Jump to content

Smart Pc Cleaner removal


Recommended Posts

My pc was infected with this software. Google and found that its a scamware... I do a lot of online transaction and online I-banking so will need help to remove it asap..

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.16.09

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Owner :: WINDOWSVISTA [administrator]

Protection: Enabled

10/17/2012 6:53:57 PM

mbam-log-2012-10-17 (18-53-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 266674

Time elapsed: 20 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Owner at 19:10:49 on 2012-10-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.345 [GMT 8:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

FW: Cloud Antivirus Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Windows\system32\dgdersvc.exe

C:\Windows\system32\FsUsbExService.Exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Internet Download Manager\idman.exe

C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Smart PC Cleaner\SPCSmartScan.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Java\jre7\bin\javaw.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=7418299174944100&p2=^A9T^YYYYYY^YY^US

uSearch Bar = Preserve

mStart Page = hxxp://www.google.com

uProxyOverride = proxy.singnet.com.sg

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.1.1.2\ips\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - c:\program files\searchresults1\searchresultsDx.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll

TB: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - c:\program files\searchresults1\searchresultsDx.dll

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [skyDrive] "c:\users\owner\appdata\local\microsoft\skydrive\SkyDrive.exe" /background

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [smart PC Cleaner] c:\program files\smart pc cleaner\SPCLauncher.exe

mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"

mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [speetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254238491099

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.140.0.cab

DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab

TCP: NameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{7B230672-0023-4F2A-8E71-867FDC9F8867} : DHCPNameServer = 192.168.1.1 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 ads.bleepingcomputer.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\l72udwo9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.sg/

FF - prefs.js: network.proxy.http - proxy.singnet.com.sg

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: !HIDDEN! 2009-06-26 03:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1401010.002\SymDS.sys [2012-9-6 368288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys [2012-9-6 926880]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-2-9 752128]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-2 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys [2012-9-6 134304]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20121013.001\IDSvix86.sys [2012-10-16 386720]

R1 NNSALPC;NNSALPC;c:\windows\system32\drivers\NNSAlpc.sys [2012-6-27 82472]

R1 NNSHTTP;NNSHTTP;c:\windows\system32\drivers\NNSHttp.sys [2012-6-27 120744]

R1 NNSIDS;NNSIDS;c:\windows\system32\drivers\NNSIds.sys [2012-6-27 122664]

R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\drivers\NNSNAHSL.sys [2012-6-27 28712]

R1 NNSPICC;NNSPICC;c:\windows\system32\drivers\NNSpicc.sys [2012-6-27 93992]

R1 NNSPIHSW;NNSPIHSW;c:\windows\system32\drivers\NNSPihsw.sys [2012-6-27 60968]

R1 NNSPOP3;NNSPOP3;c:\windows\system32\drivers\NNSPop3.sys [2012-6-27 104104]

R1 NNSPROT;NNSPROT;c:\windows\system32\drivers\NNSProt.sys [2012-6-27 286376]

R1 NNSPRV;NNSPRV;c:\windows\system32\drivers\NNSPrv.sys [2012-6-27 153000]

R1 NNSSMTP;NNSSMTP;c:\windows\system32\drivers\NNSSmtp.sys [2012-6-27 106536]

R1 NNSSTRM;NNSSTRM;c:\windows\system32\drivers\NNSStrm.sys [2012-7-12 206632]

R1 NNSTLSC;NNSTLSC;c:\windows\system32\drivers\NNStlsc.sys [2012-6-27 92840]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2012-7-13 174632]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys [2012-9-6 175264]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1401010.002\symnets.sys [2012-9-6 338592]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-2-9 3246040]

R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 95568]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-5-1 217088]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-10-10 99192]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-11 676936]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2012-8-11 95200]

R2 N360;Norton 360;c:\program files\norton 360\engine\20.1.1.2\ccSvcHst.exe [2012-9-6 143928]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2012-7-13 140064]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-1-2 1258856]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-7-13 148520]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-7-13 103464]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-7-13 114216]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-7-13 120872]

R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2012-7-13 36640]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-2-9 167968]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 18120]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-25 106656]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-5-1 36640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-6 22856]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-17 40776]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-9-24 149352]

R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2012-10-16 46280]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-8 27632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 250808]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-1 30312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-2-5 115184]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-1 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-1 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-1 121576]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-1 98152]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-8-19 26112]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-6-30 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-30 1343400]

.

=============== Created Last 30 ================

.

2012-10-17 10:53:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-10-16 16:27:04 -------- d-----w- c:\programdata\DriverGenius

2012-10-16 16:26:17 -------- dc----w- c:\users\owner\appdata\roaming\Smart PC Cleaner

2012-10-16 15:55:48 -------- dc----w- c:\program files\Smart PC Cleaner

2012-10-16 15:55:48 -------- dc----w- c:\program files\searchresults1

2012-10-16 11:45:59 58864 -c--a-w- c:\program files\mozilla firefox\libEGL.dll

2012-10-16 11:45:59 473584 -c--a-w- c:\program files\mozilla firefox\libGLESv2.dll

2012-10-16 11:45:59 2846192 -c--a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-10-16 11:45:59 276464 -c--a-w- c:\program files\mozilla firefox\freebl3.dll

2012-10-16 11:45:59 115184 -c--a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-10-16 11:45:58 916976 -c--a-w- c:\program files\mozilla firefox\firefox.exe

2012-10-16 11:45:57 2106216 -c--a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2012-10-16 11:45:57 1998168 -c--a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2012-10-16 11:45:56 73712 -c--a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2012-10-16 11:45:56 261616 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-10-16 11:45:56 18928 -c--a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2012-10-16 11:45:56 115696 -c--a-w- c:\program files\mozilla firefox\crashreporter.exe

2012-10-16 11:33:37 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-10-14 05:07:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2012-10-14 04:52:11 -------- d-----w- c:\windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP

2012-10-14 04:51:59 -------- dc----w- c:\program files\common files\Wise Installation Wizard

2012-10-13 01:12:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-10 09:39:17 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 09:39:09 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 09:36:33 99192 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2012-10-01 14:23:52 -------- d-----w- c:\users\owner\appdata\local\FLT

2012-10-01 14:00:11 -------- dc----w- c:\program files\F1 2012

2012-09-26 09:35:38 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 00:40:15 -------- d-----w- c:\windows\CheckSur

2012-09-24 14:46:50 3487434 ----a-w- c:\windows\system32\nvcoproc.bin

.

==================== Find3M ====================

.

2012-10-15 11:02:53 139128 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-10-15 11:02:45 215128 -c--a-w- c:\windows\system32\PnkBstrB.xtr

2012-10-15 11:02:45 215128 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-10-14 08:07:29 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0

2012-10-13 01:11:56 746984 -c--a-w- c:\windows\system32\deployJava1.dll

2012-10-10 10:10:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 10:10:46 1159680 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 10:10:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 10:08:50 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-10 09:50:38 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 09:50:34 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-10 09:50:34 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-09 16:22:14 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 16:22:14 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-12 17:17:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 17:17:46 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 17:17:38 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 17:17:38 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 17:17:38 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 17:11:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-07 09:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-06 11:52:23 142496 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-08-30 15:57:55 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-30 15:57:54 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-08-30 15:57:54 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-30 15:57:32 3963240 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-30 15:57:27 2836840 ----a-w- c:\windows\system32\nvsvc.dll

2012-08-30 02:40:14 429416 ----a-w- c:\windows\system32\nvStreaming.exe

2012-08-25 03:00:42 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-08-15 11:40:56 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 11:40:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 11:40:06 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 11:40:06 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 11:39:00 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 11:39:00 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-15 11:38:17 769024 ----a-w- c:\windows\system32\localspl.dll

2012-08-11 01:26:42 585888 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys

2012-08-08 05:18:19 926880 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys

2012-08-07 18:42:43 134304 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys

2012-07-28 03:25:32 368288 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys

2012-07-28 03:05:21 175264 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys

2012-07-27 19:09:02 57792 ----a-w- c:\windows\system32\sirenacm.dll

2012-07-27 18:54:00 321472 ----a-w- c:\windows\WLXPGSS.SCR

2012-07-26 11:08:06 862664 ----a-w- c:\windows\system32\msvcr110.dll

2012-07-26 11:08:06 534480 ----a-w- c:\windows\system32\msvcp110.dll

2012-07-26 11:08:06 251864 ----a-w- c:\windows\system32\vccorlib110.dll

2012-07-26 11:08:06 153536 ----a-w- c:\windows\system32\atl110.dll

2012-07-26 11:08:06 115656 ----a-w- c:\windows\system32\vcomp110.dll

2012-07-23 01:34:24 338592 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys

2012-07-22 14:22:18 772592 -c--a-w- c:\windows\system32\npdeployJava1.dll

.

============= FINISH: 19:14:26.70 ===============

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

RogueKiller V8.1.1 [10/01/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 10/17/2012 21:39:04

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\MSVCP110.dll -> UNLOADED

[sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\MSVCP110.dll -> UNLOADED

[sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\MSVCP110.dll -> UNLOADED

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\RunOnce : Uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727 (C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3429488616-1519292121-1956305698-1000[...]\RunOnce : Uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727 (C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727") -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\2012 GG Screensaver.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x8371754D -> HOOKED (Unknown @ 0x870246F8)

SSDT[14] : NtAlertThread @ 0x8369FB3F -> HOOKED (Unknown @ 0x870247D8)

SSDT[19] : NtAllocateVirtualMemory @ 0x8364CF85 -> HOOKED (Unknown @ 0x87023BD0)

SSDT[22] : NtAlpcConnectPort @ 0x83660299 -> HOOKED (Unknown @ 0x8645D528)

SSDT[43] : NtAssignProcessToJobObject @ 0x836B87E4 -> HOOKED (Unknown @ 0x86E18818)

SSDT[74] : NtCreateMutant @ 0x836AF1FE -> HOOKED (Unknown @ 0x86FF78C0)

SSDT[86] : NtCreateSymbolicLinkObject @ 0x8362E1AD -> HOOKED (Unknown @ 0x86490108)

SSDT[87] : NtCreateThread @ 0x8371575E -> HOOKED (Unknown @ 0x866B7CD8)

SSDT[88] : NtCreateThreadEx @ 0x8369E831 -> HOOKED (Unknown @ 0x864901D8)

SSDT[96] : NtDebugActiveProcess @ 0x836E7EC8 -> HOOKED (Unknown @ 0x87023B50)

SSDT[111] : NtDuplicateObject @ 0x8369A8E5 -> HOOKED (Unknown @ 0x87023D28)

SSDT[131] : NtFreeVirtualMemory @ 0x834C021C -> HOOKED (Unknown @ 0x870268A8)

SSDT[145] : NtImpersonateAnonymousToken @ 0x83693266 -> HOOKED (Unknown @ 0x87024538)

SSDT[147] : NtImpersonateThread @ 0x83671281 -> HOOKED (Unknown @ 0x87024618)

SSDT[155] : NtLoadDriver @ 0x835E4466 -> HOOKED (Unknown @ 0x8644A138)

SSDT[168] : NtMapViewOfSection @ 0x83679B9C -> HOOKED (Unknown @ 0x870267C8)

SSDT[177] : NtOpenEvent @ 0x8366FFA5 -> HOOKED (Unknown @ 0x86FF77E0)

SSDT[190] : NtOpenProcess @ 0x8365BF35 -> HOOKED (Unknown @ 0x870200D8)

SSDT[191] : NtOpenProcessToken @ 0x8369928D -> HOOKED (Unknown @ 0x870232A0)

SSDT[194] : NtOpenSection @ 0x836A8A20 -> HOOKED (Unknown @ 0x86FF7600)

SSDT[198] : NtOpenThread @ 0x836B1B28 -> HOOKED (Unknown @ 0x870023C0)

SSDT[215] : NtProtectVirtualMemory @ 0x836804B3 -> HOOKED (Unknown @ 0x86FF7480)

