Trojan.Gen.2 reported by Symantec. MWB doesn't catch it

[jamesdtodd]

My Symantec Anti-Virus reports that Trojan.Gen.2 has been quarantined. I have been unable to remove it by traditional means and it comes back every few hours. I would appreciate any help you can provide in removing it. Here are my logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jim at 13:17:21 on 2012-08-21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6133.3483 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\system32\oodag.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\oodtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://drudgereport.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: egreetings.com Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\Users\Jim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{324B86CB-DCB8-420D-AC4D-AD76C9CBF9A4} : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: egreetings.com Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/12/10 14:24:33];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-12-10 146928]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]

R2 Symantec AntiVirus;Symantec AntiVirus;C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe [2008-10-23 1956752]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-12 138912]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-7 250056]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-08-21 08:38:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF6540FE-0844-4C96-802E-2E4EF585A1AE}\offreg.dll

2012-08-20 19:28:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-19 07:11:28 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF6540FE-0844-4C96-802E-2E4EF585A1AE}\mpengine.dll

2012-08-19 05:29:15 -------- d-----w- C:\Users\Jim\AppData\Roaming\GetRightToGo

2012-08-19 04:44:28 -------- d-----w- C:\_OTL

2012-08-18 21:08:32 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2012-08-18 21:02:24 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-08-12 21:54:08 -------- d-----w- C:\Users\Jim\AppData\Local\NPE

2012-07-30 21:52:13 103904 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-20 19:29:33 328704 ----a-w- C:\Windows\System32\services.exe

2012-08-14 21:05:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-14 21:05:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 13:17:35.52 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 11/2/2009 8:43:36 PM

System Uptime: 8/20/2012 2:29:25 PM (23 hours ago)

.

Motherboard: Dell Inc. | | 0T287N

Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 684 GiB total, 616.121 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.181 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP605: 8/12/2012 5:07:16 PM - Norton_Power_Eraser_20120812170715350

RP606: 8/18/2012 3:47:52 PM - Installed Java 6 Update 34

RP607: 8/20/2012 2:34:19 PM - Windows Update

.

==== Installed Programs ======================

.

3ivx MPEG-4 5.0.3 (remove only)

Acrobat.com

Adobe Acrobat 9 Standard

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.2

Adobe Shockwave Player 11.5

Angry Birds

Apple Application Support

Apple Software Update

ArcSoft Camera Suite

Bing Bar

Canon IJ Network Scan Utility

Canon IJ Network Tool

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 2.1

Canon MX860 series User Registration

Canon Photo

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Easy-PhotoPrint EX - Additional Materials FR_ST4

Canon Utilities My Printer

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities RemoteCapture DC

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities Solution Menu

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Choice Guard

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

Data Lifeguard Diagnostic for Windows

Dell-eBay

Dell Getting Started Guide

Digital Line Detect

FlipShare

Intel AppUp(SM) center

Java Auto Updater

JBidwatcher 2.1.3

Junk Mail filter update

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office XP Professional

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Modem Diagnostic Tool

MSVCRT

muvee Plugin 1.0

NetWaiting

PowerDVD DX

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Wizard101

.

==== Event Viewer Messages From Past Week ========

.

8/20/2012 2:35:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

8/20/2012 2:31:48 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/20/2012 2:31:48 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/20/2012 2:30:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/20/2012 2:30:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/19/2012 12:21:13 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/19/2012 12:21:13 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/18/2012 5:24:24 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

8/18/2012 11:44:28 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[jamesdtodd]

Here is the RogueKiller report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Jim [Admin rights]

Mode: Scan -- Date: 08/21/2012 13:42:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : c:\windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jim\appdata\local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jim\appdata\local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750528AS ATA Device +++++

--- User ---

[MBR] f799b74cf98df55d3b628118c14bfb1e

[bSP] 4429d62451263ad904086c86a4f34109 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 700363 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[jamesdtodd]

Attahced is a PDF file of TDSSKiller.

TDSSKiller.2.8.7.0_21.08.2012_14.58.pdf

[MrCharlie]

Do you remember if TDSSKiller ever found and cured or quarantined anything?? MrC

[jamesdtodd]

TDSKiller found 3 threats, but I never had an option to cure. I had 3 options : skip, copy to quarantine, or delete. I chose skip.

[MrCharlie]

I don't understand why that log was so big.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[jamesdtodd]

log.pdf

Here is ComboFix log.

[MrCharlie]

Please copy and paste the log back here, MrC

[jamesdtodd]

File is too large to copy and paste. Forum gives me an error message that the file is too large. Sorry. What now?

[MrCharlie]

Attach it > click the "More reply options" bottom right corner of this page, MrC

[jamesdtodd]

ComboFix log

Combo log.txt

[MrCharlie]

ComboFix 12-08-21.02 - Jim 08/21/2012 16:19:59.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6133.4313 [GMT -5:00]

Running from: c:\users\Jim\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))

.

.

2012-08-21 21:23 . 2012-08-21 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-19 05:29 . 2012-08-19 05:29 -------- d-----w- c:\users\Jim\AppData\Roaming\GetRightToGo

2012-08-19 04:44 . 2012-08-19 04:44 -------- d-----w- C:\_OTL

2012-08-18 21:08 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

2012-08-18 21:02 . 2012-08-20 19:24 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-18 20:47 . 2012-08-18 20:47 -------- d-----w- c:\programdata\McAfee

2012-08-12 21:54 . 2012-08-18 21:34 -------- d-----w- c:\users\Jim\AppData\Local\NPE

2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-20 19:29 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-08-14 21:05 . 2012-06-07 22:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-14 21:05 . 2011-06-26 03:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 18:46 . 2009-08-29 04:44 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 08:05 . 2009-12-04 01:59 58957832 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-21 02:20 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 02:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 02:20 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 02:20 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 02:20 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 02:20 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 02:20 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 02:20 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-21 02:20 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 17:25 . 2009-10-02 21:57 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-21_21.12.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-09 03:41 . 2012-08-21 21:27 42444 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-21 21:27 51008 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-11-09 03:41 . 2012-08-21 21:27 13452 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2635159060-1151358309-1940145508-1000_UserData.bin

- 2012-08-21 21:12 . 2012-08-21 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-21 21:24 . 2012-08-21 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-21 21:24 . 2012-08-21 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-21 21:12 . 2012-08-21 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-08-21 20:00 624162 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-21 21:17 624162 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-21 21:17 106538 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-08-21 20:00 106538 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-08-21 21:10 299824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-21 21:23 299824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2009-11-25 297808]

.

[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]

[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]

"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.lnk" [2011-07-10 1376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]

"vptray"="c:\progra~2\SYMANT~1\VPTray.exe" [2008-10-23 136080]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-6-30 50688]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-09-27 35840]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/12/10 14:24];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-01-07 23:11 146928]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-01 138912]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 21:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-08 3868928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://drudgereport.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Common Client\ccService\Channels]

@Denied: (C D) (Everyone)

"{2DB01904-0BEE-46D9-824F-3921D4761EAE}"="{B6BEA1D7-21AA-45BB-96AC-7BB286281270}"

"{43858327-F796-4914-95C4-CFF5305D040A}"="{E6B3C2BC-562C-469E-84DC-89ADB02495CE}"

"{D7AEF6A1-BF20-4F2A-9FCA-7EB0365E7625}"="{E6B3C2BC-562C-469E-84DC-89ADB02495CE}"

"{E3CF3807-E080-4A56-BC66-1B0E8766265D}"="{B6BEA1D7-21AA-45BB-96AC-7BB286281270}"

"{0393A4C9-3214-4AA2-82B5-0978222CE7E3}"="{02C188B6-0E7B-4DE3-ACC3-0116B02ADA12}"

