Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Browser redirects and cannot update windows - help pls

This is a discussion on Browser redirects and cannot update windows - help pls within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, First I want to thank you for your assistance. It's greatly appreciated My brother just gave me his computer


 
 
Thread Tools Search this Thread
Old 08-01-2012, 09:42 AM   #1
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Hello,

First I want to thank you for your assistance. It's greatly appreciated

My brother just gave me his computer because it's having some problems running and he believes it has a virus. The symptoms are numerous and random pop-up's, browser re-directs, and what he believes are not legit flash updates. He unfortunately did not have anti-virus software on the computer or back-up his data...

I went through the computer's running programs and installed programs and did not see anything too unusual. I also ran trendmicro's house call and spybot without finding anything.

I noticed that he had not updated windows (windows 7 64-bit home premium) in a while. I tried to perform the update and got the error message "Windows update cannot currently check for updates, because the service is not running. You may need to restart your computer." Obviously a restart did not fix the problem. I then noticed that windows defender was not enable and tried to enable that but got the error message "The specified service does not exist as an installed service (error code: 0x80070424)"

I went to services.msc and did not even see windows defender listed. I haven't seen this problem before so didn't know where to go from there. Again, your help is appreciated.

Oh also, I have a window's 7 cd from another computer (obviously a different key on the bottom of this one) but am not sure if it will work, but I believe it should (both same 64 bit version of windows).

Here is the DSS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ann at 11:02:04 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4028.2601 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Users\Ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
uDefault_Page_URL = hxxp://lenovo.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
uRun: [Google Update] "C:\Users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 216.254.95.2 216.231.41.2 207.69.188.185
TCP: Interfaces\{18830789-3FAB-4316-8540-A5D948A6B707} : DhcpNameServer = 216.254.95.2 216.231.41.2 207.69.188.185
TCP: Interfaces\{86894260-EF66-4C23-B9A3-1960336B2BCE} : DhcpNameServer = 172.16.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli ACGina
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-5-3 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-7-30 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-5-3 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-7-30 93032]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-4-30 6237800]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-7-30 63928]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-3 2533400]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-31 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-5-3 164200]
S3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys --> C:\Windows\system32\Drivers\mvusbews.sys [?]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-5-3 75112]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-31 23:07:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 23:07:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-31 22:15:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-31 22:15:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-31 2216 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-07-31 22:02:21 -------- d-----w- C:\Users\Ann\AppData\Roaming\Intel
2012-07-31 00:51:04 -------- d-----w- C:\Users\Ann\AppData\Local\Google
2012-07-30 23:01:20 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-27 18:21:53 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6703DFF-2EFC-4BED-A75F-5DB518F0A1A2}\mpengine.dll
2012-07-18 01:58:32 -------- d-----w- C:\ILLUSION
2012-07-18 01:52:53 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-07-17 22:33:14 -------- d-----w- C:\Program Files (x86)\CodeBlocks
2012-07-14 19:47:58 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:41:43 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
==================== Find3M ====================
.
2012-06-06 0616 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 0616 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-19 02:12:39 2829 ----a-w- C:\Windows\DiabUnin.pif
2012-05-19 02:12:39 118784 ----a-w- C:\Windows\DiabUnin.exe
2012-05-19 02:10:44 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-04 1122 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 00:01:21 129784 ------w- C:\Windows\SysWow64\pxafs.dll
2012-05-04 00:01:21 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe
2012-05-04 00:01:21 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe
2012-05-03 23:25:27 31152 ----a-w- C:\Windows\System32\drivers\pmxdrv.sys
2012-05-03 23:08:48 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-05-03 23:08:48 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-05-03 23:08:16 246784 ----a-w- C:\Windows\System32\input.dll
2012-05-03 23:08:16 202240 ----a-w- C:\Windows\SysWow64\input.dll
2012-05-03 23:07:28 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-05-03 23:07:15 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-05-03 23:07:15 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-05-03 23:07:15 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-05-03 2338 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-05-03 2338 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-05-03 2338 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-05-03 2338 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-05-03 2338 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-05-03 2338 100864 ----a-w- C:\Windows\System32\fontsub.dll
2012-05-03 2311 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-05-03 2311 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-05-03 2311 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-05-03 2311 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-05-03 23:04:36 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-05-03 23:04:06 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2012-05-03 23:04:06 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2012-05-03 23:04:06 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2012-05-03 23:04:06 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2012-05-03 23:04:06 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2012-05-03 23:04:06 1118720 ----a-w- C:\Windows\System32\sbe.dll
2012-05-03 23:03:50 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-05-03 23:03:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-05-03 23:03:38 163840 ----a-w- C:\Windows\System32\umpo.dll
2012-05-03 23:01:20 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-03 23:01:20 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-03 23:01:20 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-03 23:01:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-03 23:01:20 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-03 22:58:47 1131 ----a-w- C:\Windows\MFGCLEAN.CMD
.
============= FINISH: 11:02:40.18 ===============
Attached Files
File Type: zip attach.zip (7.7 KB, 27 views)
rschou is offline  
Sponsored Links
Advertisement
 
Old 08-05-2012, 01:53 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please download aswMBR.exe to your desktop.
  • Double-click aswMBR.exe to run it.
  • When prompted to download the latest Avast! virus definitions, please choose Yes
  • Click the Scan button to start scan.
  • Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
  • Click Save log, and save it to your desktop.
  • Click Exit.
  • Please post the contents of that log, aswMBR.txt, in your next reply.
------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.7.48.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------

Please download this file from here and save it to your desktop.
  • Double-click on the downloaded file. It should only take a few seconds to run.
  • When complete, it will say .. "Done! Please check if BFE service is running now"
  • Don't worry about checking to see if the service is running.
  • Please reboot your computer.
------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist peek.txt del /q peek.txt
regedit /a peek.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE" 
notepad peek.txt
del %0
Save this as peek.bat Choose to Save type as - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on peek.bat and choose 'Run as administrator' to allow it to run. A Notepad file will open. Copy/paste that information into your next reply, please.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-06-2012, 02:25 PM   #3
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Thank you for reading through my logs and helping me out with this. I really appreciate it.

I ran the tdsskiller program and it did not find anything. Here are the 2 other logs.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 13:03:26
-----------------------------
13:03:26.692 OS Version: Windows x64 6.1.7601 Service Pack 1
13:03:26.692 Number of processors: 8 586 0x1E05
13:03:26.695 ComputerName: PC-MAEROWITZ UserName: Ann
13:03:27.793 Initialize success
13:03:48.234 AVAST engine download error: 0
13:03:53.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:03:53.960 Disk 0 Vendor: ST916041 0003 Size: 152627MB BusType: 3
13:03:53.975 Disk 0 MBR read successfully
13:03:53.981 Disk 0 MBR scan
13:03:53.987 Disk 0 unknown MBR code
13:03:54.003 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
13:03:54.018 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 141425 MB offset 2459648
13:03:54.054 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 292098048
13:03:54.110 Disk 0 scanning C:\Windows\system32\drivers
13:04:01.010 Service scanning
13:04:18.945 Modules scanning
13:04:18.964 Disk 0 trace - called modules:
13:04:18.998 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:04:19.008 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006984790]
13:04:19.232 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004977e40]
13:04:19.242 5 ACPI.sys[fffff88000f237a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497a050]
13:04:19.252 Scan finished successfully
13:04:50.255 Disk 0 MBR has been saved successfully to "C:\Users\Ann\Desktop\MBR.dat"
13:04:50.265 The log file has been saved successfully to "C:\Users\Ann\Desktop\aswMBR.txt"