SSDT[304] : NtResumeThread @ 0x8366BF24 -> HOOKED (Unknown @ 0x86FF7F88)

SSDT[316] : NtSetContextThread @ 0x83716FF9 -> HOOKED (Unknown @ 0x87024DC0)

SSDT[333] : NtSetInformationProcess @ 0x8364A2AF -> HOOKED (Unknown @ 0x87024EA0)

SSDT[350] : NtSetSystemInformation @ 0x8362763C -> HOOKED (Unknown @ 0x87023698)

SSDT[366] : NtSuspendProcess @ 0x83717487 -> HOOKED (Unknown @ 0x86FF76E0)

SSDT[367] : NtSuspendThread @ 0x836D1363 -> HOOKED (Unknown @ 0x87024C00)

SSDT[370] : NtTerminateProcess @ 0x8365C414 -> HOOKED (Unknown @ 0x87025040)

SSDT[371] : unknown @ 0x83673965 -> HOOKED (Unknown @ 0x87024CE0)

SSDT[385] : NtUnmapViewOfSection @ 0x8369C538 -> HOOKED (Unknown @ 0x87024F70)

SSDT[399] : NtWriteVirtualMemory @ 0x8368C2C5 -> HOOKED (Unknown @ 0x87026978)

S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x8734D978)

S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x87361B40)

S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x870EC938)

S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x87421B60)

S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x87422AE8)

S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x87484100)

S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x863B8670)

S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x873619F0)

S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x873B19C8)

S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8741C838)

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost #[iPv6]

127.0.0.1 fr.a2dfp.net

127.0.0.1 m.fr.a2dfp.net

127.0.0.1 ad.a8.net

127.0.0.1 asy.a8ww.net

127.0.0.1 abcstats.com

127.0.0.1 a.abv.bg

127.0.0.1 adserver.abv.bg

127.0.0.1 adv.abv.bg

127.0.0.1 bimg.abv.bg

127.0.0.1 ca.abv.bg

127.0.0.1 www2.a-counter.kiev.ua

127.0.0.1 track.acclaimnetwork.com

127.0.0.1 accuserveadsystem.com

127.0.0.1 www.accuserveadsystem.com

127.0.0.1 achmedia.com

127.0.0.1 aconti.net

127.0.0.1 secure.aconti.net

127.0.0.1 www.aconti.net #[Dialer.Aconti]

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-221CA0 ATA Device +++++

--- User ---

[MBR] 2c405caade8550823bfbf08d8cffbb15

[bSP] f57f0610176664743bad23659f79e138 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EADS-00L5B1 ATA Device +++++

--- User ---

[MBR] 10559c0d6846e0abda76675030b47cfb

[bSP] 2810de4fae0d84d37c859df7a3401bd2 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953865 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Go to your control panels add/remove programs and uninstall > Smart PC Cleaner v3.0

Reboot and .....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-10-18.02 - Owner 10/18/2012 19:13:29.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.756 [GMT 8:00]

Running from: C:\Users\Owner\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

FW: Cloud Antivirus Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\system32\tmp6EF8.tmp

C:\Windows\system32\tmp6F57.tmp

C:\Windows\system32\tmp7F91.tmp

C:\Windows\system32\tmpB20D.tmp

C:\Windows\system32\tmpB22D.tmp

C:\Windows\system32\tmpF702.tmp

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_nvsvc

((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))

2012-10-18 11:26:56 . 2012-10-18 11:30:06 -------- d-----w- C:\Users\Owner\AppData\Local\temp

2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- dc----w- C:\Users\UpdatusUser\AppData\Local\temp

2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- dc----w- C:\Users\Public\AppData\Local\temp

2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\UpdatusUser.WindowsVista\AppData\Local\temp

2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\Administrator\AppData\Local\temp

2012-10-18 10:50:05 . 2011-03-10 10:04:57 46280 ----a-w- C:\Windows\system32\drivers\PSKMAD.sys

2012-10-17 12:49:24 . 2012-09-24 15:16:36 93672 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll

2012-10-16 16:27:04 . 2012-10-16 16:27:04 -------- d-----w- C:\ProgramData\DriverGenius

2012-10-16 15:55:48 . 2012-10-16 15:55:56 -------- dc----w- C:\Program Files\searchresults1

2012-10-14 05:07:00 . 2012-10-14 05:07:00 107888 ----a-w- C:\Windows\system32\CmdLineExt.dll

2012-10-14 04:52:11 . 2012-10-14 04:52:11 -------- d-----w- C:\Windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP

2012-10-14 04:51:59 . 2012-10-14 04:51:59 -------- dc----w- C:\Program Files\Common Files\Wise Installation Wizard

2012-10-13 01:12:53 . 2012-10-13 01:12:53 -------- dc----w- C:\Program Files\Common Files\Java

2012-10-10 09:39:17 . 2012-10-10 10:13:33 172544 ----a-w- C:\Windows\system32\wintrust.dll

2012-10-10 09:39:09 . 2012-10-10 10:13:15 2048 ----a-w- C:\Windows\system32\tzres.dll

2012-10-10 09:36:33 . 2012-09-27 18:07:26 99192 ----a-w- C:\Windows\system32\drivers\idmwfp.sys

2012-10-01 14:23:52 . 2012-10-01 14:23:52 -------- d-----w- C:\Users\Owner\AppData\Local\FLT

2012-10-01 14:00:11 . 2012-10-06 01:22:24 -------- dc----w- C:\Program Files\F1 2012

2012-09-26 09:35:38 . 2012-09-26 11:31:11 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe

2012-09-25 00:40:15 . 2012-09-25 00:40:15 -------- d-----w- C:\Windows\CheckSur

2012-09-24 14:46:50 . 2012-08-30 15:57:37 3487434 ----a-w- C:\Windows\system32\nvcoproc.bin

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-10-17 13:50:49 . 2009-06-23 18:32:42 139128 -c--a-w- C:\Windows\system32\drivers\PnkBstrK.sys

2012-10-17 13:50:40 . 2009-06-29 15:27:19 215128 -c--a-w- C:\Windows\system32\PnkBstrB.xtr

2012-10-17 13:50:40 . 2009-06-23 18:32:27 215128 ----a-w- C:\Windows\system32\PnkBstrB.exe

2012-10-15 11:02:45 . 2009-06-23 18:32:27 215128 ----a-w- C:\Windows\system32\PnkBstrB.ex0

2012-10-13 01:11:56 . 2012-02-04 09:23:50 821736 -c--a-w- C:\Windows\system32\npdeployJava1.dll

2012-10-13 01:11:56 . 2010-04-24 04:29:35 746984 -c--a-w- C:\Windows\system32\deployJava1.dll

2012-10-10 23:35:32 . 2008-05-09 11:40:08 975248 -c--a-w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent.exe

2012-10-09 16:22:14 . 2012-04-19 13:43:33 73656 -c--a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 16:22:14 . 2012-04-19 13:43:33 696760 -c--a-w- C:\Windows\system32\FlashPlayerApp.exe

2012-09-12 17:17:46 . 2012-09-12 12:48:17 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys

2012-09-12 17:17:46 . 2012-09-12 12:48:17 33280 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys

2012-09-12 17:17:38 . 2012-09-12 12:48:13 240496 ----a-w- C:\Windows\system32\drivers\netio.sys

2012-09-12 17:17:38 . 2012-09-12 12:48:13 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 17:17:38 . 2012-09-12 12:48:13 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2012-09-12 17:11:27 . 2012-09-12 12:48:11 490496 ----a-w- C:\Windows\system32\d3d10level9.dll

2012-09-07 09:04:46 . 2009-03-06 02:15:55 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-09-06 11:52:23 . 2011-04-10 16:00:43 142496 -c--a-w- C:\Windows\system32\drivers\SYMEVENT.SYS

2012-08-30 19:13:00 . 2012-01-02 03:34:20 12465512 ----a-w- C:\Windows\system32\nvwgf2um.dll

2012-08-30 19:13:00 . 2012-01-02 03:34:19 1009512 ----a-w- C:\Windows\system32\nvdispco32.dll

2012-08-30 19:13:00 . 2012-01-02 03:34:18 2422120 ----a-w- C:\Windows\system32\nvapi.dll

2012-08-30 19:13:00 . 2012-01-02 03:34:18 15291752 ----a-w- C:\Windows\system32\nvd3dum.dll

2012-08-30 15:57:55 . 2012-06-29 15:51:27 645992 ----a-w- C:\Windows\system32\nvvsvc.exe

2012-08-30 15:57:54 . 2012-06-29 15:51:27 62312 ----a-w- C:\Windows\system32\nvshext.dll

2012-08-30 15:57:54 . 2012-06-29 15:51:27 108392 ----a-w- C:\Windows\system32\nvmctray.dll

2012-08-30 15:57:32 . 2012-06-29 15:51:27 3963240 ----a-w- C:\Windows\system32\nvcpl.dll

2012-08-30 15:57:27 . 2012-06-29 15:51:27 2836840 ----a-w- C:\Windows\system32\nvsvc.dll

2012-08-30 02:40:14 . 2012-08-30 02:40:14 429416 ----a-w- C:\Windows\system32\nvStreaming.exe

2012-08-25 03:00:42 . 2012-08-25 03:00:30 514560 ----a-w- C:\Windows\system32\qdvd.dll

2012-08-15 11:40:56 . 2012-08-15 11:03:23 400896 ----a-w- C:\Windows\system32\srcore.dll

2012-08-15 11:40:40 . 2012-08-15 11:03:19 2345984 ----a-w- C:\Windows\system32\win32k.sys

2012-08-15 11:40:06 . 2012-08-15 11:03:16 492032 ----a-w- C:\Windows\system32\win32spl.dll

2012-08-15 11:40:06 . 2012-08-15 11:03:15 317440 ----a-w- C:\Windows\system32\spoolsv.exe

2012-08-15 11:39:00 . 2012-08-15 11:03:03 41984 ----a-w- C:\Windows\system32\browcli.dll

2012-08-15 11:39:00 . 2012-08-15 11:03:03 102912 ----a-w- C:\Windows\system32\browser.dll

2012-08-15 11:38:17 . 2012-08-15 11:03:00 769024 ----a-w- C:\Windows\system32\localspl.dll

2012-08-11 01:26:42 . 2012-09-06 11:51:02 585888 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\srtsp.sys

2012-08-08 05:18:19 . 2012-09-06 11:51:02 926880 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\SymEFA.sys

2012-08-07 18:42:43 . 2012-09-06 11:51:01 134304 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys

2012-07-28 03:25:32 . 2012-09-06 11:51:02 368288 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\SymDS.sys

2012-07-28 03:05:21 . 2012-09-06 11:51:01 175264 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\Ironx86.sys

2012-07-27 19:09:02 . 2012-07-27 19:09:02 57792 ----a-w- C:\Windows\system32\sirenacm.dll

2012-07-27 18:54:00 . 2012-07-27 18:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR

2012-07-26 11:08:06 . 2012-07-26 11:08:06 862664 ----a-w- C:\Windows\system32\msvcr110.dll

2012-07-26 11:08:06 . 2012-07-26 11:08:06 534480 ----a-w- C:\Windows\system32\msvcp110.dll

2012-07-26 11:08:06 . 2012-07-26 11:08:06 251864 ----a-w- C:\Windows\system32\vccorlib110.dll

2012-07-26 11:08:06 . 2012-07-26 11:08:06 153536 ----a-w- C:\Windows\system32\atl110.dll

2012-07-26 11:08:06 . 2012-07-26 11:08:06 115656 ----a-w- C:\Windows\system32\vcomp110.dll

2012-07-23 01:34:24 . 2012-09-06 11:51:02 338592 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\symnets.sys

2012-10-18 10:59:23 . 2012-10-18 10:59:12 261616 -c--a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94366e2c-9923-431c-b0d6-747447dd0f2b}]

2012-03-22 07:24:14 87008 -c--a-w- C:\Program Files\searchresults1\searchresultsDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]