"{03619F71-B20E-408E-9FCB-359C342D0707}"="{02C188B6-0E7B-4DE3-ACC3-0116B02ADA12}"

"{64B559D8-4157-481D-B75F-0A1D5A61590E}"="{2AB0D371-2F80-48FB-A995-20BEAD6ADEF8}"

"{1E1AB885-66D1-4958-863D-FD7562844461}"="{2AB0D371-2F80-48FB-A995-20BEAD6ADEF8}"

"{285D6171-6F2F-4FC9-80EC-47FD77E176B2}"="{2113BD96-4C16-45AC-A732-EA52E0731EAE}"

"{CF2F9447-F6F8-417C-9240-CEDA3843C5F2}"="{2113BD96-4C16-45AC-A732-EA52E0731EAE}"

"{F3AC893B-BA28-42DF-9D1C-4AC67AECAFF5}"="{D4805D10-1458-41B9-B00C-9A1115974929}"

"{32E9FA1F-DCE3-4086-ABAF-8EB19F26C24F}"="{D4805D10-1458-41B9-B00C-9A1115974929}"

"{DCA9C2D5-4461-4EBF-94B8-66906F6BCD64}"="{142E7CD0-57D2-4568-AB3C-E4BDED3EC0FB}"

"{A1E16BD1-B72E-4C91-8BFA-1BB0CC6F896A}"="{142E7CD0-57D2-4568-AB3C-E4BDED3EC0FB}"

"{A09513B4-87BB-43FF-8585-E262E9584B18}"="{08101350-9805-4F00-BCBC-643787498084}"

"{8C20E4AF-E853-4DC3-99DC-1B13D987A503}"="{08101350-9805-4F00-BCBC-643787498084}"

"{FC0EFC0B-922C-4C7E-A8E4-2EF1986B9F0A}"="{A805CE1A-0E8D-4E3D-9037-02AF50B281EA}"

"{7E3AD639-6ABF-42AD-91BA-A1980FF8E705}"="{A805CE1A-0E8D-4E3D-9037-02AF50B281EA}"

"{95344BA6-F39D-4B66-ADB5-B4DDD5F79242}"="{18D3170C-143B-49A0-921E-40AFC0465B58}"

"{33B1310F-72BF-4284-AB40-C2FF9CFC34B9}"="{18D3170C-143B-49A0-921E-40AFC0465B58}"

"{09843A47-EB85-441A-9694-1BDBF8444C20}"="{5E95B41D-A5CF-43B5-A927-77ECE5C5771E}"

"{33710BBE-F6A7-4506-BF5E-858384C153B5}"="{5E95B41D-A5CF-43B5-A927-77ECE5C5771E}"

"{EE6735E9-2AF5-4651-88E3-805C2834C84A}"="{AC355329-F2DA-44E7-A216-59280CCB2C97}"

"{9181DF74-52E5-464F-9495-D40C6DF1D7E8}"="{AC355329-F2DA-44E7-A216-59280CCB2C97}"

"{0E83C14D-1F83-4A94-8E5B-5422748A386A}"="{5207B103-2E11-4FC3-961A-3C81FE56618F}"

"{5D20C72A-35C3-4B2F-8395-47BDC862A44C}"="{5207B103-2E11-4FC3-961A-3C81FE56618F}"

"{A07C23A7-E379-431F-93DB-C06D73B9F891}"="{B056FA6F-66CF-4FC8-AE72-05E029AF4B23}"

"{F6C57C8B-02DF-43EA-8D19-6B719A4C551B}"="{B056FA6F-66CF-4FC8-AE72-05E029AF4B23}"

"{6B43B88E-7AB6-48FB-8B49-CBFF9C91E1A7}"="{D4B0A340-C71D-4F7E-BC5C-C279ED6D6510}"

"{FCC17FF8-7F5F-4C95-864B-8FD132875458}"="{D4B0A340-C71D-4F7E-BC5C-C279ED6D6510}"

"{4520E47E-69D5-40A0-98A9-98778A104904}"="{D7A078D2-B329-4215-96FD-3775BC872693}"

"{ADEC166C-F4D8-4CE5-A675-E3458F958584}"="{D7A078D2-B329-4215-96FD-3775BC872693}"

"{AAA8A94B-4646-4B9C-9685-AF25CD28C0D1}"="{03B2594E-DA83-41A5-A5A1-8F7D304D3CF6}"

"{1DBF19A6-337A-42D1-A19B-CC96C81FBCCE}"="{03B2594E-DA83-41A5-A5A1-8F7D304D3CF6}"

"{605DFA12-8A74-4DB5-84E4-14FBD2CBC7FA}"="{F0C1A0D5-8C59-4B54-B998-1104EB43DB17}"

"{DF041E82-FB76-44E8-BFAA-D739829ADE06}"="{F0C1A0D5-8C59-4B54-B998-1104EB43DB17}"

"{30C1326B-121D-4820-8C11-5F1D9A364B40}"="{73BEFAD1-8247-49D3-84C2-E8E623687591}"

"{5B90D033-2419-4F04-9878-869AA59FA507}"="{73BEFAD1-8247-49D3-84C2-E8E623687591}"

"{C92FEB74-88F9-41B9-8E5A-519E19F9188A}"="{6DE657F7-6362-45A1-931B-1401909F7102}"

"{A43D4C30-E6AD-417E-9F69-0424EDAD0284}"="{6DE657F7-6362-45A1-931B-1401909F7102}"

"{9106297F-1047-4058-B9E9-8111F9781E24}"="{DA5049FD-3043-4294-9AD4-6FB8CF20D206}"

"{88B9B60F-6AD9-4FBD-83A8-A8D95B05F754}"="{DA5049FD-3043-4294-9AD4-6FB8CF20D206}"

"{20C48CB5-7EB0-4173-AE5A-5F95053622A1}"="{505D41B5-08DF-4EDE-886C-B00F4A252B51}"

"{07A0FE32-53C9-4AE9-8F3E-44FC5997FC63}"="{505D41B5-08DF-4EDE-886C-B00F4A252B51}"

"{BE797F03-A2A2-4679-8177-04F13FD03448}"="{FE36D6BA-5D91-4530-A161-E2C6E8A47A65}"

"{12657AC0-7203-4F64-BA30-08D959F53A16}"="{FE36D6BA-5D91-4530-A161-E2C6E8A47A65}"

"{C7A0EDD6-5968-42BB-A5D1-A54CD82ABD8D}"="{B59E6321-E1FB-4105-A739-7B4467051F5B}"

"{805150D6-A0B6-4720-B6EB-851C6FB3F05B}"="{B59E6321-E1FB-4105-A739-7B4467051F5B}"

"{4ED156AF-DD3C-4891-8A5E-6F51E2C20DDD}"="{4368423E-013B-4FFD-B270-DAF127594E36}"

"{FCED391F-4908-4993-8368-F31A49BE889D}"="{4368423E-013B-4FFD-B270-DAF127594E36}"

"{D141D063-53EB-4E82-98E2-172C8A4277F1}"="{70F77C5E-829E-464B-915B-7DA496096A1C}"

"{23B39D0B-93BE-4324-86AD-8F59E5397ECA}"="{70F77C5E-829E-464B-915B-7DA496096A1C}"

"{E4F4B502-7B63-44D6-AFC6-DEBE093AD03B}"="{D41ECA45-821C-4EF6-A57E-1C02C73984DA}"

"{A06802FB-CDF7-4025-8485-89A2546F74BE}"="{D41ECA45-821C-4EF6-A57E-1C02C73984DA}"

"{ACB36558-55E8-4729-9648-78190BD7E5F0}"="{17DDA5C4-972F-4A4B-A0D9-57636B9EB498}"

"{9BE7CFE6-44C3-4159-8252-3D1A6C3E8D5B}"="{17DDA5C4-972F-4A4B-A0D9-57636B9EB498}"