-------Peek.bat log----------

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE]
"DisplayName"="@%SystemRoot%\\system32\\bfe.dll,-1001"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,4e,6f,4e,65,74,77,6f,72,6b,00
"Description"="@%SystemRoot%\\system32\\bfe.dll,-1002"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,70,63,53,73,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,65,41,75,64,69,74,50,72,69,76,69,6c,65,67,65,00,\
00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,62,66,65,2e,64,6c,6c,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="BfeServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\BootTime]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\BootTime\Filter]
"{dc95b53e-01cf-4058-821d-350b3d0d4676}"=hex:01,10,08,00,cc,cc,cc,cc,98,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,01,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,02,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,05,00,00,00,00,00,00,00,01,00,00,00,\
01,00,00,00,3a,00,00,00,04,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,87,\
00,00,00,00,00,00,00
"{2dd96961-5757-434f-b617-34e732517c0e}"=hex:01,10,08,00,cc,cc,cc,cc,a8,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,17,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,01,00,00,00,03,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,0c,02,00,00,00,03,00,00,00,13,00,00,00,00,00,00,00,03,00,00,00,\
03,00,00,00,83,00,00,00,14,00,00,00,00,00,00,00,03,00,00,00,03,00,00,00,0e,\
00,00,00,0b,00,00,00,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00
"{2db25e6c-f07a-44f4-b6c8-50a330d2790b}"=hex:01,10,08,00,cc,cc,cc,cc,a8,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,19,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,01,00,00,00,03,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,0c,02,00,00,00,03,00,00,00,13,00,00,00,00,00,00,00,03,00,00,00,\
03,00,00,00,83,00,00,00,14,00,00,00,00,00,00,00,03,00,00,00,03,00,00,00,01,\
00,00,00,0b,00,00,00,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00
"{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}"=hex:01,10,08,00,cc,cc,cc,cc,a8,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,1a,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,01,00,00,00,03,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,30,08,00,00,00,03,00,00,00,13,00,00,00,00,00,00,00,03,00,00,00,\
03,00,00,00,83,00,00,00,14,00,00,00,00,00,00,00,03,00,00,00,03,00,00,00,01,\
00,00,00,0b,00,00,00,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00
"{0c41d586-9c19-4e01-9d66-b5b98a97576e}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,03,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,12,00,00,00,06,00,00,00,03,00,00,00,\
03,00,00,00,01,00,00,00
"{12c38916-82ac-4737-8f38-b6957ffebad6}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,04,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,12,00,00,00,06,00,00,00,03,00,00,00,\
03,00,00,00,01,00,00,00
"{c970a45d-57f9-4e32-a5bd-886a9662641e}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,05,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,0b,00,00,00,06,00,00,00,03,00,00,00,\
03,00,00,00,01,00,00,00
"{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,06,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,02,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,0b,00,00,00,06,00,00,00,03,00,00,00,\
03,00,00,00,01,00,00,00
"{074f7f68-ee10-428a-89d1-ba78f6c327ca}"=hex:01,10,08,00,cc,cc,cc,cc,68,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,0f,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,00,00,00,00,00,00,\
00,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}"=hex:01,10,08,00,cc,cc,cc,cc,68,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,10,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,00,00,00,00,00,00,\
00,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"{a47525e2-725b-4888-8af1-ba5a60c04f4d}"=hex:01,10,08,00,cc,cc,cc,cc,68,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2c,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,11,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,00,00,00,00,00,00,\
00,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}"=hex:01,10,08,00,cc,cc,cc,cc,68,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,2e,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,12,00,00,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,00,00,00,00,00,00,\
00,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"{935b7f48-0ede-44dd-9bc2-e00bb635cda3}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,08,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,e7,00,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,00,00,01,00,00,00,09,00,00,00,08,00,00,00,03,00,00,00,\
03,00,00,00,00,00,0c,00
"{941dad9d-7b1a-4354-997b-00cf1aa9b35c}"=hex:01,10,08,00,cc,cc,cc,cc,80,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,0a,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,00,02,00,00,00,00,00,e8,00,01,00,00,\
00,00,00,04,00,00,00,04,00,00,00,08,00,02,00,02,00,00,00,01,00,00,00,0c,00,\
02,00,01,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,00,00,01,00,00,00,09,00,00,00,08,00,00,00,03,00,00,00,\
03,00,00,00,00,00,0c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Filter]
"{dc95b53e-01cf-4058-821d-350b3d0d4676}"=hex:01,10,08,00,cc,cc,cc,cc,c0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,a0,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,a0,01,00,00,01,10,08,00,cc,cc,cc,cc,90,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,3e,b5,95,dc,cf,01,58,40,82,1d,35,0b,3d,0d,46,76,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,02,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,2b,ef,\
71,39,3e,62,9a,4f,8c,b1,6e,79,b8,06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,\
00,3a,00,00,00,af,a1,1b,0c,65,57,3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,\
02,00,00,00,02,00,00,00,87,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00,00,00
"{f444c576-6e60-4ea2-9faa-80d57ed12cd2}"=hex:01,10,08,00,cc,cc,cc,cc,c0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,a0,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,a0,01,00,00,01,10,08,00,cc,cc,cc,cc,90,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,76,c5,44,f4,60,6e,a2,4e,9f,aa,80,d5,7e,d1,2c,d2,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,02,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,2b,ef,\
71,39,3e,62,9a,4f,8c,b1,6e,79,b8,06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,\
00,3a,00,00,00,af,a1,1b,0c,65,57,3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,\
02,00,00,00,02,00,00,00,87,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00,00,00
"{0c41d586-9c19-4e01-9d66-b5b98a97576e}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,86,d5,41,0c,19,9c,01,4e,9d,66,b5,b9,8a,97,57,6e,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,90,99,49,\
61,b6,3c,84,4e,b9,50,53,b9,4b,69,64,f3,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{12c38916-82ac-4737-8f38-b6957ffebad6}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,16,89,c3,12,ac,82,37,47,8f,38,b6,95,7f,fe,ba,d6,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,ff,bd,f9,\
65,2d,3b,5d,4e,b8,c6,c7,20,65,1f,e8,98,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{c970a45d-57f9-4e32-a5bd-886a9662641e}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,5d,a4,70,c9,f9,57,32,4e,a5,bd,88,6a,96,62,64,1e,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,1b,e0,3b,0c,70,fe,c4,4c,89,dc,c0,79,96,b6,7e,6d,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,06,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{4d9581d2-aef8-4993-84cd-b986ced80d42}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,d2,81,95,4d,f8,ae,93,49,84,cd,b9,86,ce,d8,0d,42,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,90,99,49,\
61,b6,3c,84,4e,b9,50,53,b9,4b,69,64,f3,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,07,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,f4,bd,7c,be,92,b1,a5,4a,94,f8,1f,b5,c5,ee,07,bc,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,ff,bd,f9,\
65,2d,3b,5d,4e,b8,c6,c7,20,65,1f,e8,98,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{716b48eb-0a35-4a76-92ab-1d987230d288}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,eb,48,6b,71,35,0a,76,4a,92,ab,1d,98,72,30,d2,88,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{1165065e-4996-4338-abaf-4b8556b4d431}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,5e,06,65,11,96,49,38,43,ab,af,4b,85,56,b4,d4,31,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0a,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{07a24961-a760-4e80-b263-6d275e1b09cb}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,61,49,a2,07,60,a7,80,4e,b2,63,6d,27,5e,1b,09,cb,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,00,01,39,\
41,4c,56,32,4b,bc,1d,71,80,48,35,4d,7c,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0b,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,e2,b2,0c,5b,87,ab,74,49,9f,1c,2f,22,a6,54,ee,b9,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,60,3b,b0,\
7f,8d,7b,fa,4d,ba,dd,98,01,76,fc,4e,12,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0c,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,61,ca,b2,b6,98,fb,22,44,ad,c2,e7,cf,56,b3,68,0c,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,d1,57,8d,\
c3,a7,05,33,4c,90,4f,7f,bc,ee,e6,0e,82,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0d,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{0aa7fff8-919f-453c-928c-28a12122ba38}"=hex:01,10,08,00,cc,cc,cc,cc,a0,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,80,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,80,01,00,00,01,10,08,00,cc,cc,cc,cc,70,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,f8,ff,a7,0a,9f,91,3c,45,92,8c,28,a1,21,22,ba,38,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,3b,39,72,\
4a,9f,31,bc,44,84,c3,ba,54,dc,b3,b6,b4,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,04,00,00,00,04,00,00,00,14,00,02,00,01,00,00,00,18,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0e,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,1c,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,\
2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,\
00,01,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00
"{074f7f68-ee10-428a-89d1-ba78f6c327ca}"=hex:01,10,08,00,cc,cc,cc,cc,78,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,68,7f,4f,07,10,ee,8a,42,89,d1,ba,78,f6,c3,27,ca,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,90,99,49,\
61,b6,3c,84,4e,b9,50,53,b9,4b,69,64,f3,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0f,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
"{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}"=hex:01,10,08,00,cc,cc,cc,cc,78,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,5c,10,16,c0,34,eb,19,45,a5,fd,5f,4e,4a,d4,d1,8e,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,ff,bd,f9,\
65,2d,3b,5d,4e,b8,c6,c7,20,65,1f,e8,98,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,10,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
"{a47525e2-725b-4888-8af1-ba5a60c04f4d}"=hex:01,10,08,00,cc,cc,cc,cc,78,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,e2,25,75,a4,5b,72,88,48,8a,f1,ba,5a,60,c0,4f,4d,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
"{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}"=hex:01,10,08,00,cc,cc,cc,cc,78,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,a3,96,cc,0c,5c,8c,e2,45,b8,0e,7e,37,b1,6c,c1,ad,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,12,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
"{91ffecf0-0a9e-4572-95f1-a7111af86967}"=hex:01,10,08,00,cc,cc,cc,cc,78,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,f0,ec,ff,91,9e,0a,72,45,95,f1,a7,11,1a,f8,69,67,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,90,99,49,\
61,b6,3c,84,4e,b9,50,53,b9,4b,69,64,f3,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,13,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
"{64e55933-15a5-495d-a928-ccca43d44875}"=hex:01,10,08,00,cc,cc,cc,cc,78,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,33,59,e5,64,a5,15,5d,49,a9,28,cc,ca,43,d4,48,75,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,ff,bd,f9,\
65,2d,3b,5d,4e,b8,c6,c7,20,65,1f,e8,98,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
"{13bfd422-6f75-4408-8924-9400ec0cb19c}"=hex:01,10,08,00,cc,cc,cc,cc,78,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,22,d4,bf,13,75,6f,08,44,89,24,94,00,ec,0c,b1,9c,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,15,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
"{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}"=hex:01,10,08,00,cc,cc,cc,cc,78,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,db,56,fb,cb,85,3c,43,45,9b,c2,76,ea,28,cd,d7,4e,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,16,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
"{2dd96961-5757-434f-b617-34e732517c0e}"=hex:01,10,08,00,cc,cc,cc,cc,d8,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,61,69,d9,2d,57,57,4f,43,b6,17,34,e7,32,51,7c,0e,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,17,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
0e,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,0c,01,00,00,00,00,00,\
00,00
"{375fb39b-08c6-40f2-bdf2-08fa63f970a2}"=hex:01,10,08,00,cc,cc,cc,cc,d8,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,9b,b3,5f,37,c6,08,f2,40,bd,f2,08,fa,63,f9,70,a2,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,18,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
0e,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,0c,01,00,00,00,00,00,\
00,00
"{2db25e6c-f07a-44f4-b6c8-50a330d2790b}"=hex:01,10,08,00,cc,cc,cc,cc,d8,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,6c,5e,b2,2d,7a,f0,f4,44,b6,c8,50,a3,30,d2,79,0b,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,19,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,0c,01,00,00,00,00,00,\
00,00
"{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}"=hex:01,10,08,00,cc,cc,cc,cc,d8,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,d6,1c,2f,c4,95,3a,e2,4a,a5,13,79,3c,3a,e6,10,c7,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1a,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,18,04,00,00,00,00,00,\
00,00
"{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}"=hex:01,10,08,00,cc,cc,cc,cc,d8,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,6b,ab,fd,b6,c6,dc,e3,43,99,ce,7a,ec,a6,50,63,a4,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1b,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,0c,01,00,00,00,00,00,\
00,00
"{3697a558-3ed3-49be-a4c1-c1a4448653b4}"=hex:01,10,08,00,cc,cc,cc,cc,d8,01,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,b8,01,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,b8,01,00,00,01,10,08,00,cc,cc,cc,cc,a8,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,58,a5,97,36,d3,3e,be,49,a4,c1,c1,a4,44,86,53,b4,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,66,dc,69,ba,76,51,79,49,9c,89,26,a7,\
b4,6a,83,27,01,00,00,00,01,00,00,00,00,00,00,00,03,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,\
7c,95,58,29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,dc,66,11,\
51,8c,7a,a7,4a,b5,33,95,ab,59,fb,03,40,00,00,00,00,03,00,00,00,03,00,00,00,\
01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,4a,a8,0c,08,00,00,00,03,\
00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,00,00,18,04,00,00,00,00,00,\
00,00
"{935b7f48-0ede-44dd-9bc2-e00bb635cda3}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,48,7f,5b,93,de,0e,dd,44,9b,c2,e0,0b,b6,35,cd,a3,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,24,cc,2a,\
a8,e1,4e,e1,4e,b4,65,fd,1d,25,cb,10,a4,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e7,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,\
e9,03,68,4a,a8,0c,08,00,00,00,03,00,00,00,03,00,00,00,00,00,0c,00,00,00,00,\
00,02,00,00,00,00,00,00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{941dad9d-7b1a-4354-997b-00cf1aa9b35c}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,9d,ad,1d,94,1a,7b,54,43,99,7b,00,cf,1a,a9,b3,5c,04,00,\
02,00,08,00,02,00,02,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,18,48,96,\
7b,c7,19,3a,49,b7,1f,83,2c,36,84,d2,8c,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,01,01,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,18,00,00,00,00,00,00,00,18,00,00,00,\
40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,35,00,00,00,18,00,\
00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,\
00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,\
35,00,30,00,36,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,\
00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,\
e9,03,68,4a,a8,0c,08,00,00,00,03,00,00,00,03,00,00,00,00,00,0c,00,00,00,00,\
00,02,00,00,00,00,00,00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{b02a4013-b6b5-4859-9168-1e3299e43b24}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,13,40,2a,b0,b5,b6,59,48,91,68,1e,32,99,e4,3b,24,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e9,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,\
4a,a8,0c,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,02,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{d870c96c-75ee-46a6-8a02-8e4401a73423}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,6c,c9,70,d8,ee,75,a6,46,8a,02,8e,44,01,a7,34,23,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,14,00,02,00,01,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ea,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,3b,e2,2c,63,67,51,5c,43,86,d7,e9,03,68,\
4a,a8,0c,08,00,00,00,03,00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,08,00,\