2012-03-15 21:02:40 86696 -c--a-w- C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 21:02:40 86696]

"{94366e2c-9923-431c-b0d6-747447dd0f2b}"= "C:\Program Files\searchresults1\searchresultsDx.dll" [2012-03-22 07:24:14 87008]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_CLASSES_ROOT\clsid\{94366e2c-9923-431c-b0d6-747447dd0f2b}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49:16 22376 -c--a-w- C:\Program Files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2012-10-13 01:14:20 3536320]

"SkyDrive"="C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-10-17 13:36:44 238552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 09:07:48 10967656]

"Panda Security URL Filtering"="C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 02:51:36 217256]

"PSUAMain"="C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-12 23:15:56 37152]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"<NO NAME>"= 0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]

backup=C:\Windows\pss\OfficeSAS.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Connect.lnk]

backup=C:\Windows\pss\OpenVPN Connect.lnk.CommonStartup

backupExtension=.CommonStartup

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grid Service

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Immunet Protect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2010-12-05 20:56:42 390728 -c--a-w- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51:26 919008 -c--a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51:36 35768 -c--a-w- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 06:54:26 91520 -c--a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-09-07 09:04:44 766536 -c--a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2010-05-10 06:12:28 439568 -c--a-w- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2012-07-27 19:09:02 4272064 -c--a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]

2012-01-20 13:03:48 719672 -c--a-w- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-07-27 02:37:50 180224 -c--a-w- C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2012-03-27 09:07:48 10967656 ----a-w- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2012-08-04 10:40:23 1353080 -c--a-w- C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 01:04:54 252848 -c--a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2010-12-05 20:55:24 5542168 -c--a-w- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2011-06-30 10:11:16 2648184 -c--a-w- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2009-07-14 01:14:24 660480 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2009-07-14 01:14:47 65024 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl.sys [x]

R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys [x]

R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys [x]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360\1401010.002\SYMDS.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360\1401010.002\SYMEFA.SYS [x]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys [x]

S1 BHDrvx86;BHDrvx86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [x]

S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys [x]

S1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121016.001\IDSvix86.sys [x]

S1 NNSALPC;NNSALPC;C:\Windows\system32\DRIVERS\NNSAlpc.sys [x]

S1 NNSHTTP;NNSHTTP;C:\Windows\system32\DRIVERS\NNSHttp.sys [x]

S1 NNSIDS;NNSIDS;C:\Windows\system32\DRIVERS\NNSIds.sys [x]

S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\system32\DRIVERS\NNSNAHSL.sys [x]

S1 NNSPICC;NNSPICC;C:\Windows\system32\DRIVERS\NNSPicc.sys [x]

S1 NNSPIHSW;NNSPIHSW;C:\Windows\system32\DRIVERS\NNSPihsw.sys [x]

S1 NNSPOP3;NNSPOP3;C:\Windows\system32\DRIVERS\NNSPop3.sys [x]

S1 NNSPROT;NNSPROT;C:\Windows\system32\DRIVERS\NNSProt.sys [x]

S1 NNSPRV;NNSPRV;C:\Windows\system32\DRIVERS\NNSPrv.sys [x]

S1 NNSSMTP;NNSSMTP;C:\Windows\system32\DRIVERS\NNSSmtp.sys [x]

S1 NNSSTRM;NNSSTRM;C:\Windows\system32\DRIVERS\NNSStrm.sys [x]

S1 NNSTLSC;NNSTLSC;C:\Windows\system32\DRIVERS\NNSTlsc.sys [x]

S1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys [x]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360\1401010.002\Ironx86.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360\1401010.002\SYMNETS.SYS [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [x]

S2 dgdersvc;Device Error Recovery Service;C:\Windows\system32\dgdersvc.exe [x]

S2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x]

S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys [x]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [x]

S2 N360;Norton 360;C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [x]

S2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]

S2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys [x]

S2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys [x]

S2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys [x]

S2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys [x]

S2 PSUAService;Panda Product Service;C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys [x]

S3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [x]

S3 PSKMAD;PSKMAD;C:\Windows\system32\DRIVERS\PSKMAD.sys [x]

S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2012-10-18 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:43:33 . 2012-10-09 16:22:20]

------- Supplementary Scan -------

uStart Page = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=7418299174944100&p2=^A9T^YYYYYY^YY^US

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = proxy.singnet.com.sg

IE: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.sg/

FF - prefs.js: network.proxy.http - proxy.singnet.com.sg

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2009-06-26 03:22; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

MSConfigStartUp-DivXUpdate - C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MSConfigStartUp-SSDMonitor - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

MSConfigStartUp-Windows Mobile Device Center - C:\Windows\WindowsMobile\wmdc.exe

AddRemove-uTorrent - C:\Program Files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"C:\Program Files\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="C:\Windows\system32\GameMon.des -service"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]

"AdvancedGeneration"=dword:00000000

"AutomaticallyUpdateCheck"=dword:00000001

"ClubSearchFeatureNum"=dword:00000000

"CompareFeatureNum"=dword:00000000

"CompressHistoryPoints"=dword:00000000

"Currency"=dword:00000056

"ExportFeatureNum"=dword:00000000

"FilterByClubFeatureNum"=dword:00000000

"FMPath"=""

"GameDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\games"

"GenieReportFeatureNum"=dword:00000000

"GraphStep"=dword:00000000

"HighlightedAttributes"=dword:00000000

"HighQualityGUI"=dword:00000001

"HintsFeatureNum"=dword:00000000

"HistoryDir"="C:\\FM Genie Scout 11\\History Points"

"HistoryFeatureNum"=dword:00000000

"LangDB"="C:\\FM Genie Scout 11\\lang_db.dat"

"Language"="English"

"LanguageDBFeatureNum"=dword:00000004

"LastSaveGame"=""

"LastUpdateCheck"=dword:0000a049

"LoadLangDB"=dword:00000001

"MinCondition"=dword:00000050

"PlayerSearchFeatureNum"=dword:00000004

"ProxyHost"=""

"ProxyPort"=""

"SaveDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\"

"ScreenshotFeatureNum"=dword:00000000

"ScreenshotsDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011"

"ShortlistDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\shortlists"

"ShortlistFeatureNum"=dword:00000000

"ShowHistory"=dword:00000001

"SkinName"="PSV Eindhoven"

"StaffSearchFeatureNum"=dword:00000000

"TopFormationFeatureNum"=dword:00000000

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"TranslateStaffSkills"=dword:00000001

"UniqueID"="D5-E080-E52F"

"UseAuthentication"=dword:00000000

"UseProxy"=dword:00000000

"UserName"=""

"UserPassword"=""

"Version"=dword:00000081

"VersionOf"=dword:00000000

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11g]

"PicturesNumber"=dword:00057cfc

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]

"AdClicksNum"=dword:00000008

"AdImpressionsNum"=dword:00000019

"AdvancedGeneration"=dword:00000000

"AutomaticallyUpdateCheck"=dword:00000001

"ClubSearchFeatureNum"=dword:00000000

"CompareFeatureNum"=dword:00000000

"CompressHistoryPoints"=dword:00000000

"Currency"=dword:00000056

"ExportFeatureNum"=dword:00000000

"FilterByClubFeatureNum"=dword:00000000

"FMPath"=""

"GameDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\games"

"GameLoadedCounter"=dword:00000008

"GenieReportFeatureNum"=dword:00000001

"GraphStep"=dword:00000000

"HighlightedAttributes"=dword:00000000

"HighQualityGUI"=dword:00000001

"HintsFeatureNum"=dword:00000000

"HistoryDir"="C:\\FM Genie Scout 12\\History Points"

"HistoryFeatureNum"=dword:00000000

"LangDB"="C:\\FM Genie Scout 12\\lang_db.dat"

"Language"="English"

"LanguageDBFeatureNum"=dword:00000007

"LastSaveGame"=""

"LastUpdateCheck"=dword:0000a0a6

"LoadLangDB"=dword:00000001

"MinCondition"=dword:00000050

"PlayerSearchFeatureNum"=dword:00000007

"ProxyHost"=""

"ProxyPort"=""

"SaveDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\"

"ScreenshotFeatureNum"=dword:00000000

"ScreenshotsDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012"

"ShortlistDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"

"ShortlistFeatureNum"=dword:00000000

"ShowDonateNotification"=dword:00000000

"ShowGuidNotification"=dword:00000000

"ShowHistory"=dword:00000001

"SkinName"="Steklo Black"

"StaffSearchFeatureNum"=dword:00000001

"TopFormationFeatureNum"=dword:00000000

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"TranslateStaffSkills"=dword:00000001

"UniqueID"="D5-E080-E52F"

"UseAuthentication"=dword:00000000

"UseProxy"=dword:00000000

"UserName"=""

"UserPassword"=""

"Version"=dword:000000ce

"VersionOf"=dword:0000007b

"VersionOf201"=dword:0000007b

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. a v ý

µ#\OpenWithList]

"a"="vlc.exe"

"b"="a"

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]

@Denied: (C D) (Everyone)

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]

@Denied: (C D) (Everyone)

"{FFAA6780-253F-4641-9BF3-A6F8AF5E2618}"=""

"{ED9C13BB-8994-43A4-8156-E445828694DF}"=""

"{0F7A789B-9208-4BD3-8BCC-3D8A6DB74D22}"=""

"{16A1A044-CB51-4EB0-A436-4B549D0B17BE}"=""

"{63DCF0B0-88C1-4016-9BCF-731A6358B534}"=""

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c1,34,ba,64,9f,02,b4,21,a6,ac,2e,45,1b,3e,3c,9e,92,7f,3b,98,ee,93,18,

f7,2b,f0,b7,1b,97,bd,fd,dc,e1,7f,34,a0,d7,16,e5,5f,cb,76,ef,4e,4f,2c,63,68,\

"??"=hex:14,af,65,1f,0d,e2,ba,9a,6e,8b,98,b4,45,d2,99,6f

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\SecuROM\License information*]

"datasecu"=hex:21,46,6d,46,73,8a,24,e3,7d,8d,f8,ed,71,7f,f8,74,a7,10,91,61,d6,

92,c8,a1,ae,15,21,65,62,cc,7e,fe,e8,db,88,a2,08,48,f7,b3,55,92,ce,10,7f,e4,\

"rkeysecu"=hex:3a,14,c3,31,e8,71,be,4e,a7,2c,de,39,47,6b,04,5d

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):4b,e5,68,99,7f,3e,05,dd,2c,e8,ce,0f,71,7e,e6,c5,c6,0e,f5,cc,01,

68,7f,9c,39,2d,fc,81,b9,65,d3,72,ad,0a,c5,9e,d7,a4,13,43,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):0f,b5,2b,28,fc,f7,ef,46,91,dc,5b,fb,89,97,10,a7,03,6f,85,eb,0c,

0d,83,d3,a4,ee,1e,b1,c1,81,36,22,69,37,db,5d,5f,ff,79,e7,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{a80886ee-b41e-4272-bb4a-0d197a6623ac}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000cb

"Therad"=dword:00000009

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{fc37c768-0325-4302-b32c-94983fc2a1c5}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000010b

"Therad"=dword:00000011

"SpecVersion"=dword:000000f8

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. a v ý

µ#\OpenWithList]

"a"="vlc.exe"

"b"="a"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]

@Denied: (C D) (Everyone)

"ccSvcHst_UserSession2_3380"="{DA0DA856-9357-4DC7-86CE-A5511F639CD0}"

"ccSvcHst_UserSession2_2272"="{DB2E59E0-6BBB-48CD-8067-990C9C2DF254}"

"ccSvcHst_UserSession2_2480"="{B6F412D8-6778-4405-9554-0A09A6FB628D}"

"ccSvcHst_UserSession2_2144"="{E8ABC747-0636-4678-8E17-7BC795A679C6}"

"ccSvcHst_UserSession2_2900"="{2955BE94-DC4B-480B-8C95-0D2BC4903C4E}"

"ccSvcHst_UserSession2_2868"="{0F6FBDDF-6117-47D7-875B-4E6DF25330BD}"