"{EF599AA1-CA4B-41A0-8F30-F751A25866A3}"="{472C24D0-5E39-47A5-B6CE-A82E3552B55E}"

"{0833D628-5B3E-4DF1-A805-8942FD00A2D4}"="{472C24D0-5E39-47A5-B6CE-A82E3552B55E}"

"{9647BA48-756D-45CC-A7FF-A30260DD4DE0}"="{3CF97CBB-EA1A-4EE1-BC8A-591367AD03E1}"

"{75F19AB9-072B-460E-9489-4264DAD9C272}"="{3CF97CBB-EA1A-4EE1-BC8A-591367AD03E1}"

"{6C5BD92A-C0EA-40C1-9C29-B3A061216929}"="{A09E30D8-8076-4480-922F-D89C25F0A502}"

"{9B13E411-4285-4A47-B742-F5343D39BCF5}"="{2A4C76DF-78FC-458D-8CA9-118C8A19E26D}"

"{6B330C91-69E6-4CDA-A10E-A68F55B011A3}"="{2A4C76DF-78FC-458D-8CA9-118C8A19E26D}"

"{9293202B-B263-4F55-867F-9EBA53243C0E}"="{04A1F238-C3A4-457E-84EE-6AED0419FF3C}"

"{83CAE32A-16A6-4BC3-BE88-FD95ECF352A9}"="{04A1F238-C3A4-457E-84EE-6AED0419FF3C}"

"{8F8DBEEE-1AEC-4311-A6D3-DE80ED2138B9}"="{6CFBC2C2-320F-4CEF-AB5A-4F09BFADEEED}"

"{2FAAF01C-60FB-48D7-803D-26DBE00C1067}"="{DD8C6B01-3108-4DA7-BFB4-BDED0B6FAB60}"

"{981A26CF-0B58-45C4-BD12-395F4399A1D2}"="{E3752221-FD64-45B6-B111-CF1174EA7E27}"

"{48D5E9A1-96B2-41C7-9E0B-48DD152F4BEA}"="{E3752221-FD64-45B6-B111-CF1174EA7E27}"

"{7C96AF87-1741-4A45-8C0D-83437E83AC7F}"="{5CFBCB16-5E11-4D37-9E92-0C0FFC5BD10E}"

"{B41D489B-377C-4A2E-A8E7-0360021C8D92}"="{5CFBCB16-5E11-4D37-9E92-0C0FFC5BD10E}"

"{FC0C2ED3-D98C-468D-AEC1-10122401BF1D}"="{373AA5AE-DBA2-4C79-9A88-CBAF6F309775}"

"{C75D59B4-7C81-4A12-B875-FF6D498D6C9D}"="{373AA5AE-DBA2-4C79-9A88-CBAF6F309775}"

"{518731B5-0164-4DBA-A727-C12203BD9254}"="{44A1B4F4-DA9B-4E6F-9FB9-91463D1146F6}"

"{1E8B8941-1F2A-46F8-AA46-63F3984FC05C}"="{44A1B4F4-DA9B-4E6F-9FB9-91463D1146F6}"

"{419ED9A0-B897-481B-B520-C0A60C24D728}"="{F923467E-335C-47CB-B950-DAB31A606176}"

"{287BE1AD-4855-4CBC-B215-483EBB131054}"="{F923467E-335C-47CB-B950-DAB31A606176}"

"{5A51B9C2-241D-4F44-81F7-A5F126D40790}"="{081A9A32-28AA-4A9B-9BC6-1BE957B4A0EC}"

"{C460DB98-275B-4998-889B-A34E0C248382}"="{081A9A32-28AA-4A9B-9BC6-1BE957B4A0EC}"

"{4C535B62-FDCA-426F-9E8C-363357A626A1}"="{C3428988-CDEA-4E99-B895-00F1A4518313}"

"{BF49E208-C186-4AC1-ABB8-3AE01710D689}"="{C3428988-CDEA-4E99-B895-00F1A4518313}"

"{9D132F60-AAD5-44D5-B915-7808FD7EF6B3}"="{AD3F9EF7-10CA-419D-9F5C-84AC1AED8E90}"

"{F7F28FC8-4EE8-4806-A311-713F29BD38CE}"="{C695C314-5B47-4135-A8BD-6C03F8EA77A1}"

"{43B4F779-BED2-4896-84DA-312474424989}"="{C695C314-5B47-4135-A8BD-6C03F8EA77A1}"

"{C59874DF-46D8-4042-8667-F99F86F0F1FA}"="{3B3FF052-31DB-4C1E-BE12-31B85CED7038}"

"{D54F5A7A-C916-417B-9BDF-AE777A1EBFDE}"="{3B3FF052-31DB-4C1E-BE12-31B85CED7038}"

"{8A6785E0-E887-495D-8ADD-7B18160ECDB3}"="{1EF051F9-7E2A-4DDE-B299-1A43D42F6AE1}"

"{BA1AC068-FF94-4E5E-99B3-8A23128FA703}"="{1EF051F9-7E2A-4DDE-B299-1A43D42F6AE1}"

"{858A2EE2-1E5A-4C35-89EC-562B78A0AB96}"="{99BA014D-BC9B-4081-8AB3-02777DA3E89C}"

"{0C796810-7774-4C13-AC1C-F5B0955AD3D6}"="{99BA014D-BC9B-4081-8AB3-02777DA3E89C}"

"{DA5734B4-826E-4590-9463-8C080AEF638A}"="{C89765DB-A348-41B6-A2C1-51D91183375B}"

"{6591915E-F1BF-4A65-89FC-3D39D9088581}"="{54234E10-C942-4500-81B5-16199A434388}"

"{4A05ED5D-EA76-4154-BF08-34DCFF8430F9}"="{BB47BC25-D31E-462B-AF47-C206EC55303C}"

"{4FCBEAAF-16B2-4A4F-83C5-23C6780C225E}"="{BB47BC25-D31E-462B-AF47-C206EC55303C}"

"{389C2509-1184-424A-9611-BF447B7FAFF2}"="{EB8AB549-60B7-46B7-9328-6F94F452C770}"

"{9B1323D6-8754-4C68-93F6-A1D26E22FF72}"="{B7C40863-9FAD-4E26-8ECD-23270299B3FB}"

"{8086D8E7-C0A0-464D-8D78-5A709D9FD921}"="{0C381424-A228-4BF2-B026-2535EB3BEAAC}"

"{74D18638-22F3-424C-BFFF-8779EDB096ED}"="{0C381424-A228-4BF2-B026-2535EB3BEAAC}"

"{78690BC5-16A6-4B53-9BA4-88F3023B8565}"="{FAAB835A-EB64-4B77-B119-474B8677E32A}"

"{6A5DD3D9-3264-4412-B972-379DF815DF74}"="{FAAB835A-EB64-4B77-B119-474B8677E32A}"

"{FB2944D6-5698-4A61-AB00-5203F29957D0}"="{E1F19721-6ACF-4C01-B615-EFDA9F555BFE}"

"{B9EFFB45-A307-4E6C-80A7-160C1DEB9652}"="{E1F19721-6ACF-4C01-B615-EFDA9F555BFE}"

"{1A408CE5-302F-4E67-8CD4-F7FA6C4C5248}"="{C683317B-DBDC-47E6-A7CE-5036A4146632}"

"{079A2C41-2CE9-4552-B1B7-7A9A8E5AE9AD}"="{C683317B-DBDC-47E6-A7CE-5036A4146632}"

"{507D880B-C756-4795-B409-AE8277AEE8F1}"="{3B821AA6-F1BA-4CFA-9E1C-738C7B339DC9}"

"{971C799D-CC9C-4DF6-A12F-A1B0358847A4}"="{3B821AA6-F1BA-4CFA-9E1C-738C7B339DC9}"