00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,ec,e2,50,8b,f0,7c,71,4b,b4,2e,5b,05,36,f6,ca,b8,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,eb,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,7c,95,58,\
29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,00,00,00,08,00,00,\
00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{4137b143-2770-43d4-91a2-55bb0a069830}"=hex:01,10,08,00,cc,cc,cc,cc,e0,02,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,58,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,58,01,00,00,01,10,08,00,cc,cc,cc,cc,48,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,43,b1,37,41,70,27,d4,43,91,a2,55,bb,0a,06,98,30,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ec,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,de,90,f9,89,98,e7,6d,4e,ab,76,7c,95,58,\
29,2e,6f,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,00,00,00,20,00,00,\
00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,\
00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,\
00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,\
00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,\
00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,\
dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,\
70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,\
b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,\
01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,\
6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,\
00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,\
00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,\
13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{3180114b-8338-4740-9a16-444134ad62f4}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,4b,11,80,31,38,83,40,47,9a,16,44,41,34,ad,62,f4,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ed,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,6c,7c,53,97,a3,d9,67,47,a3,81,e9,42,67,\
5c,d9,20,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,3b,e2,2c,63,67,51,\
5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,00,04,00,00,\
00,00,00,00,08,02,00,00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{17043d46-fac2-4561-bca1-0c7a05e95f5f}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,46,3d,04,17,c2,fa,61,45,bc,a1,0c,7a,05,e9,5f,5f,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ee,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,6c,7c,53,97,a3,d9,67,47,a3,81,e9,42,67,\
5c,d9,20,00,00,00,00,03,00,00,00,03,00,00,00,83,00,00,00,3b,e2,2c,63,67,51,\
5c,43,86,d7,e9,03,68,4a,a8,0c,06,00,00,00,03,00,00,00,03,00,00,00,04,00,00,\
00,00,00,00,20,08,00,00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{567d3836-3f5b-4067-b9c4-952f677010a2}"=hex:01,10,08,00,cc,cc,cc,cc,00,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,78,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,78,01,00,00,01,10,08,00,cc,cc,cc,cc,68,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,36,38,7d,56,5b,3f,67,40,b9,c4,95,2f,67,70,10,a2,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ef,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,02,00,00,00,2b,ef,71,39,3e,62,9a,4f,8c,b1,6e,79,b8,\
06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,00,3a,00,00,00,af,a1,1b,0c,65,57,\
3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,02,00,00,00,02,00,00,00,87,00,00,\
00,00,00,00,00,00,e0,00,10,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,\
00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,\
02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,\
00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,\
00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,\
84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,\
59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,\
02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,\
68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,\
50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,\
10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,\
0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,\
00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,\
04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\
01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00
"{4e718c57-c397-4221-9fbb-14fd51701d6a}"=hex:01,10,08,00,cc,cc,cc,cc,20,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,98,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,98,01,00,00,01,10,08,00,cc,cc,cc,cc,88,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,57,8c,71,4e,97,c3,21,42,9f,bb,14,fd,51,70,1d,6a,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,e7,9f,cd,\
e1,b5,f4,73,42,96,c0,59,2e,48,7b,86,50,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,03,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f0,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,2b,ef,71,39,3e,62,9a,4f,8c,b1,6e,79,b8,\
06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,00,11,00,00,00,af,a1,1b,0c,65,57,\
3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,02,00,00,00,02,00,00,00,44,00,00,\
00,4d,60,5a,c3,2b,d2,1a,4e,91,b4,68,f6,74,ee,67,4b,00,00,00,00,02,00,00,00,\
02,00,00,00,43,00,00,00,00,00,00,00,00,83,07,10,68,01,00,00,01,00,04,8c,50,\
01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,\
18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,\
00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,\
ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,\
ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,\
00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,\
56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,\
45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,\
06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,\
c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,\
00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,\
f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,\
3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,\
05,13,00,00,00
"{3a90a266-1519-4d23-911b-e84cd0f02ab8}"=hex:01,10,08,00,cc,cc,cc,cc,20,03,00,\
00,00,00,00,00,00,00,02,00,05,00,00,00,98,01,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,98,01,00,00,01,10,08,00,cc,cc,cc,cc,88,01,00,00,00,00,00,00,00,\
00,02,00,00,00,00,00,66,a2,90,3a,19,15,23,4d,91,1b,e8,4c,d0,f0,2a,b8,04,00,\
02,00,08,00,02,00,01,00,00,00,0c,00,02,00,08,00,00,00,10,00,02,00,97,2c,b4,\
a3,04,9f,72,46,b8,7e,ce,e9,c4,83,25,7f,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,\
08,ff,23,02,01,00,00,00,01,00,00,00,01,00,00,00,03,00,00,00,14,00,02,00,02,\
10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f1,00,01,00,00,00,00,\
00,04,00,00,00,04,00,00,00,18,00,02,00,1f,00,00,00,00,00,00,00,1f,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,20,00,55,00,6e,00,2d,\
00,71,00,75,00,61,00,72,00,61,00,6e,00,74,00,69,00,6e,00,65,00,20,00,66,00,\
69,00,6c,00,74,00,65,00,72,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,\
00,00,00,00,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,08,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,2b,ef,71,39,3e,62,9a,4f,8c,b1,6e,79,b8,\
06,b9,a7,00,00,00,00,01,00,00,00,01,00,00,00,11,00,00,00,af,a1,1b,0c,65,57,\
3f,45,af,22,a8,f7,91,ac,77,5b,00,00,00,00,02,00,00,00,02,00,00,00,22,02,00,\
00,4d,60,5a,c3,2b,d2,1a,4e,91,b4,68,f6,74,ee,67,4b,00,00,00,00,02,00,00,00,\
02,00,00,00,23,02,00,00,00,00,00,00,c0,e1,00,10,68,01,00,00,01,00,04,8c,50,\
01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,\
18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,\
00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,\
ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,\
ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,\
00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,\
56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,\
45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,\
06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,\
c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,\
00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,\
f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,\
3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,\
05,13,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Provider]
"{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}"=hex:01,10,08,00,cc,cc,cc,cc,f0,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,d0,00,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,d0,00,00,00,01,10,08,00,cc,cc,cc,cc,c0,00,00,00,00,00,00,00,00,\
00,02,00,ca,16,cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,18,00,00,00,00,00,00,\
00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,\
50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,31,\
00,00,00,18,00,00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,\
77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,33,00,35,00,30,00,32,00,00,00,07,00,00,00,00,00,00,00,07,00,00,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,00,00,00,00,00,00,00,00
"{4b153735-1049-4480-aab4-d1b9bdc03710}"=hex:01,10,08,00,cc,cc,cc,cc,f0,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,d0,00,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,d0,00,00,00,01,10,08,00,cc,cc,cc,cc,c0,00,00,00,00,00,00,00,00,\
00,02,00,35,37,15,4b,49,10,80,44,aa,b4,d1,b9,bd,c0,37,10,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,18,00,00,00,00,00,00,\
00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,\
50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,30,00,31,\
00,00,00,18,00,00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,\
77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,33,00,35,00,30,00,32,00,00,00,07,00,00,00,00,00,00,00,07,00,00,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,00,00,00,00,00,00,00,00
"{1bebc969-61a5-4732-a177-847a0817862a}"=hex:01,10,08,00,cc,cc,cc,cc,58,02,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,d0,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,d0,00,00,00,01,10,08,00,cc,cc,cc,cc,c0,00,00,00,00,00,00,00,00,\
00,02,00,69,c9,eb,1b,a5,61,32,47,a1,77,84,7a,08,17,86,2a,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,18,00,00,00,00,00,00,\
00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,6c,00,41,00,\
50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,00,32,00,31,\
00,00,00,18,00,00,00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,\
77,00,61,00,6c,00,6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,33,00,35,00,32,00,32,00,00,00,07,00,00,00,00,00,00,00,07,00,00,00,\
4d,00,50,00,53,00,53,00,56,00,43,00,00,00,00,00,68,01,00,00,01,00,04,8c,50,\
01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,\
18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,\
00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,\
ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,\
ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,\
00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,\
56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,\
45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,\
06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,\
c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,\
00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,\
f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,\
3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,\
05,13,00,00,00
"{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}"=hex:01,10,08,00,cc,cc,cc,cc,50,02,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,c8,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,c8,00,00,00,01,10,08,00,cc,cc,cc,cc,b8,00,00,00,00,00,00,00,00,\
00,02,00,87,7d,6a,aa,8f,7f,2a,4d,be,53,fd,a5,55,cd,5f,e3,04,00,02,00,08,00,\
02,00,01,00,00,00,00,00,00,00,00,00,00,00,0c,00,02,00,14,00,00,00,00,00,00,\
00,14,00,00,00,40,00,70,00,6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,\
64,00,6c,00,6c,00,2c,00,2d,00,35,00,30,00,31,00,33,00,00,00,14,00,00,00,00,\
00,00,00,14,00,00,00,40,00,70,00,6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,\
2e,00,64,00,6c,00,6c,00,2c,00,2d,00,35,00,30,00,31,00,34,00,00,00,0c,00,00,\
00,00,00,00,00,0c,00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,61,00,67,00,\
65,00,6e,00,74,00,00,00,68,01,00,00,01,00,04,8c,50,01,00,00,5c,01,00,00,00,\
00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,00,10,18,00,ff,07,0f,00,01,02,\
00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,10,18,00,ff,07,03,00,01,02,00,\
00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,57,a8,ae,0b,70,25,21,04,42,84,\
4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,\
9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,00,10,28,00,f4,03,02,\
00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,41,bb,45,ba,a8,7a,6c,bd,92,68,\
f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,\
00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,ff,1b,c4,5f,fd,d9,e0,4a,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,0a,d8,62,3a,d9,c6,0f,\
18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,28,00,f4,03,02,00,01,06,00,00,\
00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,b1,4a,3b,45,db,50,5b,43,27,04,\
58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,01,01,\
00,00,00,00,00,05,14,00,00,00,01,01,00,00,00,00,00,05,14,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\SubLayer]
"{b3cdd441-af90-41ba-a745-7c6008ff2300}"=hex:01,10,08,00,cc,cc,cc,cc,c0,00,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,a0,00,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,a0,00,00,00,01,10,08,00,cc,cc,cc,cc,90,00,00,00,00,00,00,00,00,\
00,02,00,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,08,ff,23,00,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,03,00,00,00,18,00,00,\
00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,\
6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,\
00,30,00,31,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,35,37,\
15,4b,49,10,80,44,aa,b4,d1,b9,bd,c0,37,10,00,00,00,00,00,00,00,00
"{b3cdd441-af90-41ba-a745-7c6008ff2301}"=hex:01,10,08,00,cc,cc,cc,cc,c0,00,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,a0,00,00,00,04,00,02,00,00,00,00,00,\
00,00,00,00,a0,00,00,00,01,10,08,00,cc,cc,cc,cc,90,00,00,00,00,00,00,00,00,\
00,02,00,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,08,ff,23,01,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,02,00,00,00,18,00,00,\
00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,\
6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,\
00,30,00,31,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,ca,16,\
cc,de,33,3f,46,43,be,1e,8f,b4,ae,0f,3d,62,00,00,00,00,00,00,00,00
"{b3cdd441-af90-41ba-a745-7c6008ff2302}"=hex:01,10,08,00,cc,cc,cc,cc,28,02,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,a0,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,a0,00,00,00,01,10,08,00,cc,cc,cc,cc,90,00,00,00,00,00,00,00,00,\
00,02,00,41,d4,cd,b3,90,af,ba,41,a7,45,7c,60,08,ff,23,02,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,04,00,00,00,18,00,00,\
00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,\
6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,\
00,30,00,31,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,35,37,\
15,4b,49,10,80,44,aa,b4,d1,b9,bd,c0,37,10,00,00,00,00,68,01,00,00,01,00,04,\
8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,\
00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,\
57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,\
42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,\
41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,\
ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,\
00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,\
28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,\
b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,\
00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,\
00,00,05,13,00,00,00
"{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}"=hex:01,10,08,00,cc,cc,cc,cc,28,02,00,\
00,00,00,00,00,00,00,02,00,02,00,00,00,a0,00,00,00,04,00,02,00,68,01,00,00,\
08,00,02,00,a0,00,00,00,01,10,08,00,cc,cc,cc,cc,90,00,00,00,00,00,00,00,00,\
00,02,00,13,00,a3,9b,4e,c8,e5,47,ac,6e,1e,1a,ed,72,fa,69,04,00,02,00,08,00,\
02,00,01,00,00,00,0c,00,02,00,00,00,00,00,00,00,00,00,01,a0,00,00,18,00,00,\
00,00,00,00,00,18,00,00,00,40,00,46,00,69,00,72,00,65,00,77,00,61,00,6c,00,\
6c,00,41,00,50,00,49,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,33,00,35,\
00,32,00,31,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,69,c9,\
eb,1b,a5,61,32,47,a1,77,84,7a,08,17,86,2a,00,00,00,00,68,01,00,00,01,00,04,\
8c,50,01,00,00,5c,01,00,00,00,00,00,00,14,00,00,00,02,00,3c,01,09,00,00,00,\
00,10,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
10,18,00,ff,07,03,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,10,\
28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,00,00,00,f1,41,10,b8,36,fc,4d,\
57,a8,ae,0b,70,25,21,04,42,84,4f,11,31,00,10,28,00,ff,07,03,00,01,06,00,00,\
00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,\
42,13,56,00,10,28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,44,3e,\
41,bb,45,ba,a8,7a,6c,bd,92,68,f4,ad,64,8f,d5,e6,70,e9,00,10,28,00,ff,07,03,\
00,01,06,00,00,00,00,00,05,50,00,00,00,79,09,78,b5,af,a1,ed,d8,54,5e,32,f4,\
ff,1b,c4,5f,fd,d9,e0,4a,00,10,28,00,ff,07,03,00,01,06,00,00,00,00,00,05,50,\
00,00,00,0a,d8,62,3a,d9,c6,0f,18,1b,65,b5,eb,d6,6d,2f,8b,78,83,39,5c,00,10,\
28,00,f4,03,02,00,01,06,00,00,00,00,00,05,50,00,00,00,6e,bf,1b,bb,45,ef,d2,\
b1,4a,3b,45,db,50,5b,43,27,04,58,d8,6b,00,10,14,00,50,00,00,00,01,01,00,00,\
00,00,00,01,00,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,\
00,00,05,13,00,00,00
rschou is offline  
Sponsored Links
Advertisement
 