"ccSvcHst_UserSession2_2204"="{9C7619D1-585F-4A27-AD54-0017FB1FF9CC}"

"ccSvcHst_UserSession2_2148"="{8F2D0A29-08B7-4346-A09B-862404AB49D3}"

"ccSvcHst_UserSession2_2364"="{5B1D3006-B8B5-470B-8035-E4CB269BBC37}"

"ccSvcHst_UserSession2_2236"="{4E10BB9D-17EA-4FBE-B6A8-6140404BE303}"

"ccSvcHst_UserSession2_2252"="{28C43FD4-EDD7-4497-A9FA-FA9A923ED22E}"

"ccSvcHst_UserSession2_2748"="{ABE48364-A9E7-42A3-9ADF-98CFC216B6C6}"

"ccSvcHst_UserSession2_2360"="{9BAE9353-4FB1-4174-8F4A-96BD1257392A}"

"ccSvcHst_UserSession2_2548"="{75CFEB85-2439-46D2-B548-9D72ED70FAFA}"

"ccSvcHst_UserSession2_3456"="{017B2608-E045-415B-B00B-8CE426556451}"

"ccSvcHst_UserSession2_2860"="{8EB78505-34A8-4600-9BB6-2DFAD564D582}"

"ccSvcHst_UserSession2_2440"="{448563A4-6680-4340-ABE2-BEB8F03E30C6}"

"ccSvcHst_UserSession2_3024"="{92EED0C7-8103-4623-BB83-B41313C97FCE}"

"ccSvcHst_UserSession2_2916"="{171E41EC-996E-4A9D-B7F5-5A7E310FFF52}"

"ccSvcHst_UserSession2_3056"="{AA760A3F-D559-4C51-81F0-F8C3C85A50A4}"

"ccSvcHst_UserSession_4636"="{8166E094-F7B7-4BD4-9995-5F6F1BF559BC}"

"ccSvcHst_UserSession2_3448"="{DCF07928-554F-4AC7-AC08-DC35875B17E2}"

"ccSvcHst_UserSession2_3376"="{9DD318C0-E230-4D96-9F5E-C243B7860F45}"

"ccSvcHst_UserSession2_3044"="{246750F3-A765-491B-AC03-087174FEBC3F}"

"ccSvcHst_UserSession2_3240"="{6038F2F9-D9EC-42AA-9AFA-FD5BF7D2925C}"

"ccSvcHst_UserSession2_2408"="{AB961CC0-724C-4EAE-B883-29C5386A7591}"

"ccSvcHst_UserSession2_3204"="{AE81D214-7BD6-404E-BA76-E337A846F8B9}"

"ccSvcHst_UserSession2_2588"="{24F95B08-0CEE-4DC3-8CEB-58AC859EBA90}"

"ccSvcHst_UserSession2_3208"="{8B430A53-B15B-49E9-AF9A-4811A5FFE97A}"

"ccSvcHst_UserSession2_3796"="{D7E76C7A-D498-44CE-AD64-8D14F157616F}"

"ccSvcHst_UserSession2_3148"="{D1800BB5-83D6-4231-9C0B-28AA0911E0C1}"

"ccSvcHst_UserSession2_3300"="{EDB8EEA1-EE24-4978-A030-FA9ED1CB8DEB}"

"ccSvcHst_UserSession2_3256"="{7E6D9F59-1CDE-4AC4-B4B5-1DD6068B6947}"

"ccSvcHst_UserSession2_3284"="{2F79591D-61E9-42A2-8E3D-CF1411882D15}"

"ccSvcHst_UserSession2_3196"="{732655BE-AB7B-4428-BC86-44FF1E480BA2}"

"ccSvcHst_UserSession2_2452"="{B97375D4-628C-4FF2-BDE4-31FF920D1734}"

"ccSvcHst_UserSession2_3188"="{F97B0212-11D9-4719-9752-1C7B666CD3E8}"

"ccSvcHst_UserSession2_4036"="{D12D049D-5DC4-40F6-8FD5-C7C75F07557B}"

"ccSvcHst_UserSession2_2400"="{E658E558-F23F-485C-8205-F3B081879DA3}"

"ccSvcHst_UserSession2_2808"="{4D9CCDAC-11FD-462A-A8CB-ECF5E0BB1B58}"

"ccSvcHst_UserSession2_2368"="{476935D6-C5C0-48C1-A38B-DEA7BC529042}"

"ccSvcHst_UserSession2_3392"="{936A2861-F43C-4F45-ABE0-E6E2999F7C1F}"

"ccSvcHst_UserSession2_3232"="{0CA3A02C-F207-470B-9E57-B494F4AFCCB6}"

"ccSvcHst_UserSession2_2456"="{78B95B78-461D-4F81-9FCB-21FD3DBDD43D}"

"ccSvcHst_UserSession2_3224"="{B63D54A6-0E14-470F-B41C-049A960A8231}"

"ccSvcHst_UserSession2_3216"="{35E8BB01-25F1-438F-B9D8-86E0C8E37416}"

"ccSvcHst_UserSession2_3012"="{C42EC6FC-59B3-4BB7-A876-6CFFBFE38628}"

"ccSvcHst_UserSession2_3396"="{29662DE1-BB4A-4EB4-9738-6A428BF42DCD}"

"ccSvcHst_UserSession2_3192"="{2F77367F-3F63-495C-BAF3-D4272488AF65}"

"ccSvcHst_UserSession2_3340"="{331B7769-4794-48E0-9AE6-1004933D767F}"

"ccSvcHst_UserSession2_3212"="{812C39CB-C9F9-48FE-AE25-0D9BB71F3D72}"

"ccSvcHst_UserSession2_3124"="{9A37B8C1-BE1A-4616-9246-DA8AB278DD10}"

"ccSvcHst_UserSession2_3440"="{B9C69DC9-B34D-4B86-A326-5B3B8CD9E041}"

"ccSvcHst_UserSession2_3308"="{44FF4F6D-92DE-4582-BC48-A24B35391A6D}"

"ccSvcHst_UserSession2_3708"="{CD53B415-1FB9-4CD8-B208-CA018E9A90E4}"

"ccSvcHst_UserSession2_1076"="{04CE2F69-52D6-4797-900B-0DF09BD023F3}"

"ccSvcHst_UserSession2_3304"="{FEE955E4-2F92-4E14-84D5-4C11C49E96C1}"

"ccSvcHst_UserSession2_3248"="{51BA88BC-6A76-4B03-A1D8-86DF189BA427}"

"ccSvcHst_UserSession2_3548"="{E4CD576A-F796-4C65-8278-16DB3C69EDCB}"

"ccSvcHst_UserSession2_3272"="{0DC26155-3CAA-4F7E-9298-4D577217A48E}"

"ccSvcHst_UserSession2_3092"="{F820F8C6-7456-4ADC-B024-A752C6B2FB2B}"

"nasa_ipc_server"="{E6CDB83B-9ADF-4398-BF0C-F44BAF013815}"

"ccSvcHst_UserSession2_3436"="{A02B1062-B069-4C01-81BD-86589B2F4B2B}"

"g_coVistaProxyChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"Tuneup_Context_Switch_Channel"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ccSvcHst_UserSession2_3444"="{3D6D87E2-AD89-45B5-AFD6-D31862BEC714}"

"ccSvcHst_N360"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ccSvcHst_UserSession2_3948"="{36EE3F03-981B-43C4-8795-F5B2B895CFB2}"

"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"ccGenericEvent_Global_EM"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ccGenericEvent_Global_LM"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ccGenericLog_Manager"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ipcChannel_ShastaServer"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_buSvcComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"SNDServiceRequestChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"SymRedirSvcRequestChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"SNDLocationChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"NortonNetServiceIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"NetMapServiceIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ncw_performance_IPC"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_NCWSvcComm_NortonCommunityWatchConfiguration"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_isDataPrComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_ProcessDetection_"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_AvProdSvcComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"isError_Service_IPC"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"BashIPCChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_ISPOCClient_"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_IDataStoreMgr_"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_buVssComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"_HSPlayerCommand_"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"IPS_COMMAND_CHANNEL"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"FWAlert"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"AvProdSession_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"AvProdSession_Options_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"AvProdSession_MessageCenter_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"AvProdSession_Scanless_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"_buUIComm_S-1-5-21-3429488616-1519292121-1956305698-1000"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"AvProdSession_IPUA_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"AvProdSession_CanIRun_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"clt::AlertChannel2_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"{D9D79767-CD29-487E-9729-730A5CA33689}"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"g_coUserCommandChannel_S-1-5-21-3429488616-1519292121-1956305698-1000"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"TRUSTCHANNEL"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"SDKCHANNEL1"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"AVModule_ExclusionManager_{C6198C0B-693E-4CE5-BDED-C1C7ABE5E22C}"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"{A1B48937-0778-4e7c-885B-271F65B485D2}"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ToasterNotify\\SessionID_1"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

"_ReputationSvcComm_ReputationPublisher"="{B55D9405-915A-402F-AE41-7A54934B902D}"

"ncw_reputation_scan_server_IPC"="{601B9D26-ED1E-47AC-B352-35B7046571F1}"

"ccSvcHst_UserSession2_2760"="{402B87AC-BAC1-4C75-B855-91E355024A89}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]

@Denied: (C D) (Everyone)

"{7E708133-F733-4226-BD5D-8F0DC279139B}"=""

"{DA0DA856-9357-4DC7-86CE-A5511F639CD0}"=""

"{8A3E23DC-89A4-4B83-B216-97EB12BBEDFC}"=""

"{B4074B16-1D4A-43E0-BEBA-7F573F98B3BB}"=""

"{4842A3C6-4909-43D1-9D8C-FA4A10223BC3}"=""

"{C43B4199-673A-4380-BCB5-2037C232A4F6}"=""

"{382624D7-878E-4340-9F13-0A68F112AF8E}"=""

"{86E02384-AB42-45BE-A837-40B7F176129E}"=""

"{E1F66B9B-7506-4AF3-8C8A-0D8F63AA7506}"=""

"{87E85A4E-0DC7-4F79-A5F3-29AAAA847F73}"=""

"{2D70DD10-8232-431F-AE62-5485D204D76F}"=""

"{8E9F7467-08C4-4E49-8652-E16A2CA448C9}"=""

"{FA2DF399-7A71-4BB1-B674-E6B38B7FAD5E}"=""

"{D9AA54D7-A7AC-4EF8-81F7-7625F8A499E2}"=""

"{21250460-ACD2-4241-9F86-09CF32980F40}"=""

"{E25F7460-FE01-4A5C-ADD0-854388614FE0}"=""

"{2A2273FF-40D1-4284-B227-89D0BAB99A73}"=""

"{E4286E75-0D07-45FF-A7FD-03882DC9F9D2}"=""

"{715EE43B-D14F-44A5-B078-949B3A99105F}"=""

"{15B4CBA7-3497-4714-9997-74C70A1883B9}"=""

"{4B433E1E-7C8A-48C5-91CC-8980F163FD9D}"=""

"{42D8A33F-1FCD-4685-A3D4-581545EA2380}"=""

"{1815ED29-FA1B-4E37-B47F-48F4A27B1069}"=""

"{23C74058-20A6-4A7C-8654-4ECE7561F0D4}"=""

"{E975BC04-83EF-4B62-9710-A81FDB1FE19D}"=""

"{5BC2028F-48C6-40CE-BA6B-8FDDC76A2608}"=""

"{9867EC9E-CCC5-4CB1-B63E-9CF8F37A8AA9}"=""

"{0F6BC09A-1DC7-4A43-8B3C-8EB8CD414929}"=""

"{1E3450B4-72C5-4443-9A1B-BE6D130536C4}"=""

"{0FEB4ABF-27E8-46D2-837F-666FC00568EB}"=""

"{524F5C26-D554-41AB-8A54-4752E40AE69F}"=""

"{09ED0574-520B-45DC-87E1-B54E91B65109}"=""