"{3EFB42C5-C3E6-4F87-8C56-D55CFED8ADCB}"="{A9066B98-55A9-4E40-AFB2-52DB24792CE3}"

"{E9BBCB6F-4C70-4AE1-92F9-0E0C73C884CC}"="{218AA0B3-407F-453E-B978-34C1BD86AA14}"

"{2EB4E5F7-BB30-421D-B8DB-E2C845B89660}"="{218AA0B3-407F-453E-B978-34C1BD86AA14}"

"{A2F099EA-546E-4054-86D2-29109A93563A}"="{1B482BC5-C488-4AFB-80FA-5D518106A633}"

"{D2D64417-8C99-46FD-8B24-6CF486000D3C}"="{1B482BC5-C488-4AFB-80FA-5D518106A633}"

"{28203C0D-036C-4033-9046-0E15C206DD18}"="{9E521082-A03E-4063-8C4A-87A302E869A6}"

"{D10F7970-913A-4524-A8D8-0F2DC6C0F169}"="{9E521082-A03E-4063-8C4A-87A302E869A6}"

"{5E1C2D7B-8702-4252-9090-E62F3EC48BD6}"="{C533C2C1-BB3B-4BB3-A814-7BFBE842055D}"

"{730D80BD-0A50-40C6-A7E6-9B7F40D7D641}"="{C533C2C1-BB3B-4BB3-A814-7BFBE842055D}"

"{0A180394-6779-4B13-B728-518E033BFF62}"="{C88DFA7E-B753-410B-B206-0BBAFAB51E0D}"

"{A06128BA-5DD2-4742-93BE-1EE4E9592DE1}"="{47C8B336-D78D-4114-BC91-020B4099D5C2}"

"{2A7F676E-35DF-479A-8D9C-DD702AAE8D14}"="{47C8B336-D78D-4114-BC91-020B4099D5C2}"

"{0C59D2F7-71D9-43AD-959E-D7A62AA7DC6C}"="{D7A92DD6-6D98-4B20-A411-D5550EF2B539}"

"{4780404E-27F2-4B21-AAAC-12759A3691B4}"="{D7A92DD6-6D98-4B20-A411-D5550EF2B539}"

"{0DA2B2BA-962A-42FA-B038-519C5B7EFE36}"="{B6018E59-4148-4F19-872D-474835BF79D0}"

"{5A596212-FB70-426B-84A3-6A1C1853D39D}"="{B163C523-5226-434A-83A4-756864D6289A}"

"{ADF18DD8-34AF-4920-A627-A779DEEC76CF}"="{919C616F-D780-48D2-B421-2ED54A9D44F4}"

"{86D67517-F004-4D43-8FDE-7C58F2AE45F1}"="{1EFE95BB-B63C-4890-A02A-33BBEEB08028}"

"{5FE25178-78B0-43CB-AA01-4D72A5178A5E}"="{1EFE95BB-B63C-4890-A02A-33BBEEB08028}"

"{3A1744CF-79D2-4DF0-9D5B-B31E80306795}"="{0BFB81FE-0788-4EC5-ABE7-4643F234E981}"

"{2B3FB6DB-8CAE-440E-B623-EEA83AD1E555}"="{0BFB81FE-0788-4EC5-ABE7-4643F234E981}"

"{4BA5A14D-F8F8-4DCB-979B-6FAB534AF861}"="{C196D3C9-261F-49AA-9FA5-577DD2B5796F}"

"{32BA3EB3-ACF9-4E87-963D-F0EF0DC62BCB}"="{C196D3C9-261F-49AA-9FA5-577DD2B5796F}"

"{4EED1CE3-E460-4EBA-B5BD-E802E0586B28}"="{95F7C5FC-597F-40EE-A71D-58ACF95121FA}"

"{E4C456BA-5923-47ED-8E31-2557DB58BE79}"="{95F7C5FC-597F-40EE-A71D-58ACF95121FA}"

"{D71C55AE-757B-41F7-8CE4-487759280DDA}"="{971656AF-76D2-4CD3-AEFC-A360AB5CA948}"

"{D54A3D05-40DF-44D3-B980-FE404D2E317B}"="{971656AF-76D2-4CD3-AEFC-A360AB5CA948}"

"{B89C7765-CF14-4ECB-88DE-4932DCED83BF}"="{8DBAEFC1-63F8-4AFC-9B68-CA6F5C87A02A}"

"{64973C20-9A8C-4A82-A074-02F0244E1B35}"="{3B913D68-232C-4EA6-B5F2-F11156CEC3D2}"

"{10A06749-1711-4CA0-B43D-B9F3D01CC482}"="{3B913D68-232C-4EA6-B5F2-F11156CEC3D2}"

"{8E7B615F-6191-4B70-81C5-0C742B266917}"="{D5E08960-FD54-4245-9F96-8AC1474CB64B}"

"{25BA8CEB-47B1-44D4-BD11-FC34C64B04B8}"="{D5E08960-FD54-4245-9F96-8AC1474CB64B}"

"{971847FD-4661-40F3-A211-DD0BF6BEA045}"="{37A1500B-EBB3-423A-8211-AE8D74448505}"

"{2DEA4057-7F77-4E05-815B-69C067752487}"="{3018F477-D063-4710-A696-B1A46B902C68}"

"{5611EDD2-4348-4C46-BDC8-7A475613495C}"="{3018F477-D063-4710-A696-B1A46B902C68}"

"{5612DEAC-85B3-46C9-A7A3-2968D5150156}"="{585D6B59-7674-4245-A393-C8A7A4110F88}"

"{EE70475B-3B62-469B-B265-7F69052C855E}"="{585D6B59-7674-4245-A393-C8A7A4110F88}"

"{54C9136B-9ED3-42AC-89AB-18D0DFDBCEBA}"="{016B24E3-6261-4787-B7B2-9F1D773561F6}"

"{293C102B-37B6-4A98-AD6C-2DFB91441512}"="{385E08CF-3D9A-4D36-8AD4-C4851158C458}"

"{96B4E7C6-5EBF-4774-B986-90BE326A8464}"="{385E08CF-3D9A-4D36-8AD4-C4851158C458}"

"{E114D96D-3B26-4C8E-A8C8-16AC40624229}"="{1BA6811E-3159-4016-9C2F-3309FBD89CD8}"

"{6BA5D671-C6E9-415D-A30F-0BAB435D4528}"="{1BA6811E-3159-4016-9C2F-3309FBD89CD8}"

"{768E3485-E24E-4087-8196-3F23F2245754}"="{5F64F5FA-4DDD-4825-A7B8-BFE27BEB2238}"

"{CFD3E04B-6D3F-4DD4-A683-0FFC74FD6DEB}"="{6F2ACEEF-5DD8-47E9-B747-A489192CD55E}"

"{09232409-6852-4BF9-B340-2D19531F435C}"="{99077FC7-B2BB-466F-9AE2-923E2207276A}"

"{C596281F-509D-429A-BD9F-ADC70EB5A863}"="{99077FC7-B2BB-466F-9AE2-923E2207276A}"

"{25FDD5C8-67AB-452B-B091-700CE5BDC251}"="{69DF1018-4DD4-4E92-90D6-65BEF7CBFF18}"

"{F11700BD-0B30-4DEB-A899-79A4F07B22D2}"="{2F7933CC-F8B9-454A-9455-AB0E5BE39766}"

"{9598DBE1-8EAB-43AE-B8EF-3037280D8A7C}"="{8814F94C-55CA-4320-8824-03043E486958}"

"{375F31EF-8CC3-4025-AD0B-90988A17CF24}"="{8814F94C-55CA-4320-8824-03043E486958}"