Old 08-06-2012, 03:06 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello rschou. You're welcome. What are your plans for an antivirus? Need suggestions?

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-07-2012, 05:36 AM   #5
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Hi Chemist,

I have a copy of symantec AV that I believe I have one more install for that I'm going to put on his computer. I haven't installed it yet, but this computer is only turned on when I'm performing the tasks that you've requested. Should I try to install in now?

Also if I couldn't install that, I have usually used AVG or Avira's free software. Any other suggestions?

Here is the combo fix log, thanks again


ComboFix 12-08-07.02 - Ann 08/07/2012 4:16.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4028.2738 [GMT -7:00]
Running from: c:\users\Ann\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\@
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\L\[email protected]
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\L\201d3dde
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected]
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected]
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected]
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected]
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected]
c:\windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected]
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
Q:\AUTORUN.INF
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy2_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 11:20 . 2012-08-07 11:20 -------- d-----w- c:\users\Julian\AppData\Local\temp
2012-08-07 11:20 . 2012-08-07 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 18:04 . 2012-08-01 18:04 -------- d-----w- c:\users\Ann\AppData\Local\Diagnostics
2012-07-31 23:07 . 2012-07-31 23:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 23:07 . 2012-07-31 23:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 23:07 . 2012-07-31 23:07 -------- d-----w- c:\windows\system32\Macromed
2012-07-31 22:15 . 2012-07-31 22:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-31 22:15 . 2012-07-31 22:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-31 22:06 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-07-31 22:02 . 2012-07-31 22:02 -------- d-----w- c:\users\Ann\AppData\Roaming\Intel
2012-07-31 00:51 . 2012-07-31 00:51 -------- d-----w- c:\users\Ann\AppData\Local\Google
2012-07-30 23:01 . 2012-07-30 23:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 18:21 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6703DFF-2EFC-4BED-A75F-5DB518F0A1A2}\mpengine.dll
2012-07-18 17:04 . 2012-07-26 17:50 -------- d-----w- c:\users\Julian\AppData\Local\Microsoft Games
2012-07-18 01:58 . 2012-07-18 01:58 -------- d-----w- C:\ILLUSION
2012-07-18 01:58 . 2012-07-18 01:58 -------- d-----w- c:\users\Julian\AppData\Roaming\InstallShield
2012-07-18 01:52 . 2012-07-18 01:52 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-07-17 22:33 . 2012-07-17 22:33 -------- d-----w- c:\program files (x86)\CodeBlocks
2012-07-17 07:45 . 2012-07-30 19:43 -------- d-----w- c:\users\Julian\AppData\Roaming\codeblocks
2012-07-14 19:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 19:41 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-21 16:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:36 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 16:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-19 02:12 . 2012-05-19 02:12 2829 ----a-w- c:\windows\DiabUnin.pif
2012-05-19 02:12 . 2012-05-19 02:12 118784 ----a-w- c:\windows\DiabUnin.exe
2012-05-19 02:10 . 2012-05-19 02:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
.
c:\users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-5-3 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-08-24 164200]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-10-14 20480]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2012-05-03 31152]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-08-24 30320]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-06-16 23664]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-19 283200]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-11-24 127800]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 167040]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-06-22 295088]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-529901887-3296513088-2024936886-1000Core.job
- c:\users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 00:42]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-529901887-3296513088-2024936886-1000UA.job
- c:\users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 00:42]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-529901887-3296513088-2024936886-1003Core.job
- c:\users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 00:51]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-529901887-3296513088-2024936886-1003UA.job
- c:\users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 00:51]
.
2012-08-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2012-08-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"TpShocks"="TpShocks.exe" [2010-07-02 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF15036.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1} - c:\program files (x86)\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,74,32,48,b1,6e,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2012-08-07 04:25:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 11:25
.
Pre-Run: 43,290,316,800 bytes free
Post-Run: 43,159,580,672 bytes free
.
- - End Of File - - A29AA2872ED1560ED16FD35E52A189F3
rschou is offline  
Old 08-07-2012, 06:45 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rschou. How is the machine behaving?

If the machine is behaving OK, go ahead and install an antivirus.

Any of those antivirus programs will do.

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Right-click mbam-setup.exe and choose 'Run as administrator' to install it.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-07-2012, 12:49 PM   #7
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Hi,

Thanks for getting back to me so quickly. The system seems to be running better. I haven't had a redirect as of yet and it's allowed me to at least see the windows updates, but returned an error when trying to follow through with the updates. The error details are below:

---------------------
Windows Update error 80246008

You must be logged on as an administrator to perform these steps.

If you receive Windows Update error 80246008 while downloading updates, you might need to change the Background Intelligent Transfer Service (BITS) or Windows Event Log service settings, and then restart each service.
---------------------

I am logged on as a system administrator, so that shouldn't be the problem. I followed the troubleshooting that came up in how to change or restart BITS (going through admin tools > services). But when i entered the "services" tool I did not see BITS or its full name listed as they said it would be. So I'm a little stuck. I tried a reboot and then only updating optional updates and got the same error. So I still seem to be blocked from actually updating.

Another positive, is that windows defender is now enabled and operating (although i cannot update it because of my inability to do window's update).

I also received another request from adobe flash to perform an update.I thought I had the most up to date version (11.3) and it used to do this all the time and apparently is still doing this.

Aside from that I ran the Malwarebytes scan and no malicious items were detected. Here is the log:

------------------
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
Malwarebytes : Free anti-malware download

Database version: v2012.08.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ann :: PC-MAEROWITZ [administrator]

Protection: Enabled

8/7/2012 10:14:09 AM
mbam-log-2012-08-07 (10-14-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212657
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------

ESET Report

C:\Qoobox\Quarantine\C\Windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected] Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected] Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected] Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{1003a571-7b5a-e13b-5a2b-fa9915245a79}\U\[email protected] a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan
rschou is offline  
Old 08-07-2012, 02:11 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rschou. You're very welcome. Qoobox is ComboFix's quarantine folder. It will get deleted when we uninstall ComboFix.

Did you install an antivirus? If so, which one?

------------------------------------------------------

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your reply.
------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bits /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog /s
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-07-2012, 05:08 PM   #9
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



sorry there was a double post
rschou is offline  
Old 08-07-2012, 05:10 PM   #10
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



I forgot to install the AV last time through since I was in a rush. I just installed Symantec End Point Protection. It's up and running, but I haven't done a scan with it as you have not asked me to do that.

The new logs are below. Just to note, when I ran system look it took literally about 5 seconds before the log popped up. Only noting that because you mentioned it might take a while.

Farbar Service Scanner Version: 06-08-2012
Ran by Ann (administrator) on 07-08-2012 at 16:03:08
Running from "C:\Users\Ann\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

