:11	2680320	----a-w-	c:\windows\system32\ImageEnXLibrary.ocx
2013-07-03 18:21 . 2013-07-03 18:32	--------	d-----w-	C:\FreeOCR
2013-07-03 18:19 . 2013-07-03 18:19	--------	d-----w-	c:\program files\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 16:47 . 2012-07-11 14:49	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-09 16:47 . 2012-07-11 14:49	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 19:29 . 2013-03-19 23:42	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:29 . 2011-02-23 20:29	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:29 . 2010-01-21 08:55	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-08 06:55 . 2004-08-11 22:00	385024	----a-w-	c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-11 22:00	920064	----a-w-	c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-11 22:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-11 22:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-11 22:00	562688	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2009-06-09 16:28	1876736	----a-w-	c:\windows\system32\win32k.sys
2013-05-31 14:53 . 2009-03-28 21:13	209016	----a-w-	c:\windows\system32\drivers\keyscrambler.sys
2013-05-09 08:59 . 2013-03-19 23:42	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2010-01-21 08:55	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-28 17:42	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2010-01-21 08:55	49760	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2010-01-21 08:55	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2010-06-29 22:08	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2010-01-21 08:54	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-09 07:28 . 2006-10-19 04:47	1543680	------w-	c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2009-06-09 16:28	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2009-06-09 16:28	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-01 10:59 . 2013-05-01 10:59	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59	69632	----a-w-	c:\windows\system32\QuickTime.qts
2008-09-18 01:18 . 2008-09-18 01:18	274432	----a-w-	c:\program files\stripmail.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostsMan"="c:\program files\HostsMan\hm.exe" [2013-05-02 6761472]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-07-15 436800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2012-02-15 90112]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-31 16860672]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-10-16 6390256]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-10-16 849904]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Secunia Update Agent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/19/2013 4:42 PM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/19/2013 4:42 PM 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/23/2011 1:29 PM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2010 1:55 AM 369584]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [4/11/2013 12:35 PM 21664]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/1/2010 11:51 AM 198008]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/1/2010 11:51 AM 21880]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/1/2010 11:51 AM 27000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 11:54 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2010 1:55 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2/28/2013 10:42 AM 66336]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [7/10/2008 12:16 AM 8960]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/1/2010 11:51 AM 1241584]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/1/2010 11:51 AM 3314160]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [3/28/2009 2:13 PM 209016]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [7/10/2008 12:17 AM 11264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [7/10/2008 12:16 AM 16640]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416]
S3 SIVDRIVER;SIV Kernel Driver;\??\c:\windows\system32\Drivers\SIVX32.sys --> c:\windows\system32\Drivers\SIVX32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-29 08:58]
.
2013-07-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d1ae5883-a393-4c4a-9f36-8104ba81b2a9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: secunia.com\psi
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 172.27.35.1 68.87.76.178 68.87.78.130
FF - ProfilePath - c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\
FF - prefs.js: browser.startup.homepage - file:///D:/My_homepage.html
FF - ExtSQL: 2013-05-30 05:21; [email protected]; c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\extensions\[email protected]
FF - ExtSQL: 2013-07-07 11:10; [email protected]; c:\documents and settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~2\{A62F9~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-24 13:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD161HJ rev.JF100-22 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3745757714-3295662-1287941395-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2013-07-24 13:17:36
ComboFix-quarantined-files.txt 2013-07-24 20:17
ComboFix2.txt 2013-07-08 21:08
ComboFix3.txt 2013-07-08 17:41
.
Pre-Run: 87,120,437,248 bytes free
Post-Run: 87,100,084,224 bytes free
.
- - End Of File - - 04257523C13BC34C546F14B57A830631
8F558EB6672622401DA993E1E865C861

**************************************************************
Got to go to the store so be back later.


----------



## Cookiegal (Aug 27, 2003)

I don't know the answer about RAW and ICMP. I've never used Comodo.

Please run the CFScript with ComboFix and post the log.


----------



## hewee (Oct 26, 2001)

I don't have Comodo.

OAwatch.dll *did not get restored*.

I also had to do a reboot because I could not get online

===============================

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt.vir -> C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt ( 12 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\ReadMe.txt.vir -> C:\WINDOWS\system32\ReadMe.txt ( 181 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\updater.exe.vir -> C:\WINDOWS\system32\updater.exe ( 238592 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\browser.xpt -> C:\WINDOWS\system32\components\browser.xpt
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\browserdirprovider.dll -> C:\WINDOWS\system32\components\browserdirprovider.dll
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\brwsrcmp.dll -> C:\WINDOWS\system32\components\brwsrcmp.dll
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\components.list -> C:\WINDOWS\system32\components\components.list
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\FeedConverter.js -> C:\WINDOWS\system32\components\FeedConverter.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\FeedProcessor.js -> C:\WINDOWS\system32\components\FeedProcessor.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\FeedWriter.js -> C:\WINDOWS\system32\components\FeedWriter.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\fuelApplication.js -> C:\WINDOWS\system32\components\fuelApplication.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\GPSDGeolocationProvider.js -> C:\WINDOWS\system32\components\GPSDGeolocationProvider.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\jsconsole-clhandler.js -> C:\WINDOWS\system32\components\jsconsole-clhandler.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\NetworkGeolocationProvider.js -> C:\WINDOWS\system32\components\NetworkGeolocationProvider.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsAddonRepository.js -> C:\WINDOWS\system32\components\nsAddonRepository.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsBadCertHandler.js -> C:\WINDOWS\system32\components\nsBadCertHandler.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsBlocklistService.js -> C:\WINDOWS\system32\components\nsBlocklistService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsBrowserContentHandler.js -> C:\WINDOWS\system32\components\nsBrowserContentHandler.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsBrowserGlue.js -> C:\WINDOWS\system32\components\nsBrowserGlue.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsContentDispatchChooser.js -> C:\WINDOWS\system32\components\nsContentDispatchChooser.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsContentPrefService.js -> C:\WINDOWS\system32\components\nsContentPrefService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsDefaultCLH.js -> C:\WINDOWS\system32\components\nsDefaultCLH.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsDownloadManagerUI.js -> C:\WINDOWS\system32\components\nsDownloadManagerUI.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsExtensionManager.js -> C:\WINDOWS\system32\components\nsExtensionManager.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsFormAutoComplete.js -> C:\WINDOWS\system32\components\nsFormAutoComplete.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsHandlerService.js -> C:\WINDOWS\system32\components\nsHandlerService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsHelperAppDlg.js -> C:\WINDOWS\system32\components\nsHelperAppDlg.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsINIProcessor.js -> C:\WINDOWS\system32\components\nsINIProcessor.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsLivemarkService.js -> C:\WINDOWS\system32\components\nsLivemarkService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsLoginInfo.js -> C:\WINDOWS\system32\components\nsLoginInfo.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsLoginManager.js -> C:\WINDOWS\system32\components\nsLoginManager.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsLoginManagerPrompter.js -> C:\WINDOWS\system32\components\nsLoginManagerPrompter.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsMicrosummaryService.js -> C:\WINDOWS\system32\components\nsMicrosummaryService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsPlacesAutoComplete.js -> C:\WINDOWS\system32\components\nsPlacesAutoComplete.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsPlacesDBFlush.js -> C:\WINDOWS\system32\components\nsPlacesDBFlush.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsPlacesTransactionsService.js -> C:\WINDOWS\system32\components\nsPlacesTransactionsService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsPrivateBrowsingService.js -> C:\WINDOWS\system32\components\nsPrivateBrowsingService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsProxyAutoConfig.js -> C:\WINDOWS\system32\components\nsProxyAutoConfig.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSafebrowsingApplication.js -> C:\WINDOWS\system32\components\nsSafebrowsingApplication.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSearchService.js -> C:\WINDOWS\system32\components\nsSearchService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSearchSuggestions.js -> C:\WINDOWS\system32\components\nsSearchSuggestions.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSessionStartup.js -> C:\WINDOWS\system32\components\nsSessionStartup.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSessionStore.js -> C:\WINDOWS\system32\components\nsSessionStore.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSetDefaultBrowser.js -> C:\WINDOWS\system32\components\nsSetDefaultBrowser.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsSidebar.js -> C:\WINDOWS\system32\components\nsSidebar.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsTaggingService.js -> C:\WINDOWS\system32\components\nsTaggingService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsTryToClose.js -> C:\WINDOWS\system32\components\nsTryToClose.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUpdateService.js -> C:\WINDOWS\system32\components\nsUpdateService.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUpdateServiceStub.js -> C:\WINDOWS\system32\components\nsUpdateServiceStub.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUpdateTimerManager.js -> C:\WINDOWS\system32\components\nsUpdateTimerManager.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUrlClassifierLib.js -> C:\WINDOWS\system32\components\nsUrlClassifierLib.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsUrlClassifierListManager.js -> C:\WINDOWS\system32\components\nsUrlClassifierListManager.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsURLFormatter.js -> C:\WINDOWS\system32\components\nsURLFormatter.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\nsWebHandlerApp.js -> C:\WINDOWS\system32\components\nsWebHandlerApp.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\pluginGlue.js -> C:\WINDOWS\system32\components\pluginGlue.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\storage-Legacy.js -> C:\WINDOWS\system32\components\storage-Legacy.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\storage-mozStorage.js -> C:\WINDOWS\system32\components\storage-mozStorage.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\txEXSLTRegExFunctions.js -> C:\WINDOWS\system32\components\txEXSLTRegExFunctions.js
C:\Qoobox\Quarantine\C\WINDOWS\system32\components\WebContentConverter.js -> C:\WINDOWS\system32\components\WebContentConverter.js
56 File(s) copied
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\arrow.gif -> C:\WINDOWS\system32\res\arrow.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\arrowd.gif -> C:\WINDOWS\system32\res\arrowd.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\broken-image.png -> C:\WINDOWS\system32\res\broken-image.png
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\charsetalias.properties -> C:\WINDOWS\system32\res\charsetalias.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\charsetData.properties -> C:\WINDOWS\system32\res\charsetData.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\contenteditable.css -> C:\WINDOWS\system32\res\contenteditable.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\designmode.css -> C:\WINDOWS\system32\res\designmode.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\EditorOverride.css -> C:\WINDOWS\system32\res\EditorOverride.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\forms.css -> C:\WINDOWS\system32\res\forms.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\grabber.gif -> C:\WINDOWS\system32\res\grabber.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\hiddenWindow.html -> C:\WINDOWS\system32\res\hiddenWindow.html
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\html.css -> C:\WINDOWS\system32\res\html.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\langGroups.properties -> C:\WINDOWS\system32\res\langGroups.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\language.properties -> C:\WINDOWS\system32\res\language.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\loading-image.png -> C:\WINDOWS\system32\res\loading-image.png
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\mathml.css -> C:\WINDOWS\system32\res\mathml.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\quirk.css -> C:\WINDOWS\system32\res\quirk.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\svg.css -> C:\WINDOWS\system32\res\svg.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-after-active.gif -> C:\WINDOWS\system32\res\table-add-column-after-active.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-after-hover.gif -> C:\WINDOWS\system32\res\table-add-column-after-hover.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-after.gif -> C:\WINDOWS\system32\res\table-add-column-after.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-before-active.gif -> C:\WINDOWS\system32\res\table-add-column-before-active.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-before-hover.gif -> C:\WINDOWS\system32\res\table-add-column-before-hover.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-column-before.gif -> C:\WINDOWS\system32\res\table-add-column-before.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-after-active.gif -> C:\WINDOWS\system32\res\table-add-row-after-active.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-after-hover.gif -> C:\WINDOWS\system32\res\table-add-row-after-hover.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-after.gif -> C:\WINDOWS\system32\res\table-add-row-after.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-before-active.gif -> C:\WINDOWS\system32\res\table-add-row-before-active.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-before-hover.gif -> C:\WINDOWS\system32\res\table-add-row-before-hover.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-add-row-before.gif -> C:\WINDOWS\system32\res\table-add-row-before.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-column-active.gif -> C:\WINDOWS\system32\res\table-remove-column-active.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-column-hover.gif -> C:\WINDOWS\system32\res\table-remove-column-hover.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-column.gif -> C:\WINDOWS\system32\res\table-remove-column.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-row-active.gif -> C:\WINDOWS\system32\res\table-remove-row-active.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-row-hover.gif -> C:\WINDOWS\system32\res\table-remove-row-hover.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\table-remove-row.gif -> C:\WINDOWS\system32\res\table-remove-row.gif
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\ua.css -> C:\WINDOWS\system32\res\ua.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\viewsource.css -> C:\WINDOWS\system32\res\viewsource.css
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\wincharset.properties -> C:\WINDOWS\system32\res\wincharset.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\dtd\mathml.dtd -> C:\WINDOWS\system32\res\dtd\mathml.dtd
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\dtd\xhtml11.dtd -> C:\WINDOWS\system32\res\dtd\xhtml11.dtd
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\html40Latin1.properties -> C:\WINDOWS\system32\res\entityTables\html40Latin1.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\html40Special.properties -> C:\WINDOWS\system32\res\entityTables\html40Special.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\html40Symbols.properties -> C:\WINDOWS\system32\res\entityTables\html40Symbols.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\htmlEntityVersions.properties -> C:\WINDOWS\system32\res\entityTables\htmlEntityVersions.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\mathml20.properties -> C:\WINDOWS\system32\res\entityTables\mathml20.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\entityTables\transliterate.properties -> C:\WINDOWS\system32\res\entityTables\transliterate.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfont.properties -> C:\WINDOWS\system32\res\fonts\mathfont.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontStandardSymbolsL.properties -> C:\WINDOWS\system32\res\fonts\mathfontStandardSymbolsL.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontSTIXNonUnicode.properties -> C:\WINDOWS\system32\res\fonts\mathfontSTIXNonUnicode.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontSTIXSize1.properties -> C:\WINDOWS\system32\res\fonts\mathfontSTIXSize1.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontSymbol.properties -> C:\WINDOWS\system32\res\fonts\mathfontSymbol.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\fonts\mathfontUnicode.properties -> C:\WINDOWS\system32\res\fonts\mathfontUnicode.properties
C:\Qoobox\Quarantine\C\WINDOWS\system32\res\html\folder.png -> C:\WINDOWS\system32\res\html\folder.png
54 File(s) copied