"{69EAC2DE-D1B9-4C3D-8C75-4A9F4CF0255E}"="{FBEA5B1C-F533-4B85-9051-35A2D917CF33}"

"{13F38689-7786-4160-A691-11B2B41544B9}"="{FBEA5B1C-F533-4B85-9051-35A2D917CF33}"

"{ED8FC532-85BF-475F-9150-79F7B071E8CF}"="{2B00D47C-AF9D-44CE-AC1E-79D1F1DDF8A3}"

"{DBCA8D78-647D-4D1A-B7BE-FA8B7656F7E0}"="{2B00D47C-AF9D-44CE-AC1E-79D1F1DDF8A3}"

"{2009FBCD-EAE3-428C-85F1-24788EAC7D9C}"="{F1B096DA-BE2C-4B8C-8D98-F77277C93128}"

"{44A826DD-82F8-43AB-8677-5F93494836C4}"="{F1B096DA-BE2C-4B8C-8D98-F77277C93128}"

"{584564A0-9BC8-499B-9E55-1072E152C883}"="{2EE7F2F4-288C-415C-9286-6D957FC2C61D}"

"{3A9EEE7C-0F75-4164-9981-FB221E06DD7D}"="{2EE7F2F4-288C-415C-9286-6D957FC2C61D}"

"{8FBDEC1F-7BC4-406E-8C68-C05CDF3814AA}"="{A659F077-196F-4B12-ADEC-ECA6C7B05A11}"

"{4053D756-4213-443E-A0CF-8F7015488023}"="{A659F077-196F-4B12-ADEC-ECA6C7B05A11}"

"{78C65F4D-2250-41B9-85EA-11B5DFC99027}"="{F842148E-9C5F-4089-86E3-C40A62747FB8}"

"{E6167A29-C9B1-49D8-86E8-7205B61E74A3}"="{F842148E-9C5F-4089-86E3-C40A62747FB8}"

"{5A3BF1AF-5CEA-4C74-836A-4FBBE5691967}"="{EDBED03D-FB3E-4B9D-A9BA-5676CC27DF3F}"

"{8387A6DE-7490-4269-AD63-8D19DA0A9CF5}"="{EDBED03D-FB3E-4B9D-A9BA-5676CC27DF3F}"

"{A61D51C3-3366-4954-85BE-4D08FD8F4B72}"="{E65E39FF-B00C-4D33-A73A-5473C4608FC3}"

"{DC5464BA-5106-4A24-81A2-55B802B9557A}"="{F4D17B3E-F7A5-41D4-A502-057C6DAFB9BD}"

"{3B10BCAB-F1CE-4CD5-AD2F-1DBF35630C85}"="{F4D17B3E-F7A5-41D4-A502-057C6DAFB9BD}"

"{D7D29407-7273-474B-8F1E-4EB246A03044}"="{EBD2B4D6-AF49-4D4F-877B-CCA2AF2F8980}"

"{0105963A-C803-41A5-8332-6FBCE846B3E1}"="{3AF39811-437B-47B8-BB0A-8068AB9A583C}"

"{9FF9BA89-6369-4B88-BC99-5D911D02CFD2}"="{3AF39811-437B-47B8-BB0A-8068AB9A583C}"

"{16B9710D-8765-4870-943B-E555661E5E7D}"="{BE21F4F5-29F7-4C0A-89ED-86138D90F3D7}"

"{FB2833C1-9108-4A81-85FA-E88FDB3BE987}"="{CB6CF5F6-8801-4BE3-BE01-64B7F5B09F73}"

"{B2E49EBC-4048-494C-97D9-74C71042AEBD}"="{20EA9055-62BC-479E-B26A-94C239F01DBA}"

"{B61304E7-0B80-4C0F-88DA-1C730DA7DB33}"="{20EA9055-62BC-479E-B26A-94C239F01DBA}"

"{6E6E9206-88AB-4B1D-AC59-E9AADB3FD171}"="{72BA1B90-3C99-4409-91ED-C72F79E653D3}"

"{C3B34FB1-299B-4D80-B79F-DBE6684234F3}"="{5EB13D79-FE8B-48D1-8B9F-955487A0901A}"

"{E3D9D72E-F08E-49BB-8338-B312F09519E6}"="{C57DF205-C03D-4461-9D8F-CC6DFF5FBF35}"

"{AD571552-EBFA-4234-A9FC-DFD8908D999B}"="{C57DF205-C03D-4461-9D8F-CC6DFF5FBF35}"

"{D86A96D1-56D9-429C-AD97-A9E7F65AE720}"="{C90F0032-D2BE-470E-AEF6-CC8751A23F6C}"

"{5E902E45-98CF-4ED6-B98E-96D36DA4C726}"="{C90F0032-D2BE-470E-AEF6-CC8751A23F6C}"

"{C09B3A50-AA26-4B74-AE98-C5BA718C65DE}"="{4EB97702-34D2-4A19-85E1-666D4E4B9C44}"

"{F4F735B8-BC91-4C3F-A715-99F641A91A2F}"="{EC144A35-FF8E-4220-8DE5-65C3C29E41A1}"

"{88E25B7F-6898-4048-9B8C-837332395335}"="{EC144A35-FF8E-4220-8DE5-65C3C29E41A1}"

"{643A3B2D-F1A0-4E03-B107-E33EB4BEE2B5}"="{27C37366-6D7C-4D57-9F49-8AC2263572C1}"

"{55187B88-AA57-4D9D-B768-F7AE03AF2A7B}"="{27C37366-6D7C-4D57-9F49-8AC2263572C1}"

"{C55207F5-8A24-4E57-947C-9F25B29A84C7}"="{9354E14A-A315-490C-9331-FF0F96BA37C3}"

"{9DEDE811-4E42-4462-88EF-9011C3225DAB}"="{9354E14A-A315-490C-9331-FF0F96BA37C3}"

"{D8E2B936-6C86-4237-AFE3-4F8A126D944F}"="{A51F4ED7-67B9-4128-8D32-F0E92AE8BA39}"

"{DDF75B6C-85E0-47FA-A9B7-CFA9EA2B2A97}"="{47041849-E454-4F37-B1D6-67D9DD4ABB30}"

"{8F0D83B0-0D14-4E5F-99E4-D6E24BA96D87}"="{47041849-E454-4F37-B1D6-67D9DD4ABB30}"

"{4D038846-EF3C-4502-BA33-EF805633D651}"="{03BD0557-798F-4598-8096-F5F6619E466B}"

"{DBC5302E-DD49-41EF-8B2A-9C359F93AEC5}"="{03BD0557-798F-4598-8096-F5F6619E466B}"

"{0289E14D-11B5-4CD2-AA0C-F5B25F0E3C59}"="{268A149F-8B4D-4D27-A014-4663BDDC0476}"

"{9CB5306A-EAAC-4511-A711-211EA165BE4E}"="{268A149F-8B4D-4D27-A014-4663BDDC0476}"

"{B4DA87F1-10D4-4D7F-993F-F0ABD52382CC}"="{4ED5806A-F81D-4833-A2AA-D3770E6DA441}"

"{8B51767E-C0EE-419D-8C2D-7C31EB97CB06}"="{4ED5806A-F81D-4833-A2AA-D3770E6DA441}"

"{F637C502-CE44-4221-8F97-DB28006847FD}"="{1BDEC41F-269C-4706-9D9F-A12845CC4029}"

"{76443F47-C1AF-4DE3-96E5-BC5313825D70}"="{1BDEC41F-269C-4706-9D9F-A12845CC4029}"

"{4123B2D0-00BF-4F57-B5FB-005315C92B39}"="{AB0993A1-55B8-4EE2-B372-C23826C2A282}"

"{5F5FEAB7-7455-4C29-AF6C-170B69C139D3}"="{AB0993A1-55B8-4EE2-B372-C23826C2A282}"