SystemLook 30.07.11 by jpshortstuff
Log created at 16:04 on 07/08/2012 by Ann
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bits]
"ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bits\Parameters]
"ServiceDll"="%systemroot%\system32\qmgr.dll"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
"ServiceMain"="ServiceMain"
"PlugPlayServiceType"= 0x0000000003 (3)
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
"DisplayName"="@%SystemRoot%\system32\wevtsvc.dll,-200"
"Group"="Event Log"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted"
"Description"="@%SystemRoot%\system32\wevtsvc.dll,-201"
"ObjectName"="NT AUTHORITY\LocalService"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"ServiceSidType"= 0x0000000001 (1)
"RequiredPrivileges"="SeChangeNotifyPrivilege SeImpersonatePrivilege"
"FailureActionsOnNonCrashFailures"= 0x0000000001 (1)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 ea 00 00 01 00 00 00 c0 d4 01 00 00 00 00 00 00 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application]
"DisplayNameFile"="%SystemRoot%\system32\wevtapi.dll"
"DisplayNameID"= 0x0000000100 (256)
"PrimaryModule"="Application"
"File"="%SystemRoot%\system32\winevt\Logs\Application.evtx"
"MaxSize"= 0x0001400000 (20971520)
"Retention"= 0x0000000000 (0)
"RestrictGuestAccess"= 0x0000000001 (1)
"AutoBackupLogFiles"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\.NET Runtime]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="C:\Windows\system32\mscoree.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\.NET Runtime Optimization Service]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="C:\Windows\system32\mscoree.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Application]
"CategoryCount"= 0x0000000007 (7)
"CategoryMessageFile"="%SystemRoot%\system32\wevtapi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Application Error]
"EventMessageFile"="%SystemRoot%\System32\wer.dll"
"TypesSupported"= 0x0000000007 (7)
"CategoryMessageFile"="%SystemRoot%\System32\wer.dll"
"CategoryCount"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Application Hang]
"EventMessageFile"="%SystemRoot%\System32\wersvc.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Application-Addon-Event-Provider]
"ProviderGuid"="{a83fa99f-c356-4ded-9fd6-5a5eb8546d68}"
"EventMessageFile"="%SystemRoot%\system32\ieframe.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\ASP.NET 2.0.50727.0]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll"
"CategoryCount"= 0x0000000005 (5)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\AutoEnrollment]
"ProviderGuid"="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\BurnNow]
"EventMessageFile"="C:\Program Files (x86)\Corel\Corel Burn.Now Lenovo Edition\EventMsg.dll"
"TypesSupported"= 0x0000000004 (4)
"CategoryMessageFile"="C:\Program Files (x86)\Corel\Corel Burn.Now Lenovo Edition\EventMsg.dll"
"CategoryCount"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\CardSpace 3.0.0.0]
"CategoryCount"= 0x0000000001 (1)
"CategoryMessageFile"="C:\Windows\System32\icardres.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll;C:\Windows\System32\icardres.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\CardSpace 4.0.0.0]
"CategoryCount"= 0x0000000001 (1)
"CategoryMessageFile"="icardres.dll.mui"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll;icardres.dll.mui"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\ccSvcHst]
"EventMessageFile"="C:\PROGRA~2\COMMON~1\SYMANT~1\rcSvcHst.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\CertCli]
"ProviderGuid"="{98BF1CD3-583E-4926-95EE-A61BF3F46470}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\CertEnroll]
"ProviderGuid"="{54164045-7C50-4905-963F-E5BC1EEF0CCA}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Chkdsk]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\ulib.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\COM]
"providerGuid"="{bf406804-6afa-46e7-8a48-6c357e1d6d61}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\COM+]
"providerGuid"="{0f177893-4a9c-4709-b921-f432d67f43d5}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Customer Experience Improvement Program]
"providerGuid"="{A402FE09-DA6E-45F2-82AF-3CB37170EE0C}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Desktop Window Manager]
"EventMessageFile"="%SystemRoot%\system32\dwm.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\DiskQuota]
"EventMessageFile"="%SystemRoot%\System32\dskquota.dll"
"TypesSupported"="0x00000007"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Dvd Maker]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%ProgramFiles%\DVD Maker\DVDMaker.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\ESENT]
"EventMessageFile"="%systemroot%\system32\esent.dll"
"CategoryMessageFile"="%systemroot%\system32\esent.dll"
"CategoryCount"= 0x0000000010 (16)
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\EventSystem]
"providerGuid"="{899daace-4868-4295-afcd-9eb8fb497561}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Folder Redirection]
"EventMessageFile"="%SystemRoot%\System32\fdeploy.dll"
"ProviderGuid"="{7D7B0C39-93F6-4100-BD96-4DDA859652C5}"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Group Policy]
"EventMessageFile"="%SystemRoot%\System32\gpapi.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Handwriting Recognition]
"TypesSupported"= 0x0000000007 (7)
"CategoryCount"= 0x0000000007 (7)
"CategoryMessageFile"="%CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll"
"EventMessageFile"="%CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Intel Control Center]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Intel(R) ME Application]
"MaxSize"= 0x0000080000 (524288)
"CategoryCount"= 0x0000000009 (9)
"CategoryMessageFile"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"EventMessageFile"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Interactive Services detection]
"EventMessageFile"="%SystemRoot%\System32\UI0Detect.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\LiveUpdate]
"EventMessageFile"="ResLuComServer_3_3.DLL"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\LMS]
"EventMessageFile"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\LoadPerf]
"ProviderGuid"="{122EE297-BB47-41AE-B265-1CA8D1886D40}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\LocationNotifications]
"ProviderGuid"="{5b93cdfa-5f51-45e0-9fde-296983129e6c}"
"EventMessageFile"="%SystemRoot%\System32\LocationNotifications.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\MEProv]
"MaxSize"= 0x0000080000 (524288)
"CategoryCount"= 0x0000000002 (2)
"CategoryMessageFile"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\MeProv.dll"
"EventMessageFile"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\MeProv.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft Fax]
"publisherGuid"="{9F8639E0-9EEF-4125-9B1C-86109BDD8289}"
"TypesSupported"= 0x0000000007 (7)
"CategoryCount"= 0x0000000004 (4)
"CategoryMessageFile"="%systemroot%\system32\fxsevent.dll"
"EventMessageFile"="%systemroot%\system32\fxsevent.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-Application-Experience]
"ProviderGuid"="{eef54e71-0661-422d-9a98-82fd4940b820}"
"EventMessageFile"="%SystemRoot%\system32\aeevts.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure]
"ProviderGuid"="{5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a}"
"EventMessageFile"="%SystemRoot%\system32\apphelp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-Audio]
"ProviderGuid"="{ae4bd3be-f36f-45b6-8d21-bdd6fb832853}"
"EventMessageFile"="%SystemRoot%\System32\audioses.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-AxInstallService]
"ProviderGuid"="{dab3b18c-3c0f-43e8-80b1-e44bc0dad901}"
"EventMessageFile"="%SystemRoot%\System32\AxInstSv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-Backup]
"ProviderGuid"="{1db28f2e-8f80-4027-8c5a-a11f7f10f62d}"
"EventMessageFile"="%windir%\system32\BlbEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-CAPI2]
"ProviderGuid"="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}"
"EventMessageFile"="%SystemRoot%\System32\crypt32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-CertificateServicesClient]
"ProviderGuid"="{73370bd6-85e5-430b-b60a-fea1285808a7}"
"EventMessageFile"="%SystemRoot%\system32\dimsjob.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-AutoEnrollment]
"ProviderGuid"="{f0db7ef8-b6f3-4005-9937-feb77b9e1b43}"
"EventMessageFile"="%SystemRoot%\system32\pautoenr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-CertEnroll]
"ProviderGuid"="{54164045-7c50-4905-963f-e5bc1eef0cca}"
"EventMessageFile"="%SystemRoot%\system32\certenroll.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-CredentialRoaming]
"ProviderGuid"="{89a2278b-c662-4aff-a06c-46ad3f220bca}"
"EventMessageFile"="%SystemRoot%\system32\dimsroam.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli]
"ProviderGuid"="{98bf1cd3-583e-4926-95ee-a61bf3f46470}"
"EventMessageFile"="%SystemRoot%\system32\certcli.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-Crypto-RNG]
"providerGuid"="{54d5ac20-e14f-4fda-92da-ebf7556ff176}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-Defrag]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%systemroot%\system32\defragsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-DirectShow-Core]
"ProviderGuid"="{968f313b-097f-4e09-9cdd-bc62692d138b}"
"EventMessageFile"="%SystemRoot%\system32\quartz.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-DirectShow-KernelSupport]
"ProviderGuid"="{3cc2d4af-da5e-4ed4-bcbe-3cf995940483}"
"EventMessageFile"="ksproxy.ax"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-EapHost]
"ProviderGuid"="{6eb8db94-fe96-443f-a366-5fe0cee7fb1c}"
"EventMessageFile"="%systemroot%\system32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-EFS]
"ProviderGuid"="{3663a992-84be-40ea-bba9-90c7ed544222}"
"EventMessageFile"="%SystemRoot%\system32\efscore.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-EventCollector]
"ProviderGuid"="{b977cf02-76f6-df84-cc1a-6a4b232322b6}"
"EventMessageFile"="%SystemRoot%\system32\wecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-Folder Redirection]
"ProviderGuid"="{7d7b0c39-93f6-4100-bd96-4dda859652c5}"
"EventMessageFile"="%SystemRoot%\System32\fdeploy.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-LoadPerf]
"ProviderGuid"="{122ee297-bb47-41ae-b265-1ca8d1886d40}"
"EventMessageFile"="%SystemRoot%\system32\loadperf.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-PerfCtrs]
"ProviderGuid"="{973143dd-f3c7-4ef5-b156-544ac38c39b6}"
"EventMessageFile"="%SystemRoot%\system32\perfctrs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-PerfNet]
"ProviderGuid"="{cab2b8a5-49b9-4eec-b1b0-fac21da05a3b}"
"EventMessageFile"="%SystemRoot%\system32\perfnet.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-PerfOS]
"ProviderGuid"="{f82fb576-e941-4956-a2c7-a0cf83f6450a}"
"EventMessageFile"="%SystemRoot%\system32\perfos.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-PerfProc]
"ProviderGuid"="{72d211e1-4c54-4a93-9520-4901681b2271}"
"EventMessageFile"="%SystemRoot%\system32\perfproc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-propsys]
"ProviderGuid"="{9485FA1E-23CD-49A1-84E3-11D8BC550CB7}"
"EventMessageFile"="%SystemRoot%\system32\propsys.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-RemoteApp and Desktop Connections]
"ProviderGuid"="{1b8b402d-78dc-46fb-bf71-46e64aedf165}"
"EventMessageFile"="%SystemRoot%\system32\TSWorkspace.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-RemoteAssistance]
"ProviderGuid"="{5b0a651a-8807-45cc-9656-7579815b6af0}"
"EventMessageFile"="%systemroot%\system32\msra.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-RestartManager]
"ProviderGuid"="{0888e5ef-9b98-4695-979d-e92ce4247224}"
"EventMessageFile"="%SystemRoot%\System32\RstrtMgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-RPC-Events]
"ProviderGuid"="{f4aed7c7-a898-4627-b053-44a7caa12fcd}"
"EventMessageFile"="%SystemRoot%\system32\rpcrt4.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies]
"ProviderGuid"="{7d29d58a-931a-40ac-8743-48c733045548}"
"EventMessageFile"="%SystemRoot%\system32\advapi32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-TerminalServices-ClientActiveXCore]
"ProviderGuid"="{28aa95bb-d444-4719-a36f-40462168127e}"
"EventMessageFile"="%SystemRoot%\system32\mstscax.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-User Profiles General]
"ProviderGuid"="{db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770}"
"EventMessageFile"="%SystemRoot%\System32\userenv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-User Profiles Service]
"ProviderGuid"="{89b1e9f0-5aff-44a6-9b44-0a07a7ce5845}"
"EventMessageFile"="%SystemRoot%\System32\profsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-Video-For-Windows]
"ProviderGuid"="{712abb2d-d806-4b42-9682-26da01d8b307}"
"EventMessageFile"="%SystemRoot%\system32\mciavi32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-WBioSrvc]
"providerGuid"="{A0E3D8EA-C34F-4419-A1DB-90435B8B21D0}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool]
"ProviderGuid"="{11a75546-3234-465e-bec8-2d301cb501ac}"
"EventMessageFile"="%SystemRoot%\system32\WINSAT.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-Winsrv]
"ProviderGuid"="{9d55b53d-449b-4824-a637-24f9d69aa02f}"
"EventMessageFile"="%SystemRoot%\system32\winsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft-Windows-XWizards]
"ProviderGuid"="{777ba8fe-2498-4875-933a-3067de883070}"
"EventMessageFile"="%windir%\system32\xwizards.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0]
"CategoryCount"= 0x000000000e (14)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Microsoft.Transactions.Bridge 4.0.0.0]
"CategoryCount"= 0x000000000f (15)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\MSDTC]
"providerGuid"="{719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\MSDTC 2]
"providerGuid"="{5D9E0020-3761-4f36-90C8-38CE6511BD12}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\MSDTC Client]
"providerGuid"="{7A67066E-193F-4D3A-82D3-322FEE5259DE}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\MSDTC Client 2]
"providerGuid"="{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\MsiInstaller]
"EventMessageFile"="C:\Windows\system32\msimsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\PC-Doctor]
"EventMessageFile"="C:\Program Files\PC-Doctor\LoggerMessage.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\PDH]
"ProviderGuid"="{04D66358-C4A1-419B-8023-23B73902DE2C}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\PerfCtrs]
"ProviderGuid"="{973143DD-F3C7-4EF5-B156-544AC38C39B6}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\PerfDisk]
"ProviderGuid"="{7F9D83DE-8ABB-457F-98E8-4AD161449ECC}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Perflib]
"ProviderGuid"="{13B197BD-7CEE-4B4E-8DD0-59314CE374CE}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\PerfNet]
"ProviderGuid"="{CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\PerfOs]
"ProviderGuid"="{F82FB576-E941-4956-A2C7-A0CF83F6450A}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\PerfProc]
"ProviderGuid"="{72D211E1-4C54-4A93-9520-4901681B2271}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Process Exit Monitor]
"providerGuid"="{FD771D53-8492-4057-8E35-8C02813AF49B}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Profsvc]
"EventMessageFile"="%SystemRoot%\System32\profsvc.dll"
"TypesSupported"= 0x0000000007 (7)
"ProviderGuid"="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\RasClient]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SceCli]
"EventMessageFile"="%SystemRoot%\System32\scecli.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SceSrv]
"EventMessageFile"="%SystemRoot%\System32\scesrv.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SecurityCenter]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\ServiceModel Audit 3.0.0.0]
"TypesSupported"= 0x000000001f (31)
"CategoryCount"= 0x0000000002 (2)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\ServiceModel Audit 4.0.0.0]
"TypesSupported"= 0x000000001f (31)
"CategoryCount"= 0x0000000002 (2)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SescLU]
"EventMessageFile"="C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe"
"TypesSupported"= 0x0000000007 (7)
"CategoryMessageFile"="C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe"
"CategoryCount"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SideBySide]
"EventMessageFile"="%SystemRoot%\System32\sxs.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SkypeUpdate]
"EventMessageFile"="C:\Program Files (x86)\Skype\Updater\Updater.exe"
"CategoryMessageFile"="C:\Program Files (x86)\Skype\Updater\Updater.exe"
"CategoryCount"= 0x0000000002 (2)
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SNL HiveManager]
"EventMessageFile"=""
"TypesSupported"= 0x0000000007 (7)
"CategoryMessageFile"=""
"CategoryCount"= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Software Protection Platform Service]
"EventMessageFile"="%windir%\system32\sppsvc.exe"
"TypesSupported"= 0x0000000007 (7)
"ProviderGuid"="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SPP]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%systemroot%\system32\sxproxy.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Spybot - Search & Destroy 2]
"EventMessageFile"="SDEvents.dll"
"TypesSupported"= 0x0000000007 (7)
"CategoryMessageFile"="SDEvents.dll"
"CategoryCount"= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Standard TCP/IP Port]
"ProviderGuid"="{CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Steam Client Service]
"EventMessageFile"="C:\Program Files (x86)\Common Files\Steam\SteamService.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SurfaceAppSetup]
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\SUService]
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Symantec AntiVirus]
"EventMessageFile"="C:\PROGRA~2\Symantec\SYMANT~1\res\1033\PScanRes.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System Restore]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%systemroot%\system32\srcore.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System.IdentityModel 3.0.0.0]
"CategoryCount"= 0x000000000e (14)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System.IdentityModel 4.0.0.0]
"CategoryCount"= 0x000000000f (15)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System.IO.Log 3.0.0.0]
"CategoryCount"= 0x000000000e (14)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System.IO.Log 4.0.0.0]
"CategoryCount"= 0x000000000f (15)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System.Runtime.Serialization 3.0.0.0]
"CategoryCount"= 0x000000000e (14)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System.Runtime.Serialization 4.0.0.0]
"CategoryCount"= 0x000000000f (15)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System.ServiceModel 3.0.0.0]
"CategoryCount"= 0x000000000e (14)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\System.ServiceModel 4.0.0.0]
"CategoryCount"= 0x000000000f (15)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\UNS]
"MaxSize"= 0x0000080000 (524288)
"CategoryCount"= 0x0000000009 (9)
"CategoryMessageFile"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"EventMessageFile"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\usbperf]