----------



## hewee (Oct 26, 2001)

Can I just make a copy of OAwatch.dll.vir and rename it OAwatch.dll and put in back in the Program Files\Tall Emu\Online Armor folder and have it work?


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> Can I just make a copy of OAwatch.dll.vir and rename it OAwatch.dll and put in back in the Program Files\Tall Emu\Online Armor folder and have it work?


Yes, please try that. I don't know why ComboFix isn't working to restore it.

Also, I meant to say OnLine Armor (not Comodo).


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> Yes, please try that. I don't know why ComboFix isn't working to restore it.
> 
> Also, I meant to say OnLine Armor (not Comodo).


OK not Comodo. 

I restored OAwatch.dll to Program Files\Tall Emu\Online Armor folder but not sure if any other part may be in the registry that deals with it was removed.

Let me reboot


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> OK not Comodo.
> 
> I restored OAwatch.dll to Program Files\Tall Emu\Online Armor folder but *not sure if any other part may be in the registry that deals with it was removed*.
> 
> Let me reboot


It shouldn't have been.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> It shouldn't have been.


It is there there but it is not running. Not sure just what it does but I think it was running before or was watching when ComboFix and then ComboFix took it away.
Waiting to hear back on OAwatch.dll and what it does etc and if it should be showing as running.


----------



## hewee (Oct 26, 2001)

OAwatch.dll does this...

It is part of the HIPS. It doesn't run on its own, but will be loaded by all processes that are watched by Online Armor.


----------



## Cookiegal (Aug 27, 2003)

Were you able to restore the file to it's proper location?


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> Were you able to restore the file to it's proper location?


Yes I was.

Was told... It is part of the HIPS. It doesn't run on its own, but will be loaded by all processes that are watched by Online Armor.

Also that its old and has a bug in it that was fixed by Tall Emu before they sold Online Armor to Emsisoft.
Was not a bad bug bit a good one. They keys were good only a year so you had to pay each year to get updates from site. But also keep the added options the paid version has.
I still have all the paid version options.
I can not reinstall it because they key is no longer good and I think would got to Tall Emu web site that would be a dead link also.


----------



## Cookiegal (Aug 27, 2003)

Have you regained all of the functions you had with your two accounts and switching from one to the other now?


----------



## hewee (Oct 26, 2001)

IE is still acting up.
Admin profile.
1. can not go to file and click open and get anything to open
2. can not get IE to open file:///D:/My_homepage.html
3. See IE-home-error. After 3 tries I get IE-home-error2
4. See image IE-home-error2 and "res://ieframe.dll/acr_error.htm#,about:blank" in address bar
5. This happens to all 3 of the IE's
5a. IE - Target: C:\Program Files\Internet Explorer\iexplore.exe, Shortcut: %HOMEDRIVE%%HOMEPATH%
5b. Windows Update - Target: %SystemRoot%\system32\wupdmgr.exe, Shortcut: %HOMEDRIVE%%HOMEPATH%
5c. Microsoft Update - Target: C:\WINDOWS\system32\rundll32.exe, C:\WINDOWS\system32\muweb.dll,LaunchMUSite, Shortcut: %HOMEDRIVE%%HOMEPATH%

All is the same in the Limit User Profile but I have in the "5a. IE" file:///D:/My_homepage.html as home page.

Could IE setting been changed?


Got this trying to get IE home page changed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/07/2013 10:33:53 AM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -595023435. 

Log: 'Application' Date/Time: 28/07/2013 10:33:49 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.23507, fault address 0x000bd5ea. 

On the switching from one to the other I need to test more but it may be OK in that other IE error that was on and off. 
Get the reg.dll logging off still and that start off being at shutdown.


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> Get the reg.dll logging off still and *that start off being at shutdown*.


I thought we fixed that reg.dll error. Can you get a screenshot of it?

I have no idea what the part I bolded means unfortunately.


----------



## hewee (Oct 26, 2001)

No it was never fixed. The reg.dll error shows up now more at log off. 
Also you was right it is MailWasher that is doing it because if I close it down and log off or shut down I do not get the reg.dll error.

How can I get a screen shot of of the reg.dll error if I am logging off or shouting down? I just see it flash by and can look in the event viewer and it will show up at the same time.

Is there a way to stop a shut down? Then I could get screenshot.

Was looking at my IE internet zone setting and some are not the same. I had a screen shot of my setting that I got long ago and used on 98SE and XP. Have the link so you can see also but looks like the link is dead now.


----------



## Cookiegal (Aug 27, 2003)

Then we did fix the reg.dll or at least found the cause of it. There's some sort of conflict with MailWasher. I don't think there is a fix for that. 

Some of IE's setting will have been changed but they would be security related settings. All I can suggest is that you set it back to default settings and then customize it the way you want it again.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> Then we did fix the reg.dll or at least found the cause of it. There's some sort of conflict with MailWasher. I don't think there is a fix for that.


No we dis not fix it. Only found out it was MailWasher was the reason for the error.

I said this before but to remind you I have mailwasher installed but it you got to setup each profile and only have it working to check mail under the limited user account. Same account I get reg.dll error from.

Got to wondering if I set the Admin profile to also check email with MailWasher but I get this error.
NOTE: I have Thunderbird setup so it can be used from both profiles and all email is saved to the Thunderbird profile on C:\Documents and Settings\Hewee\Application Data\Thunderbird\Profiles\lrzeqxdf.default that is the limited user account I also get the reg.dll error in.

Wonder if that is the reason for the reg.dll error? 
I would think that should not effect it.
Do see that MailWasher needs to add that option to use the Global Inbox or what ever they call it. Or I need to find how to set it up.



> Some of IE's setting will have been changed but they would be security related settings. All I can suggest is that you set it back to default settings and then customize it the way you want it again.


Here are my setting in the internet zone. The left setting is what I had the one on the right I got now on the Admin account.. So guess MS made the changes with Upgrade and Updates to IE.

But there is no other setting to change home page. 
Should also be able to go to file and open a file but I can't in any of these in Admin profile and in limited I can only do so in 5a.

5. This happens to all 3 of the IE's
5a. IE - Target: C:\Program Files\Internet Explorer\iexplore.exe, Shortcut: %HOMEDRIVE%%HOMEPATH%
5b. Windows Update - Target: %SystemRoot%\system32\wupdmgr.exe, Shortcut: %HOMEDRIVE%%HOMEPATH%
5c. Microsoft Update - Target: C:\WINDOWS\system32\rundll32.exe, C:\WINDOWS\system32\muweb.dll,LaunchMUSite, Shortcut: %HOMEDRIVE%%HOMEPATH%

Would these setting for IE 8 be good I have and the ones here.
http://www.pjm.com/Search Results.aspx?q=Internet Explorer 8
Need to download .pdf file.

Odd--- IE is now the default opening internet shortcuts. I just changed it back.

Then I tried to open file:///D:/My_homepage.html I get "IE-PaleMoon-MyHomePage.png below.
If I say Open it opens PaleMoon. If I click save it wants to save the page.
This should not be happening.

This all the my homepage is. A small coded image that tiles the page


```
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="content-type"
 content="text/html; charset=ISO-8859-1">
  <title>My_homepage</title>
</head>
<body style="color: rgb(0, 0, 0); background-color: rgb(204, 204, 255);"
 link="#000099" vlink="#990099" alink="#000099">
<br>
</body>
</html>
```


----------



## hewee (Oct 26, 2001)

OK in the Admin account I got my own home page or a new one.