"{DB2E59E0-6BBB-48CD-8067-990C9C2DF254}"=""

"{13D9A36D-DE95-4795-986A-D30A371A63C4}"=""

"{09595FAE-BBE3-4068-BFB9-B2EAEA28F01C}"=""

"{C5862FF3-B98D-4EBA-A6B8-9A8F4E5CE4FA}"=""

"{B8A500DD-032E-4255-AF95-F9688753E3FD}"=""

"{DE945FA1-6947-412E-ADC7-59848DD95E02}"=""

"{0AA6E30B-A4C6-4EB2-9F3D-7AA116ED3302}"=""

"{FCF68C65-CEEF-433A-8A5A-C13DDE29F2A6}"=""

"{59E3122C-340E-47D1-A3C2-00475CBD3D7F}"=""

"{F96B032D-E0E4-4094-86B3-43F29E82201B}"=""

"{B6F412D8-6778-4405-9554-0A09A6FB628D}"=""

"{D2C6C7BC-D4CD-40F3-98DA-53547B02E174}"=""

"{34AFAD79-7C6A-4F38-9F2A-7199B79470B8}"=""

"{631674E8-1B27-452A-A7E3-DE1593DCF3D7}"=""

"{4DC90014-FD18-4B6E-AAE5-FAADD13957A1}"=""

"{5F80C429-689B-4836-B11C-658730927D6F}"=""

"{3BFE0423-1AF3-48FA-9E2D-498E5CD29913}"=""

"{02822A2D-2F49-4B3D-9402-4F005F0F1C6E}"=""

"{BE5420C6-266D-4BF6-88BB-20FC4676A840}"=""

"{062ADEEB-256F-4704-A6E9-3DF3A7A4E468}"=""

"{E8ABC747-0636-4678-8E17-7BC795A679C6}"=""

"{1A4BC342-CEAA-4080-8C5A-8BE2C554A0BC}"=""

"{6CA625FD-595F-4A69-9F92-F69AA9E9673E}"=""

"{93E459E6-1081-4A2E-A098-37AD30522099}"=""

"{B8B7D877-F236-4B61-85B7-B610A54D5891}"=""

"{473C22CD-D671-460A-80EC-0464CB27D044}"=""

"{3DF8A305-E049-426B-A614-01499E4B771B}"=""

"{7A868217-C31B-44FE-B189-1D5857B8170F}"=""

"{BB5F3F29-858C-4EB8-BA8E-CCBCE1DD61DC}"=""

"{7D0A60EF-7EE3-4ACC-811F-82C7FB8CD98F}"=""

"{4381D4EA-CA06-4CE3-9523-6E564352D1BB}"=""

"{4D2E2D09-FDF9-4C2E-A0D9-42FCF56B776D}"=""

"{BB056BD9-B688-4078-804E-FEC40152037A}"=""

"{4880A03F-19A4-44B2-A12D-A948B9EAC22C}"=""

"{1AEDD993-7A3C-43CB-B30B-176B5BFA31F0}"=""

"{9B17B898-1AF9-4DA9-BA67-1F5550E9AC03}"=""

"{D88E3458-4F5B-4B22-B5F1-D29D2942C8C1}"=""

"{8991BEEC-7F84-4B24-B811-D1B754700250}"=""

"{505DC54D-05DF-4BCB-8953-129A685AA622}"=""

"{4E9C8945-DDE1-495D-B13F-CC350A257CB7}"=""

"{2955BE94-DC4B-480B-8C95-0D2BC4903C4E}"=""

"{40B54D1D-A840-4271-9DA4-87984E536761}"=""

"{0F6FBDDF-6117-47D7-875B-4E6DF25330BD}"=""

"{6B75193C-C42E-44E9-93E1-6DF8FBA9E483}"=""

"{6525DD9E-9531-4629-894E-13D720FE89D0}"=""

"{4DBEB134-F92B-43B2-B4B9-9150517B1481}"=""

"{B89330BF-833C-405E-B73C-9E611CD265F3}"=""

"{DED12D7F-9860-4DAF-95DB-865E8CAE2D3D}"=""

"{D1AA07F6-AC19-4464-9361-89F8A023F68D}"=""

"{6F6C4DA6-14F0-4584-B066-CCEE878D2B51}"=""

"{7CB9956C-18F7-4F15-A1C7-7496893E64B5}"=""

"{5AFFDBDB-3A03-415E-A274-01C83D246F55}"=""

"{974231C8-02AC-40E6-85C5-CBA3F1C85DD5}"=""

"{7A9DEF9E-15D5-4D0D-8E19-0A4298B83241}"=""

"{9C7619D1-585F-4A27-AD54-0017FB1FF9CC}"=""

"{99AAD83E-392D-4248-9FD0-DAFA87EF1CF4}"=""

"{FB7C3EC6-93E5-40F7-A7A3-15D3A2A9C336}"=""

"{A9AD1FC7-7917-486C-8D51-0920BA33AEC4}"=""

"{53CDA2FA-0D4E-4BBF-820C-438ADD2E5725}"=""

"{5B7ABED5-94A9-4068-BDCB-3979E483C505}"=""

"{AB185598-092C-4E87-B109-7D6D265CC9B8}"=""

"{24ABDC57-F3F3-4158-9131-BA6B812D2503}"=""

"{EF1DB7CA-4871-4C84-AA74-54E0B7DC1AEE}"=""

"{E339485D-7AE9-4DC4-A6CC-309EA6CE22D5}"=""

"{DB003574-733C-4F3E-BFF1-781FB1F75872}"=""

"{80B16FE6-DF80-427B-BC6E-1E6B3FC11D3E}"=""

"{30083351-0B33-4529-A100-A6E975A956BD}"=""

"{4EEA4315-B229-45AB-A487-3AC2BF5FE946}"=""

"{AF3731B4-EFF3-42E0-95A2-DCB2CDB40B08}"=""

"{08F3E32D-CABE-4FA8-A6C3-A2DA8A32AA4D}"=""

"{357F52C6-CF6E-48F7-9E82-05A39A840FAC}"=""

"{0C7E9700-384D-4562-AED7-FFB9E6FAE975}"=""

"{CC325648-BF8E-46B6-8B17-DBB79F272327}"=""

"{E5EA881A-6E93-4EAD-B326-4765CA07A717}"=""

"{2F839636-A3DB-4804-A2D2-33E5535A2069}"=""

"{9013E870-77B9-48DA-8A5D-F0B55E742364}"=""

"{93FDD883-912C-49B3-A935-06E63951656F}"=""

"{5082A36C-8399-464E-A0C3-08E118AB0BE9}"=""

"{04C4061E-FBE7-426A-9F2A-9C2A61A48D52}"=""

"{3771DE4C-AF6F-4401-842F-9AFA033720B8}"=""

"{8F2D0A29-08B7-4346-A09B-862404AB49D3}"=""

"{4C59B293-3E45-40FA-863D-7488F8CA39B7}"=""

"{023C6980-5D8B-4566-9877-A4288C807A26}"=""

"{21223973-EC26-4989-87E7-AD2C5244F426}"=""

"{82EF08F4-8710-421C-AC03-C8ABEA0E7B67}"=""

"{6AC158FB-4BBE-4892-9170-F97E773D6122}"=""

"{286CBB2F-141E-443F-8DAF-87C6B20C056A}"=""

"{82F5C57F-1F4D-4C6A-A910-0AE7BE74ECB4}"=""

"{1F8B79DC-8AFE-43F6-8BE5-2E35B4F62BA6}"=""

"{603530C4-F8DA-413B-BCA7-7DFD0CC8D829}"=""

"{E4353A79-9B70-44F8-A067-22111CDBBAC7}"=""

"{1A43456E-AD60-45F5-A872-25DE2CCC7721}"=""

"{77C8AF0F-10BA-41A9-B327-86F6EBC6DD80}"=""

"{827814BC-7792-46C5-8DF0-69677659F1DC}"=""

"{FA9D19B2-A277-49AB-8CFB-473F45727E43}"=""

"{12B04FA4-962D-4AA9-AB17-5B205CDC54C3}"=""

"{D8FD8A14-FBEB-4F9E-A4ED-B96030FF8FF9}"=""

"{B17DC375-FDC6-4B8B-B0AC-DC472A4621B3}"=""

"{5560D5D7-5174-415F-B5F7-24B6E9C07613}"=""

"{14DF53F3-0508-4F20-BBBB-C523F249D6E4}"=""

"{AA55B99C-66BA-476E-9233-507CB46C626D}"=""

"{7B9782AA-FD39-467B-A46A-AFD758D46DCD}"=""

"{B52F5962-258A-4CB7-9561-AF6A4F950984}"=""

"{4B01D6F4-C686-40EE-AF6C-9AFCFF317A4C}"=""

"{FA949F73-6DC0-4089-BB90-BBC7D6F41A9F}"=""

"{1700BCD6-13FC-4D24-B646-745E629732A8}"=""

"{F1EDE2A5-B95A-4B92-8B17-796EE36C5ED8}"=""

"{9A75B3ED-8F9D-46AF-BB4F-E3D1A4020282}"=""

"{8800EDF1-8E82-41C5-B6D8-EA0B250085D7}"=""

"{EAD22610-9BFE-42A4-BEF4-394806778E05}"=""

"{8A812AC3-3471-42DC-9F79-7472B57BE9ED}"=""

"{3BC1E507-ABD3-45EE-A0D2-F6CB251F7496}"=""

"{9C78A161-6917-48F4-B8B1-50FBA51D03D6}"=""

"{DE902B11-D59D-4A86-8826-D60B7F6F8B31}"=""

"{404072B9-17EC-4783-AB5C-665BEEEA61BB}"=""

"{0675CC15-7A19-47C0-88BC-02CE1381D633}"=""

"{33A26696-5255-48EB-AA12-695949B79699}"=""

"{D9304987-9927-401E-8208-F2C38468528F}"=""

"{A0E825C1-601D-4F1D-A4FF-400176CB698C}"=""

"{C2A8D85D-127C-48F5-B843-7E74D2531A7A}"=""

"{5ED71AE5-94C7-4F0C-A961-79B453BF954A}"=""

"{2ECCF776-5E63-4DCB-8B26-7289FF88F0EA}"=""

"{92A98F4C-6FDB-4453-8A76-C6FE9C96D7F4}"=""

"{38E2CF7C-E29E-46FE-8495-9E55F1C9F444}"=""

"{80289955-062F-4AF7-AB1D-077E03E6F8FE}"=""

"{B52FF19D-2C31-4764-87D8-FA538CB968E9}"=""

"{ABDB725C-814C-4A44-B263-1B441C8B9B6C}"=""

"{C26E437D-29C1-44F6-A2BE-10A29F24B59F}"=""

"{9158B774-2E8D-4DE6-8E86-6B7635D854A1}"=""

"{54EE03BA-6559-4CFF-9CE8-7FBAAFD18ABA}"=""

"{7853EB82-D833-4A29-B83E-83ED2558D990}"=""

"{CBAA0A04-6527-4055-88C8-A11F9E1BD33D}"=""

"{5C90C959-8DFF-450F-896F-73DB560F9837}"=""

"{8762929C-E51B-424F-9351-26713A1BB922}"=""

"{73CD2B56-84D5-446C-98C0-CE5ACAA4C19C}"=""

"{DA01D9BB-09EA-496A-A80A-0898BA4C3E8F}"=""

"{26A0033B-4582-4BAC-AB3F-F3A05E173DDE}"=""

"{22BED23D-8704-4BB7-ADC7-402BEBF47E00}"=""

"{5B1D3006-B8B5-470B-8035-E4CB269BBC37}"=""

"{EE028568-30D1-4A78-81E8-D0D4C664BED6}"=""

"{FBBEE0AC-1595-4CC5-80B2-65D605DF3A2D}"=""

"{BA7D8A9A-E83A-4021-8A50-2E8550645F2A}"=""

"{39D08A57-17E5-4B83-9168-123820D55776}"=""