"{5C57504E-2C85-4B05-8864-ADC006157D74}"="{7CF03EAD-BFD1-496B-AE16-C55696AC128C}"

"{0852FCFE-96A1-4F59-B49C-9A010E943E65}"="{7CF03EAD-BFD1-496B-AE16-C55696AC128C}"

"{B942F17B-3ABD-4642-BCF3-4A9A1BCDD696}"="{F5BFC0ED-4B29-4D3B-BA41-DC7542E6AE8F}"

"{31AF8F21-450B-438F-87CF-39C8D4471A51}"="{F5BFC0ED-4B29-4D3B-BA41-DC7542E6AE8F}"

"{32D51788-3834-4BE3-B91F-981F558A2EC1}"="{EA317C8F-9444-4321-97F0-D74829618F0A}"

"{342E3EC6-4032-4311-B204-509645CE0A1E}"="{65EEA798-B580-448B-BD70-5CB1F6EADDD3}"

"{0224A62A-2188-4B27-805D-7A3F20AA788C}"="{FDB6DD6F-1D2F-4156-AD6F-6FD088DDEE79}"

"{721EC6E5-3BAB-41F5-A822-6A120497B1BD}"="{FDB6DD6F-1D2F-4156-AD6F-6FD088DDEE79}"

"{7814FF3F-22DE-4746-8EE2-7003CC20FFA9}"="{DC8DBE27-BD86-4157-8D95-637BACBBA820}"

"{11BE4257-B1CF-47B8-8076-1345555253AE}"="{DC8DBE27-BD86-4157-8D95-637BACBBA820}"

"{BFDD6493-9872-41CA-984F-C8FABA31A1D8}"="{91E8B8BE-A37F-4E49-BF98-2A2D52AD5CAB}"

"{4E89481C-F77F-47C2-A5B6-AFC62A7F8647}"="{91E8B8BE-A37F-4E49-BF98-2A2D52AD5CAB}"

"{544927B0-05F1-4166-9319-E4BB85E7A174}"="{FD45F729-E4D8-4024-92CA-53F946E3F0E3}"

"{0DD6C144-D73D-40E8-BDDF-7C312BED3FD2}"="{FD45F729-E4D8-4024-92CA-53F946E3F0E3}"

"{BEA331F3-E7D0-4510-A956-FA01BA6C2E10}"="{FADD511A-309B-491E-8C8A-7F655F2D92A7}"

"{2683126C-15D2-4DBD-8B72-974ADB114D44}"="{064B9F51-34B2-46A8-B8AD-EA61EDABC281}"

"{DCF7300C-CADC-4429-8079-60EFA97B9BA2}"="{A28F71C8-8176-4F27-9810-BA99343CEEAD}"

"{5243CC1E-0DB4-4DBA-B062-4C2699E2D5E1}"="{A28F71C8-8176-4F27-9810-BA99343CEEAD}"

"{278E4D76-6C4B-4829-8F4D-5CE90B814776}"="{6E3B9A37-CD4E-4609-9BDC-E3C17273EFAD}"

"{7831BE61-5D76-4D5B-9369-7243127345E6}"="{6E3B9A37-CD4E-4609-9BDC-E3C17273EFAD}"

"{2DA15314-DF9E-4C78-8BB2-C071DD7E547D}"="{B83FF53F-4D2A-45A2-ACEB-96B487E6710A}"

"{D35A1921-5950-40B9-B661-0528C5929B8F}"="{B83FF53F-4D2A-45A2-ACEB-96B487E6710A}"

"{2391A46A-5900-415F-B425-ACA4ED172908}"="{DBBD17DE-4863-4CF9-BDA3-B37669199F74}"

"{D8E5E87D-A404-4163-B903-E7CF985761CC}"="{DBBD17DE-4863-4CF9-BDA3-B37669199F74}"

"{BCE667FF-A952-43CE-B1BD-4A7726019AE5}"="{D9A946FB-B531-4ABA-8C25-023AE7FEC7D6}"

"{4E23C4AA-0320-4149-9B0B-167AC60BA0C4}"="{D9A946FB-B531-4ABA-8C25-023AE7FEC7D6}"

"{20B3B5D6-823A-4D47-B5B2-84A87A05F51E}"="{C9399035-4F43-4600-8376-063D1927A7DC}"

"{3A5ABD5B-BB42-459F-826A-967DF57D539A}"="{C9399035-4F43-4600-8376-063D1927A7DC}"

"{AE956DFB-0F43-460D-B799-C3CCAF76C558}"="{0A2F1983-3D41-44ED-ABB9-F95BC822FAD3}"

"{6C327887-436F-4CF9-B127-E4C8A23E5F59}"="{0A2F1983-3D41-44ED-ABB9-F95BC822FAD3}"

"{308EB92E-FDDA-49F5-B4FE-71D014C4700A}"="{C42E4FA0-CE91-4734-B242-2DE95D8BB59B}"

"{FB103063-5AE7-4831-87A5-F46CC1FC3AEE}"="{C42E4FA0-CE91-4734-B242-2DE95D8BB59B}"

"{BF929E9E-2E0F-410E-8235-AB1BB7775B47}"="{BF452909-1BE3-4733-AD4F-F4DA20DA079A}"

"{C70BABD4-C606-48DD-9175-B43D6352EA9C}"="{BF452909-1BE3-4733-AD4F-F4DA20DA079A}"

"{9B7F9F2C-5669-48AA-8814-99589071205F}"="{DA40B377-C70B-4B04-86D5-36669D0AC35D}"

"{47386CF8-5DA0-4B9C-9632-36A348B8B3E5}"="{DA40B377-C70B-4B04-86D5-36669D0AC35D}"

"{D059C0D8-C69B-42A9-8F1D-B5C354969CCC}"="{A423CB0E-EA5E-4CD7-8307-294A00014AB2}"

"{0877FD60-6AE0-4E98-9AAC-9BD1ECCD1F6A}"="{C72C4D3F-532C-451C-85FA-50F0EA94B6B3}"

"{EBEC8786-35FA-40D3-8446-DBC2CED9D920}"="{C72C4D3F-532C-451C-85FA-50F0EA94B6B3}"

"{03084918-8104-45B0-B17D-31EE66576D70}"="{BDA23AAB-CD3D-4C17-B3BA-88FE1A9DCD0A}"

"{FA1BCAD9-F2C8-4334-BDC6-86FE25B9AE72}"="{BDA23AAB-CD3D-4C17-B3BA-88FE1A9DCD0A}"

"{63D00BB4-7BF8-4604-ABF4-693143273646}"="{3E7B91C3-D75D-42E2-B85D-41C8F9D6230C}"

"{3E2A73C1-F458-4177-BB99-782F790BAF98}"="{3E7B91C3-D75D-42E2-B85D-41C8F9D6230C}"

"{74EBDCF8-F9ED-484C-A42D-DC759F2E50F1}"="{72777023-4CD4-42CA-BE51-5864B115934E}"

"{33D23EB5-382B-4E74-98BE-1985DD64646A}"="{3B02D326-09BC-47B7-86A8-E304A62832B9}"

"{2FD9B237-FE6E-4EE1-AF5B-D338F4922AB2}"="{3B02D326-09BC-47B7-86A8-E304A62832B9}"

"{7A412048-EDB1-4B5D-9FE7-DBA97C2722AE}"="{B1130F1C-A319-422F-B529-13196AF12FFF}"

"{B7861065-13F8-4902-938C-F8209FF27495}"="{B1130F1C-A319-422F-B529-13196AF12FFF}"

"{2ADEA5DA-CDFF-4F20-831D-FE1F074800C1}"="{CE1481ED-8D66-4444-B6B7-8E1AC0891967}"