This is only on IE...
5a. IE - Target: C:\Program Files\Internet Explorer\iexplore.exe, Shortcut: %HOMEDRIVE%%HOMEPATH%

I made a new "My_IE_Homepage.htm" that I was able to open from 5a. IE and then save it as "My_IE_Homepage.htm"
It still does not work in 5b. Windows Update or 5c. Microsoft Update and now I wonder if it ever did.
Odd thing is in IE address bar "My_IE_Homepage.htm" shows up as "D:\My_IE_Homepage.htm" 
"file:///D:/My_homepage.html" is how up shows up in Firefox. So I pit in the address bar "D:/My_homepage.html" but it lots it as "file:///D:/My_homepage.html" ans again I get the errors.
Note the one now working is also a .htm and the other is a .html

"D:\My_IE_Homepage.htm" code 

```
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
  <meta http-equiv="content-type" content="text/html; charset=windows-1252">
  <title>My_homepage</title>
</head>
<body style="color: rgb(0, 0, 0); background-color: rgb(204, 204, 255);" alink="#000099" link="#000099" vlink="#990099">
<br>


</body></html>
```
Was the same page but re-saving it in IE to a .htm made it works.

For 5b. Windows Update and 5c. Microsoft Update I can not click on home page or a get the reset error like in post #157
That one reset to the blank page.
Now with my own homepage it resets to what ever page it is at when I click homepage on "5b. Windows Update and 5c. Microsoft Update"


----------



## hewee (Oct 26, 2001)

Looks like the Run-As on IE us back with that odd download error.

Only happens on 5b. Windows Update and 5c. Microsoft Update.

5a. IE - Target: C:\Program Files\Internet Explorer\iexplore.exe, Shortcut: %HOMEDRIVE%%HOMEPATH%
5b. Windows Update - Target: %SystemRoot%\system32\wupdmgr.exe, Shortcut: %HOMEDRIVE%%HOMEPATH%
5c. Microsoft Update - Target: C:\WINDOWS\system32\rundll32.exe, C:\WINDOWS\system32\muweb.dll,LaunchMUSite, Shortcut: %HOMEDRIVE%%HOMEPATH%

Was going to say that went away but now see it is back.


----------



## hewee (Oct 26, 2001)

I looked at system restore and I go back to June 4th 8:46 pm so you think the run-as can be fixed or should I try a restore?

Also keep getting the page was recovered in IE. That is if I go to any other page and I click the Homepage button it reloads and recovers the page I was at and will not go to my homepage.

Like in IE I go here to http://forums.techguy.org/ and click homepage. After 3 times I see this in the address bar. *res://ieframe.dll/acr_error.htm#techguy.org,http://forums.techguy.org/*


----------



## Cookiegal (Aug 27, 2003)

Did you try resetting IE to defaults?


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> Did you try resetting IE to defaults?


YES and no matter what I do can NOT change it.


----------



## Cookiegal (Aug 27, 2003)

You mean it wonn't go back to default settings?


----------



## hewee (Oct 26, 2001)

Yes it goes back to the default settings but the troubles with IE are still there on Run-As, Homepage etc.


----------



## Cookiegal (Aug 27, 2003)

I'd like to check something else. This won't change anything, it will just scan and report.

Please download *MBRCheck.exe* to your desktop.

Be sure to disable your security programs prior to running the tool. 
Double click on MBRCheck.exe to run it. Please allow any prompts popped by Windows in order to run the tool.
_(Vista and Windows 7 users will have to confirm the UAC prompt)_
A command window will pop open and run. If any unknown MBR Code is found, you will have further options prompted, at this time please press *N* then press *Enter*.
Press *Enter* again to exit the program.
If nothing unusual is found, you will be shown the machine MBR status. Just press *Enter* to exit.
A text file named *MBRCheck_mm.dd.yy_hh.mm.ss* should appear on your desktop. Please post the contents of that file.


----------



## hewee (Oct 26, 2001)

This is from "*System Restore*"

*June 4 is as far back I can restore as of today.

Do not know what all really was done from what all you had me do that made changes.*

Got some clean up from scanners and installs made.

*You started July 4th*.

I was scared seeing the June 4th but see I got a lot more restore days now that you stared July 4th. 

========================================================================

Cookiegal,

June 4, 5, 7, 8, 9, 10 - System Checkpoint

June 11 - Software Distribution Service 3.0

June 13, 14, 16, 17, 19, 20, 22, 23, 26, 27, 28, 29 - System Checkpoint

-----------------------

July 1, 3, 4 - System Checkpoint

July 5 -* Installed User Profile Hive Cleanup Service 
*
July 6, 7,

July 9(Two)-Software Distribution Service 3.0

July 11, 12 - System Checkpoint

July 14 Installed MailWasherPro, Removed MailWasherPro, Installed MailWasherPro, Removed MailWasherPro, Installed MailWasherPro, Removed MailWasherPro, Installed MailWasherPro

July 15 Removed MailWasherPro

July 17, 20, 21, 22, System Checkpoint

July 25 - *ComboFix* created restore point. If this makes a restore then why is the *first restore on July 8th*?

July 28 - System Checkpoint

----------------------
*MS Updates* on...
Tuesday, June 11
Tuesday, July 09

========================================================================

Lots on MailWasher was because I keep getting that Reg.dll error that I still have along with these troubles with IE that started I think July 8th after ComboFix


----------



## hewee (Oct 26, 2001)

Guess nothing was found.

===============================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9E43000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E23000 fltmgr.sys
0xB9E11000 sr.sys
0xBA5AE000 DLACDBHM.SYS
0xB9DFA000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DE3000 KSecDD.sys
0xB9D56000 Ntfs.sys
0xB9D29000 NDIS.sys
0xBA108000 sbp2port.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D0F000 Mup.sys
0xB9CE6000 aswVmm.sys
0xBA138000 aswRvrt.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9831000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB981D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB97F5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB97D1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB979A000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA428000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9777000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA738000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA308000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9760000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA168000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA450000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9730000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA480000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA488000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5D4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB96D2000 \SystemRoot\system32\DRIVERS\update.sys
0xB9CA2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA498000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAD5CE000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAD5AA000 \SystemRoot\system32\drivers\portcls.sys
0xBA1C8000 \SystemRoot\system32\drivers\drmk.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAD0EC000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB962A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA4B0000 \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
0xBA5E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA694000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EC000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA390000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3B0000 \SystemRoot\System32\drivers\vga.sys
0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3C0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3D0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9616000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA1F8000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xAD091000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA208000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xAD038000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA3E8000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xACFEA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA218000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA228000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xACFC2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA238000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAD59E000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xACF00000 \SystemRoot\System32\drivers\afd.sys
0xBA248000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAD596000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xACEDE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA408000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xACEB3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xACE6E000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xACDFE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAD586000 \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS
0xBA278000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA6BB000 \SystemRoot\System32\Drivers\BANTExt.sys
0xACDA6000 \SystemRoot\System32\Drivers\aswSP.SYS
0xACCBF000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xBA61C000 \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
0xAD034000 \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
0xAD010000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xACC65000 \SystemRoot\System32\drivers\keyscrambler.sys
0xAD58E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB96C2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xACC4D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA620000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xACD92000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA388000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA692000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF600000 \SystemRoot\System32\ATMFD.DLL
0xAA8B2000 \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
0xBA448000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAA9F4000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA6E9000 \SystemRoot\System32\Drivers\DLADResM.SYS
0xAA7A9000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xBA350000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xAA904000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xAA794000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xBA380000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xBA398000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0xAA72E000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0xAA717000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xAA900000 \SystemRoot\system32\DRIVERS\LANPkt.sys
0xAA8E8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA2A4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAA0FF000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA3E0000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9E53000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9CBB000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9DC3000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xA9AF3000 \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys
0xAA071000 \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
0xA9892000 \SystemRoot\System32\Drivers\HTTP.sys
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF058000 \SystemRoot\System32\ati2cqag.dll
0xBF0D3000 \SystemRoot\System32\atikvmag.dll
0xBF141000 \SystemRoot\System32\atiok3x2.dll
0xBF16E000 \SystemRoot\System32\ati3duag.dll
0xBF469000 \SystemRoot\System32\ativvaxx.dll
0xA641C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
480 C:\WINDOWS\system32\smss.exe
548 csrss.exe
588 C:\WINDOWS\system32\winlogon.exe
636 C:\WINDOWS\system32\services.exe
652 C:\WINDOWS\system32\lsass.exe
828 C:\Program Files\Emsisoft Anti-Malware\a2service.exe
992 C:\WINDOWS\system32\ati2evxx.exe
1016 C:\WINDOWS\system32\svchost.exe
1080 svchost.exe
1152 C:\WINDOWS\system32\svchost.exe
1248 C:\WINDOWS\system32\ati2evxx.exe
1308 svchost.exe
1416 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1452 C:\Program Files\Tall Emu\Online Armor\oasrv.exe
1736 explorer.exe
1904 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
168 C:\WINDOWS\system32\spoolsv.exe
1552 svchost.exe
1656 C:\Program Files\SUPERAntiSpyware\SASCore.exe
2072 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
2192 C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
2328 C:\WINDOWS\system32\svchost.exe
2420 C:\Program Files\UPHClean\uphclean.exe
3880 alg.exe
1700 C:\WINDOWS\system32\svchost.exe
2340 C:\WINDOWS\system32\svchost.exe
2756 RTHDCPL.EXE
3036 AvastUI.exe
3248 a2guard.exe
536 SUPERANTISPYWARE.EXE
2012 WinPatrol.exe
3044 MailWasher.exe
3552 C:\Program Files\HostsMan\hm.exe
4216 C:\WINDOWS\system32\ctfmon.exe
1468 csrss.exe
2332 C:\WINDOWS\system32\winlogon.exe
5608 C:\WINDOWS\system32\ati2evxx.exe
6012 C:\WINDOWS\explorer.exe
5344 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
5204 C:\WINDOWS\RTHDCPL.EXE
4376 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
5548 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
6088 C:\WINDOWS\system32\ctfmon.exe
768 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1276 C:\Program Files\Mozilla Firefox\firefox.exe
5412 C:\Documents and Settings\Harry Bowers\desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD161HJ, Rev: JF100-22
PhysicalDrive1 Model Number: SAMSUNGHD161HJ, Rev: JF100-22

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


----------



## Cookiegal (Aug 27, 2003)

If you're going to try a system restore then it's best to uninstall everything that was added after the date you want to restore to first. 

I don't know all of the changes that ComboFix makes but I doubt it would cause the problems you're having. Your set up is a bit unusual to say the least. I don't understand why you have your home page set to something that's not even on the primary drive.

As for the other problems perhaps start a new thread for help with those as I really don't know what to suggest.


----------



## hewee (Oct 26, 2001)

Uninstall MS Updates too? 

OK so I do I uninstall the programs you had me install.

1. User Profile Hive Cleanup
2. Recover Console
3. Was anything else installed from those programs. I see things in the root of C: but don't know if more is someplace else. 

4. Got I think about 22 MS Updates from July 9. 
I know they take a very long time install and the Net.Framework ones are always the worse and 11 of them are Net.Framework.


----------



## Cookiegal (Aug 27, 2003)

Yes, you need to uninstall the updates before doing a system restore or that can cause other problems.