"{3FE4FE93-49F0-4DBB-BFE1-C1D1D324A0A0}"=""

"{4E10BB9D-17EA-4FBE-B6A8-6140404BE303}"=""

"{CE55CD06-F042-44C4-8AA4-F0A5F007964A}"=""

"{E95134B3-846A-46B2-BFFF-52DB75AFFBDF}"=""

"{47EC32C2-B499-4C8C-9E3F-2DB655BB5921}"=""

"{E33190BE-40ED-4C9E-895A-D57C275AE4B3}"=""

"{8101DF2D-3CAE-4F97-88F1-0C3FAA2CC59B}"=""

"{BC1A4057-97F1-4270-AC09-F2AB8CA92EE6}"=""

"{99E1FDD6-9050-4FB0-9564-2373CEC1632D}"=""

"{6475CB87-6476-4980-ACA1-D71E91CE69C2}"=""

"{003822A7-06E6-497C-9340-BDF249730287}"=""

"{5F83D008-51AE-4936-AE5B-F1BF7BA1BE32}"=""

"{F14DDEDB-8EE6-4C7B-ADC0-CAB21D5A97C5}"=""

"{BC91757A-B4C1-4EF3-991B-AFC32BD94437}"=""

"{2A0D347F-7190-48BD-AFFA-0FAE963C4174}"=""

"{B7A64C1B-1468-49E3-BC66-CA0BCAE6EA92}"=""

"{87AA3A46-6C17-4D83-8137-7052F30148F6}"=""

"{E21630A3-3D9E-4DA2-835D-2B335546981F}"=""

"{2EF35C04-D211-44BF-B380-70D2988D3091}"=""

"{334ECE4E-1FEE-4EB0-A7F2-AADCA50369E7}"=""

"{C9FC1005-3D3A-419B-984B-982DBBC52E6B}"=""

"{E4174957-866D-4654-85A9-1CFF3FBB6FAC}"=""

"{1C90900C-E03D-49DF-81DA-E370DD16DF1F}"=""

"{BFAB2F1F-0D7F-4B07-B038-5C5DA9790C06}"=""

"{D1A6DAFB-81E0-410A-87AD-C4A042D9097C}"=""

"{4FBC98C3-4AFA-4AC7-BA5E-B5FDADAF8B26}"=""

"{B85F2C11-3334-4DEA-94C3-46C2D70D3739}"=""

"{0A4E0093-2E0F-44CB-837B-8E2D498C1D3E}"=""

"{6CA56438-48F5-4CAA-A2E8-A6287432911A}"=""

"{868F0D08-AB05-4EC0-8BC3-DE5F230E5E9A}"=""

"{28C43FD4-EDD7-4497-A9FA-FA9A923ED22E}"=""

"{2EC623E3-FCC4-4102-9F5E-06C49281DE10}"=""

"{ABE48364-A9E7-42A3-9ADF-98CFC216B6C6}"=""

"{5AADDFF3-E090-4730-A14B-8E0CAE8DA24B}"=""

"{579FD489-1347-4CBD-8AB7-DB0444F3AA23}"=""

"{891FFD51-4574-4B77-A29F-25D320D1DE40}"=""

"{8B51AC12-3645-4BFA-A553-2366BBD8BDCE}"=""

"{9BAE9353-4FB1-4174-8F4A-96BD1257392A}"=""

"{6A20D3BD-C96C-457E-B949-ACB6C4BA648C}"=""

"{049663E0-2047-4AA4-AA3A-DA60BC4D6897}"=""

"{F76E0335-6913-4F18-8E51-1CF54AFFFCEF}"=""

"{60EBC192-9328-426A-95C6-BC02D8288697}"=""

"{2B5544B9-481F-4355-84B1-C58BD878A322}"=""

"{8A9396F4-9FDB-404D-BC63-BAB293DCCAF9}"=""

"{2660AA0A-952C-45C1-B527-990897ADA65D}"=""

"{BBCAD07C-BA7D-4FE4-A329-F446F071E954}"=""

"{EF92BCAB-5EC3-4944-BA22-2AAC6EF81C47}"=""

"{392D0EA0-90E2-48E7-9741-2BBCE6D1CAFC}"=""

"{08D838FE-6EB7-45DA-B341-1B2D1551891B}"=""

"{70675216-5B4D-4FA9-8F7B-00CA7AF8C430}"=""

"{0EFA0E01-F14C-4E19-82DF-440BC818F00A}"=""

"{75CFEB85-2439-46D2-B548-9D72ED70FAFA}"=""

"{261ADBE6-DFA9-4986-8F38-E79A661BCEB7}"=""

"{0770BE67-F83F-4757-ABE7-D98A18172C24}"=""

"{DEDABA50-C31F-4481-B981-A4FAE7EBB562}"=""

"{B503899C-D8E1-47C8-BFFB-291D29A2CA4C}"=""

"{B34F4297-F069-4469-98F0-D1B87B8E765C}"=""

"{3CE45D5B-9360-4324-93E3-A45F62B599D6}"=""

"{099DD2D0-D8EC-444A-8B61-98DBA16611AD}"=""

"{AF5945F0-0DFE-439A-ACB7-B05695643778}"=""

"{143F81AE-A87C-48F3-83E5-B5A61F3A1FCC}"=""

"{A95BD5F2-F35A-4F2E-91D0-72E1A17C18EC}"=""

"{1F5F63E4-6627-469B-9AF6-5B5E79A0B671}"=""

"{49BFED85-67EC-4008-9F8E-A49AD044D5AC}"=""

"{6228BE61-7390-43AA-A961-50B1769FF0B7}"=""

"{8830749E-7F0A-4CB3-B755-25671F5454FC}"=""

"{FBDDEEB5-9EB3-4DC3-A489-791BC469A5B0}"=""

"{EBF260D7-6D21-418F-ABED-B0B51DA7EC0F}"=""

"{1FFF6127-460A-40A4-AC24-D6B4AB97F45F}"=""

"{7566C084-3BEA-4A06-94F3-2203274BC738}"=""

"{0E88807F-54E4-4DFE-A5B7-FBFD5D8143DF}"=""

"{A29749BD-A729-41DF-B090-AA7F6B025632}"=""

"{B0DA9558-C054-456B-B48D-15764BA7CF45}"=""

"{A343FD2F-8A87-42CB-8C7A-783226F661B9}"=""

"{3679DF33-6331-4A96-9E49-8CA2C42E524B}"=""

"{D7DEEF75-FB18-4B68-931D-7100D58FDD26}"=""

"{14816D69-6ABF-4806-BBD5-7F5BEF7279D6}"=""

"{9E5E4209-F309-4E23-B09C-3D1FB310D2D1}"=""

"{297DF63F-A5BE-440B-B4D8-4DC2B810027B}"=""

"{B313106D-E9BA-4E5F-A8FA-9A45A436A573}"=""

"{64D63D2F-F438-4483-A132-83E1C02C9D5C}"=""

"{FE510F03-965C-4F2A-8694-CB6ECFD3AE15}"=""

"{D989E848-1A01-4A6D-872B-8767FEAC8B14}"=""

"{FF8D27BD-8A0B-4B12-B9FD-266E27DD704D}"=""

"{3E79C0FA-009E-409F-B54A-ECE3C859EEF1}"=""

"{58B965B1-CDEF-47D0-8E7F-296CCD0E5422}"=""

"{BD2E9988-BFFD-4A4E-9B2B-3EA60E930DA9}"=""

"{017B2608-E045-415B-B00B-8CE426556451}"=""

"{18702866-A687-45FF-8FE8-69E36064C2F1}"=""

"{B3DD701D-FA6F-4709-8237-6C64FDC50C5D}"=""

"{51490D6B-ACE7-4EE9-84D7-5E3ED57D2E85}"=""

"{58604ACF-115A-413A-B71B-27B7268937FA}"=""

"{8FC0B30D-A4BC-4679-A90E-D9ADB79ADE49}"=""

"{E98BB672-B020-42F1-9361-852DDD0996D9}"=""

"{82F44D9E-C896-401A-9096-461F36B46605}"=""

"{6ED61253-A0A7-420E-A1B5-C6871A1D3211}"=""

"{55029DA5-CC45-4219-9416-6C8964981A99}"=""

"{6368404F-12B8-448E-9109-AC212AFF845F}"=""

"{8515F0DB-E9BE-44A6-A09C-ABDBDCB22627}"=""

"{24E99E0F-03FA-42CD-99FB-BA6178D5BA5B}"=""

"{9D05AB00-B0E3-4B28-AF35-8ADE40B21099}"=""

"{8EB78505-34A8-4600-9BB6-2DFAD564D582}"=""

"{2967A14E-72B0-4231-9435-88D307143880}"=""

"{80C31F68-51FF-47D9-8128-E3E3A51D2715}"=""

"{47370E08-1CF3-4F69-88F3-C6F5A11E395E}"=""

"{448563A4-6680-4340-ABE2-BEB8F03E30C6}"=""

"{28550DB9-A44E-4B11-A250-4D89A950163D}"=""

"{AD60681B-A61E-4BBC-9D36-D5E5A88C8194}"=""

"{FBB64870-049B-4B04-9779-6B0520C13781}"=""

"{5BE5FE7A-0C8E-4EFF-B283-456F17E2BF05}"=""

"{2314019A-D45B-4FB4-9421-7E4C3B154D7A}"=""

"{BD10039B-5E58-4E4B-A64F-7F2B3880EF17}"=""

"{57075F69-63C5-49AE-8FE8-74E4A30480A2}"=""

"{6B5B4605-7056-4F6C-8053-52BB3D31A112}"=""

"{B20DB7B8-481A-42DA-935F-09057E1EA7B3}"=""

"{E4E7803B-80BC-47D2-8301-36B52DD37A60}"=""

"{7C7B0AF6-2794-494B-9E2D-40A7E34BCA18}"=""

"{E39F59EF-09FE-4057-8A33-99427B529BCF}"=""

"{7D1B90E8-A456-41BA-AC89-C04DB4A0B042}"=""

"{C3FE236F-8B01-4840-9015-4E246E069B51}"=""

"{CA3D9A46-6D01-4073-88ED-AA1AE038CE98}"=""

"{3B167CF2-D958-47E3-AFDE-30CF54405B90}"=""

"{E4FBDC3F-A287-4083-8A15-46D1F276C0CD}"=""

"{25EBACAD-5E8E-458C-A972-6ED315B0E745}"=""

"{A277C50F-6618-4258-919D-BA19A1FC7299}"=""

"{6F62C302-1C72-49D9-B20A-68718822565A}"=""

"{911F465E-89FE-4B7D-82A7-979085FA4D07}"=""

"{022C4C8D-5556-41AD-84FC-7D12AB2B9013}"=""

"{F4709B08-1AB6-4DCF-AAAB-73F2AFD98821}"=""

"{82A8B83E-96A4-4E4D-8BCE-1D6F02B9EE3C}"=""

"{92EED0C7-8103-4623-BB83-B41313C97FCE}"=""

"{4A0E762D-CAF2-4774-B311-EA7BC8924D8D}"=""

"{171E41EC-996E-4A9D-B7F5-5A7E310FFF52}"=""

"{777319BD-0092-4C9D-8B84-BD5CB3770C47}"=""

"{64EA5579-25B3-47B0-8FD3-A42F04158950}"=""

"{56AB9FCF-856B-4FCA-8927-EC7101518922}"=""

"{355257F3-5D06-4130-B645-D1CDA1A78D68}"=""

"{0A6CBA65-C362-4FBB-B4F6-3C9A6EFEB8F7}"=""

"{4FA703E0-B8DE-4165-AF3B-6B44F03B660E}"=""

"{20875D91-ACA6-401B-9ADB-31149ABEA46D}"=""

"{F6E1E2D4-B2D2-44A0-8B9A-6A4926F9DA9A}"=""

"{B31928BB-CC50-4289-BAE4-BC38B92E37FA}"=""

"{870A33DA-EE44-49D0-9DE1-B5A52377CE1F}"=""