"{5D7EF83B-B888-45E9-B573-80631C9D353E}"="{CE1481ED-8D66-4444-B6B7-8E1AC0891967}"

"{D6B119CC-6BC5-4647-A5C5-24B65312B93A}"="{DE5EB51D-44E1-4145-B2E8-B554B5E80D1E}"

"{D2B3111D-2ECD-4761-9391-4BA0A59EBE85}"="{33EB2149-799F-4135-918E-FFBD4CCAFCA4}"

"{CB8DAF46-65E9-4ED7-84B9-15985EE69F95}"="{DE5EB51D-44E1-4145-B2E8-B554B5E80D1E}"

"{E9E60D82-0CBC-4614-9D7A-152D2BD0B72C}"="{33EB2149-799F-4135-918E-FFBD4CCAFCA4}"

"{15EEE4A1-5A22-4E2A-A7A4-AEA6399A8664}"="{3E261154-E2DB-4028-B4AC-9F7FCD5F84F0}"

"{30DCB52F-D994-429F-876C-3993A1C969FF}"="{3E261154-E2DB-4028-B4AC-9F7FCD5F84F0}"

"{F4556393-13DC-4D67-8AE7-59CA505684EC}"="{CC4F0929-31EA-4542-B72D-E520026A1D2B}"

"{639C9766-8508-44EB-AA10-9733B3FD3D76}"="{CC4F0929-31EA-4542-B72D-E520026A1D2B}"

"{B5151FF4-AFC4-44B1-B6B1-F6A58CD4B1D3}"="{6683C974-E106-4C0A-BA26-9D92E8B3C395}"

"{7AED49F9-0184-462F-BEF8-F2097233F21B}"="{4644EB37-5DB9-4D04-957A-A739CFD688DC}"

"{3BF1EBE9-B2BE-4CF2-A647-B9308A36ADFE}"="{4644EB37-5DB9-4D04-957A-A739CFD688DC}"

"{743AB7A7-88A0-4601-A1B9-560AFA4882A5}"="{02D7A61D-3E1D-47E8-B5F1-E73618824062}"

"{80117225-E32B-4C6C-AE81-CBE87B9E7223}"="{02D7A61D-3E1D-47E8-B5F1-E73618824062}"

"{DF7E3B3A-3F57-44B0-891B-B3D252B05418}"="{F5E07170-0FD7-4B74-ABEA-E4FE7FFAA3EB}"

"{71F7F43D-0266-45A1-9228-90445A16508B}"="{5E8023EF-568E-4D89-8983-5EBEC4C7220D}"

"{59257959-299C-4EC4-8FD3-D4B5E2231DEA}"="{5E8023EF-568E-4D89-8983-5EBEC4C7220D}"

"{08584380-DF81-48A4-AC87-834F51E43E8F}"="{F0ED883C-D367-495E-94D6-977BF41EFE6F}"

"{B8151C9C-9590-4A5B-84B4-9B344466D95A}"="{F0ED883C-D367-495E-94D6-977BF41EFE6F}"

"{4B3E9F87-2169-4D96-9950-FD26FA34F77D}"="{C7829D99-F76C-43BD-8DE1-261CA319D6D7}"

"{277B5526-202D-43CA-8A38-15D0B7B4256B}"="{C7829D99-F76C-43BD-8DE1-261CA319D6D7}"

"{745EA8BB-D549-4AFC-8220-7634B09BCD42}"="{9ABFC7D4-67DB-469D-B321-C7E991A2AD69}"

"{92654ECE-FCFF-4B30-8528-5294C3D301F8}"="{8B102FBC-0C16-4196-8F30-C4C335EE6323}"

"{E0AC2D76-BFA6-42F6-A7D7-D1E06B250D34}"="{8B102FBC-0C16-4196-8F30-C4C335EE6323}"

"{360800D4-F15C-4271-AFAB-C5987E6243CD}"="{CC3CDD7C-50A3-4909-B30A-814551BA546F}"

"{9D3819DB-55D2-4A51-B80A-85FF4FB4E7D3}"="{DEDA24FC-9937-4840-A562-B4DE4D84C17E}"

"{E6743AC5-D81A-499B-BB03-7EC5989F75F8}"="{DEDA24FC-9937-4840-A562-B4DE4D84C17E}"

"{0CA20348-0554-4046-BE40-BE74604CAC24}"="{F12577D7-2736-46E2-97AC-B9FE7B93BB23}"

"{C2F98B0F-1591-4E0D-96A6-3C15742B76E9}"="{F12577D7-2736-46E2-97AC-B9FE7B93BB23}"

"{5327AAAC-BDD0-4C0A-A32A-5A38E13AF6BA}"="{FC4C4E32-84A3-4B3E-B27D-B29FBFC457D6}"

"{6470FBC6-A09E-4814-A7D4-F89C5869825E}"="{F218B122-ABA5-4994-A400-B802E56C6B17}"

"{80461F3C-62F1-4197-9EC3-A4688F354184}"="{F218B122-ABA5-4994-A400-B802E56C6B17}"

"{A64EBEEA-BF35-48C8-B6EC-84EAB7A2AFBE}"="{85991C9F-C31A-4BF3-97E7-325564D2ACC1}"

"{E89FB0F1-6AAE-42F8-89BA-261ED1390AE8}"="{92E2D513-ADC4-4EE4-97E3-CD40481C8563}"

"{B9690376-EF58-4324-9E4F-BB7DA44822E1}"="{85991C9F-C31A-4BF3-97E7-325564D2ACC1}"

"{98B095B1-01ED-4A40-A317-725AAB7CD584}"="{BA459B99-B964-4086-B7FA-70221C74F5F9}"

"{8589BFE0-67E1-4D6F-9695-988051EA3417}"="{FE63231B-CBEF-4A06-BDD6-AF59043A441E}"

"{B74EAD68-6CA9-42E7-B05D-DD6D6AAE2E7C}"="{65934EB4-C9A5-4547-948D-2B4EC7E3E057}"

"{2D1263F7-31B1-4F28-B9FA-3534A258D67A}"="{6DC4736B-1597-43A9-8035-B0924B34B2FA}"

"{352F561E-6959-4E15-9139-B14D70554C0D}"="{2820F258-339E-45C0-B0B3-1CB5A2B89AAD}"

"{750EDD9E-3136-45C3-9E0F-70DC2EA560CD}"="{2820F258-339E-45C0-B0B3-1CB5A2B89AAD}"

"{948B1A30-93C5-4884-8259-DEF513900091}"="{ECBE96D1-A060-44DF-9270-72283E951E2F}"

"{2E061BE8-949A-4A3B-A1B2-DCFA7C2C262D}"="{ECBE96D1-A060-44DF-9270-72283E951E2F}"

"{7A92F336-BED5-47CD-82C8-CF8395C6406A}"="{1E86EFD6-ED87-45AC-9D0B-CCD5D378EBBE}"

"{AC6A68F2-F0DD-4C64-8FC0-D7B74531168F}"="{1E86EFD6-ED87-45AC-9D0B-CCD5D378EBBE}"

"{1FF7ECA1-4E08-4CB3-9770-6C6D5C8482E6}"="{EC11758A-DECE-46A9-9E60-FCD589DC9810}"

"{50F24779-2B7F-4312-A13F-3629DF6168AB}"="{AD448082-662F-4369-A704-E753489441AB}"

"{B0F26AB4-3B84-4E72-ABB4-1495F5BC0C56}"="{AD448082-662F-4369-A704-E753489441AB}"

"{66CD9F14-4F10-4425-9821-6FE8D390621F}"="{CE9D9D99-BB75-4C73-8779-BF42C1BA2B40}"

"{BA32E584-B87B-43CD-8372-570BCDE648E7}"="{CE9D9D99-BB75-4C73-8779-BF42C1BA2B40}"