Let me look at this thread tomorrow and we'll figure out what needs to be uninstalled before doing a system restore.


----------



## hewee (Oct 26, 2001)

OK I better get started on the MS Update Uninstalls. That is if it's OK to do that part now.
I know it will take a long time and many reboots.


----------



## Cookiegal (Aug 27, 2003)

I would wait because uninstalling the updates will open up vulnerabilities.


----------



## hewee (Oct 26, 2001)

OK I will wait then.

I checked each update and they say they are in the add/remove so none that can't be uninstalled.
Now to look for each.

Two are *Windows Malicious Software Removal Tool - July 2013 (KB890830) *and have NO Uninstall.

Then two more are these.

*Security Update for Microsoft Office 2007 suites (KB2687309) *
A security vulnerability exists in Microsoft Office 2007 suites that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

And

*Security Update for Office 2003 (KB2817480) *
A security vulnerability exists in Office 2003 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

They both say this below.
*How to Uninstall*
*To remove this update*, use the Add or Remove Programs item or the Programs and Features item in Control Panel. *For more detailed information about removing updates please see KB903771. 
*

http://support.microsoft.com/kb/903771

So not sure what to do on those two.

I don't have Office but do have Microsoft Works.

Also when you do uninstall and it ask you to reboot do I need too reboot before uninstalling more?
I know all were 19 were installed and I was asked to reboot and then I checked again and got 3 more and the one was "Windows Malicious Software Removal Tool" again.


----------



## hewee (Oct 26, 2001)

Had a False positives the other day from Avast and again today. 
Forget what profile I was in the other day when it came up for SetupRedfield++ in the D:\Image program add-ons\Plug-ins\PLUG-INS I am using\Redfield\Free Redfield Programs folder.
Tonight when I went back to the limited user account I get False positives on (D:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1766\A0397050.exe|)
The A0397050.exe is SetupRedfield++ and I have had it for years.

===============================================================
Scan type: Custom scan (D:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1766\A0397050.exe|)
https://www.virustotal.com/en/file/...b8880142cae6f4871aad3a44/analysis/1375242300/

and

Avast the other day got this file SetupRedfield++ and I did nothing. 
SetupRedfield++ I have had for years and 
https://www.virustotal.com/en/file/...b8880142cae6f4871aad3a44/analysis/1375242988/
D:\Image program add-ons\Plug-ins\PLUG-INS I am using\Redfield\Free Redfield Programs

http://www.redfieldplugins.com/
http://www.redfieldplugins.com/Redfield++.htm
On top of right side.
http://www.redfieldplugins.com/Downloads.htm
===============================================================

So they should have this fixed soon.

But I want to show you the file and also screen shot of the odd text where I should see images. I have seen this some but now see it a lot more. 
IE shows it OK. 
It is in Firefox and PaleMoon. 
Have seen it around a long time but now see it more. May see a diamond with a question mark in it.
http://www.chatslang.com/help/diamond_with_question_mark
http://ase.tufts.edu/most/help.jpg

Also I think after that last ComboFix restore made it so setting are not remembered. I have folders and programs settings that are not remembered A lot the pass days when I change back to another profile. MailWasher it always opening full window and a couple other programs have done the same.


----------



## Cookiegal (Aug 27, 2003)

The programs we've used since ComboFix are:

AdwCleaner
Junkware Removal Tool
RogueKiller
OTS
VEW
SystemLook
MBRcheck

They don't need to be uninstalled as they are just executables on the desktop and will go when the system restore is done.

But, I need to know if you ever uninstalled ComboFix as per this post:

http://forums.techguy.org/8736860-post124.html

Because if you never did that we could probably still evoke the Erunt backup made by ComboFix before it did anything. But if it was uninstalled and then reinstalled we would have lost that back up.

You can start removing the MS unpdates now and then try the system restore. It has to be to a date before July 8th which was when ComboFix was run. Be sure NOT to do it in safe mode because then it can't be undone. If the system restore doesn't fix the problem when done in normal mode it can be undone.


----------



## hewee (Oct 26, 2001)

Never uninstalled ComboFix.

Open ComboFix and it said there was a newer version and I clicked yes on getting newer version. 
BUT remember that last ComboFix restore I ran and goofed on it ran the Erunt backup and that was I think on the 7/24 and guess over wrote to first one. 

What about these here?
1. User Profile Hive Cleanup
2. Recover Console


----------



## hewee (Oct 26, 2001)

Also is it ok to uninstall these from the add/remove?

Then two more are these.

Security Update for Microsoft Office 2007 suites (KB2687309)
A security vulnerability exists in Microsoft Office 2007 suites that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

And

Security Update for Office 2003 (KB2817480)
A security vulnerability exists in Office 2003 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

They both say this below.
How to Uninstall
To remove this update, use the Add or Remove Programs item or the Programs and Features item in Control Panel. For more detailed information about removing updates please see KB903771.


----------



## Cookiegal (Aug 27, 2003)

How did you know to run the Erunt backup with ComboFix?


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> How did you know to run the Erunt backup with ComboFix?


It just pop-up on it's own like the first time I ran the ComboFix scan.

Remember I goofed and started a scan that 2nd time and not the restore till after I canceled the scan.


----------



## Cookiegal (Aug 27, 2003)

I never heard of it doing that. If you restored back to the Erunt backup and it didn't fix the problems then ComboFix wasn't the culprit.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> I never heard of it doing that. If you restored back to the Erunt backup and it didn't fix the problems then ComboFix wasn't the culprit.


The restore was for AOwatch.dll that never got restore.

OK I am removing MS updates but some I can not find.
Also scanning for new updates but others that are older are showing up.

So what's going on?


----------



## Cookiegal (Aug 27, 2003)

Just uninstall the ones you can find in Add or Remove Programs.


----------



## hewee (Oct 26, 2001)

I am and it's work to find them all. On half you had the date to help.

The uninstall seems to install other updates from looking at WinUpdatesList v1.31.
http://www.nirsoft.net/utils/wul.html

But it also after the 7/9/2013 updates of the 22 MS Updates showed 37 Updates. Net.Framework you can have one install from MS Update that really is more then one.

I saved html and text file from 7/9/2013.

From refreshing WinUpdatesList I still have 1 left but I think I only uninstalled 14 or 15 so should have 4 or 5 more. 
But from the list I still have Microsoft .NET Framework 1.1 Security Update (KB2833941) listed.

Let me reboot and check again.


----------



## hewee (Oct 26, 2001)

Wow Found them all. Plus all are now on the MS Update site.

BUT I got All Newer ones

I check the pass and two were Not on old WinUpdatelist.
Now you can't trust this WinUpdatelist because I had more then one not show for what ever reason.

-------------------

* Not on WinUpdatelist*
Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 *(KB982168)*
Date last published: 6/8/2010
______________________________

* Not on WinUpdatelist*
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 *(KB2656352)*
Date last published: 5/22/2012
______________________________

Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 *(KB2756918)*
Date last published: 1/8/2013
********
*But I had this before installed on 1/13/2013*

=================================================

Right now I got the 19 updates from 7/9/2013 and the other 3 for 22 Updates total.

Going to reboot again and check again.


----------



## hewee (Oct 26, 2001)

Just where is the Erunt backup?

If it's in the C:\Qoobox\Quarantine\Registry_backups folder then they are dated July 24, 2013. A tcpip.reg file.


----------



## Cookiegal (Aug 27, 2003)

I have to give you a command to run to invoke the Erunt backup. If we do that we can't undo it though so let me know if that's what you want to do. It should restore the system to the was before ComboFix was run.


----------



## hewee (Oct 26, 2001)

Where is the Erunt backup at so I can see the date of the file if it's not the one in the post above?


----------



## Cookiegal (Aug 27, 2003)

Those are the individual file backups, not the Erunt registry back up. You can't see that backup. It's the entire registry hive as it was before ComboFix ran.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> Those are the individual file backups, not the Erunt registry back up. You can't see that backup. It's the entire registry hive as it was before ComboFix ran.


Why can't I see the Erunt registry back up? A file has to be some place even if I can not see it so I know the date of the file.

If C:\Qoobox\BackEnv id the folder they are in all the files were made 7/8/2013 but all but one was changed on 7/24/2013 when I ran Combfix.


----------



## Cookiegal (Aug 27, 2003)

I think the backups will have been overwritten the next time ComboFix was run.

You'd probably be better trying the system restore.


----------



## hewee (Oct 26, 2001)

I think they got overwritten too. They better fix that so it us always a NEW backup.

OK on the system restore I can do BUT...What about those 3 newer MS Updates or 2 newer and one older.
See these here in post #188

Should I do any of these first?


----------



## Cookiegal (Aug 27, 2003)

Sorry but I don't understand the question. Weren't those old updates from before the date you want to restore to?


----------



## hewee (Oct 26, 2001)

Looks like these 3 I had installed before so I uninstalled them or other installs or uninstalls took them away. But I would guess I goofed.



> 1.
> Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 *(KB982168)*
> Date last published: 6/8/2010
> ______________________________
> ...


So do these 3 above first?

What about these here?
*1. User Profile Hive Cleanup* - I see in Add/Remove
*2. Recover Console* - This I don't really know all it does.
*3. How to Uninstall ComboFix?*

*This is from "System Restore"*
See Post #170

How far back you think I should go?

MS Updates were 7/9/2013


----------



## Cookiegal (Aug 27, 2003)

I would uninstall the User Profile Hive Cleanup but leave ComboFix and the Recovery Console.

You need to restore back to July 7th, the day before ComboFix was first run. If that doesn't work or causes problems then you can go back into System Restore and undo it.


----------



## hewee (Oct 26, 2001)

Not before July 7th because "User Profile Hive Cleanup" was installed in July 5.

Or you think ComboFix broke something?

Also you did not say what to do about those other 3 updates in my above post.
Do I restore them before or after the system restore?


----------



## Cookiegal (Aug 27, 2003)

You can reinstall those three updates after.

I don't think ComboFix broke anything but the fact that WinPatrol and Online Armor interfered might have done something and you said that the behaviour started after running ComboFix. That's why July 7th should be fine. Then there's no need to uninstall the User Profile Hive Cleanup if it was installed on July 5th.


----------



## hewee (Oct 26, 2001)

User Profile Hive Cleanup already uninstalled so will use the "July 5 - Installed User Profile Hive Cleanup Service " restore.


----------



## Cookiegal (Aug 27, 2003)

Alright then.


----------



## hewee (Oct 26, 2001)

It took an hour to to the restore.

What renames files do you keep. Got lots of them and most are with (2) added. 

IE trouble is still around and I lost the Firefox profile in the Admin account. May be able to get that back.

Got feeling to just live with the IE troubles is more easy.


----------



## Cookiegal (Aug 27, 2003)

I think you should just undo that system restore before doing anything else.


----------



## hewee (Oct 26, 2001)

Can restore back to what I had this morning?

How do I clean up the new files? 
Do I keep say
C:\WINDOWS\system32\components
or the new
C:\WINDOWS\system32\components(2)

Got the Firefox back. 
Will got the profile from user account over to the admin.