"{02653E90-B80B-4CD1-84EE-7D8E84DB3B1D}"=""

"{2B6A82D3-4557-48D8-8040-0FC350A16E45}"=""

"{F0B31D5A-75BD-4307-B364-6EE2B8571DD4}"=""

"{E4CD8FC6-9778-42A0-BB89-C903B0712501}"=""

"{C3AFD8A2-4F22-49AB-8469-3CA63D0B807E}"=""

"{232C2213-4702-4A1B-936A-8D9D06B79DF5}"=""

"{DBDD8DDA-9391-452D-A61A-7E856A14B823}"=""

"{843019A1-83DB-4A67-8A65-CAD2DE814096}"=""

"{5F0E784B-8A52-4BAB-9D74-A073B493DC9F}"=""

"{8630DD0F-46B9-45FD-8C6D-9A2B38B84909}"=""

"{C940C6E6-1ACA-4230-BFBD-E273FB25844A}"=""

"{AAE4139D-BFF4-4786-9B7C-39F23DD89260}"=""

"{D898B11B-5018-478C-8B59-764D138B6C2B}"=""

"{49B5DD93-C2AB-4926-AE34-01E7EF735B15}"=""

"{1C7CECCE-A11B-49B8-AAE1-CB64664EB0CB}"=""

"{6AC220A8-06E2-4ABE-82E7-19DE247ED351}"=""

"{C2950EA9-DB73-4926-B4A3-61FBBAED79CD}"=""

"{97BFAAA0-D76B-41C9-93A0-8823BA75A9B0}"=""

"{DE104FDF-8A22-4A4C-9203-12F85D639357}"=""

"{BA404511-6B18-4C4E-9F27-072C41743DC3}"=""

"{DA057171-FDC8-49F6-80DC-7874B9625D6D}"=""

"{975E4D1D-273D-4D0C-9D20-66400CD8BFE3}"=""

"{CAC10309-29C9-40F0-A63F-B421BD0F574C}"=""

"{54FE52C0-369F-4BDF-ABDA-A0FEDEEF5B58}"=""

"{0BDF17DC-0709-40CE-9283-BB9A715ECF9C}"=""

"{B377CF70-33AF-49A3-8A5B-12D2AD84165E}"=""

"{36E4EA45-A317-468C-B71E-0EA639A6D5A8}"=""

"{C28E03B0-9DE3-4598-8557-071B59E2E19B}"=""

"{E1E827E5-CDFC-45C4-8C9C-EC8978D04EF5}"=""

"{DFF9B39A-C115-4FA5-99F9-D606AFD545B8}"=""

"{AA760A3F-D559-4C51-81F0-F8C3C85A50A4}"=""

"{25F62D6F-4DB4-4F74-BC3C-0078BA481C5D}"=""

"{D356BBBC-AB73-4B6D-91DF-5A3F193B7AD6}"=""

"{721C29B0-96C9-4684-9985-A0B8C92B23DB}"=""

"{C455F5AD-2443-4480-AAFC-34F93ED0BBAF}"=""

"{F666095E-8D83-4B84-9259-F5BFB1D6B64F}"=""

"{6B48EAC2-CBE2-4AFB-9716-B3BCEB4B1DE9}"=""

"{7AD8BF9E-5936-4130-BB94-B119DE978CC7}"=""

"{2544623A-F060-4A6D-8E75-27F01B731DC1}"=""

"{30BAD576-00DE-4ABB-B4A0-D6C2B6640C2E}"=""

"{BD28CA8C-7E7C-4A78-8A17-3474F8C9820E}"=""

"{64353876-6D73-4CEC-9C71-379DEEE7DDBC}"=""

"{8166E094-F7B7-4BD4-9995-5F6F1BF559BC}"=""

"{D21652C3-AB12-4790-BC4E-C6BC939EADEA}"=""

"{AE635587-E6C2-4E2C-A2C3-7C55356561D5}"=""

"{9881AC8E-EED2-4EB8-A4F0-A572770341A5}"=""

"{8B562F8B-5E73-4F8F-AE8A-C1D420F33A92}"=""

"{86A07D0D-B518-452E-B6B1-CCEEC47CDD6F}"=""

"{77342782-1BD7-401E-A502-BC968A7FEEC5}"=""

"{D3BD15CD-BE7D-4C9A-B9E8-E0941FE5DCC4}"=""

"{DCF07928-554F-4AC7-AC08-DC35875B17E2}"=""

"{71AC201C-C8C8-4616-881B-A1508775AC24}"=""

"{6420A077-68D4-469F-92C8-6696D211CF2B}"=""

"{543BD4FB-E3C3-489D-8D0C-A902C1F8C758}"=""

"{9DD318C0-E230-4D96-9F5E-C243B7860F45}"=""

"{7A883053-8748-496D-837F-B6BB125F8CAB}"=""

"{246750F3-A765-491B-AC03-087174FEBC3F}"=""

"{2BBECB07-D25C-45BA-A429-524CA4B35375}"=""

"{D94B986C-E1C3-4F70-B7EF-906F8DA25D2C}"=""

"{AFAC74DA-9746-4539-A5A4-254976CB8C39}"=""

"{AB961CC0-724C-4EAE-B883-29C5386A7591}"=""

"{34DDDAB3-765E-463E-AA8E-C6C706AE5ECB}"=""

"{45D32A6E-7E72-4257-99DA-914BBC3AEC03}"=""

"{90C527CF-5E22-40C4-AA35-8725543FA1FD}"=""

"{F68E6A59-6681-46B7-BBA1-CF031BBA97F9}"=""

"{1555F750-009D-45CB-A654-4026CB95A76A}"=""

"{05F83C8C-E149-438B-8C87-C9869620A4A2}"=""

"{163D7F22-224F-41E8-AFFA-FFD067390C5B}"=""

"{AE81D214-7BD6-404E-BA76-E337A846F8B9}"=""

"{324C20A9-B864-493E-88DF-5A2DAB43C289}"=""

"{24F95B08-0CEE-4DC3-8CEB-58AC859EBA90}"=""

"{637C34C4-3C0F-4354-AF99-4A5AD7D143D7}"=""

"{5B46C989-B019-4E88-B95F-7D681950359D}"=""

"{5DE62013-33D7-4A9A-BB7D-E99153AD0FC3}"=""

"{8B430A53-B15B-49E9-AF9A-4811A5FFE97A}"=""

"{304D6B50-55B2-4FD2-A138-54C71B2A5C1A}"=""

"{D7E76C7A-D498-44CE-AD64-8D14F157616F}"=""

"{E6AA9A6C-80CA-4FCB-B3EC-CFF2378C51F5}"=""

"{C07C34F4-5A62-4208-8DBE-3CA5C4E3AFC3}"=""

"{6F7C5D2B-23A2-478E-8FFF-1878017D9D46}"=""

"{72CECF30-3182-43EA-A4A2-D42DA2A14831}"=""

"{05295F6A-2F6B-4656-9E26-4DDBA3514143}"=""

"{3E466E11-7BF4-403A-806D-5DFA1C5E0BF4}"=""

"{EC20A1DE-7AEB-45BA-81A6-14D70934718F}"=""

"{8F0BA37F-8DFB-4553-9E93-6996045EEC5F}"=""

"{B8AFF97D-8F7C-4022-8431-D33B76BA5A59}"=""

"{101B7284-8732-437F-86AD-5D0FCEB82CAB}"=""

"{D05F04E6-1556-4D12-AF60-7209D76C56C9}"=""

"{786227F6-C147-4541-A12C-382644BA3933}"=""

"{2C02D742-F8EE-45A8-A081-F0B0D2143AE8}"=""

"{70BB30B9-485A-4F86-A12E-D69F44176DAD}"=""

"{EC41741D-2BBC-4256-9464-275418A59767}"=""

"{EDB8EEA1-EE24-4978-A030-FA9ED1CB8DEB}"=""

"{213F5807-32E2-4424-9860-1A8C43E93CC6}"=""

"{CD637544-7F74-43E8-8C78-27E7574A5115}"=""

"{8AED5DB5-3217-40C0-9EF4-891EF7AB3790}"=""

"{84AC9C49-97E5-4F0D-B32B-7C113C96A399}"=""

"{775BAFFE-6D10-4299-A1E9-2570C699C19A}"=""

"{0C199277-4368-4C9B-BEDA-738CA931B9F1}"=""

"{5CF6798A-03A1-4B86-9830-4847527BCCE8}"=""

"{5ED675B6-F3D2-4890-9416-F872B529FF28}"=""

"{D1EE2162-4F87-4022-A162-EAD69429378F}"=""

"{20E60C63-5806-4748-BD91-90E0268FF794}"=""

"{BECE34DB-4C86-4BDF-A4D1-2BCD6B70C363}"=""

"{368017BC-9BCE-49A5-9635-5D327389A454}"=""

"{460244BF-DC92-45B0-97BB-D6D6E35F1B78}"=""

"{2F79591D-61E9-42A2-8E3D-CF1411882D15}"=""

"{8CB04152-1BF6-4E2D-8441-A0F60990744A}"=""

"{641658DA-4BA2-429B-8F41-27D7E9904A23}"=""

"{6E31582B-DBEC-499B-98D5-91BCC85EFD7B}"=""

"{C54B5FDF-B464-4921-BD72-47A7BAD32707}"=""

"{42DD6D87-EF84-4F5F-8714-833F2CF7864A}"=""

"{00E79B6A-F239-469B-BF11-6BFCF975E046}"=""

"{6D5CC850-226C-4EA1-9EAC-92D73D928B87}"=""

"{E323BFE9-FAAE-487C-88A1-F89D0CEF3BA4}"=""

"{6ABB3F4E-1D10-4825-8089-7FEF8D0DFD92}"=""

"{732655BE-AB7B-4428-BC86-44FF1E480BA2}"=""

"{9DBE4C0F-FDD5-4A35-812F-1DABFCC29808}"=""

"{C5B71504-9D86-489E-AB1D-24CC92B65148}"=""

"{B3FF4078-2433-418B-B6E1-42916BC81F9C}"=""

"{0906B890-FAC9-43F0-A5D2-2342A31D292F}"=""

"{CE155F72-777E-41F1-A204-9CC408F4AE6B}"=""

"{E8079623-FF86-4362-B8BD-C7CF7C75782D}"=""

"{85C9F047-B8FB-42D8-939B-9D0278A70C2E}"=""

"{B97375D4-628C-4FF2-BDE4-31FF920D1734}"=""

"{F052EB5F-E4DC-4E3D-8250-E5D1EC8F1A9B}"=""

"{33A07717-6AD7-49A0-90F3-646A3EB5FA5D}"=""

"{645258BA-5FA2-4432-92F1-3FF8487509A8}"=""

"{1890E15B-523D-426C-86C3-160005FCFF9F}"=""

"{1E1F1066-4936-4D84-8119-370ED79400A7}"=""

"{DB1EDCFA-C5BE-4767-89E3-01E78AC2A8E7}"=""

"{1058F11D-215A-4F8A-8FE8-E79E0EEB935F}"=""

"{535EB099-4655-4F39-B70C-E367043911D5}"=""

"{BB5BB8CE-91E6-4534-81F0-1D6EC398577F}"=""

"{43BCCE1C-44FE-4157-B88E-39D5B21C0847}"=""

"{9598E7B3-24E4-438D-A4A4-5C53E287D7B5}"=""

"{87ABC0A5-E44D-4E8B-8B6F-F56FD0B8B777}"=""

"{48A46381-5CDC-4613-88C7-E5360C685CE8}"=""

"{D12D049D-5DC4-40F6-8FD5-C7C75F07557B}"=""

"{575D4F04-C7EA-4525-9BE0-7811A03C328C}"=""

"{E6C26026-20F9-4ED9-BEA3-EFE10000D698}"=""

"{EC22B78A-1027-4624-8842-5CB3142F783D}"=""

"{E658E558-F23F-485C-8205-F3B081879DA3}"=""

"{F3EB74B4-D963-43DD-ADC8-D27C739C885D}"=""