"{E613F2D9-C747-4610-962C-D06AFD30D3D3}"="{67A80263-972C-44FE-968A-5643486BEC77}"

"{3754F4EE-14D6-4ACC-9A9D-24CE3620C805}"="{DADE6AE1-A46E-438F-B193-255822BEDD61}"

"{E11E461D-D91B-46F9-9831-CF0DD7099E99}"="{3DF4707E-E94D-4D38-9BA7-E19EA6FA7B1F}"

"{EA2B7661-F233-4ACB-A8D7-544D3A5BC714}"="{3DF4707E-E94D-4D38-9BA7-E19EA6FA7B1F}"

"{5155C21B-CED5-4828-ACEC-C1B752B82B96}"="{77DBABFA-1285-40E5-9CC1-8936976D3042}"

"{A0BDE930-6533-43FB-A54D-2268A6951158}"="{DC1BAA73-4E2A-48CE-9297-60022CAB4088}"

"{0DD28E1B-C237-4803-8732-D3A8718F1B17}"="{A96B33DA-9A10-4D37-84EB-A875F0D77B33}"

"{4C44C51C-99F2-49D9-AC34-EC83833AD235}"="{79AE988F-8495-48CF-ABEA-1EA4AEF28432}"

"{76413334-0B86-445D-BC33-57BCBD24F408}"="{6BD92D4D-36E0-4962-BDD0-5C60B9A6C12A}"

"{02F4F60D-C7FA-4897-BB52-024FD4EB1527}"="{6BD92D4D-36E0-4962-BDD0-5C60B9A6C12A}"

"{AE328E8C-490E-4C9A-8493-B5EF64E770E3}"="{E0953634-D43D-48F3-9DB3-93FD608F8C8F}"

"{7682E47F-40FB-41E4-A872-A3086CD02C8A}"="{CF249563-CA89-470F-83AE-9670AB303A9F}"

"{B74443A8-EFA7-4F1E-BFDE-AA06E1D1331B}"="{CF249563-CA89-470F-83AE-9670AB303A9F}"

"{5E7A92C3-E613-4DFE-A69D-38EEF7B2C1F9}"="{EDABDDF1-6A96-411B-B7C9-D57731D59879}"

"{7FD33818-9901-4A17-85E1-A87B7B266792}"="{EDABDDF1-6A96-411B-B7C9-D57731D59879}"

"{FD70F75A-6874-46F7-AAAE-3A13D76BD475}"="{EB33459D-5E75-4756-8637-9BF060E2EC46}"

"{5688C46A-C3C3-43EC-B400-F1659860986B}"="{0C6B39FE-5B92-44A3-843D-A5180C7D00C7}"

"{52E35B91-DB47-470A-846F-CDA5A47EB4D7}"="{0C6B39FE-5B92-44A3-843D-A5180C7D00C7}"

"{91460BC9-21AD-4248-8ADB-A64A06D7F590}"="{919813CD-BEB9-4EBA-B583-5F35BD800305}"

"{93B1618F-DA4C-4619-BC65-66516ECC2B88}"="{919813CD-BEB9-4EBA-B583-5F35BD800305}"

"{06ABE051-529B-4F0C-9B43-14A56CB9683E}"="{C546BEE8-8C4D-4078-BCA2-7D5CECAC1A0F}"

"{A1389F52-01AA-4F8D-BA2A-05F48BE9AF8E}"="{C546BEE8-8C4D-4078-BCA2-7D5CECAC1A0F}"

"{7B6714E1-A46D-460F-8B12-CA39D6193EDF}"="{1ABDAA3E-C9E8-4307-A6D1-5107FB108DE4}"

"{CB6F5F69-97AC-4F7F-8012-901607B75CC8}"="{1ABDAA3E-C9E8-4307-A6D1-5107FB108DE4}"

"{9CB5655C-0764-469E-B1D4-3646078C436C}"="{052DBD69-26D2-40CA-B4BE-4FEAD3ED57BC}"

"{9F59E033-79DA-4052-BD06-C0E4B7557355}"="{052DBD69-26D2-40CA-B4BE-4FEAD3ED57BC}"

"{DFE5A920-DC90-4C8E-B156-5F1E8DF42A89}"="{6BF8C2B2-6200-4C9B-90E2-A8F11BB1FB04}"

"{732CCA0E-20C1-4C7A-BA4D-C55FE552DB37}"="{55FDAAD1-7103-45ED-B1BB-A1E8A436D53B}"

"{4B8715E0-DF4E-4474-AC5B-0E2B72D18E6D}"="{55FDAAD1-7103-45ED-B1BB-A1E8A436D53B}"

"{E7C7572C-3B40-42A0-A358-B57811C9CD49}"="{CED94F6A-A2EA-4DBC-B26A-D1DA6F4CC550}"

"ccSvcHst_ccSetMgr"="{A2676CF8-5F23-4D18-BB59-9967F51C090D}"

"ccSettingsService"="{A2676CF8-5F23-4D18-BB59-9967F51C090D}"

"ccSvcHst_ccEvtMgr"="{A2676CF8-5F23-4D18-BB59-9967F51C090D}"

"ccEvtCli"="{A2676CF8-5F23-4D18-BB59-9967F51C090D}"

"{BD73E8D6-DDA2-4941-90F2-EC1ADD2C02C8}"="{A2676CF8-5F23-4D18-BB59-9967F51C090D}"

"{9063B716-C12B-4304-B20A-33B08BDE5BFA}"="{2571D77F-659D-4B2D-AB69-3DF8B08D3697}"

"{56F4850D-6E9B-4EB2-B6B9-CE9C8B8BD9DA}"="{2571D77F-659D-4B2D-AB69-3DF8B08D3697}"

"{33A3E114-29A0-4D3A-A57A-EFB718F71D6D}"="{B11DA2C5-8A73-4914-A941-D0179C5D7C97}"

"{BDBF1F21-C70E-48F2-94CB-8BBCE6C2F42B}"="{B11DA2C5-8A73-4914-A941-D0179C5D7C97}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files (x86)\Symantec AntiVirus\DefWatch.exe

c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\program files (x86)\Symantec AntiVirus\Rtvscan.exe

c:\program files (x86)\Symantec AntiVirus\SavUI.exe

c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe

c:\program files (x86)\Symantec AntiVirus\VPTray.exe

.

**************************************************************************

.

Completion time: 2012-08-21 16:30:00 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-21 21:30

ComboFix2.txt 2012-08-21 21:16

.

Pre-Run: 661,088,641,024 bytes free

Post-Run: 661,041,446,912 bytes free

.

- - End Of File - - 63A802288619C2D3ED15E21D526EBD9F

[MrCharlie]

Looks clean......

Please rescan the system with RogueKiller and post the new log, MrC

[jamesdtodd]

RK report attached. Could not copy it to the reply.

RKreport4.txt

[MrCharlie]

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest: (if found)

[ZeroAccess][FOLDER] U : c:\windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jim\appdata\local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jim\appdata\local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L --> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~

Reboot and ............

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

~~~~~~~~~~~~~~~~~

Then run another scan with RogueKiller and post the new log, MrC

[jamesdtodd]

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Jim [Admin rights]

Mode: Scan -- Date: 08/21/2012 17:55:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750528AS ATA Device +++++

--- User ---

[MBR] f799b74cf98df55d3b628118c14bfb1e

[bSP] 4429d62451263ad904086c86a4f34109 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 700363 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[6].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.21.07

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Jim :: HOME [administrator]

8/21/2012 5:48:56 PM

mbam-log-2012-08-21 (17-48-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196967

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

It's clean now, how's it running?? MrC

[jamesdtodd]

Great! Thank you very much for your assistance. I have deposited a small token of my appreciation at PaPal. Jim

[MrCharlie]

Great and Thank You Very Much!

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!