"EventMessageFile"="%SystemRoot%\system32\usbperf.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Userenv]
"EventMessageFile"="%SystemRoot%\System32\userenv.dll"
"TypesSupported"= 0x0000000007 (7)
"ProviderGuid"="{DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\VBRuntime]
"EventMessageFile"="C:\Windows\SysWOW64\msvbvm60.dll"
"TypesSupported"= 0x0000000004 (4)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\VSS]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\VSSVC.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\VSSetup]
"EventMessageFile"="C:\3210de1a0e002d567a1b58\DW\DW20.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\WerSvc]
"EventMessageFile"="%SystemRoot%\System32\wersvc.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Windows Activation Technologies]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\system32\Wat\WatUX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Windows Backup]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%systemroot%\system32\sdengin2.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Windows Error Reporting]
"EventMessageFile"="%SystemRoot%\System32\wer.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Windows Search Service]
"ProviderGuid"="{CA4E628D-8567-4896-AB6B-835B221F373F}"
"TypesSupported"= 0x0000000007 (7)
"CategoryCount"= 0x0000000007 (7)
"CategoryMessageFile"="%systemroot%\system32\tquery.dll"
"EventMessageFile"="%systemroot%\system32\tquery.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Windows Search Service Profile Notification]
"ProviderGuid"="{FC6F77DD-769A-470E-BCF9-1B6555A118BE}"
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\system32\wsepno.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Wininit]
"EventMessageFile"="%SystemRoot%\System32\wininit.exe"
"TypesSupported"= 0x0000000007 (7)
"providerGuid"="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Winlogon]
"EventMessageFile"="%SystemRoot%\System32\winlogon.exe"
"TypesSupported"= 0x0000000007 (7)
"providerGuid"="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\WinMgmt]
"ProviderGuid"="{1edeee53-0afe-4609-b846-d8c0b2075b1f}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Wlclntfy]
"EventMessageFile"="%SystemRoot%\System32\winlogon.exe"
"TypesSupported"= 0x0000000007 (7)
"providerGuid"="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\WMI.NET Provider Extension]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Wow64 Emulation Layer]
"EventMessageFile"="%SystemRoot%\System32\ntvdm64.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\WSH]
"EventMessageFile"="%SystemRoot%\System32\wshext.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\HardwareEvents]
"File"="%systemroot%\system32\winevt\logs\HardwareEvents.evtx"
"MaxSize"= 0x0001400000 (20971520)
"Retention"= 0x0000000000 (0)
"DisplayNameFile"="%SystemRoot%\system32\wecsvc.dll"
"DisplayNameID"= 0x0000000100 (256)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Internet Explorer]
"CustomSD"="O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Key Management Service]
"MaxSize"= 0x0001400000 (20971520)
"Retention"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Key Management Service\KmsRequests]
"EventMessageFile"="%windir%\system32\sppsvc.exe"
"TypesSupported"= 0x0000000007 (7)
"ProviderGuid"="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Lenovo-Lenovo Patch Utility/Admin]
"MaxSize"= 0x0000080000 (524288)
"AutoBackupLogFiles"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Lenovo-Lenovo Patch Utility/Admin\Lenovo Patch Utility]
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Lenovo-Lenovo Patch Utility/Admin\Lenovo-Lenovo Patch Utility/Admin]
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Lenovo-Message Center Plus/Admin]
"MaxSize"= 0x0000080000 (524288)
"AutoBackupLogFiles"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Lenovo-Message Center Plus/Admin\Lenovo-Message Center Plus/Admin]
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center]
"MaxSize"= 0x0000800000 (8388608)
"File"="%SystemRoot%\System32\winevt\Logs\Media Center.evtx"
"Retention"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center\ehExtHost]
"EventMessageFile"="%SystemRoot%\ehome\ehepgres.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center\ehRecvr]
"EventMessageFile"="%SystemRoot%\ehome\ehRecvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center\ehSched]
"EventMessageFile"="%SystemRoot%\ehome\ehSched.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center\ehshell]
"EventMessageFile"="%SystemRoot%\ehome\ehepgres.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center\mcstore]
"EventMessageFile"="%SystemRoot%\ehome\ehepgres.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center\MCUpdate]
"EventMessageFile"="%SystemRoot%\ehome\ehepgres.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center\Recording]
"EventMessageFile"="%SystemRoot%\ehome\ehepgres.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security]
"DisplayNameFile"="%SystemRoot%\system32\wevtapi.dll"
"DisplayNameID"= 0x0000000101 (257)
"Isolation"= 0x0000000002 (2)
"PrimaryModule"="Security"
"File"="%SystemRoot%\System32\winevt\Logs\Security.evtx"
"MaxSize"= 0x0001400000 (20971520)
"Retention"= 0x0000000000 (0)
"Security"=01 00 14 80 8c 00 00 00 98 00 00 00 14 00 00 00 44 00 00 00 02 00 30 00 02 00 00 00 02 40 14 00 72 01 0d 00 01 01 00 00 00 00 00 01 00 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 48 00 03 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)
"RestrictGuestAccess"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\DS]
"ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\DS\ObjectNames]
"Directory Service Object"= 0x0000001e00 (7680)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\LSA]
"ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\LSA\ObjectNames]
"PolicyObject"= 0x0000001600 (5632)
"SecretObject"= 0x0000001610 (5648)
"TrustedDomainObject"= 0x0000001620 (5664)
"UserAccountObject"= 0x0000001630 (5680)
"AdtSecurity"= 0x0000001f00 (7936)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Microsoft-Windows-Eventlog]
"ProviderGuid"="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}"
"EventMessageFile"="%SystemRoot%\System32\wevtsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Microsoft-Windows-Security-Auditing]
"ProviderGuid"="{54849625-5478-4994-a5ba-3e3b0328c30d}"
"EventMessageFile"="%SystemRoot%\system32\adtschema.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\SC Manager]
"ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\SC Manager\ObjectNames]
"SC_MANAGER Object"= 0x0000001c00 (7168)
"SERVICE Object"= 0x0000001c10 (7184)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Security]
"CategoryCount"= 0x0000000009 (9)
"CategoryMessageFile"="%SystemRoot%\System32\MsAuditE.dll"
"EventMessageFile"="%SystemRoot%\System32\MsAuditE.dll"
"ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll"
"TypesSupported"= 0x000000001c (28)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Security\ObjectNames]
"Channel"= 0x0000001400 (5120)
"Desktop"= 0x0000001a10 (6672)
"Device"= 0x0000001100 (4352)
"Directory"= 0x0000001110 (4368)
"Event"= 0x0000001120 (4384)
"EventPair"= 0x0000001130 (4400)
"File"= 0x0000001140 (4416)
"IoCompletion"= 0x0000001300 (4864)
"Job"= 0x0000001410 (5136)
"Key"= 0x0000001150 (4432)
"KeyedEvent"= 0x0000001640 (5696)
"MailSlot"= 0x0000001140 (4416)
"Mutant"= 0x0000001160 (4448)
"NamedPipe"= 0x0000001140 (4416)
"Port"= 0x0000001170 (4464)
"Process"= 0x0000001180 (4480)
"Profile"= 0x0000001190 (4496)
"Section"= 0x00000011a0 (4512)
"Semaphore"= 0x00000011b0 (4528)
"SymbolicLink"= 0x00000011c0 (4544)
"Thread"= 0x00000011d0 (4560)
"Timer"= 0x00000011e0 (4576)
"Token"= 0x00000011f0 (4592)
"Type"= 0x0000001200 (4608)
"WaitablePort"= 0x0000001170 (4464)
"ALPC Port"= 0x0000001170 (4464)
"WindowStation"= 0x0000001a00 (6656)
"WMI Namespace"= 0x0000004200 (16896)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Security Account Manager]
"ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Security Account Manager\ObjectNames]
"SAM_ALIAS"= 0x0000001530 (5424)
"SAM_DOMAIN"= 0x0000001510 (5392)
"SAM_GROUP"= 0x0000001520 (5408)
"SAM_SERVER"= 0x0000001500 (5376)
"SAM_USER"= 0x0000001540 (5440)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\ServiceModel 3.0.0.0]
"ParameterMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"
"TypesSupported"= 0x000000001f (31)
"CategoryCount"= 0x0000000003 (3)
"CategoryMessageFile"="%SystemRoot%\System32\MsAuditE.dll"
"EventSourceFlags"= 0x0000000001 (1)
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\ServiceModel 4.0.0.0]
"TypesSupported"= 0x000000001f (31)
"CategoryMessageFile"="%SystemRoot%\System32\MsAuditE.dll"
"CategoryCount"= 0x0000000003 (3)
"ParameterMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventSourceFlags"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Spooler]
"ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Spooler\ObjectNames]
"Document"= 0x0000001b20 (6944)
"Printer"= 0x0000001b10 (6928)
"Server"= 0x0000001b00 (6912)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\TCP/IP]
"ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\TCP/IP\ObjectNames]
"InternetPort"= 0x0000001f80 (8064)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\VSSAudit]
"EventMessageFile"="%SystemRoot%\System32\VSSVC.EXE"
"EventSourceFlags"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System]
"DisplayNameFile"="%SystemRoot%\system32\wevtapi.dll"
"DisplayNameID"= 0x0000000102 (258)
"PrimaryModule"="System"
"File"="%SystemRoot%\system32\winevt\Logs\System.evtx"
"MaxSize"= 0x0001400000 (20971520)
"Retention"= 0x0000000000 (0)
"RestrictGuestAccess"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\ACPI]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\adp94xx]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\adpahci]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\adpu320]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\AeLookupSvc]
"EventMessageFile"="%SystemRoot%\System32\aelupsvc.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\AmdK8]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk8.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\AmdPPM]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdppm.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\amdsata]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\amdsbs]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\amdxata]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Application Popup]
"EventMessageFile"="%SystemRoot%\System32\ntdll.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\arc]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\arcsas]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\AsyncMac]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\atapi]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\b06bdrv]
"eventmessagefile"="%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\bxvbda.sys"
"typessupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\b57nd60a]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\b57nd60a.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\beep]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Bowser]
"EventMessageFile"="%systemroot%\system32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Browser]
"EventMessageFile"="%systemroot%\system32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\BthEnum]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\BTHPORT]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\BTHUSB]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys;%SystemRoot%\System32\Drivers\BthUsb.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\BugCheck]
"providerGuid"="{ABCE23E7-DE45-4366-8631-84FA6C525952}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\cdrom]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\DCOM]
"providerGuid"="{1B562E86-B7AA-4131-BADC-B6F3A001407E}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\DfsSvc]
"ProviderGuid"="{7DA4FE0E-FD42-4708-9AA5-89B77A224885}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Dhcp]
"providerGuid"="{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}"
"EventMessageFile"="%SystemRoot%\System32\dhcpcore.dll"
"ParameterMessageFile"="%SystemRoot%\System32\kernel32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Dhcpv6]
"providerGuid"="{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}"
"EventMessageFile"="%SystemRoot%\system32\dhcpcore6.dll"
"ParameterMessageFile"="%SystemRoot%\system32\kernelbase.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Dhcp_QEC]
"EventMessageFile"="%Systemroot%\System32\dhcpqec.dll"
"ParameterMessageFile"="%Systemroot%\System32\dhcpqec.dll"
"TypesSupported"= 0x000000001f (31)
"providerGuid"="{F6DA35CE-D312-41C8-9828-5A2E173C91B6}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\disk]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Display]
"EventMessageFile"="%SystemRoot%\System32\DispCI.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Dnsapi]
"ParameterMessageFile"="%Systemroot%\system32\kernel32.dll"
"EventMessageFile"="%Systemroot%\system32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Dnscache]
"ParameterMessageFile"="%Systemroot%\system32\kernel32.dll"
"EventMessageFile"="%Systemroot%\system32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\e1kexpress]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\e1k62x64.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\ebdrv]
"eventmessagefile"="%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\evbda.sys"
"typessupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\elxstor]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\eventlog]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\exFAT]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\FltMgr]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\drivers\fltmgr.sys;%SystemRoot%\System32\IoLogMsg.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\fvevol]
"ProviderGuid"="{651DF93B-5053-4D1E-94C5-F6E6D25908D0}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\HECIx64]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\HECIx64.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\HidBth]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidbth.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\HpSAMD]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Http]
"ProviderGuid"="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\i8042prt]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\iaStor]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStor.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\iaStorV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorV.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\IBMPMDRV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ibmpmdrv.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\IBMPMSVC]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\ibmpmsvc.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\iirsp]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\intelppm]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\intelppm.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\IPMGM]
"providerGuid"="{29D13147-1C2E-48EC-9994-E29DFE496EB3}"
"EventMessageFile"="%SystemRoot%\System32\rtm.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\IPMIDRV]
"EventMessageFile"="%SystemRoot%\System32\drivers\ipmidrv.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\IPNATHLP]
"providerGuid"="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\IPRouterManager]
"providerGuid"="{F2C628AE-D26C-4352-9C45-74754E1E2F9F}"
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\isapnp]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\iScsiPrt]
"EventMessageFile"="%SystemRoot%\System32\iscsilog.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\kbdclass]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\kbdhid]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Kerberos]
"EventMessageFile"="%SystemRoot%\System32\kerberos.dll"
"TypesSupported"= 0x0000000007 (7)
"ProviderGuid"="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\LenovoRd]
"EventMessageFile"="%SystemRoot%\system32\drivers\LenovoRd.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\lltdio]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\LmHosts]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\LsaSrv]
"ProviderGuid"="{199fe037-2b82-40a9-82ac-e1d46c792b99}"
"EventMessageFile"="%windir%\System32\lsasrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\LSI_FC]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\LSI_SAS]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\LSI_SAS2]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\LSI_SCSI]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\LSM]
"EventMessageFile"="%SystemRoot%\system32\lsm.exe"
"TypesSupported"= 0x0000000007 (7)
"providerGuid"="{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\megasas]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\MegaSR]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Application-Experience]
"ProviderGuid"="{eef54e71-0661-422d-9a98-82fd4940b820}"
"EventMessageFile"="%SystemRoot%\system32\aeevts.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-BitLocker-API]
"ProviderGuid"="{5d674230-ca9f-11da-a94d-0800200c9a66}"
"EventMessageFile"="%SystemRoot%\system32\fveapi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-BitLocker-Driver]
"ProviderGuid"="{651df93b-5053-4d1e-94c5-f6e6d25908d0}"
"EventMessageFile"="%SystemRoot%\system32\drivers\fvevol.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Bits-Client]
"ProviderGuid"="{ef1cc15b-46c1-414e-bb95-e76b077bd51e}"
"EventMessageFile"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client]
"ProviderGuid"="{ba093605-3909-4345-990b-26b746adee0a}"
"EventMessageFile"="%SystemRoot%\system32\cofiredm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server]
"ProviderGuid"="{d6f68875-cdf5-43a5-a3e3-53ffd683311c}"
"EventMessageFile"="%SystemRoot%\system32\cofiredm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-DfsSvc]
"ProviderGuid"="{7da4fe0e-fd42-4708-9aa5-89b77a224885}"
"EventMessageFile"="%SystemRoot%\system32\netevent.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Dhcp-Client]
"ProviderGuid"="{15a7a4f8-0072-4eab-abad-f98a4d666aed}"
"EventMessageFile"="%SystemRoot%\system32\dhcpcore.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client]
"ProviderGuid"="{f6da35ce-d312-41c8-9828-5a2e173c91b6}"
"EventMessageFile"="%Systemroot%\system32\dhcpqec.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-DHCPv6-Client]
"ProviderGuid"="{6a1f2b00-6a90-4c38-95a5-5cab3b056778}"
"EventMessageFile"="%systemroot%\system32\dhcpcore6.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Diagnostics-Networking]
"ProviderGuid"="{36c23e18-0e66-11d9-bbeb-505054503030}"
"EventMessageFile"="%windir%\system32\netdiagfx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Directory-Services-SAM]
"ProviderGuid"="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}"
"EventMessageFile"="%SystemRoot%\System32\samsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-DiskDiagnostic]
"ProviderGuid"="{e670a5a2-ce74-4ab4-9347-61b815319f4c}"