----------



## Cookiegal (Aug 27, 2003)

You shouldn't have made any changes. Doing the system restore was only to see if it fixed the problem. You were to undo it if it did not. Just go back into system restore and select the option to undo the restore you just did.

Those files should go back to normal once you undo the restore.


----------



## hewee (Oct 26, 2001)

I did not know I should not make changes. Thought that was reason for system restore.

If you mean Firefox that is a easy fix I know how to do.

*Undoing the system restore now.*


----------



## Cookiegal (Aug 27, 2003)

I had said to try the system restore and if it doesn't fix the problem to undo it so it would go back to the way it was before doing the restore.


----------



## hewee (Oct 26, 2001)

I know but every time in the pass some files are renames and Netscape to Firefox to Pale Moon always has some renamed.
Again the FireFox in the Admin profile made a new profile. Never had that before but I think the newer version of Firefox

Lost all because it's a all new profile of Firefox. 
Old was C:\Documents and Settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\4esjn2ww.default
New is C:\Documents and Settings\Harry Bowers\Application Data\Mozilla\Firefox\Profiles\sqji4yoy.default-1373069652609
Has added part at the end I made bold. sqji4yoy.default*-1373069652609*

Got IE back the way it was or I think it is.

But got lots of added renemed files.

What ones can you keep?

Like C:\WINDOWS\system32 folder I have url.dll, url(3).dll and url(4).dll. I know some like webcheck.dll and webcheck(2).dll are ok and they are not the same version or file size. 
Some in the C:\WINDOWS\WinSxS folder were made too. 
Like these here that are empty.
MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0*(2)*.0_x-ww_6e57c34e
MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0*(2)*.0_x-ww_97359ba5
x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0*(2)*.0_x-ww_7d5f3790
x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0*(2)*.0_x-ww_7d5f3790
Like 3 with same name
x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 - has files
x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0(2).0_x-ww_29b51492 - empty
x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0(3).0_x-ww_29b51492 - empty

So what do I do about Firefox? Also can not download in Firefox in the Admin account.
What an I blocked? Says in FF download that "blocked by your security zone policy" 
Here is one link on it. 
http://forums.mozillazine.org/viewtopic.php?f=38&t=673575

Well IE setting being too high effects Firefox download. Why only under the Admin account with the newer Firefox?


----------



## Cookiegal (Aug 27, 2003)

System restore sometimes renames files with a number as you've described so they don't get overwritten. Generally they can removed without problems BUT I would suggest that you create a directory and move them all there first and keep them there for a while to make sure there are no problems.

As for Firefox creating a new profile, it seems the old one may have been corrupt but you said you lost the Firefox profile when doing the system restore. Undoing the restore should have brought it back but possibly not because you made changes to Firefox after doing the system restore and before undoing it. Did you actually UNDO the restore or did you restore again to a different restore point?


----------



## hewee (Oct 26, 2001)

Will take some time to look all over and make folders and notes to move all of them. Be best to wait and see what ones will show newer dates. Not all will do that but some will and that will help.

No I did a Undoing the restore. Will Firefox only got corrupt in the Admin profile in the restore and Undoing the restore both.

Well look and see how the "FirefoxPortable" came out.


----------



## Cookiegal (Aug 27, 2003)

You can try this to recover the previous Firefox profile:

http://kb.mozillazine.org/Recovering_a_missing_profile


----------



## hewee (Oct 26, 2001)

Will look at that later on Firefox.

1. How do I uninstall Combofix?
2. OK to get MS Updates now?


----------



## Cookiegal (Aug 27, 2003)

Yes, I would get those updates now.

If we uninstall ComboFix we can no longer invoke the Erunt back up. But I don't think it's of any use to us anyway. Let me know if you want to uninstall it and I'll post the instructions.


----------



## hewee (Oct 26, 2001)

OK I will get MS Updates now. 

Is there a way to see what is in the Erunt back up?


----------



## Cookiegal (Aug 27, 2003)

We cannot reveal the inner workings of the tool. It will restore the computer to the state it was in before ComboFix was run but probably the last time, not the first time.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> We cannot reveal the inner workings of the tool. It will restore the computer to the state it was in before ComboFix was run but probably the last time, not the first time.


Not sure that we want that last on but will keep it around.

Got the MS Updates.

Installed the Emsisoft Anti-Malware back again also.

Later will install the new Online Armor.

Be good to have a newer version but it does not have the BUG the older version I now have that keeps it running as a paid version without Updates.


----------



## Cookiegal (Aug 27, 2003)

Were you able to recover your Firefox profile?


----------



## hewee (Oct 26, 2001)

Have not yet. 

Where is the Profile Manager at?


----------



## Cookiegal (Aug 27, 2003)

Isn't it explained in the link I posted?


----------



## hewee (Oct 26, 2001)

Clicking on Profile Manager to get stated but I don't have to click on.


----------



## hewee (Oct 26, 2001)

Profile Manager could not find old profile so I deleted all in it and copied over same from user account.


----------



## Cookiegal (Aug 27, 2003)

So what's the status of the computer now with regards to remaining problems?


----------



## hewee (Oct 26, 2001)

1. "MailWasher" giving the reg.dll error - that started with
2. IE trouble: homepage error - Run-as I think is fix
3. Cleaning up the (2) etc files.
4. Rest from all this because what I started with I don't think will get fixed so all this was for nothing. Maybe the newer Online Armor with a clean install will fix the reg.dll error but don't think so.


----------



## Cookiegal (Aug 27, 2003)

Well we know that error was caused by MailWasher so there's nothing we can do about it.

You may have to reinstall the User Hive Profile Clean Up Utility. You should check the Event Viewer to see if those Userenv warnings are occurring again. If not then there's no need to reinstall it.


----------



## hewee (Oct 26, 2001)

The Userenv warnings never stopped.


----------



## Cookiegal (Aug 27, 2003)

That's odd. When you installed in on July 5th did you install it using the account with Administrator privileges?


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> That's odd. When you installed in on July 5th did you install it using the account with Administrator privileges?


Yes I did.

*Note* it is a .msi file so you need Admin rights to install.

Do I need the Main Admin account?

I got 3 accounts. The main Admin I see only in safe mode. 
Then two user accounts. 1 with Admin rights and 1 with limited user rights.

Are a couple programs that I had to use the Main Admin account to install.

So you want me to install it again from here?

http://www.microsoft.com/en-ca/download/confirmation.aspx?id=6676


----------



## Cookiegal (Aug 27, 2003)

You shouldn't need to use the main Admin. account just the one that has admin. privileges.

Yes, that's the correct download.


----------



## hewee (Oct 26, 2001)

OK it is installed again.

I only had one option to install because you don't get a Run-As option so went to the one Admin account and installed it.
Lost Online Armor when it started or was installed. Got pop up from Online Armor on the install and gave it rights.
Had to log out of Admin and also the other limited account to get Online Armor to show up.
Was running but could not see it it. 
Otherwise it already had rights from last install because I never deleted it from Online Armor program list.

I tried this hoping it would help IE



> *Can I turn off tabs so that they no longer appear?*
> 
> Yes. Here's how:
> 
> ...


That did not help. Reloads the same page and still does not load homepage when I click Homepage.
I do not get see the recover page like this here.









But that is because I have no tab. Otherwise the same trouble.

Hey it just came to me. Remember this post here.
http://forums.techguy.org/8745517-post178.html
I had that False Positive and how I looked into the System Volume Information folder.
Was thinking of getting that backup I lost from combofix.

But looking at system restore I now see I lost all the pass restores. 

Only have 8 System Restores from 7/25/2013 to today.

What happen to all the pass System Restores?


----------



## Cookiegal (Aug 27, 2003)

I suspect the missing restore points has to do with moving those files that had the numbers in them.


----------



## hewee (Oct 26, 2001)

Maybe so. I went back a long way in time. I see 8/2/2013 had 2 system restores. One I made and one an undo and I lost all in the undo.

The System Volume Information folder is also real big for the two on that day are a whole lot bigger.


----------



## hewee (Oct 26, 2001)

You think Belarc Advisor is right?

For a very long time I had two that said I need a reinstall.

These two have been this was a very long time. I posted on it but nothing was ever fixed from the post.
I did get Qfecheck that showed the same two that need to be reinstalled

Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled)

KB950759 on 7/31/2008 (details...) Reinstall!
http://www.belarc.com/cgi-bin/qferefer?Q950759

KB953838 on 9/14/2008 (details...) Reinstall!
http://www.belarc.com/cgi-bin/qferefer?Q953838
__________________________________________________________________

8/2/2013 Qfecheck says

KB950759: Current on system.

KB953838: Current on system

Odd because long ago I had someone from Belarc Advisor and someone from Belarc Advisor told me that it uses Qfecheck. So now they are not both saying the same thing. 
__________________________________________________________________

Today on 8/5/2013 Qfecheck says.

KB950759: This hotfix should be reinstalled.

KB953838: This hotfix should be reinstalled.


----------



## Cookiegal (Aug 27, 2003)

Have you tried Secunia to see if it reports the same thing?


----------



## hewee (Oct 26, 2001)

It did not report it.

May this is why.

Cumulative Security Update for Internet Explorer 6 SP1 (KB950759) 
http://www.microsoft.com/en-us/download/details.aspx?id=23995

Cumulative Security Update for Internet Explorer for Windows XP (KB953838) 
http://www.microsoft.com/en-us/download/details.aspx?id=8021

Are those the right ones?

The Belarc Advisor details don't help me at all.

Should I install over top or Uninstall and go to MS Update.?


----------



## Cookiegal (Aug 27, 2003)

Those hotfixes are for IE6 and IE7 but you're using IE8 so I don't think you should need them.


----------



## hewee (Oct 26, 2001)

IE 8 now but had I think IE 7. 
Got XP Pro from Dell in July 2008

OK PC came with "Windows XP Pro,SP2,Vista Business with Media,Desktop English,Vostro.

Was a downgrade that came only with Windows XP Pro, SP2 installed.

Did a search of all MS Updates and on the word "internet explorer" and looked for 6, 7, 8 and only two had 6 and they are the two listed.

Cumulative Security Update for Internet 
Explorer 6 for Windows XP (KB953838)
Sunday, September 14, 2008

and

Cumulative Security Update for Internet 
Explorer 6 for Windows XP (KB950759)
*EDIT DATE: *Wednesday, July 30, 2008

Can't remember what version of IE came with this PC.


----------



## Cookiegal (Aug 27, 2003)

I'm pretty sure it would have come with IE6 on it.


----------



## hewee (Oct 26, 2001)

So do what?

1. Uninstall and MS Update.

2. Install over from link I posted above.
_____________________________________________________

This is from MyUninstaller v1.74
http://www.nirsoft.net/utils/myuninst.html

Has a bug in MS Updates because it listed them all as Secunia PSI and shows Secunia PSI icon

Every "Security Update for Windows XP" listed by MyUninstaller
Had...
1. Description: Secunia PSI
2. Installation Folder : C:\Program Files\Secunia\PSI

Uninstalled Secunia PSI and clean up after it and now still get.
2. Installation Folder : C:\Program Files\Secunia\PSI
==================================================
Entry Name : Security Update for Windows XP (KB950759)
Product Name : Secunia PSI
Version : 1
Company : Microsoft Corporation
Description : Secunia PSI
Obsolete : No
Uninstall : Yes
Installation Folder : C:\Program Files\Secunia\PSI
Install Source : 
Web Site : http://support.microsoft.com
Installation Date :* 9/14/2008* 3:15:05 AM
Uninstall String : "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Installation Change String: 
Quiet Uninstall : No
Registry Key : KB950759
Installer : Unknown
Root Key : HKEY_LOCAL_MACHINE
System Component : Yes
==================================================

==================================================
Entry Name : Security Update for Windows XP (KB953838)
Product Name : Secunia PSI
Version : 1
Company : Microsoft Corporation
Description : Secunia PSI
Obsolete : No
Uninstall : Yes
Installation Folder : C:\Program Files\Secunia\PSI
Install Source : 
Web Site : http://support.microsoft.com
Installation Date : *9/14/2008 *3:15:05 AM
Uninstall String : "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Installation Change String: 
Quiet Uninstall : No
Registry Key : KB953838
Installer : Unknown
Root Key : HKEY_LOCAL_MACHINE
System Component : Yes
==================================================

So does "System Component : Yes" mean it's needed?

*NOTE DATES*: on KB950759 are not the same. I checked and check and get *9/14/2008* and *July 30, 2008*.

Not sure just when I first ran the setup on this PC but MS Update first update is Tuesday, July 29, 2008 with two updates with 71 updates the next day on July 30, 2008. Yea the up to date PC from Dell was not up to date.

*July 30, 2008* on KB950759 is from MS Update History so you know that date is right.


----------



## hewee (Oct 26, 2001)

Wait I have in the MS Update history KB950759 listed twice. One for IE 6 and one for IE 7
Also have listed twice for KB953838

Cumulative Security Update for Internet
Explorer *6* for Windows XP (KB950759)
Wednesday, July 30, 2008

and

Cumulative Security Update for Internet 
Explorer *7* for Windows XP (KB950759)
Wednesday, July 30, 2008

====================================

Cumulative Security Update for Internet
Explorer *6* for Windows XP (KB953838)
Sunday, September 14, 2008

and

Cumulative Security Update for Internet
Explorer *7* for Windows XP (KB953838)
Tuesday, August 12, 2008

======================================
Belarc Advisor

KB953838-IE7 on 9/14/2008
KB953838 on 9/14/2008 - Reinstall!

KB950759 on 7/31/2008 - Reinstall!


----------



## Cookiegal (Aug 27, 2003)

If you have IE8 installed then I wouldn't think you'd need to install updates for IE6 or IE7.

Are those among the updates you uninstalled before we tried the system restore?


----------



## hewee (Oct 26, 2001)

Yes they are old installs but I never uninstalled. Just showed up that way I think after a MS Update.

The Belarc Advisor

KB953838-IE7 on 9/14/2008
KB953838 on 9/14/2008 - Reinstall!
Details on both are the same http://support.microsoft.com/kb/953838

KB950759 on 7/31/2008 - Reinstall!
Detailshttp://support.microsoft.com/kb/950759

They are listed other places as *"System Component" Yes* in *MyUninstaller *v1.74.
Also ran *Revo Uninstaller* and those updates did not even show up till I looked at the options and checked *"Show System Component"*


----------



## Cookiegal (Aug 27, 2003)

What is your current default browser?


----------



## hewee (Oct 26, 2001)

I have Pale Moon set as the Defaut. But use Firefox all the time. Reason is all the icons are the same Pale Moon. If I make Firefox the Default then some icons are each browser.

Just Upgraded *FirefoxPortable* and it has a BUG or was changed and it is with a Tab at the top and I hate Tabs. Setting is to not show Tab. 
So not going to Update the other Firefox I use all the time.

Wonder if this is why?
http://www.mozilla.org/en-US/firefox/23.0/releasenotes/


> "Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults


----------



## Cookiegal (Aug 27, 2003)

I would try setting Internet Explorer as your default browser just for a test. Then make sure the version running is IE8 and reboot the machine. Then run Belarc again to see if it still shows the updates as being needed. Perhaps with both IE7 and IE8 on the machine and neither set as the default Belarc doesn't know which one might be used. That's only a theory but worth checking out.


----------



## hewee (Oct 26, 2001)

IE as the Default. 

Do I need to do this in both accounts or just the Admin account?

---------------------------------------------------------------------------------------------------

I can try that but don't think it will help. Also it screws up all the icons and then I have trouble getting them back and then have to change user account to admin account and run some reg files to restore things back. 

---------------------------------------------------------------------------------------------------

Firefox 23 took away "Always Show The Tab Bar" option so you can not uncheck. 
Not going to Upgrade till I get the option back to not have Tabs.


----------



## hewee (Oct 26, 2001)

That did not work and Belarc shows the same thing.

Also Belarc opened in Pale Moon but got IE as the default.


----------



## Cookiegal (Aug 27, 2003)

I don't know why it would change anything but if it's going to cause problems then I wouldn't do it.

Just open IE and verify that it's version 8 that opens. If so, then you shouldn't need updates for earlier versions of IE.


----------



## Cookiegal (Aug 27, 2003)

hewee said:


> That did not work and Belarc shows the same thing.
> 
> Also Belarc opened in Pale Moon but got IE as the default.


I hadn't see this post before replying. I thought you didn't want to try it. Maybe you have to reboot for it to take effect. Otherwise, I don't know why Belarc would open in Pale Moon rather than the default browser.


----------



## hewee (Oct 26, 2001)

I got my default back and all icons are OK

Yes I have IE 8.

But why do both of these go to the same page?

KB953838-IE7 on 9/14/2008 - details...
KB953838 on 9/14/2008 - details... - Reinstall!
*Details on both are the same* http://support.microsoft.com/kb/953838

Don't have IE 7 either but a whole lot of updates for IE 7.

Uninstall_list-7-31-2013 from HiJackThis



> 7-Zip 9.20
> ACDSee 32
> Adobe Flash Player 11 ActiveX
> Adobe Flash Player 11 Plugin
> ...


----------



## hewee (Oct 26, 2001)

This a *WinPatrol PLUS, HijackPatrol Log* that is like *HiJackThis* but *shows other things* too.

Maybe it will show something.

----------------------------------------------------------------------------

Log created by WinPatrol PLUS version 28.5.2013.0:28.5.2013.0
Scan saved at 9:56:58 AM, on 8/07/2013
Platform: Windows XP SP3 Service Pack 3 (Build 2600)
MSIE: Internet Explorer (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2SERVICE.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\Tall Emu\ONLINE ARMOR\oacat.exe
C:\PROGRAM FILES\Tall Emu\ONLINE ARMOR\oasrv.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\SUPERANTISPYWARE\SASCore.exe
C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE
C:\PROGRAM FILES\Raxco\PERFECTDISK10\PDAgent.exe
C:\PROGRAM FILES\UPHClean\uphclean.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.exe
C:\PROGRAM FILES\Tall Emu\ONLINE ARMOR\oaui.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast5\AvastUI.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\Tall Emu\ONLINE ARMOR\oahlp.exe
C:\PROGRAM FILES\HostsMan\hm.exe
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\METAPAD351\metapad.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/My_IE_Homepage.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [ATICCC]C:\Program Files\ATI Technologies\ATI.ACE\CLISTART.EXE
O4 - HKLM\..\Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM\..\Run: [@OnlineArmor GUI]C:\Program Files\Tall Emu\Online Armor\oaui.exe
O4 - HKLM\..\Run: [avast]C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WinPatrol PLUS]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [HostsMan]C:\Program Files\HostsMan\hm.exe -s
O4 - HKCU\..\Run: [SUPERAntiSpyware]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [] - 
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1279041134875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1341442862359
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SAS Core Service - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCore.exe
O23 - Service: Emsisoft Anti-Malware 8.0 - Service - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Active File Monitor V6 - - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Alerter - Microsoft Corporation - C:\WINDOWS\system32\alrsvc.dll
O23 - Service: Application Layer Gateway Service - Microsoft Corporation - C:\WINDOWS\system32\alg.exe
O23 - Service: Application Management - Microsoft Corporation - C:\WINDOWS\system32\appmgmts.dll
O23 - Service: ASP.NET State Service - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Windows Audio - Microsoft Corporation - C:\WINDOWS\system32\audiosrv.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BITS - Microsoft Corporation - C:\WINDOWS\system32\qmgr.dll
O23 - Service: Computer Browser - Microsoft Corporation - C:\WINDOWS\system32\browser.dll
O23 - Service: Indexing Service - Microsoft Corporation - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - Microsoft Corporation - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Microsoft .NET Framework NGEN v4.0.30319_X86 - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
O23 - Service: COM+ System Application - - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: CryptSvc - Microsoft Corporation - C:\WINDOWS\system32\cryptsvc.dll
O23 - Service: DCOM Server Process Launcher - Microsoft Corporation - C:\WINDOWS\system32\rpcss.dll
O23 - Service: DHCP Client - Microsoft Corporation - C:\WINDOWS\system32\dhcpcsvc.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service - - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Logical Disk Manager - Microsoft Corp. - C:\WINDOWS\system32\dmserver.dll
O23 - Service: DNS Client - Microsoft Corporation - C:\WINDOWS\system32\dnsrslvr.dll
O23 - Service: Wired AutoConfig - Microsoft Corporation - C:\WINDOWS\system32\dot3svc.dll
O23 - Service: Extensible Authentication Protocol Service - Microsoft Corporation - C:\WINDOWS\system32\eapsvc.dll
O23 - Service: Error Reporting Service - Microsoft Corporation - C:\WINDOWS\system32\ersvc.dll
O23 - Service: Event Log - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - Microsoft Corporation - C:\WINDOWS\system32\es.dll
O23 - Service: Fast User Switching Compatibility - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: Fax - Microsoft Corporation - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - Microsoft Corporation - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: Help and Support - Microsoft Corporation - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
O23 - Service: Human Interface Device Access - Microsoft Corporation - C:\WINDOWS\system32\hidserv.dll
O23 - Service: Health Key and Certificate Management Service - Microsoft Corporation - C:\WINDOWS\system32\kmsvc.dll
O23 - Service: HTTP SSL - Microsoft Corporation - C:\WINDOWS\system32\w3ssl.dll
O23 - Service: Windows CardSpace - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IMAPI CD-Burning COM Service - Microsoft Corporation - C:\WINDOWS\system32\imapi.exe
O23 - Service: Server - Microsoft Corporation - C:\WINDOWS\system32\srvsvc.dll
O23 - Service: Workstation - Microsoft Corporation - C:\WINDOWS\system32\wkssvc.dll
O23 - Service: TCP/IP NetBIOS Helper - Microsoft Corporation - C:\WINDOWS\system32\lmhsvc.dll
O23 - Service: Messenger - Microsoft Corporation - C:\WINDOWS\system32\msgsvc.dll
O23 - Service: NetMeeting Remote Desktop Sharing - Microsoft Corporation - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - Microsoft Corporation - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: Network Access Protection Agent - Microsoft Corporation - C:\WINDOWS\system32\qagentrt.dll
O23 - Service: Network DDE - Microsoft Corporation - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - Microsoft Corporation - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - Microsoft Corporation - C:\WINDOWS\system32\netman.dll
O23 - Service: Net.Tcp Port Sharing Service - Microsoft Corporation - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Network Location Awareness (NLA) - Microsoft Corporation - C:\WINDOWS\system32\mswsock.dll
O23 - Service: NT LM Security Support Provider - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - Microsoft Corporation - C:\WINDOWS\system32\ntmssvc.dll
O23 - Service: Online Armor Helper Service - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Office Source Engine - Microsoft Corporation - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Plug and Play - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: ProtexisLicensing - - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Access Auto Connection Manager - Microsoft Corporation - C:\WINDOWS\system32\rasauto.dll
O23 - Service: Remote Access Connection Manager - Microsoft Corporation - C:\WINDOWS\system32\rasmans.dll
O23 - Service: Remote Desktop Help Session Manager - Microsoft Corporation - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - Microsoft Corporation - C:\WINDOWS\system32\mprdim.dll
O23 - Service: Remote Registry - Microsoft Corporation - C:\WINDOWS\system32\regsvc.dll
O23 - Service: Remote Procedure Call (RPC) Locator - Microsoft Corporation - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - Microsoft Corporation - C:\WINDOWS\system32\rpcss.dll
O23 - Service: QoS RSVP - Microsoft Corporation - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card - Microsoft Corporation - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Task Scheduler - Microsoft Corporation - C:\WINDOWS\system32\schedsvc.dll
O23 - Service: Secondary Logon - Microsoft Corporation - C:\WINDOWS\system32\seclogon.dll
O23 - Service: System Event Notification - Microsoft Corporation - C:\WINDOWS\system32\sens.dll
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - Microsoft Corporation - C:\WINDOWS\system32\ipnathlp.dll
O23 - Service: Shell Hardware Detection - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: Print Spooler - Microsoft Corporation - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) - - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
O23 - Service: System Restore Service - Microsoft Corporation - C:\WINDOWS\system32\srsvc.dll
O23 - Service: SSDP Discovery Service - Microsoft Corporation - C:\WINDOWS\system32\ssdpsrv.dll
O23 - Service: Windows Image Acquisition (WIA) - Microsoft Corporation - C:\WINDOWS\system32\wiaservc.dll
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Online Armor - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: MS Software Shadow Copy Provider - - C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7}
O23 - Service: Performance Logs and Alerts - Microsoft Corporation - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - Microsoft Corporation - C:\WINDOWS\system32\tapisrv.dll
O23 - Service: Terminal Services - Microsoft Corporation - C:\WINDOWS\system32\termsrv.dll
O23 - Service: Themes - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: Telnet - Microsoft Corporation - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client - Microsoft Corporation - C:\WINDOWS\system32\trkwks.dll
O23 - Service: User Profile Hive Cleanup - Windows (R) Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe
O23 - Service: Universal Plug and Play Device Host - Microsoft Corporation - C:\WINDOWS\system32\upnphost.dll
O23 - Service: Uninterruptible Power Supply - Microsoft Corporation - C:\WINDOWS\system32\ups.exe
O23 - Service: Volume Shadow Copy - Microsoft Corporation - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows Time - Microsoft Corporation - C:\WINDOWS\system32\w32time.dll
O23 - Service: WebClient - Microsoft Corporation - C:\WINDOWS\system32\webclnt.dll
O23 - Service: Windows Management Instrumentation - Microsoft Corporation - C:\WINDOWS\system32\wbem\wmisvc.dll
O23 - Service: Windows Remote Management (WS-Management) - Microsoft Corporation - C:\WINDOWS\system32\WsmSvc.dll
O23 - Service: Portable Media Serial Number Service - Microsoft Corporation - C:\WINDOWS\system32\mspmsnsv.dll
O23 - Service: Windows Management Instrumentation Driver Extensions - Microsoft Corporation - C:\WINDOWS\system32\advapi32.dll
O23 - Service: WMI Performance Adapter - Microsoft Corporation - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Player Network Sharing Service - Microsoft Corporation - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: Security Center - Microsoft Corporation - C:\WINDOWS\system32\wscsvc.dll
O23 - Service: Automatic Updates - Microsoft Corporation - C:\WINDOWS\system32\wuauserv.dll
O23 - Service: Windows Driver Foundation - User-mode Driver Framework - Microsoft Corporation - C:\WINDOWS\system32\WudfSvc.dll
O23 - Service: Wireless Zero Configuration - Microsoft Corporation - C:\WINDOWS\system32\wzcsvc.dll
O23 - Service: Network Provisioning Service - Microsoft Corporation - C:\WINDOWS\system32\xmlprov.dll

--- Additional WinPatrol Info ---
Browser: Unable to find default browser.
MSIE: Internet Explorer (8.00.6001.18702)
Firefox 22.0 installed in C:\Program Files\Mozilla Firefox.
0 IE Cookies in Folder: C:\Documents and Settings\Harry Bowers\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck PDBoot.exe
WP00 - HKLM\CCS: BootExecute = autocheck PDBoot.exe
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 2:Notify me but don't automatically download or install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [SUPERAntiSpyware Scheduled Task d1ae5883-a393-4c4a-9f36-8104ba81b2a9.job]C:\Program Files\SUPERAntiSpyware\SASTask.exe Never
WP31 - Scheduled Tasks: [avast! Emergency Update.job]C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe 08/07/2013 9:34 AM

WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL 1.9.0042.0
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\WINDOWS\system32\mshtml.dll 8.00.6001.23507
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {3BB1D69B-A780-4BE1-876E-F3D488877135} [SentinelProxy Class] C:\PROGRAM FILES\VIRTUAL EARTH 3D\SENTINELVIRTUALEARTH3DPROXY.DLL 3.0.0.0
WP16 - ActiveX: {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18926
WP16 - ActiveX: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [MUCatalogWebControl Class] C:\WINDOWS\system32\MICROSOFTUPDATECATALOGWEBCONTROL.DLL 7.4.7057.223
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.6.7600.256
WP16 - ActiveX: {68BFC611-B963-4E8C-B0FE-0DD4FB832796} [Microsoft.MapPoint.MapControl3D.MapControl] MSCOREE.DLL 4.0.31106.0
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 11.0.5721.5280
WP16 - ActiveX: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [MUWebControl Class] C:\WINDOWS\system32\muweb.dll 7.6.7600.257
WP16 - ActiveX: {72267F6A-A6F9-11D0-BC94-00C04FB67863} [Active Desktop Mover] C:\WINDOWS\system32\shell32.dll 6.00.2900.6242
WP16 - ActiveX: {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18926
WP16 - ActiveX: {B45FF030-4447-11D2-85DE-00C04FA35C89} [SearchAssistantOC] C:\WINDOWS\system32\shdocvw.dll 6.00.2900.5512
WP16 - ActiveX: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Microsoft Url Search Hook] C:\WINDOWS\system32\ieframe.dll 8.00.6001.23507
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\FLASH32_11_8_800_94.OCX 11,8,800,94
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {EE09B103-97E0-11CF-978F-00A02463E06F} [Scripting.Dictionary] C:\WINDOWS\system32\scrrun.dll 5.7.0.18066
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5268
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {24B224E0-9545-4A2F-ABD5-86AA8A849385} [Microsoft TabStrip Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {F91CAF91-225B-43A7-BB9E-472F991FC402} [Microsoft ImageList Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {A0E7BF67-8D30-4620-8825-7111714C7CAB} [Microsoft ProgressBar Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {ECD0ECC6-DCA4-4013-A915-12355AB70999} [MSWebDVD Class] C:\WINDOWS\system32\mswebdvd.dll 6.05.2600.5857
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18926
WP16 - ActiveX: {7DC6F291-BF55-4E50-B619-EF672D9DCC58} [Microsoft Toolbar Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18926
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.23507
WP16 - ActiveX: {A3F2A195-0D11-463b-96BB-D2FF1B7490A1} [MSDVDAdm Class] C:\WINDOWS\system32\mswebdvd.dll 6.05.2600.5857
WP16 - ActiveX: {627C8B79-918A-4C5C-9E19-20F66BF30B86} [Microsoft StatusBar Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {971127BB-259F-48c2-BD75-5F97A3331551} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18926
WP16 - ActiveX: {95F0B3BE-E8AC-4995-9DCA-419849E06410} [Microsoft TreeView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {979127D3-7D01-4FDE-AF65-A698091468AF} [Microsoft ListView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 8.00.6001.23507
WP16 - ActiveX: {979127D3-7D01-4FDE-AF65-A698091468AF} [Microsoft ListView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {95F0B3BE-E8AC-4995-9DCA-419849E06410} [Microsoft TreeView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\FLASH32_11_8_800_94.OCX 11,8,800,94
WP16 - ActiveX: {D27CDB70-AE6D-11cf-96B8-444553540000} [Macromedia Flash Factory Object] C:\WINDOWS\system32\Macromed\Flash\FLASH32_11_8_800_94.OCX 11,8,800,94
WP16 - ActiveX: {87DACC48-F1C5-4AF3-84BA-A2A72C2AB959} [Microsoft ImageComboBox Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {0B314611-2C19-4AB4-8513-A6EEA569D3C4} [Microsoft Slider Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9833

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\cmldr
WP32 - Hidden File: C:\dell.sdr
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.rdtmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.rdtmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SOFTWARE.rdtmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SYSTEM.rdtmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\KGyGaAvL.sys
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\res\Thumbs.db
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WHLA32DD.DLL
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\Harry Bowers\Local Settings\temp\Cookies\index.dat

WP33 - File Type .AVI: [Media Player Classic - Homecinema]C:\Program Files\MPC HomeCinema\mpc-hc.exe %1
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [WinRAR archive]C:\Program Files\WinRAR\WinRAR.exe %1
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\PROGRA~1\MICROS~3\OFFICE11\WORDVIEW.EXE /n /dde
WP33 - File Type .EML: [Thunderbird Document]C:\Program Files\Mozilla Thunderbird\thunderbird.exe %1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI file]C:\Program Files\MPC HomeCinema\mpc-hc.exe %1
WP33 - File Type .MID: [Media Player Classic - Homecinema]C:\Program Files\MPC HomeCinema\mpc-hc.exe %1
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\MPC HomeCinema\mpc-hc.exe %1
WP33 - File Type .MP3: [Media Player Classic - Homecinema]C:\Program Files\MPC HomeCinema\mpc-hc.exe %1
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [Real Media file]C:\Program Files\MPC HomeCinema\mpc-hc.exe %1
WP33 - File Type .RAM: [Media Player Classic]C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\PROGRA~1\MICROS~3\OFFICE11\WORDVIEW.EXE /n /dde
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .TXT: [metapad.ex]C:\Documents and Settings\All Users\Documents\metapad351\metapad.exe %1
WP33 - File Type .URL: [Internet Shortcut]C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %l
WP33 - File Type .URL: [Pale Moon 3]C:\Program Files\Pale Moon\palemoon.exe -requestPending -osint -url %1
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .mov: [QuickTime Movie]C:\Program Files\QuickTime\QuickTimePlayer.exe %1
WP33 - File Type .mov: [QuickTime Movie]C:\Program Files\QuickTime\QuickTimePlayer.exe %1

Memory currently in use: 31%
Physical Memory Free: 2,097,151 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 2,045,220 KB

--
End of file


----------



## Cookiegal (Aug 27, 2003)

If you go to C:\Windows do you have folders there for both IE7 and IE8? If you do something may have gone wrong during the upgrade from IE7 to IE8. Or did you ever go back to IE7 from IE8 and then back to IE8?