"{4D9CCDAC-11FD-462A-A8CB-ECF5E0BB1B58}"=""

"{9274AE36-AEBD-464A-B350-58BE3D999ADD}"=""

"{C2B631C5-FE3B-477E-B601-B475E6B8845C}"=""

"{BCA9A665-72E1-44CC-AAE2-EAE2B179A3C1}"=""

"{CFD141C8-3E36-4A42-B165-6CBC036C5EAC}"=""

"{35091830-3879-40A3-A1F1-3E5F6E96B9DB}"=""

"{476935D6-C5C0-48C1-A38B-DEA7BC529042}"=""

"{083F073D-1E37-4711-AE3F-6D4882B1CD9E}"=""

"{D1800BB5-83D6-4231-9C0B-28AA0911E0C1}"=""

"{B78C6E9A-606F-4650-A9C3-E30D12F8515C}"=""

"{936A2861-F43C-4F45-ABE0-E6E2999F7C1F}"=""

"{B3C0C051-09E0-4C09-B53B-B994F11F973C}"=""

"{31D1323D-9D76-4CF5-A215-F18D145DC788}"=""

"{81287D43-6531-4DFF-814F-0EDA8389392E}"=""

"{0CA3A02C-F207-470B-9E57-B494F4AFCCB6}"=""

"{E90F038C-6930-4C8A-810C-0B7EAE6838EF}"=""

"{F6FF6CD8-14EE-4CF9-9CCB-EB236838C8E8}"=""

"{5F23EFC0-AC63-48E3-BF2F-256215CED20D}"=""

"{12E5615B-BD90-48CF-A2AF-0DDC0F3E9A8D}"=""

"{505AE454-4DA1-4BB9-BCD8-69FBDDF99E7B}"=""

"{78B95B78-461D-4F81-9FCB-21FD3DBDD43D}"=""

"{692C3CDE-40A7-47B8-824C-B3B108B43E4A}"=""

"{B63D54A6-0E14-470F-B41C-049A960A8231}"=""

"{0A5B3698-F497-4903-9FF2-46E985E562BA}"=""

"{4B843075-2F73-42FB-A274-B2C8EF1CE529}"=""

"{A35ACE96-029F-41B7-9B72-754931445214}"=""

"{37D9557C-EBEA-47BE-A922-08778627C28B}"=""

"{6448381B-EABB-4447-8FDE-4A853CCC14EF}"=""

"{19F26C85-CE43-47CE-A816-4EC787E5B47B}"=""

"{B8D9AF10-7F8A-4858-AFD7-CEDABFCC421C}"=""

"{35E8BB01-25F1-438F-B9D8-86E0C8E37416}"=""

"{D76B6438-D9C3-49EC-B188-667F8C5555BB}"=""

"{C42EC6FC-59B3-4BB7-A876-6CFFBFE38628}"=""

"{55BF233D-8EC0-4F10-86E4-4DCC0FF42F7E}"=""

"{F97B0212-11D9-4719-9752-1C7B666CD3E8}"=""

"{6AE0F00C-318C-4C07-A31F-C0CFF67696FD}"=""

"{29662DE1-BB4A-4EB4-9738-6A428BF42DCD}"=""

"{5FF83BB1-E69D-4043-A90B-885E3F96EC0C}"=""

"{E4C1C864-9B03-4015-8C45-FF5543917322}"=""

"{1B56E599-47AE-4A22-85C3-C1F12B02EF11}"=""

"{6038F2F9-D9EC-42AA-9AFA-FD5BF7D2925C}"=""

"{5E309780-B48E-4F46-9D48-17E471FADFDA}"=""

"{F59BD678-D298-4BB0-902B-5E0C93F9C0ED}"=""

"{83CAE9D4-5462-4F83-8092-AE25DD19FC8A}"=""

"{2F77367F-3F63-495C-BAF3-D4272488AF65}"=""

"{28C8A6D3-D5D0-46B4-A7B3-2F298FBC2AB2}"=""

"{B51AD2E1-0A7A-4009-8CC9-22F1A8B61E35}"=""

"{FF322C02-8800-4DA9-B24E-074BA02AF16A}"=""

"{B20AFD07-7134-46E6-A8BC-854E3D5519CE}"=""

"{E253097A-7A0E-443C-BD86-30146E06B133}"=""

"{331B7769-4794-48E0-9AE6-1004933D767F}"=""

"{2AC3FE5F-D522-4E1C-8226-439F530C5B9D}"=""

"{7E6D9F59-1CDE-4AC4-B4B5-1DD6068B6947}"=""

"{AA9DBD00-638C-41D3-8911-D6C91BACE1DE}"=""

"{812C39CB-C9F9-48FE-AE25-0D9BB71F3D72}"=""

"{6C57E3E6-C81F-422A-8CB9-16A324493227}"=""

"{9A37B8C1-BE1A-4616-9246-DA8AB278DD10}"=""

"{90F8CB03-5CCD-42D8-9E8B-0B074D249450}"=""

"{730255D0-A343-40D5-A924-3101533C6E01}"=""

"{8FAAFF1E-C9E2-4874-A0B0-A4084C02D05D}"=""

"{EAC729C0-4A3F-4BB0-8B8A-1557B076C245}"=""

"{1C076348-8A8D-4E7C-8292-B4EC23B7C231}"=""

"{B9C69DC9-B34D-4B86-A326-5B3B8CD9E041}"=""

"{5B98F681-F149-442D-ADC7-B753A04C1B4E}"=""

"{44FF4F6D-92DE-4582-BC48-A24B35391A6D}"=""

"{5E80CD3A-0FB3-4A3E-9FD8-06EF7CFF8DFF}"=""

"{C1DD1AA5-04F4-494E-BB0B-DE4ACF362B54}"=""

"{76BF029B-DE0C-46CA-969E-75C59561C739}"=""

"{CD53B415-1FB9-4CD8-B208-CA018E9A90E4}"=""

"{CADA05EC-5EFE-4152-AC1D-B726FD2A86AD}"=""

"{249CE653-1BD3-49D6-8F2F-02C9F177E589}"=""

"{46CF6650-88A9-46F6-92A4-82C3A752293F}"=""

"{6A8BF2E2-B4B9-4F70-9446-D59583CA9680}"=""

"{610B5B50-45C2-4579-B385-ED30E90D5E04}"=""

"{106947A1-5F8B-4616-B0AD-FF00F3B993F7}"=""

"{79F4DF41-906A-475F-8C13-D01735AC79C8}"=""

"{8F4B073C-D73A-4BEF-9D06-6313AC8996CB}"=""

"{0A92776D-2BC0-4D99-8A2E-FF305D3BCCBB}"=""

"{04CE2F69-52D6-4797-900B-0DF09BD023F3}"=""

"{945E1510-97A1-405D-BE04-EB3B79A87979}"=""

"{71C02B14-C3F2-4FA6-BD26-F0CB7A71CE8E}"=""

"{ED96A3EB-D656-4A2B-AC79-A983CED22469}"=""

"{DE07AEA0-99ED-440A-A48D-D5490D53E633}"=""

"{4E89AF34-2B57-4F69-ADE5-86C1A59C2BC6}"=""

"{01EC7054-AC94-4316-BEEA-32F93F0C4408}"=""

"{2E2B0F8D-C315-432D-80B1-CDF14262EA9D}"=""

"{AF7488AA-0A62-4BB2-8B99-B8F787876F94}"=""

"{75C023DE-70EA-438C-B207-DF738969A77C}"=""

"{B3FFB5CD-E82B-4C72-AE02-3EBCD54C8960}"=""

"{05DBADF6-38B3-42C0-B0CB-8A98BC903ACA}"=""

"{FEE955E4-2F92-4E14-84D5-4C11C49E96C1}"=""

"{7C1413CA-9757-44AA-B8E7-E9B87FE70862}"=""

"{AE561E5C-EF99-41AC-9331-0E8DC74B5038}"=""

"{0CAD8DDC-3DC4-4258-842C-F3DFF5695076}"=""

"{51BA88BC-6A76-4B03-A1D8-86DF189BA427}"=""

"{7D9D78BE-9F49-481B-BE74-6527BDE754AB}"=""

"{A018763D-2430-4378-B713-094BB4126138}"=""

"{3631ECB2-DCC4-4DB4-BF92-392203A83BF5}"=""

"{E4887741-FFDD-4915-AF31-0CAEF9F8A34E}"=""

"{5D8F0D47-8285-4001-B0C7-40EE4B35BF70}"=""

"{E4CD576A-F796-4C65-8278-16DB3C69EDCB}"=""

"{CB4D5CCD-1C56-4410-82B1-B6F056D620B2}"=""

"{0DC26155-3CAA-4F7E-9298-4D577217A48E}"=""

"{D350F2E5-4EA8-4320-8E9E-2CCAA2EA1BA7}"=""

"{1176402F-D92F-45F0-952B-76829AF49DF0}"=""

"{A2B295E9-736B-40AB-B280-589BC8F549BB}"=""

"{F820F8C6-7456-4ADC-B024-A752C6B2FB2B}"=""

"{51E53C97-EF04-4351-B621-6B949206FDF2}"=""

"{17FA03B0-542C-4C8A-8AF2-4AF973E27FCD}"=""

"{E6CDB83B-9ADF-4398-BF0C-F44BAF013815}"=""

"{5F497825-9BA5-4D7A-B38C-F7FEAF2175A5}"=""

"{EF3AA6BC-418B-4865-A23D-F207EEDA49B9}"=""

"{55C2583F-25FA-4496-9207-45877857EB2B}"=""

"{A02B1062-B069-4C01-81BD-86589B2F4B2B}"=""

"{0E3A1245-7BBA-4183-A65F-84E61EE2A3D0}"=""

"{B03D6A69-FD9E-4F65-A8AA-F1C48B8F6140}"=""

"{37248B4F-0F6B-4012-A7B0-83566E3DEA01}"=""

"{3D6D87E2-AD89-45B5-AFD6-D31862BEC714}"=""

"{AAFA949E-3515-4D61-8430-F7CF5B91A3AC}"=""

"{21A878A1-8B54-428E-B455-6D7653ED4A19}"=""

"{077D0B02-54B1-4F65-9CE3-C72A01CF3A5A}"=""

"{364000BE-B7FB-4DA1-B87A-CEC5C394E52F}"=""

"{601B9D26-ED1E-47AC-B352-35B7046571F1}"=""

"{36EE3F03-981B-43C4-8795-F5B2B895CFB2}"=""

"{B55D9405-915A-402F-AE41-7A54934B902D}"=""

"{402B87AC-BAC1-4C75-B855-91E355024A89}"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5436)

C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

------------------------ Other Running Processes ------------------------

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

**************************************************************************

Completion time: 2012-10-18 19:36:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-18 11:36:30

Pre-Run: 328,132,829,184 bytes free

Post-Run: 327,921,541,120 bytes free

- - End Of File - - 26FCF616E587C2AB93E5B293A48A568E

Link to post
Share on other sites

Looks Better..............

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 00:24:11

# Updated 14/10/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)

# User : Owner - WINDOWSVISTA

# Boot Mode : Normal

# Running from : C:\Users\Owner\Downloads\Programs\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files\searchresults1

Folder Found : C:\Program Files\Trymedia

Folder Found : C:\Users\Owner\AppData\LocalLow\searchresults1

Folder Found : C:\Users\Owner\AppData\Roaming\Babylon

Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\searchresults1

***** [Registry] *****

Key Found : HKCU\Software\APN DTX

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKCU\Software\searchresults1

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\StartSearch

Key Found : HKLM\SOFTWARE\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1

Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}

Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94366E2C-9923-431C-B0D6-747447DD0F2B}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=7418299174944100&p2=^A9T^YYYYYY^YY^US

-\\ Mozilla Firefox v [unable to get version]

Profile name : default

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4156 octets] - [19/10/2012 00:24:11]

########## EOF - C:\AdwCleaner[R1].txt - [4216 octets] ##########

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.