"EventMessageFile"="%windir%\system32\dfdts.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-DNS-Client]
"ProviderGuid"="{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}"
"EventMessageFile"="%SystemRoot%\system32\dnsapi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode]
"ProviderGuid"="{2e35aaeb-857f-4beb-a418-2e6c0e54d988}"
"EventMessageFile"="%SystemRoot%\system32\WUDFPlatform.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorCertDrv]
"ProviderGuid"="{bd2d1dae-d678-4e10-9667-21cba2aa70c3}"
"EventMessageFile"="%SystemRoot%\System32\EhStorAuthn.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-EventCollector]
"ProviderGuid"="{b977cf02-76f6-df84-cc1a-6a4b232322b6}"
"EventMessageFile"="%SystemRoot%\system32\wecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Eventlog]
"ProviderGuid"="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}"
"EventMessageFile"="%SystemRoot%\System32\wevtsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap]
"ProviderGuid"="{6b93bf66-a922-4c11-a617-cf60d95c133d}"
"EventMessageFile"="%SystemRoot%\system32\fthsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-FilterManager]
"ProviderGuid"="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}"
"EventMessageFile"="%SystemRoot%\system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Firewall]
"ProviderGuid"="{e595f735-b42a-494b-afcd-b68666945cd3}"
"EventMessageFile"="%SystemRoot%\system32\mpssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-FMS]
"ProviderGuid"="{dea07764-0790-44de-b9c4-49677b17174f}"
"EventMessageFile"="%SystemRoot%\system32\fms.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-FunctionDiscoveryHost]
"ProviderGuid"="{538cbbad-4877-4eb2-b26e-7caee8f0f8cb}"
"EventMessageFile"="%SystemRoot%\system32\fdphost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-GroupPolicy]
"ProviderGuid"="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}"
"EventMessageFile"="%systemroot%\system32\gpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-HAL]
"ProviderGuid"="{63d1e632-95cc-4443-9312-af927761d52a}"
"EventMessageFile"="%systemroot%\system32\microsoft-windows-hal-events.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-HttpEvent]
"ProviderGuid"="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}"
"EventMessageFile"="%SystemRoot%\system32\drivers\HTTP.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-IPBusEnum]
"ProviderGuid"="{cd032e15-15ad-4da4-afc6-03bf83516195}"
"EventMessageFile"="%systemroot%\system32\ipbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Iphlpsvc]
"ProviderGuid"="{66a5c15c-4f8e-4044-bf6e-71d896038977}"
"EventMessageFile"="%windir%\system32\iphlpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Kernel-Boot]
"ProviderGuid"="{15ca44ff-4d7a-4baa-bba5-0998955e531e}"
"EventMessageFile"="%SystemRoot%\system32\advapi32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Kernel-General]
"ProviderGuid"="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}"
"EventMessageFile"="%SystemRoot%\system32\advapi32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Kernel-PnP]
"ProviderGuid"="{9c205a39-1250-487d-abd7-e831c6290539}"
"EventMessageFile"="%SystemRoot%\system32\advapi32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Kernel-Power]
"ProviderGuid"="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}"
"EventMessageFile"="%systemroot%\system32\microsoft-windows-kernel-power-events.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Kernel-Processor-Power]
"ProviderGuid"="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}"
"EventMessageFile"="%systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Kernel-Tm]
"ProviderGuid"="{4cec9c95-a65f-4591-b5c4-30100e51d870}"
"EventMessageFile"="%SystemRoot%\system32\ktmw32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Kernel-WHEA]
"ProviderGuid"="{7b563579-53c8-44e7-8236-0f87b9fe6594}"
"EventMessageFile"="%SystemRoot%\system32\PSHED.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-LanguagePackSetup]
"ProviderGuid"="{7237fff9-a08a-4804-9c79-4a8704b70b87}"
"EventMessageFile"="%SystemRoot%\system32\lpksetup.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results]
"ProviderGuid"="{5f92bc59-248f-4111-86a9-e393e12c6139}"
"EventMessageFile"="%SystemRoot%\System32\relpost.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule]
"ProviderGuid"="{73e9c9de-a148-41f7-b1db-4da051fdc327}"
"EventMessageFile"="%SystemRoot%\System32\mdsched.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Power-Troubleshooter]
"ProviderGuid"="{cdc05e28-c449-49c6-b9d2-88cf761644df}"
"EventMessageFile"="%systemroot%\system32\pots.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-RasSstp]
"ProviderGuid"="{6c260f2c-049a-43d8-bf4d-d350a4e6611a}"
"EventMessageFile"="%SystemRoot%\System32\sstpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Recovery]
"ProviderGuid"="{9e95e4d0-4cb4-4b5d-a936-c972d7d08d90}"
"EventMessageFile"="%SystemRoot%\system32\recovery.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Resource-Exhaustion-Detector]
"ProviderGuid"="{9988748e-c2e8-4054-85f6-0c3e1cad2470}"
"EventMessageFile"="%SystemRoot%\system32\radardt.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-ResourcePublication]
"ProviderGuid"="{74c2135f-cc76-45c3-879a-ef3bb1eeaf86}"
"EventMessageFile"="%SystemRoot%\system32\fdrespub.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-SCPNP]
"ProviderGuid"="{9f650c63-9409-453c-a652-83d7185a2e83}"
"EventMessageFile"="%SystemRoot%\system32\certprop.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Servicing]
"EventMessageFile"="%SystemRoot%\servicing\cbsmsg.dll"
"TypesSupported"= 0x0000000007 (7)
"ProviderGuid"="{bd12f3b8-fc40-4a61-a307-b7a013a069c1}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Setup]
"ProviderGuid"="{75ebc33e-997f-49cf-b49f-ecc50184b75d}"
"EventMessageFile"="%SystemRoot%\system32\oobe\winsetup.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-StartupRepair]
"ProviderGuid"="{c914f0df-835a-4a22-8c70-732c9a80c634}"
"EventMessageFile"="%SystemRoot%\System32\reagent.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Subsys-SMSS]
"ProviderGuid"="{43e63da5-41d1-4fbf-aded-1bbed98fdd1d}"
"EventMessageFile"="%windir%\system32\csrsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-TaskScheduler]
"ProviderGuid"="{de7b24ea-73c8-4a09-985d-5bdadcfa9017}"
"EventMessageFile"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-TBS]
"ProviderGuid"="{51480c1a-90aa-416e-98fd-4c11f735349b}"
"EventMessageFile"="%SystemRoot%\system32\tbssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager]
"ProviderGuid"="{5d896912-022d-40aa-a3a8-4fa5515c76d7}"
"EventMessageFile"="%SystemRoot%\system32\lsm.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager]
"ProviderGuid"="{c76baa63-ae81-421c-b425-340b4b24157f}"
"EventMessageFile"="%SystemRoot%\system32\termsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Time-Service]
"ProviderGuid"="{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}"
"EventMessageFile"="%SystemRoot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-TPM-WMI]
"ProviderGuid"="{7d5387b0-cbe0-11da-a94d-0800200c9a66}"
"EventMessageFile"="%SystemRoot%\system32\wbem\Win32_Tpm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-UserPnp]
"ProviderGuid"="{96f4a050-7e31-453c-88be-9634f4e02139}"
"EventMessageFile"="%SystemRoot%\system32\umpnpmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-WHEA-Logger]
"ProviderGuid"="{c26c4f3c-3f66-4e99-8f8a-39405cfed220}"
"EventMessageFile"="%systemroot%\system32\whealogr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-WindowsUpdateClient]
"ProviderGuid"="{945a8954-c147-4acd-923f-40c45405a658}"
"EventMessageFile"="%systemroot%\system32\wuaueng.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Wininit]
"ProviderGuid"="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}"
"EventMessageFile"="%SystemRoot%\system32\wininit.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-Winlogon]
"ProviderGuid"="{dbe9b383-7cf3-4331-91cc-a3cb16a3b538}"
"EventMessageFile"="%SystemRoot%\system32\winlogon.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Microsoft-Windows-WLAN-AutoConfig]
"ProviderGuid"="{9580d7dd-0379-4658-9870-d5be7d52d6de}"
"EventMessageFile"="%windir%\system32\wlansvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\mouclass]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\mouhid]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\mpio]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mpio.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\mrxsmb]
"EventMessageFile"="%systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll"
"TypesSupported"= 0x0000000007 (7)
"ParameterMessageFile"="%SystemRoot%\System32\kernel32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\MSDTC Gateway]
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\MSDTC WS-AT Protocol]
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\MSiSCSI]
"EventMessageFile"="%systemroot%\System32\iscsiexe.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\MTConfig]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\MTConfig.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Mup]
"EventMessageFile"="C:\Windows\system32\netevent.dll;C:\Windows\system32\iologmsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\NAPIPSecEnf]
"providerGuid"="{8115579E-2BEA-4C9E-9AB1-821CC2C98AB0}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\NdisWan]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\NetBIOS]
"EventMessageFile"="%SystemRoot%\System32\iologmsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\NetBT]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Netlogon]
"EventMessageFile"="%SystemRoot%\System32\netmsg.dll"
"ParameterMessageFile"="%SystemRoot%\System32\kernel32.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\NETwNs64]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\Drivers\NETwNs64.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\nfrd960]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Ntfs]
"EventMessageFile"="%SystemRoot%\system32\drivers\ntfs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\nusb3hub]
"EventMessageFile"="C:\Windows\system32\iologmsg.dll;C:\Windows\system32\DRIVERS\nusb3hub.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\nusb3xhc]
"EventMessageFile"="C:\Windows\system32\iologmsg.dll;C:\Windows\system32\DRIVERS\nusb3xhc.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\nvraid]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\nvstor]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvstor.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\P2PIMSvc]
"ProviderGuid"="{2992E9CF-4F99-48f5-A0B6-B99B11CD387D}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Parport]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\partmgr]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\pcmcia]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\PlugPlayManager]
"EventMessageFile"="%SystemRoot%\System32\umpnpmgr.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\PNRPSvc]
"ProviderGuid"="{BBE94F36-F8DC-4C33-8227-81602B7A3D53}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Power]
"EventMessageFile"="%SystemRoot%\System32\umpo.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\PptpMiniport]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Print]
"EventMessageFile"="%SystemRoot%\System32\ntprint.dll"
"TypesSupported"= 0x0000000007 (7)
"providerGuid"="{747EF6FD-E535-4d16-B510-42C90F6873A1}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\PrintFilterPipelineSvc]
"ProviderGuid"="{5B33145C-1C66-49F3-B4CA-F563C165F2C0}"
"TypesSupported"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Processor]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\processr.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\ql2300]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\ql40xx]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\RasAuto]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Rasman]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\RasSstp]
"TypesSupported"= 0x000000001c (28)
"EventMessageFile"="%systemroot%\system32\sstpsvc.dll"
"ProviderGuid"="{6c260f2c-049a-43d8-bf4d-d350a4e6611a}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\rdbss]
"EventMessageFile"="C:\Windows\system32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\RemoteAccess]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll"
"ParameterMessageFile"="%SystemRoot%\System32\iassvcs.dll"
"TypesSupported"= 0x000000001f (31)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\rspndr]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SAM]
"EventMessageFile"="%SystemRoot%\System32\samsrv.dll"
"TypesSupported"= 0x0000000007 (7)
"providerGuid"="{0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\sbp2port]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sbp2port.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SCardSvr]
"providerGuid"="{4FCBF664-A33A-4652-B436-9D558983D955}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Schannel]
"ProviderGuid"="{1f678132-5938-4686-9fdc-c8ff68f15c85}"
"EventMessageFile"="%windir%\System32\lsasrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Serial]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\sermouse]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sermouse.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Server]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Service Control Manager]
"ProviderGuid"="{555908d1-a6d7-4695-8e1e-26931d2012f4}"
"EventMessageFile"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SiSRaid2]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SiSRaid4]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Smb]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SMSvcHost 3.0.0.0]
"CategoryCount"= 0x000000000e (14)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SMSvcHost 4.0.0.0]
"CategoryCount"= 0x000000000f (15)
"CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"
"EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SNMPTRAP]
"EventMessageFile"="%SystemRoot%\System32\snmptrap.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SRTSP]
"EventMessageFile"="C:\Windows\system32\Drivers\srtsp64.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SRTSPL]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="C:\Windows\system32\Drivers\srtspl64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Srv]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\stexstor]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\StillImage]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\SynTP]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\SynTP.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\System]
"CategoryCount"= 0x0000000007 (7)
"CategoryMessageFile"="%SystemRoot%\system32\wevtapi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Tcpip]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Tcpip6]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\TCPMon]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\tcpmon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\TermDD]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\system32\ntdll.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\TermService]
"EventMessageFile"="%SystemRoot%\system32\termsrv.dll"
"TypesSupported"= 0x0000000007 (7)
"providerGuid"="{C76BAA63-AE81-421C-B425-340B4B24157F}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\TPM]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\tpm.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\TsUsbFlt]
"ProviderGuid"="{6e400999-5b82-475f-b800-cef6fe361539}"
"EventMessageFile"="%SystemRoot%\System32\drivers\tsusbflt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\tunnel]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\USER32]
"EventMessageFile"="%SystemRoot%\System32\user32.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\VDS Basic Provider]
"EventMessageFile"="%SystemRoot%\System32\vdsbas.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\VDS Dynamic Provider]
"EventMessageFile"="%SystemRoot%\System32\vdsdyn.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\VDS Virtual Disk Provider]
"EventMessageFile"="%SystemRoot%\System32\vdsvd.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\vga]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vgapnp.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Virtual Disk Service]
"EventMessageFile"="%SystemRoot%\System32\vds.exe"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\volmgr]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Volsnap]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\vsmraid]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\W32Time]
"EventMessageFile"="%Systemroot%\system32\w32time.dll"
"TypesSupported"= 0x0000000007 (7)
"ProviderGuid"="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\WacomPen]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wacompen.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Wd]
"EventMessageFile"="%SystemRoot%\System32\drivers\wd.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\wdf01000]
"EventMessageFile"="\SystemRoot\system32\drivers\Wdf01000.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\wecsvc]
"EventMessageFile"="%SystemRoot%\System32\wecsvc.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Win32k]
"EventMessageFile"="%SystemRoot%\System32\win32k.sys"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\WinDefend]
"ParameterMessageFile"="%ProgramFiles%\Windows Defender\MpEvMsg.dll"
"ProviderGuid"="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}"
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%ProgramFiles%\Windows Defender\MpEvMsg.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Windows Disk Diagnostic]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\DFDTS.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Windows Script Host]
"EventMessageFile"="%SystemRoot%\System32\wshext.dll"
"TypesSupported"= 0x0000000018 (24)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\WinHttpAutoProxySvc]
"EventMessageFile"="winhttp.dll"
"ProviderGuid"="{7D44233D-3055-4B9C-BA64-0D47CA40A232}"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\WinRM]
"ProviderGuid"="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\WMIxWDM]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\WMPNetworkSvc]
"ProviderGuid"="{6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Workstation]
"EventMessageFile"="C:\Windows\system32\netmsg.dll"
"TypesSupported"= 0x0000000007 (7)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\WPC]
"TypesSupported"= 0x0000000007 (7)
"EventMessageFile"="%SystemRoot%\System32\wpcsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\WPDClassInstaller]
"ProviderGuid"="{AD5162D8-DAF0-4A25-88A7-01CBEB33902E}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Windows PowerShell]
"AutoBackupLogFiles"= 0x0000000000 (0)
"MaxSize"= 0x0000f00000 (15728640)
"Sources"="PowerShell"
"Retention"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Windows PowerShell\PowerShell]
"CategoryCount"= 0x0000000008 (8)
"CategoryMessageFile"="%SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll"
"EventMessageFile"="%SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll"