I went from IE6 to IE8 so never had IE7. I only have a folder for IE8 and no updates for IE6 or IE7.


----------



## hewee (Oct 26, 2001)

Hey I see a *C:\WINDOWS\ERUNT\JRT* folder.
All is dated 7/8/2013 but the JRT folder is dated 8/2/2013

---------------------------------------------------------

Yes I have these 4 folders on IE. See screen shot.

I did have *some failed updates*

Did I so a restore back then I can't remember.

Is there now something with IE that keeps older version of IE in case you want to return to it and someplace where you can say yes or no to keeping the older vesion.
Seems I read that someplace. Maybe that would clear things on IE 7 and also IE 6

Got the history log from MS Update but it's 743 KB

MS_Updates_As_Of_8_7_2013.pdf

You can download it from here.
http://www.downloadtaxi.com/d/1375902471

I doubled checked and downloaded so all is OK.

Other sites I used to upload went bad or got to sign up or are dead links.


----------



## Cookiegal (Aug 27, 2003)

We ran JRT on July 8th and you did a system restore to July 5th so it's not going to help.


----------



## hewee (Oct 26, 2001)

I know combofix or what ever deleted things and some setting were lost but now Microsoft Works acts like I never used it. Wants me to install Works to see the Welcome to Works! and to Agree to use the program again. 
Agree part was easy to just agree again. 
Losted the Recent Documents list but no big deal there because I did not have much there.
Welcome to Works! is just an shortcut to an .html page with info and To install Works.

So this was nothing losted but the Recent Documents that I don't care about.


----------



## hewee (Oct 26, 2001)

Cookiegal said:


> We ran JRT on July 8th and you did a system restore to July 5th so it's not going to help.


OK forget that.


----------



## Cookiegal (Aug 27, 2003)

You might consider backing up everything and reloading Windows to set things up the way you want them.


----------



## hewee (Oct 26, 2001)

No way.

All works otherwise. 

What about Repairing Windows XP?


----------



## Cookiegal (Aug 27, 2003)

You could try a Windows repair but if the only problem is with Works that probably won't fix anything. Maybe we should check for errors and warnings in the Event Viewer again that might shed some light on things.

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *20* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## hewee (Oct 26, 2001)

UPHClean did help and I got no Userenv yet.

UPHClean does have odd other effects where a folder view setting changes from detail to icon view. MailWasher and and some other programs do not away open full screen or full screen but not full wide screen. This happen also when this was installed so I know it's Cleanup

The top Error one has wrong date. I was looking at something and changed the date yesterday and changed to the 18th and last night changed it to the 9th. No wonder it seem like the week went fast.

===============================================

Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/08/2013 2:00:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/08/2013 11:17:46 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application metapad.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x74e8b4a1.

Log: 'Application' Date/Time: 07/08/2013 1:14:44 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application DkService.exe, version 13.0.844.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.

Log: 'Application' Date/Time: 05/08/2013 7:40:09 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.23507, fault address 0x000bd5ea.

Log: 'Application' Date/Time: 04/08/2013 3:27:25 PM
Type: error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Activities, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Log: 'Application' Date/Time: 04/08/2013 3:25:04 PM
Type: error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: ReachFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Log: 'Application' Date/Time: 04/08/2013 1:55:17 PM
Type: error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Log: 'Application' Date/Time: 04/08/2013 1:20:34 PM
Type: error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 04/08/2013 1:01:56 PM
Type: error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005

Log: 'Application' Date/Time: 01/08/2013 11:04:37 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.23499, fault address 0x0014eab9.

Log: 'Application' Date/Time: 31/07/2013 4:23:16 PM
Type: error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Log: 'Application' Date/Time: 30/07/2013 9:26:47 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application Iedit.exe, version 8.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 30/07/2013 9:27:47 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.23507, fault address 0x000bd5ea.

Log: 'Application' Date/Time: 30/07/2013 9:19:56 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.23507, fault address 0x0014eab9.

Log: 'Application' Date/Time: 30/07/2013 9:19:48 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.23507, fault address 0x0014eab9.

Log: 'Application' Date/Time: 30/07/2013 9:19:41 AM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -592287579.

Log: 'Application' Date/Time: 30/07/2013 9:18:56 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.23507, fault address 0x0014eab9.

Log: 'Application' Date/Time: 28/07/2013 6:37:36 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iedit.exe, version 8.0.0.2, faulting module iedit.exe, version 8.0.0.2, fault address 0x00173757.

Log: 'Application' Date/Time: 28/07/2013 6:27:30 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iedit.exe, version 8.0.0.2, faulting module iedit.exe, version 8.0.0.2, fault address 0x00173757.

Log: 'Application' Date/Time: 28/07/2013 10:33:53 AM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -595023435.

Log: 'Application' Date/Time: 28/07/2013 10:33:49 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.23507, fault address 0x000bd5ea.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2013 7:38:23 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 05/08/2013 7:38:19 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 05/08/2013 7:33:05 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 05/08/2013 7:33:02 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 04/08/2013 10:48:46 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 04/08/2013 5:35:34 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HEW7WSG1\Harry Bowers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 04/08/2013 1:10:11 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/08/2013 1:01:57 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}', feature 'WPF30_WPF1M_x86_enu_ddf' failed during request for component '{F04868FD-1403-4026-9960-2B819AF8CC5C}'

Log: 'Application' Date/Time: 04/08/2013 1:01:57 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}', feature 'WPF30_WPF1M_x86_enu_ddf', component '{F04868FD-1403-4026-9960-2B819AF8CC5C}' failed. The resource '' does not exist.

Log: 'Application' Date/Time: 04/08/2013 1:01:51 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 04/08/2013 1:01:51 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 04/08/2013 1:01:51 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 04/08/2013 1:01:51 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Log: 'Application' Date/Time: 04/08/2013 1:01:08 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/08/2013 12:54:34 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/08/2013 12:52:24 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/08/2013 12:48:02 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/08/2013 12:46:18 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 04/08/2013 12:46:18 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 04/08/2013 12:46:18 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/08/2013 7:09:00 PM
Type: error Category: 0
Event: 34 Source: W32Time
The time service has detected that the system time needs to be changed by -950399 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time-a.timefreq.bldrdoc.gov (ntp.m|0x1|192.168.1.101:123->132.163.4.101:123) is working properly.

Log: 'System' Date/Time: 07/08/2013 5:30:51 PM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 07/08/2013 1:14:46 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Diskeeper service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 06/08/2013 7:18:24 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 05/08/2013 9:18:02 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {E433A430-6353-4E11-8484-45F98CE62D44} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 04/08/2013 11:12:16 PM
Type: error Category: 0
Event: 6161 Source: Print
The document University Herald owned by Hewee failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1733484. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\HEW7WSG1. Win32 error code returned by the print processor: 6 (0x6).

Log: 'System' Date/Time: 04/08/2013 9:30:37 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 02/08/2013 1:58:37 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/08/2013 12:51:30 PM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 31/07/2013 5:49:43 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 30/07/2013 5:18:53 PM
Type: error Category: 0
Event: 6161 Source: Print
The document http://www.update.microsoft.com/microsoftupdate/v6/blank.aspx owned by Harry Bowers failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 8049236. Number of bytes printed: 0. Total number of pages in the document: 40. Number of pages printed: 0. Client machine: \\HEW7WSG1. Win32 error code returned by the print processor: 6 (0x6).

Log: 'System' Date/Time: 27/07/2013 6:10:36 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 21/07/2013 6:59:17 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 19/07/2013 6:50:40 AM
Type: error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The backup browser is stopping.

Log: 'System' Date/Time: 19/07/2013 6:49:01 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Online Armor service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2013 6:49:00 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2013 6:45:31 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.

Log: 'System' Date/Time: 19/07/2013 6:45:01 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 19/07/2013 6:44:31 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the HidServ service.

Log: 'System' Date/Time: 19/07/2013 6:44:01 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/08/2013 1:02:28 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 18/08/2013 7:08:45 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 07/08/2013 5:28:51 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 06/08/2013 7:16:21 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 05/08/2013 7:55:07 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 05/08/2013 9:22:35 AM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to unknown HEW7WSG1 failed

Log: 'System' Date/Time: 03/08/2013 6:17:13 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 03/08/2013 9:44:39 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 01/08/2013 12:49:25 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 31/07/2013 5:47:43 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 30/07/2013 8:23:29 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 29/07/2013 6:34:03 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to unknown HEW7WSG1 failed

Log: 'System' Date/Time: 26/07/2013 8:53:51 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 24/07/2013 4:15:18 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 24/07/2013 3:29:07 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 21/07/2013 6:57:16 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 19/07/2013 6:40:02 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 17/07/2013 4:07:22 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D099C1EE1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/07/2013 7:18:30 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

Log: 'System' Date/Time: 16/07/2013 5:47:23 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

===============================================================

When my brother is gone I will not get this here.

Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HOWARD-PC on the network \Device\NetBT_Tcpip_{E94F7E2B-1408-4A48-B47B-FC65C161510F}. The data is the error code.

That started on 7/16/2013 and so did this with Event: 8032

Also him not hooked to the router my speeds will go up and if I take router away the speeds go up more.

Wonder why my other PC does not show up?


----------



## Cookiegal (Aug 27, 2003)

Maybe you should try an XP repair.


----------



## hewee (Oct 26, 2001)

Well all works otherwise. Just the added homepage etc trouble with IE and that happen after what ever we did.
I only use IE for Updates so can live with it.
The UPHClean did help on the Userenv error but it also seems to have other effects like I lose setting so not sure about it. 

Will just keep eye out here and see what happen to see if I can pin down when what happens.


----------



## Cookiegal (Aug 27, 2003)

I've never heard of UPHClean making any changes like that but anything's possible.

I thought you were having problems with MS Works?


----------



## hewee (Oct 26, 2001)

Well I was seeing it and then after the uninstall of UPHClean it went away and now with UPHClean back.

Now the icon setting may go away because of the changes and recovery. I changed long ago the setting in the registry so you can have more icons and it remembers.
http://www.techrepublic.com/article/change-the-icon-cache-size-in-windows-xp-pro/

But I do not see that now.

I see this in image below.


----------