-= EOF =-
rschou is offline  
Old 08-10-2012, 08:33 PM   #11
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Hi,

Not trying to be a nag, I am just hoping to have this finished by the end of the weekend and wanted to bump it back up. Thanks for the help again.
rschou is offline  
Old 08-11-2012, 01:23 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rschou. Sorry, for some reason I didn't receive notification of your last post.

Download the attached bits.zip file and extract bits.reg to your desktop.

They should look like this:

Double-click on bits.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

Reboot your computer. Will Windows Updates work now?

------------------------------------------------------
Attached Files
File Type: zip bits.zip (1.3 KB, 25 views)
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-11-2012, 03:39 PM   #13
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Hi,

Don't worry about it. I can update again!

Things seem to be working normally also. Any last steps?

Thanks
rschou is offline  
Old 08-11-2012, 04:11 PM   #14
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



actually, there is one other thing that is happening that I don't know where it comes from and whether it is actually a problem or not. But the computer beeps every once in a while and I have no clue why that is happening. It also seems more like it's coming from the computer itself as opposed to the speakers, if you know what I mean by that.

Again not sure if this is actually a problem or for how long this has been happening since this is my brother's computer.
rschou is offline  
Old 08-11-2012, 10:56 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rschou. You're very welcome. Not sure about the beep. Doesn't appear to be malware related.

If you would like to seek help for it, I suggest asking here > Windows Vista/Windows 7 Support Forum

Let them know you were here first and were cleared of malware removal.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the ESET report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now.

Please disable Security Essentials before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure all your applications and browsers are up-to-date by visiting Secunia Online Software Inspector here:

Free Online Computer Scan - Online Software Inspector (OSI) - Secunia
  • Click 'Start Scanner'
  • Wait for Status/Currently Processing: at the lower left to say 'Java Applet loaded successfully. Press "Start" to begin.'
  • Click 'Start'.
  • The scan should take less than a minute or so.
  • When done, download and install all the recommended updates.
  • This will help ensure the malware writers cannot use exploits(bugs) in older versions of your applications to infect your computer in the future.
------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-12-2012, 07:26 AM   #16
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Hello again,

So I saw that I was supposed to disable security essentials and then noticed that windows defender was not enabled. So I went into admin tools > services and saw that windows defender was disabled. I changed it to automatic (upon start-up) and rebooted. Then I noticed it still wasn't enabled.

I tried to turn it on via the start menu and upon trying to open it received the error message:

"access denied error code 0x0070005"

I'm still mostly a noob with windows 7, so I don't know if this is actually a problem, or if this is happening because windows defender gets disabled when there is an active anti-virus program running. Any insight?
rschou is offline  
Old 08-12-2012, 09:42 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
or if this is happening because windows defender gets disabled when there is an active anti-virus program running
That is correct. Security Essentials(and some other antivirus programs) automatically disables Windows Defender, as you don't need it running if Security Essentials is running.

Any other problems?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-12-2012, 08:28 PM   #18
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Thanks for that info. No other problems that I can see. I went through and uninstalled combofix and installed those other recommended preventative programs. The computer should be good to go.

Thanks again so much for your help. You're a life saver. Thank you!
rschou is offline  
Old 08-13-2012, 05:56 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, rschou! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:19 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts